Information Security Strategy for Jashoppers Core Business - Case Study Example

Confidentiality
can be achieved through the following strategies
 Use of firewall service- This is software that screens packets that enters or leaves a given network so as to authenticate only those which are safe.
 Use of Intrusion Detection Service- This service analyzes data packets to detect potential or real security breaches.
 Identification and Access Control- This refers to the process of authorization and authentication of individuals as they attempt to access the premises and the systems (Krag, 2009).

iii. Integrity
This refers to the reliability, accuracy, and consistency of information. To achieve this, Joshopper should take the following measures.
 Digital Certification Service. This service provides a way of encryption of information on transit so as to protect it from unintended recipients. Should a hacker have access to encrypted information, they will not be able to read or manipulate the data in any way (Warren 2008).
 Use of anti-virus software. Anti-virus acts to prevent and detect any malicious software.
 System Audit. This involves both physical and logical audits.

iv. Availability
This refers to the accessibility of information to authorized users. Ways of ensuring availability that may be applied by Jashopper include
 Back-Up. This is a key factor in ensuring availability. It can be either on-site or away depending on how much the organization intends to spend (Steve, 2008).

Question2
Develop information security strategy critical to Jashopper’s core business
Information security strategy is a plan that is supposed to follow a given program in order to mitigate risks while at the same time complying with contractual, statutory, legal, and internal organization requirements (Krag, 2009). Jashopper will need to undertake the following steps in order to come up with a good information strategy.

 Definition of control objectives- This must be in line with the organizational goals and constraints.
 Identification and assessment of available approaches to meet the objectives.
 Selection of controls- Involves comparison between cost and risk mitigation. An analysis of Secom’s proposal and other available alternatives would give a good starting point (Krag, 2009).
 Establishment of benchmarks and metrics.
 Implementation of the strategy and testing.

Question 3
Will you recommend Jashopper to manage information security internally or transfer it to other external partners?
I would recommend that they outsource (use external partners). This would have the following benefits.
i. Lower costs. Comparing the services provided by an external party and the amounts paid indicates that an external partner is by far cheaper.
ii. Skilled expertise. Using an external partner would free Joshopper from the task of providing, training, and managing skilled manpower (Warren, 2008).
iii. Increased productivity. Using an external partner will allow the organization to focus on its core business leading to increased productivity and efficiency (Krag, 2009).
iv. Distribution of risk. Using an external partner will help distribute or do away with the risks associated with running that particular function.

Question 4
Identify relevant constraints in developing and implementing information security strategy for Jashopper.
Constraints in developing and implementing information security may be external to the organization and beyond the control of the organization or internal and controllable (Warren, 2008). They include the following.

i. Change in customer requirements. This may cause an increase in vulnerability and increased complexity in organizational systems.
ii. Change in-laws (such in this particular case). This may cause an increase in the potential costs arising from exposure of sensitive information and may create new obligations for providing controlled access to information (Steve, 2008).
iii. Change in technology. Though this brings about business opportunities it also brings new vulnerabilities and risks.

Question 5
Which Secom proposal alternative will you recommend to Mamoru Sekine, CEO of Jashopper? Why? What additional security services or products will you recommend that are not included in the proposal?

I would recommend Alternative 3
This alternative though expensive is comprehensive and most likely to meet Sekine’s needs. Also, it would help him attain greater expertise, a wider range of services while cost is reduced. In addition, he would be able to retain the same responsibilities for security as if those services were performed in-house.
I would recommend that they do away with the alarm systems supported by security guards.

In conclusion, information security is a complex undertaking that requires a well-coordinated ability to identify in advance, integrate and allow people to adapt, the process and technology components that together drive the set of security initiatives. The approach allows for transparency into how resources are being allocated and which trade-offs arise when unexpected issues surface that compel executives to reconsider the security strategy priorities (Krag, 2009). Read More