Fanshawe College **We aren't endorsed by this school
MGMT 6120
Nov 10, 2023
Uploaded by UltraWallaby3487 on
MGMT-6120 TEAM A Team Members and Contributions: Shreya Pradhan (9%), Joel George (36%), Arthur Nóbrega (37%), Arindam Bala (8%), and Deborah Dosunmu (10%) Company: Delta Department Name: Information Technology Problem Statement: The spread of misinformation on social media platforms poses a significant risk to our company's financial stability and reputation. This has resulted in financial losses for our company and a 30% decrease in year-to-date growth, negatively damaging the company's market standing. Opportunity Statement: Our company's Information Technology team will proactively recognize, oppose, and mitigate the effects of disinformation by investing in cutting-edge technologies, robust social media monitoring systems, and comprehensive risk management systems. Company Objectives Department Objectives Business Case Objectives and Metrics Privacy - Protect and respect the personal information of people who interact with our company, products, mobile applications, and digital services and websites. Collaboration with researchers - Collaborate with security researchers to identify and resolve vulnerabilities Strengthen cybersecurity defenses - Track number of vulnerabilities system wide - Check patch compliance rate Protection and Proper use of Company Assets - Directors, officers and employees must protect company property and assets and ensure that use is authorized and legally appropriate. Customer and employee safety - Ensure testing does not impact customers, employees or their privacy Improve regulatory compliance - Track data breach incident rate - Measure averages security incident response time
MGMT-6120 TEAM A Response to Potential Violations - Investigate all reports of potential violations using a standard process. Service continuity - Avoid service interruptions or disruptions. Enhance crisis response - Monitor social media interactions - Incident resolution rate Stakeholders List: S/N Stakeholder Justification 1 Security Operations Analyst To provide insights on security concerns within the company, both internal and external 2 Database Administrator To give inputs that can help ensure that data-related considerations are addressed to maintain data accuracy, consistency, and reliability 3 Risk Analyst To ensure that all potential risks, including financial, operational, legal, and reputational risks, are considered and discussed 4 Systems Administrator Valued expertise for discussing infrastructure needs, scalability, and compatibility with new projects or technologies 5 DevOps Engineer Inclusion in the brainstorming session ensures that integration and deployment strategies are discussed and planned effectively 6 Data Centre Technician To ensure that data center-specific considerations are addressed from the outset, leading to the efficient, reliable, and cost-effective management of data 7 Operations Lead They ensure that operational considerations are fully integrated into the planning and decision-making processes
MGMT-6120 TEAM A Initial list of alternatives (10): Implement Identity and Access Management (IAM) Solution : This will help control access to systems and data, reducing the risk of security breaches. The metric to be monitored is the number of unauthorized accesses. Conduct Regular Security Audits : This will help identify vulnerabilities in the system. The metric to be tracked is the number of vulnerabilities identified in each audit. Develop a Security Awareness Program : Training employees and customers on secure cybersecurity practices can reduce the risk of phishing attacks. The metric to be monitored is the click-through rate on phishing test emails. Implement an Endpoint Detection and Response (EDR) Solution: This will help identify and respond to threats in real-time. The metric to be monitored is the average incident response time. Perform Penetration Testing : Actively testing the system's security will help identify weaknesses. The metric to be tracked is the number of vulnerabilities discovered during testing. Establish a Security Operations Department (SOD) : A dedicated SOD can continuously monitor the network for suspicious activities. The metric to be tracked is the incident detection time. Implement Two-Factor Authentication (2FA) for All Users : This adds an additional layer of security to system access. The metric to be monitored is the adoption rate of 2FA. Create an Incident Response Team : Having a team ready to respond to security incidents is crucial. The metric to be monitored is the average incident resolution time. Regularly Review Security Policies: Ensure that security policies are up-to-date and aligned with best practices. The metric to be monitored is compliance with security policies. Establish Partnerships with Cybersecurity Companies : Working with cybersecurity experts can provide additional resources to identify and mitigate threats. The metric to be monitored is the number of threats mitigated through these partnerships. Second list of alternatives (5): Create an Incident Response Team : Having a team ready to respond to security incidents is crucial. The metric to be monitored is the average incident resolution time.
Page1of 28
Uploaded by UltraWallaby3487 on