Implementation Plan for Proposed Changes at Samsung

The following is a project that aims at providing recommendations for Samsung and some of the
procedures that can be followed in the organization as it tries to secure its information. If there are
flaws in the company, there is a better chance of achieving its information better if the company follows
all the provided suggestions and requirements. The process of implanting all the proposed changes is
widely related to the development of information security program. The fact that Samsung is a company
that operates across the globe should have the best information security systems as compared to other
smartphone and electronic companies. Fundamentally, the best way of implementing all proposed
changes entails the Samsung Corporation being supple and ready to perform all the required proposals
in real-time and also in future.

Moreover, an all-inclusive approach is supposed to be used when the company tries to implement new
information security strategies (Zittrain, 2018, p. 871). A holistic approach is one that will require all the
security personnel to look at the existing challenges, past information security issues and is ready for
future challenges. A holistic approach is one that actively integrates people, processes and technologies
in the means of securing information in a firm (Siponen and Vance, 2010, p. 489). Such a move at
Samsung will automatically improve the integrity, availability, and confidentiality of information at
Samsung. Supposedly, if any of these elements fails, Samsung information security system is expected to
fail.

Security education is another way of ensuring that all information security measures are implemented in
a firm (Tu et al., 2015, p. 506). This is critical especially when there are new employees at Samsung. The
new employees may not have a better background or enough experience in the incentives of ensuring
that information is secure in the organization. Security education also entails educating all the
employees and top managers about various processes that can help them keep data secure.
Additionally, the information security department may also be prompted to develop banners and
messages that provide education about the security of data. Each of these can be sent to various
departments and employees. The training methods should have a scope, multiple goals, and objectives
that are set by the CISO and the team selected in the training process. The new employees should not
be trained and evaluated using the same guidelines as those who have been in the firm longer. Training
programs should also be aiming to motivate all the members of staff at Samsung.

Finally, the information security department should be in a position of conducting thorough assessments
and planning on all the provided resources. It should be able to manage and use all the personnel,
funds, and offices given to the department. The latter should be used in the implementation of all the
desired changes in the organization. The implementation plan should include making use of all the
availed resources to set goals and objectives. Nevertheless, the implementation plan will bring about
some changes in the organizational, but it will be vital to stay in line with the corporate culture of the
organization (Cummings et al., 2016, p.52).