COMPUTER SECURITY CASE STUDYPage 1 of 3GLOBAL DISTRIBUTION, INC. (GDI)Global Distribution, Inc. (GDI) is a distribution company that manages thousands ofaccounts across Canada, the United States, and Mexico. A public company traded on theNYSE, GDI specializes in supply chain management and in coordinating thewarehousing, staging, distribution, transportation, and wholesaler/VAR relationship fortheir customers.GDI employs over 3,200 employees and has been experiencing consistent growth keepingpace with S&P averages (approximately 8%) for nearly six years. A well-honedmanagement strategy built on scaling operational performance through automation andtechnological innovation has propelled the company into the big leagues; GDI was onlyrecently profiled in Fortune Magazine.The executive management team of GDI:CEOJamie PierceExec. AssistantStacy FarnsworthDir. Of HRTad WillinghamCCOMike SullivanVice President,AmericasVinay SahdidExec. AssistantBarbara ClooneyExec. AssistantGreg GaimanCOODon JacobsonCFORon SingletaryDir. Of MarketingKorie SmithBACKGROUND AND YOUR ROLEYou are the Computer Security Program Manager (CSPM) educated, trained, and hiredto protect the physical and operational security of GDI’s corporate information system.You were hired by COO Don Jacobson and currently report to the COO. You areresponsible for a $7.25m annual budget, a staff of 17, and a sprawling and expansive datacenter located on the 9th floor of the corporate tower. This position is the pinnacle of yourcareer – you are counting on your performance here to pave the way into a more strategicleadership position in IT, filling a vacancy that you feel is so significantly lacking fromthe executive team.There is actually a reason for this. CEO Jamie Pierce believes that the IT problem is aknown quantity – that is, she feels the IT function can be nearly entirely outsourced atfractions of the cost associated with creating and maintaining an established internal ITCOMPUTER SECURITY CASE STUDYPage 2 of 3department; the CEO’s strategy has been to prevent IT from becoming a core competencysince so many services can be obtained from 3rd parties. Since the CEO has taken thereigns two years ago, the CEO has made significant headway in cutting yourdepartment’s budget by 30% and reducing half of your staff through outsourcing. Thishas been a political fight for you: maintaining and reinforcing the relevance of an internalIT department is a constant struggle. COO Jacobson’s act of hiring you was, in fact, anact of desperation: the increasing operational dependence on technology combined witha diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring ina manager to whom these obligations could be delegated to. Jacobson’s worst nightmareis a situation where the Confidentiality, Integrity, and Availability of the informationsystem was compromised – bringing the company to its knees – then having to rely onvendors to pull him out of the mess.There’s no question that the company’s CEO sees the strategic importance of technologyin executing her business plan, and in this way you share a common basis of principlewith her: that IT is a competitive differentiator. However, you believe that diminishinginternal IT services risks security and strategic capability, whereas the CEO feels she canacquire that capability immediately and on the cheap through the open market. You’retold that CEO Pierce reluctantly agreed to your position if only to pacify COO Jacobson’sconcerns.CORPORATE OFFICE NETWORK TOPOLOGYUtility (Micro) ServersPublic RouterFTP/SMTP BridgeheadApplication Mainframesand DSInternal Switch(VLAN)Proxy ServerISPT1CSUWorkgroupServer/DSSwitchCSUF-T1 (768kb)FRAMEFRAMEInternal Switch(VLAN)CSUF-T1 (768kb)CENTRAL DATA PROCESSINGREMOTE WAREHOUSESPublicFile ReplicaFileSharesEmail802.11gWAPCOMPUTER SECURITY CASE STUDYPage 3 of 3You are responsible for a corporate WAN spanning 81 remote facilities (warehouses) and interconnecting those facilities to the central data processing environment. Data is transmitted from suppliers and customers through an FTP bridgehead server situated in the DMZ; files are encrypted and copied to the FTP server through automated replication; remote automation or users connect with the FTP server to transmit or receive encrypted EDI files.A bulk of the data processing for your company is handled by twin IBM System/390 mainframes; all GL and financial functions are located on the mainframe platform; a microcomputer cluster manages email routing, file storage functions, HRIS, and other value-added applications; an application-layer proxy server serves as the central gateway for Internet connectivity for the corporate office and 81 remote sites – a strict philosophy of control, centralization, and outsourced services has guided much of the design of this network; GDI’ web server and e-commerce functions are hosted by an external party outside of the scope of this topology.OTHER CONSIDERATIONS1. Ever since the article ran in Fortune about GDI, your network engineers report that they’ve noted a significant spike in network traffic crossing into the DMZ. They report that they cannot be certain what or who is generating this traffic, but the volume and frequency of traffic is certainly abnormal.2. Increasingly, GDI’s CEO Pierce attempts to outsource IT competency. In fact, you’ve been told of a plan from COO Jacobson to outsource network management functions away from your department and to a service integrator. COO Jacobson warns you that the political environment will only become more contentious over time; you must make a compelling case as to what value your department can bring over an integrator that can provide services at 40% less annual cost than you.3. The interrelationship between data and operations concerns you. Increasingly, some of the 81 warehouses have been reporting significant problems with network latency, slow performance, and application time-outs against the System/390’s. The company’s business model is driving higher and higher demand for data, but your capability to respond to these problems are drastically limited.ASSIGNMENT1. Risk Assessment to include: Identify the organizational assets Assess the organizational risk Describe the current organizational security posture Describe the problems that GDI is having Recommend a mitigation strategy APA format
Hi, how long does this need to be and when is it due?
10-15 pages due december 8. I have attachments I can send to show format but can't find paper clip to attach a document
Hi, that's longer than I currently have time to complete. I'll opt out for other experts.
David I won't be able to until tonight whe4n I get home from work