Case study You have recently been appointed as the new IT risk manager of a countrywide...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
Case study You have recently been appointed as the new IT risk manager of a countrywide online trading business called DirectToCust which sells items directly to the public. Its headquarters are located in Cape Town, in the Western Cape and have warehouses in Gauteng, KZN, and the Free state. The company employs over 200 call center agents and about 10 business managers for both inbound and outbound transactions and logistics. They work both day and night shifts in an open-plan workspace of around 40 x 38 m with each agent having their own desk, networked computers and essential office stationery to conduct business. Most, if not all, call center agents' desktop PCs are connected to a local network using Ethernet cabling while most line managers' laptops are wirelessly connected to enable free movement around the premises. All the servers, switches, router, gateways, firewalls, etc., are located at the adjacent IT office and maintained by one network administrator and six support technicians (four dayshifts and two nightshifts), the company opted for software-as-a-service, through various cloud computing services provider for all their software needs and therefore the presence of IT personnel is for day-to-day business support only. Before your recruitment, the company was experiencing a couple of complaints such as: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 21; 22; 23 11. 12. Theft of personal belongings during working hours. The network policy can be amended by the IT support team without the knowledge of the IT administrator. 13. 14. Employees spend more time on social media than working. Theft of customers' details for own and commercial use, using USB and other portable storage. Infected and corrupted employees and customer databases. The local IT team often experiences issues when communicating with the overseas cloud service provider team. All employees must change their password every week, and as a result, many employees who cannot memorise their new password simply write them down for safekeeping. Regular firewall breaches were observed during the last couple of months and resulting in bottlenecks and unauthorised access. Some employees can easily guess their colleague's password to log in. The website was recently hacked, disfigured and propaganda message posted, and it took the local IT team 48 hours to take back control of the website. Page 3 of 5 2022 Misappropriation of business funds by some employees. Easy access to the server room and malicious reconfiguration of proxy-server mostly during the night shift. Managers are unable to monitor employer activities live. Poor financial accountability and traceability; all managers are able to edit log files without authorisation. 15. Information and communications were being hijacked or looked into before reaching their destination. Question 1 (Marks: 50) Using the knowledge and expertise you have accumulated from the above case study information, answer the following questions. Q.1.1 In a 10-line paragraph, briefly explain the overall IT security and why it is important to always align the IT/IS strategy and business strategy. Q.1.2 Q.1.3 Q.1.4 Q.1.5 Q.1.6 Exploring the role and importance of the commission for the investigation of abuse of authority (CIAA) within an enterprise, and on a scale of 1 to 10, how do you rate the DirectToCust data security approach and implementation? As the new DirectTocust IT risk manager, how will you balance the right of staff privacy, the company network and physical security? The use of Adhoc network as presented above presents other security challenges; explain how you will make sure that wireless connectivity does not lead to network breaches. As the new DirectTocust IT risk manager, how will you protect the information and communications from being looked at during transmission before they reach their respective destinations? Based on the above case study, demonstrate how internal IT and network risk policies can play an important role in combating staff's lack of organisational compliance. (8) (8) (8) (8) (10) Case study You have recently been appointed as the new IT risk manager of a countrywide online trading business called DirectToCust which sells items directly to the public. Its headquarters are located in Cape Town, in the Western Cape and have warehouses in Gauteng, KZN, and the Free state. The company employs over 200 call center agents and about 10 business managers for both inbound and outbound transactions and logistics. They work both day and night shifts in an open-plan workspace of around 40 x 38 m with each agent having their own desk, networked computers and essential office stationery to conduct business. Most, if not all, call center agents' desktop PCs are connected to a local network using Ethernet cabling while most line managers' laptops are wirelessly connected to enable free movement around the premises. All the servers, switches, router, gateways, firewalls, etc., are located at the adjacent IT office and maintained by one network administrator and six support technicians (four dayshifts and two nightshifts), the company opted for software-as-a-service, through various cloud computing services provider for all their software needs and therefore the presence of IT personnel is for day-to-day business support only. Before your recruitment, the company was experiencing a couple of complaints such as: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 21; 22; 23 11. 12. Theft of personal belongings during working hours. The network policy can be amended by the IT support team without the knowledge of the IT administrator. 13. 14. Employees spend more time on social media than working. Theft of customers' details for own and commercial use, using USB and other portable storage. Infected and corrupted employees and customer databases. The local IT team often experiences issues when communicating with the overseas cloud service provider team. All employees must change their password every week, and as a result, many employees who cannot memorise their new password simply write them down for safekeeping. Regular firewall breaches were observed during the last couple of months and resulting in bottlenecks and unauthorised access. Some employees can easily guess their colleague's password to log in. The website was recently hacked, disfigured and propaganda message posted, and it took the local IT team 48 hours to take back control of the website. Page 3 of 5 2022 Misappropriation of business funds by some employees. Easy access to the server room and malicious reconfiguration of proxy-server mostly during the night shift. Managers are unable to monitor employer activities live. Poor financial accountability and traceability; all managers are able to edit log files without authorisation. 15. Information and communications were being hijacked or looked into before reaching their destination. Question 1 (Marks: 50) Using the knowledge and expertise you have accumulated from the above case study information, answer the following questions. Q.1.1 In a 10-line paragraph, briefly explain the overall IT security and why it is important to always align the IT/IS strategy and business strategy. Q.1.2 Q.1.3 Q.1.4 Q.1.5 Q.1.6 Exploring the role and importance of the commission for the investigation of abuse of authority (CIAA) within an enterprise, and on a scale of 1 to 10, how do you rate the DirectToCust data security approach and implementation? As the new DirectTocust IT risk manager, how will you balance the right of staff privacy, the company network and physical security? The use of Adhoc network as presented above presents other security challenges; explain how you will make sure that wireless connectivity does not lead to network breaches. As the new DirectTocust IT risk manager, how will you protect the information and communications from being looked at during transmission before they reach their respective destinations? Based on the above case study, demonstrate how internal IT and network risk policies can play an important role in combating staff's lack of organisational compliance. (8) (8) (8) (8) (10)
Expert Answer:
Related Book For
Managerial Accounting Tools for Business Decision Making
ISBN: 978-1118033890
3rd Canadian edition
Authors: Jerry J. Weygandt, Paul D. Kimmel, Donald E. Kieso, Ibrahim M. Aly
Posted Date:
Students also viewed these programming questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Managing Scope Changes Case Study Scope changes on a project can occur regardless of how well the project is planned or executed. Scope changes can be the result of something that was omitted during...
-
(a) Victor and Maria regularly buy and sell a number of items on eBay, Craig's List, and through the free community newspaper, from which they earn about $4,000 each year. What is the accumulated...
-
Can you find examples of where any of the contingency theories of leadership can be confirmed or disconfirmed in the Zappo's setting? Explain your answer.
-
A flash of lightning struck a tower 3.25 mi from a person. The thunder was heard 15s later. The person calculated the speed of sound and reported it as 1144ft/s. What is wrong with this conclusion?
-
Briefly explain how the following programs would affect the elasticity of demand for labor in the steel industry: a. An increased tariff on steel imports. b. A law making it illegal to lay off...
-
Steinborn Homes manufactures prefabricated chalets in Colorado. The company uses a perpetual inventory system and a job cost system in which each chalet is a job. The following events occurred during...
-
In some labor markets, the supply of labor is as follows (where W represents wages and L represents the number of employees): W = 113 + 0.21L However, the demand for labor is: W = 958 -0.28L a) At...
-
Assume that you are the CEO of a major producer of potato chips. You have four plants and discover that one of the plants is more productive than the other three; specifically, the midnight to 8 a.m....
-
Think of an economy that uses a non-renewable resource, X, as part of production. It extracts an amount E to use in production, and E = SxX, where 5x is the extraction rate. The production function...
-
A construction company has an annual master budget that shows straight-line depreciation expense of $516,000 for the year. The master budget shows a production volume of 206,400 units, and production...
-
When you lift an object by moving only your forearm, the main lifting muscle in your arm is the biceps. Suppose the mass of a forearm is 1.40 kg . If the biceps is connected to the forearm a distance...
-
Explain individual galaxies or clusters of galaxies do not expand in size despite the overall expansion of the universe implied by Hubble's Law.
-
The smelting department of Company X has following production and cost data for September: Production: Beginning work in process 200 units that are 100% complete as to materials and 87% complete as...
-
There may be times, however, when there is a need for different types of sources. This will likely vary depending on our topic and the type of essay we are writing or project we are working on in...
-
Q.3: Explain the three foundations of curriculum?
-
Smiths Family Fashions implemented a balanced scorecard performance measurement system several years ago. Smiths is a locally owned clothing retailer with fashions for men, women, teens, and...
-
The condensed income statement for the Phan and Nguyen partnership for 2012 is as follows: A cost behaviour analysis indicates that 75% of the cost of goods sold is variable, 50% of the selling...
-
How might a service enterprise calculate expected revenues?
-
Information for Bob's Company is provided in E8-19. In E8-19 Variable cost per unit Direct materials ......................................................... $ 6.50 Direct labour...
-
a. Suppose that General Hospital has a current ratio of 0.5. Which of the following actions would improve (increase) this ratio? Use cash to pay off current liabilities. Collect some of the current...
-
What is the role of internal control in an organization?
-
What are the elements and principles of the COSO framework?
Study smarter with the SolutionInn App