INFO8480 IT SECURITY PLANNING, AUDIT AND GOVERNANCE Assignment #1 - 10%

Case Study

Raj and Harjot are the owners of a small organization ($2-$3million in annual sales) selling Drones from their store located in Kitchener Ontario. They are doing well, and currently have about 20 employees, but in order to grow their business, they know that offering their products to on-line customers will support their overall Strategy to increase sales.

Raj and Harjot are familiar with what steps they need to take to establish on-line sales but they are worried about how to keep customer data secure and be in compliance with any regulatory requirements. They see the on-line side of their business eventually outgrowing their current store sales and are committed to ensuring they are set up to successfully manage their business growth.

As their longtime friend, they have approached you to provide them with some consulting advice on what they should do to support their strategy. They know that you have helped other organizations establish on-line sales and you have provided good advice. You know that Raj and Harjot have invested their life savings into their business and they are very conservative when it comes to taking and risk. You have agreed to prepare a report that includes recommendations for them to consider when setting up their on-line sales business.

Raj and Harjot plan to hire an Information Security Manager tojoin their existing Management Team and to help them establish their on-line business. The Management Team includes; Manager of Sales and Marketing, Manager of Inventory Controls, and Director Human Resources. Raj and Harjot are the Business Managers and deal with the Finances related to the business. They would like you to include a role (job) description in your report so they know what to look for when bringing someone on board to support their strategy.

Assignment Requirements

Write an informal personal report to Raj and Harjot that includesthe following:

1. What are the benefits of good Information Security governance and what can Raj and Harjot expect if they manage this process well?

2. Provide a few examples of how the Information Security Strategy will align with their overall Strategy to increase sales.

3. Provide three risks that Raj and Harjot should think about when implementing their on-line sales. You will want to include potential impacts to their business.

4. How will the investment they are making add value to their business?

5. Provide a role description for the Information Security Manager and provide a recommendation on how the role fits in the organization. ( e.g. should a steering committee be established)

6. Provide a recommendation for three different Key Goal Indicators that the new Information Security Manager could establish to support the expected growth in the organization.

Your report should be informal but can use appropriate headings and recommendations so you can demonstrate your expertise. The report should be concise and be limited to 1000 words. Marks will not be deducted if the word count is over or fewer than 5% of the total required 1000 words. You should include any assumptions you have made about the business so Raj and Harjot understand your thought process when reviewing the report. Submit the Word document not a pdf.