100%(1)1 out of 1 people found this document helpful
This preview shows page 68 - 70 out of 164 pages.
to information security can have a significant impact on implementation.What will be the consequence of gaps in information when the initiative is rolled out?Overly ambitious timeframes are among the most common risks in implementation. Time pressures can leave too little time to address factors for success, such as different options for program delivery, consultation with implementers and stakeholders, or resource requirements and constraints. This can result in substantial variances between funding estimates for an initiative and the resources that actually have to be employed to deliver the initiative successfully.If the assumptions made about an initiative are clearly identified, along with their sensitivity to change, then the agency and those implementing the initiative can be better informed of the possible risks and their consequences. An awareness of uncertainties increases the chance of successful implementation, including for safety-net initiatives, demand-driven programs or wholly new initiatives, where there may be raised expectations. Swift and significant action may be needed if important implementation risks begin to materialize. If consideration of emerging risks suggests the initiative is too large or ambitious for the agreed timelines and resource, this should be brought to the Governors attention. Appropriate responses to emerging problems will be more manageable and predictable where robust implementation contingency plans have already been developed as part of the risk management strategy. Management must consider various tools and techniques to overcome resistance to change while executing the implementation program. They must employ change management when implementing policies and procedures within the Agency. 5. 7. Critical success factorsThe critical success factors for the Implementation Program must be identified, documented and monitored. The critical success factors include5. 7. 1. Management supportTop management support is required for any organizational change including policy and procedure implementation. The management support can be evidenced through representation of top management in Steering Committee, approval of project charter and communication to the stake holders.5. 7. 2. Awareness and trainingThe human side of computer security is easily exploited and constantly overlooked. No matter how powerful the technical security underpinning of the system is, or how strong the regulations, or policies, there is still the possibility that they will be broken simply because someone subverts them. Raising the employee awareness through awareness and training programs is a critical success factor. The level of employee awareness must be measured through defined metrics such as surveys, questionnaires, number of awareness campaign conducted, and number of people attended/covered by campaigns etc.
69For successful policy implementation proper awareness among the stake holders is essential. The Program Manager shall use the sample awareness plan as mandated by the Saudi Government. The awareness plan will cover the following: