ABC company is a small but growing manufacturing company with revenues of approximately $25 million. Until now, the company has had a single headquarters and production facility in a Midwestern city, but it is building a separate sales office on the east coast which will open in a few months.
You are the Manager of IT at ABC, and you have been responsible for operating a basic set of computer applications in the Midwest office: order entry and fulfillment, financial and accounting systems, e-mail, and general office automation (word processing, etc.) You have been maintaining a Local Area Network connecting the office desktop computers to each other and to the applications running on the company servers, but there has been no access to these systems from outside the office.
You have been told by senior management that when the new sales office opens, the east coast staff must be able to enter new orders directly into the home office system using their desktop computers. They also need access to customer records and order status information. Furthermore, management wants to implement a new company website for customers to place orders online and to view their ordering history, current order status, and financial statement information without calling customer service.
You realize there are huge security implications implied by these changes. You have been uneasy in the past because the company has lacked a comprehensive computer security policy. Furthermore, most employees have not really understood all the security issues in the old "internal" computing environment. The new configuration with its networked offices and Internet-accessible elements will require more security awareness than ever. You see this as your opportunity, and imperative, to move the company to accept a formal corporate security standard. In the weeks ahead, you will begin to educate both management and system users regarding the components, necessity, and use of security standards for all of the new technologies that will be used, as well as for the current technology they have been using. In the end, you will develop all of this together into a complete corporate security program proposal.
Details: As the Manager of IT at ABC Manufacturing, you are approached by the CEO and the VP of HR with a very serious concern. Apparently a unidentified disgruntled employee, in an effort to embarrass the company and its senior managers, has gained access to the company payroll records and sent an anonymous email to many staff members publicizing the salary of every employee at Director level or above. This has caused widespread disruption and a demand for corrective action.
You realize that this incident highlights just one of many possible security risks in the company (which has never established a formal security policy), and you suggest to the two senior executives that it would be appropriate to take an overall look at the company's computer security status. The CEO agrees, and asks you to put together a 2-4 page memo defining the topic areas that should be covered in such a review. Your memo should identify the major subject areas included in the scope of the term "computer security" and its meaning within the Information Technology field. Make sure any citations are in APA format.
Please show all references:© BrainMass Inc. brainmass.com March 21, 2019, 6:45 pm ad1c9bdddf
To: The Chief Executive Officer; Vice President - Human Resources
From: The Manager, Information Technology Department
Subject: Establishing a formal Security Policy for ABC Manufacturing
Information relating to the business of ABC Manufacturing is a highly valuable asset, which requires protection from unauthorised use, disclosure, potential theft, alteration or destruction. The company plans to undertake technology initiatives like interconnecting the upcoming east coast office with our existing computer applications as well as a website for our customers to track their order and payment information. The company would hence operate within an increasingly electronic and interconnected environment that necessitates a consistent and standard approach to securing its information and technology assets (Tipton, 2007).
Recent incidents have highlighted that a breach in the confidentiality, integrity or availability of our information systems can be embarrassing for the company and its stakeholders. A formal security policy is needed to prevent any such breach and sustain a secured environment for our information ...
The solution examines establishing a formal computer security policy for ABC Co.