Organizational Processes and Standards Quiz

Questions and Answers

What is the primary purpose of Rules in an organization?

To provide specific steps for completing tasks.

To establish communication protocols within the organization.

To regulate how employees make decisions. (correct)

To dictate consequences for employee actions.

Which of the following best describes protocols in an EIS?

They are broad principles that guide ethical decisions.

They outline the consequences for data breaches.

They are detailed steps on how to handle specific processes. (correct)

They are rules that pertain only to data access.

Which of the following is an example of a Protocol of an Enterprise Information System

A rule that requires all data entries to be reviewed weekly.

A rule that limits access to sensitive data to management levels only.

A list of the specific steps to be taken in case of a data breach. (correct)

A rule that requires system audits to be conducted at the end of each fiscal quarter.

Which of the following is an example of a Rule of an Enterprise Information System?

All employees must change their passwords every 90 days.

What protocols are used to securely transfer sensitive data outside of an organization?

HTTPS and SFTP

How do rules and protocols relate to each other within an EIS?

Protocols provide the procedures to follow the rules

Study Notes

Organizational Processes and Standards

• Organizations use processes that repeat, like manufacturing goods, generating sales leads, or onboarding employees.
• Standards (rules and protocols) ensure these processes are done efficiently.

Rules

• Rules are broad guidelines for decision-making during a process.
• They dictate the "what" of organizational behaviour.
• Examples of typical rules in an enterprise information system (EIS):
  • Password Policies: Complex passwords, changed regularly, mix of characters, no reuse of previous passwords.
  • Access Control: Access restrictions based on job roles—employees only access relevant systems/data.
  • Data Handling: Sensitive data encryption in transit and at rest.
  • Acceptable Use: Restrictions on personal internet use during work hours, company email for business only, no unauthorized software.
  • Incident Reporting: Immediate reporting of suspected data breaches or security incidents to the designated IT department.

Protocols

• Protocols are precise step-by-step instructions on "how" to do things within a process.
• They standardize the execution of processes.
• They dictate how entities interact within the systems.
• Examples of typical protocols in an EIS:
  • Data Backup and Recovery: Nightly full backups of critical systems, backups stored on-site and off-site with encryption, quarterly recovery testing.
  • Software Development and Deployment: Code reviews, various testing phases (unit tests, integration tests, user acceptance tests), specific deployment steps.
  • Incident Response: Steps for detecting, responding to, and minimizing security issues, including automated tools for monitoring.
  • Data Handling and Protection: Methods for transferring sensitive data outside the organization (e.g., SFTP or HTTPS), procedures for securely deleting data.
  • Communication: Designated tools and methods for internal and external communications, including encrypted email, secure messaging, and crisis communication plan.

Rules and Protocols Relationship

• Rules and protocols work together—rules define the "what", while protocols define the "how".

Description

Test your knowledge on organizational processes and the standards that govern them. This quiz covers key concepts such as rules for decision-making, password policies, access control, and data handling. Gain insights into how organizations can operate efficiently and securely.