Information Security Framework:
Case Description:
The organization is a medium-sized organization with a number of outlets spread across a large geographical area.
The organization’s IT architecture included:
1. IBM mainframe computers (located in two data centers 20 kilometers apart)
2. Storage area network (across the two data centers)
3. More than 300 servers (IBM, Compaq and Sun)
4. Four database management systems (DB2, Oracle, SQL Server and SAP)
5. Operating systems (AIX, Solaris, Windows )
6. More than 1,000 desktops
The security across the organization been neglected by past management, and was considered to be high risk.
The security environment included:
1. No dedicated resource only for physical security
2. No approved information security policies
3. No security awareness program
4. No deployment of security software and hardware to facilitate security violation logging, monitoring and reporting.
This situational analysis was captured by the organization’s internal audit department and supported by the external auditors. The audit committee reviewed its findings, and as a result the organization’s information technology (IT) department was directed to develop an action plan to immediately address the above deficiencies and implement an information security framework.
Case Study Requirements:
1. Introduction
2. Literature
3. Conclusion