Questions:
Selling Security to Management
Scenario:
ABC company is a small but growing manufacturing company with revenues of approximately $25 million. Until now, the company has had a single headquarters and production facility in a Midwestern city, but it is building a separate sales office on the east coast which will open in a few months.
You are the Manager of IT at ABC, and you have been responsible for operating a basic set of computer applications in the Midwest office: order entry and fulfillment, financial and accounting systems, e-mail, and general office automation (word processing, etc.) You have been maintaining a Local Area Network connecting the office desktop computers to each other and to the applications running on the company servers, but there has been no access to these systems from outside the office.
You have been told by senior management that when the new sales office opens, the east coast staff must be able to enter new orders directly into the home office system using their desktop computers. They also need access to customer records and order status information. Furthermore, management wants to implement a new company website for customers to place orders online and to view their ordering history, current order status, and financial statement information without calling customer service.
You realize there are huge security implications implied by these changes. You have been uneasy in the past because the company has lacked a comprehensive computer security policy. Furthermore, most employees have not really understood all the security issues in the old "internal" computing environment. The new configuration with its networked offices and Internet-accessible elements will require more security awareness than ever. You see this as your opportunity, and imperative, to move the company to accept a formal corporate security standard. In the weeks ahead, you will begin to educate both management and system users regarding the components, necessity, and use of security standards for all of the new technologies that will be used, as well as for the current technology they have been using. In the end, you will develop all of this together into a complete corporate security program proposal.
Please help so that I can complete the work:
Before you start this project, you need to sell senior management on investing in a security plan and associated software. You know that evolutionary changes in computing environments have created security concerns for IT managers. How to create/implement adequate computer system security policies and procedures to adapt to these changes has become an urgent task for top corporate IT executives, including you. Use the Library and the Internet to research the history and evolution of computer security. Prepare for a discussion with the CEO and other senior management by summarizing your research, listing the key trends/events and the nature of the challenges they present.