You are an independent consultant who specializes in Information Technology security issues. You have been retained by the Designer Distributions Company, a mid-sized and growing consumer goods distribution company, for an assignment to assess the state of their computing environment security situation. The company's newly hired VP of IT is conducting this project because she does not have a security specialist on her staff and has learned that the company does not have a comprehensive security strategy. In fact, she suspects lack of even basic security knowledge in both the IT staff and the user community.
The company has a headquarters office building, which includes the principal data center, and a separate warehouse linked to the office by an private data network. The warehouse has a small computing facility of its own for order shipment data entry and tracking. This computer is linked to the headquarters order entry systems through the network. Additionally, there are Internet-based data links to several key suppliers used to share reorder, production and shipping schedules and status information. When potential new suppliers compete for contracts with Designer Distributions, their proposals are received and negotiated via Email.
You have been interviewing executives and staff at the company and at key suppliers and are beginning to evaluate what you have learned in preparation for preparing your report to the VP of IT.
Problem 1
Deliverable Length: 5-7 paragraphs
Details: As Designer Distributions' security consultant, you have made proposals for several security measures intended to prevent disruption to the computing environment and to prevent loss or unauthorized access/modifications to sensitive data. You have also recommended significant investments in recovery capability. These include creating, testing, and maintaining a Disaster Recovery Plan for the data center, and an Intrusion Detection software package for the network. Some department managers are challenging what they see to be an unnecessary double investment in prevention and recovery.
Post 5-7 paragraphs defending your rationale for investing in these recovery capabilities.
Problem 2
Deliverable Length: 8-10 Slides
Details: You and the VP of IT have been discussing your recommendations for a complete security program at Designer Distributions. You both realize that for these measures to be effective, the entire company staff will need both training and a commitment to make them work. The VP has asked you to prepare a presentation for the department managers describing the security awareness practices that the company will need to adopt to assure that the new program provides the security for which it is designed.
Create a PowerPoint presentation outlining those topics you think are important to emphasize in preparing the managers to inform their staff members and to gain their support and cooperation.