EIS Component 1: Processes and Protocols

Questions and Answers

What do rules in an Enterprise Information System primarily represent?

The technical specifications of software

The marketing strategies of the business

The principles that guide employee decision-making (correct)

The financial regulations of the organization

What is the primary purpose of password policies in an EIS?

To enhance the complexity and security of passwords (correct)

To limit access to only high-level management

To allow users to keep the same password indefinitely

To create unique usernames for employees

Access control rules in an Enterprise Information System are designed to do what?

Limit system access according to job functions (correct)

Allow employees to share login credentials freely

Grant all employees unrestricted access to data

Enable access without any authentication methods

Which of the following best describes data handling rules?

They require encryption for sensitive data (C)

What is the main focus of acceptable use rules in an EIS?

To restrict personal use of company resources (A)

Incident reporting rules require employees to report suspected security incidents within what time frame?

Immediately or within one hour (D)

What do protocols in an EIS standardize?

The communication and interaction between entities (B)

Which of these is NOT considered a typical rule in an Enterprise Information System?

Quality Control Measures (A)

What is a key component of a data backup and recovery protocol?

Quarterly recovery testing procedures (A)

What does the incident response protocol typically include?

Steps for detecting and minimizing security issues (D)

How are rules and protocols related within an Enterprise Information System (EIS)?

Rules dictate actions while protocols detail how to proceed (A)

Which method is specified for securely transferring sensitive data outside an organization?

SFTP or HTTPS (C)

What crucial aspect should be included within a software development and deployment protocol?

Mandatory code reviews by peers (D)

What should a communication protocol mandate for sensitive external communications?

Encrypted email or secure messaging tools (A)

What is the characteristic of 'Must Haves' in the context of rules and protocols within an organization?

They apply directly to digital operations (B)

What purpose does quarterly recovery testing serve in a data backup protocol?

To ensure data can be restored promptly (B)

Study Notes

Processes, Rules and Protocols in an Enterprise Information System

• Enterprise Information Systems (EIS) integrate various processes essential for organizational operations, such as manufacturing, sales, and onboarding.
• Standardization of processes is achieved through setting Rules and Protocols to ensure efficiency and compliance.

Rules

• Definition: Broad principles that guide employee decision-making within specific processes, answering the "WHAT" of organizational behavior.
• Common rules in EIS include:
  • Password Policies: Require complex, changing passwords every 90 days; mixed character requirements; restrict reuse of recent passwords.
  • Access Control: Limits access to systems and data based on employees' job roles.
  • Data Handling: Mandates encryption for sensitive data both when in transit and at rest.
  • Acceptable Use: Restricts personal internet usage during work hours and enforces business-only use of company email; prohibits unauthorized software installation.
  • Incident Reporting: Requires immediate reporting of security incidents, such as data breaches, typically within one hour of detection.

Protocols

• Definition: Detailed sets of steps that indicate how interactions or communication should occur within the system, standardizing the execution of processes.
• Typical protocols in EIS include:
  • Data Backup and Recovery: Specifies nightly backups for critical systems, off-site storage, encryption, and quarterly recovery tests.
  • Software Development and Deployment: Covers mandatory code reviews, various testing phases, and specific deployment procedures.
  • Incident Response: Outlines steps to detect, respond to, and mitigate security threats, including automated monitoring tools.
  • Data Handling and Protection: Establishes secure methods for transferring sensitive data externally and procedures for data deletion.
  • Communication: Mandates encrypted communication tools and establishes crisis communication plans for emergencies.

Relationship Between Rules and Protocols

• Rules and protocols complement each other; rules dictate allowable actions while protocols guide the execution of those actions efficiently and securely.

Scope of Rules and Protocols

• Each organization determines which rules and protocols are part of their EIS, focusing on those that directly impact digital operations, ensuring they include all essential elements necessary for compliance and efficiency.

Description

Discover the essential processes, rules, and protocols that form the backbone of an Enterprise Information System. This component is crucial for the seamless operation of any organization. Join us as we explore how these elements interact to support business functions.