Compare and contrast the three company options from Week 1 Homework Assignment, taking into consideration the similarities and differences in the three sets of company characteristics, and explain how those characteristics might impact the resulting InfoSec strategy and policies that would be implemented. This assignment should take approximately 2 pages, double-spaced.
Assignment outcomes: (1) comparison between the three company options and (2) an explanation of how each company’s characteristics will impact the resulting InfoSec strategy and policies
Option #1:
Company Overview: Financial Services company, privately owned (LLP), providing brokerage services for investments and loans, with a primary office in San Diego (Kearny Mesa) and three field offices (in Vista, Poway, and El Cajon)
• Company Size: Small Business – 40 employees in total; 1 Branch Manager and 6 staff at each field office, and the Management Team, an Office Manager, and 15 staff at the main office
• Management Team: The Owner/CEO, CFO, and COO
• IT/Security Services: They contract with third parties for all IT services, which are managed by the COO; they have no internal IT staff and no cybersecurity staff
• Company’s Mission: To provide the best brokerage services for our customers, with high rates of return and lowest fees
• Technical Environment: They use PCs running Windows 10; an office application suite runs locally on each PC; shared financial applications run from cloud-based services; email is provided through cloud-based services with the capability to send digitally signed, encrypted messages; shared file storage is provided through cloud-based services, with the ability to encrypt files or entire folders/directories; they have a secure Fax machine in each office
Option #2:
• Company Overview: Transportation/Delivery Company, privately owned (LLC), providing transportation and delivery of products and merchandise from retail and wholesale businesses to customers and other businesses in six states in the southwestern USA; with its primary office in Las Vegas, NV, and branch offices in Ontario, CA, Sacramento, CA, Salt Lake City, UT, Denver, CO, Phoenix, AZ, and Albuquerque, NM
• Company Size: Medium-sized business – 1,700 employees in total; includes 650 drivers, 780 stock workers (load/unload trucks), and 170 office or administrative staff split among the locations
• Management Team: The President/CEO, COO, CFO, CIO, and six Regional Vice Presidents (one for each branch)
• IT/Security Services: They have an internal IT department with 23 staff, which includes 5 positions who have dual roles as System Administrators and Cybersecurity Analysts (one of them is a senior position who supervises the other four); there are 3 IT staff at each branch location, and the 5 SysAdmin/Cyber staff are located in Las Vegas
• Company’s Mission: To transport and deliver a wide variety of products safely and on time, meeting all customer expectations
• Technical Environment: The company primarily used PCs running Windows 7 and Windows 8.1; a standard office application suite runs locally on each PC; the IT staff have several devices running Linux for network and security monitoring; business applications and the company website are managed by the IT staff and hosted on their own servers, located in two data centers, one in Nevada and the other in Texas (for redundancy); the Management Team have the ability to encrypt their email messages and attachments; all employees can encrypt files stored locally on their PC or on network file servers (using Microsoft BitLocker)
Option #3:
Company Overview: Technology Manufacturing Company, employee-owned (stock options), providing electronic components used in computers, digital audio/video equipment, navigation systems, and other consumer and commercial digital equipment; they do not sell directly to consumers, they sell to large-scale manufacturers and value-added resellers that incorporate the components into end-user products; they have manufacturing facilities in San Diego, CA, San Jose, CA, San Antonio, TX, Atlanta, GA, St. Louis , MO, and Boulder, CO, with administrative offices in San Diego, CA, Austin, TX, and Denver, CO
• Company Size: Large business – 15,250 employees in total; there are 5 operating divisions – Research & Development, Marketing & Sales, Engineering, Manufacturing, and Administration (which includes management, IT, human resources, information security, accounting, and legal); staff is spread out at all of the locations, with slightly higher counts in San Jose, San Antonio, and San Diego
• IT/Security Services: The IT department provides all technology support and has 5 supervisors and 120 staff under the CIO; the information security department has 3 supervisors and 30 staff under the CISO, and they monitor the networks, workstations, and servers, and manage any computer emergency incident response
• Management Team: The President/CEO, COO, CFO, CIO, CISO, Internal Legal Counsel, and the Senior Vice President for each division; there is a Board of Directors composed of 16 elected employee/owners representing each division and location
• Company Mission: To make reliable electronic components of the highest quality and to provide excellent customer service
• Technical Environment: The company primarily used PCs running Windows 8.1 and Windows 10 with a standard office application suite running locally on each PC; the Research & Development, Engineering, and Manufacturing divisions use Unix-based drafting and design workstations, as well as for systems that automate the manufacturing processes; the IT and information security departments have several devices running Linux; business applications (including email) and the company website are managed by the IT staff and they are all hosted through Cloud services; all employees can encrypt email and file attachments, as well as files saved on their local PC or in the shared Cloud services storage areas; the company monitors (data logs and video surveillance) and tracks physical access into facilities and interior rooms, as well as tracking computer system access
|