MGMT-6120 TEAM A Team Members and Contributions:Shreya Pradhan (9%), Joel George (36%), Arthur Nóbrega (37%), Arindam Bala (8%), and Deborah Dosunmu (10%) Company:Delta Department Name:Information Technology Problem Statement: The spread of misinformation on social media platforms poses a significant risk to our company's financial stability and reputation. This has resulted in financial losses for our company and a 30% decrease in year-to-date growth, negatively damaging the company's market standing. Opportunity Statement: Our company's Information Technology team will proactively recognize, oppose, and mitigate the effects of disinformation by investing in cutting-edge technologies, robust social media monitoring systems, and comprehensive risk management systems. Company ObjectivesDepartment ObjectivesBusiness Case Objectives and Metrics Privacy-Protect and respect the personal information of peoplewho interact with ourcompany, products, mobileapplications, and digital services and websites. Collaboration withresearchers- Collaborate with securityresearchers to identify andresolve vulnerabilities Strengthen cybersecurity defenses - Track number of vulnerabilities system wide - Check patch compliance rate Protection and Proper use ofCompany Assets- Directors, officers andemployees must protectcompany property and assetsand ensure that use isauthorized and legally appropriate.Customer and employeesafety- Ensure testing does notimpact customers, employeesor their privacyImprove regulatory compliance - Track data breach incident rate - Measure averages security incident response time
MGMT-6120 TEAM A Response to PotentialViolations -Investigate all reports ofpotential violations using a standard process. Service continuity- Avoid service interruptions or disruptions. Enhance crisis response - Monitor social media interactions - Incident resolution rate Stakeholders List: S/NStakeholderJustification 1Security Operations AnalystTo provide insights on security concerns within the company, both internal and external 2Database AdministratorTo give inputs that can help ensure that data-related considerations are addressed to maintain data accuracy, consistency, and reliability 3Risk AnalystTo ensure that all potential risks, including financial, operational, legal, and reputational risks, are considered and discussed 4Systems AdministratorValued expertise for discussing infrastructure needs, scalability, and compatibility with new projects or technologies 5DevOps EngineerInclusion in the brainstorming session ensures that integration and deployment strategies are discussed and planned effectively 6Data Centre TechnicianTo ensure that data center-specific considerations are addressed from the outset, leading to the efficient, reliable, and cost-effective management of data 7Operations LeadThey ensure that operational considerations are fully integrated into the planning and decision-making processes
MGMT-6120 TEAM A Initial list of alternatives (10): Implement Identity and Access Management (IAM) Solution: This will help control access to systems and data, reducing the risk of security breaches. The metric to be monitored is the number of unauthorized accesses. Conduct Regular Security Audits: This will help identify vulnerabilities in the system. The metric to be tracked is the number of vulnerabilities identified in each audit. Develop a Security Awareness Program: Training employees and customers on secure cybersecurity practices can reduce the risk of phishing attacks. The metric to be monitored is the click-through rate on phishing test emails. Implement an Endpoint Detection and Response (EDR) Solution:This will help identify and respond to threats in real-time. The metric to be monitored is the average incident response time. Perform Penetration Testing: Actively testing the system's security will help identify weaknesses. The metric to be tracked is the number of vulnerabilities discovered during testing. Establish a Security Operations Department (SOD): A dedicated SOD can continuously monitor the network for suspicious activities. The metric to be tracked is the incident detection time. Implement Two-Factor Authentication (2FA) for All Users: This adds an additional layer of security to system access. The metric to be monitored is the adoption rate of 2FA. Create an Incident Response Team: Having a team ready to respond to security incidents is crucial. The metric to be monitored is the average incident resolution time. Regularly Review Security Policies:Ensure that security policies are up-to-date and aligned with best practices. The metric to be monitored is compliance with security policies. Establish Partnerships with Cybersecurity Companies: Working with cybersecurity experts can provide additional resources to identify and mitigate threats. The metric to be monitored is the number of threats mitigated through these partnerships. Second list of alternatives (5): Create an Incident Response Team: Having a team ready to respond to security incidents is crucial. The metric to be monitored is the average incident resolution time.