Adaptable Information and Data Security Process : A Secure Yet Employee Friendly Process Proposal of IT Security Implementation in Organizations.

Sammanfattning: Organizations have been changing their IT structure due to several reasons such as merger of two companies, acquisition of one company by another or IT consolidation within a company. IT policies are one of the areas which get redefined during such changes. However the lack of test facilities, time, funds, or human resources and expertise for change assessment of reengineering IT infrastructure such as integration of independently working systems or switching from on premises IT resources to cloud based IT resources, can be left unassessed. The absence of forthcoming changes' assessment can cause trouble at many levels of any organization, depending on which business operation is affected. Since every employee with a workstation is an end user, it is safe to say that end users or employees are the target of those unforeseen impacts. This situation can be handled by a working process which is able to adapt the changes made to IT systems security. This thesis presents a process that highlights post change issues and can help organizations to adapt to the changes in the environment and minimizes highlighted issues hence called Adaptable Information and Data Security Process. A system or entity is adaptable if it can adapt to changes. The results of this research are derived by putting the proposed process in use to calculate monetary and time loss in any project using different variables. Those results can encourage and support middle management to propose investment in user training and local support staff when presenting their case to upper management. Our results show the loss of 0.24% of a 200,000 kroner project to be completed in 44 weeks due to lack of adequate training of technical staff and users training to use IT systems. Another dimension of loss is calculated to show 4.2 hour of time loss on top of monetary loss given a total of 44 weeks of project period. The proposal suggests that the calculations of those loses can help management invest the time and money on users’ training and onsite technical support which will result in less investment and long lasting results as oppose to conventional approach that is lack of users training and off shore support that may reduce expenses in short term but causes significant long term losses.