IT 335 Milestone 3.docx IT 335: Wilburs Widgets Security Policy Gap Analysis Southern

IT 335 Milestone 3.docx  IT 335:   Wilbur™s Widgets Security Policy Gap Analysis  Southern New Hampshire University  Implementation Plan  There are numerous ways to implement change in an organization. The textbook, Security Policies and Implementation Issues, focuses on Kotter™s Eight-Step Change Model, developed by a Harvard Business School professor in 1995. This will be a good implementation model because it focuses on the need to gain buy-in at the executive level.  œProfessor Kotter states that to be successful in implementing change in a company at least 75 percent of management needs to œbuy into it. (Johnson, 2014). This model is also separated informal and formal tasks, with steps 1-3 being informal and steps 4-8 being formal. The eight steps are outlined below:  Step 1: Create Urgency  It is essential for the information security team to be able to effectively communicate the risk that the policy is intended to address to the CEO and board members.  Step 2: Create a Powerful Coalition  In this step, key stake holders throughout the organization are polled on the policy change. The policy will be explained, and concerns will be listened to.  Step 3: Create a Vision for Change  The information security team will, œAfter compiling everyone™s input, create a coherent security message and policy. (Johnson, 2014). This message should explain the policy and help to sell the team™s vision.  Step 4: Communicate the Vision  The policy change must be communicated by the information security team befo