Information System Security Plan at West Marine Inc.
Instructions: Select one of the following organization types:
Online wholesale enterprise
State revenue agency
Write a 1,750- to 2,450-word paper that describes the ideal information system security plan for your selected organization.
Provide a clear description of the organization that includes the following:
Identify the following in your plan:
The types of information you might expect to find
Internal and external data access needs
Potential IT system vulnerabilities
Disaster recovery plans
Business continuity plans
The use of penetration testing
Auditing and monitoring tools incorporated in the plan
Information System Security Plan at West Marine Inc.
West Marine, Inc is one of the largest marine incorporation around the globe. The company is focused on the specialty of retailing boating supplies in the United States. They are also the leading distributors of marine equipment. Most of the products at West Marine Company entail Yacht products. Additionally, the company manufactures yachts and is rated as one of the best yacht manufacturers across the globe (West Marine Company, 2011).
The company was incorporated in 1968 as it took over its office in Palo Alto, California in the year 1975. After this take-over, the company has experienced tremendous development as it procured products that are based in Boston, initiating a Boston-based company under its name. Additionally, the company alerted its name from West Coast Ropes to its present name “West Marine products” (West Marine Company). In 1991, the company launched an original store in Miami, located on the East Coast and then opened another one in Annapolis Maryland. Afterward, in the year 1993 the company initiated a global image as it became an icon the NASDAQ trade with the name WMAR. Presently, the company has several sites in the 38 states with more 350 stores, inclusive of those in Puerto Rico and Canada. Products that the West Marine Company focuses on range from ropes which gave birth to the company to other marine electronics as well as other marine materials. Apart from its retail business and the wholesale suppliers, the company now cater for boaters globally, approximately 150 countries through the internet in addition to its mail ordering business.
Exceptionally, the Information Technology Department at the company has gained the spectacular IT credentials such as the BS-15000, for IT services, the ISP 9001 for software development award and the impressive BS-7799 Award which is ordained as an Information Security Award. In the company, the IT department is the only sector that has accomplished the prestigious honors. Also, the current branches at Palo Alto, California, have the proposals for the necessary certificates in a known way. To execute information technology solutions in a traditional manner, West Marine Company requires a corporate organizational strategy.
Implementation of the Information System
The company will execute will carry out information system inclusive of the plan quality, conventionally referred to as Enterprise Resource Planning System (ERPS) which will allow for immediate processing of data over all the departments in the company. This strategy stipulates that all the departments’ necessities can be convened synchronously. With excellence, the departments have the capability to perceive same data and create the necessary updates before concluding the document (Infor, 2011). This will allow the company to use lean creation to boost a number of products in a smaller amount of time and capitalize on earnings. Consequently, the present arrangement of operation is old and is preventing the organization from keeping rate of development with the times and like this keeps on utilizing innovative improvements to its advantages (Lyn Denend, 2005)
The game plan for the Company will make perfect sense. Despite the fact that a couple of aggregations might be stressed over the unique issues that may touch base with today’s particular improvements (i.e. hacking), it is a perceived reality that a cutting-edge IT structure is vital to the operation of any combination in the current commercial sector. Hence, those these that are not prepared to build up an avant-garde data framework that will sustain the firm’s object are posing a risk to one side in the clean.
In this way, with a specific end goal to execute the Company’s game plan. The enterprise should be worried about hackers regardless of having security passwords. All things considered, the aggregations would require recognizing the safety qualms of the most recent framework; the defensive measures open inside the new structure, the risks and points of confinement for actualizing each segment, and the significant strides to take to decline shortcomings. Security provisions entail perceiving by a careful evaluation of security threats. Costs of security controls require solidness against the business harm that is inclined to come about because of security insufficiencies (Lyn Denend, 2005). The hazard assessment analysis will help with scheming and make sense of necessities for overseeing data dangers and the reasonable organization action to execute controls, which secures threats. By periodic assessment of the threat approach to concentrate on, any possible upgrades that impact the hazard results of the evaluation (Tetra Tech, Inc, 2005).
The corporation will execute the IT system at the Arco department through the sustenance of the number of aggregations, and the company’s initiative must be aware of the security, secrecy, respectability and accessibility of the information system framework. The method will help in avoidance of dangers, lessen security breaches, and reduce the downtime in the system as well as serves a guarantee to the optimal effectiveness of the scheme. Additionally, the company has to employ a Chief Security Officer’s cluster for the IT department, who will have the authority of evaluating the threats that are encountered by the company’s data system. The CSO will be a vital factor in the organization as he will be able to identify the weaknesses present within the It system and recognize any optional countermeasures put forth to avoid viruses, hackers, and devastation of the system coupled with human-made and ordinary catastrophes that could mess up the system. The IT system has a data highway that links approximately 100 offices/sites allowing impeccable combination of sharing data and information as well as services which level with, supports the emergent communication and reporting requirements of the industry, and combines the data across its ABG 2.1 Infrastructure (Levine and Gilbert, 1999)
The main aspect that will enable such architecture is the information exchange and sharing over the departments through the decrease in the value series. The following will help the information administration server LAN-WAN 2.2 Information Security 2.2.1 ABG security to protect informational assets of ABG, which will sustain the company’s vision of becoming the best corporation across the globe.
The CSO at the facility has the responsibility as well as a duty of keeping the secrecy, and the security of its clientele and partners. The team led by the CSO will make plans to in evaluating the company and screening for any legislation issues. Apart from just protecting the information framework at the business, the system will be able to realize any weaknesses within the system. When there is an avant-garde weakness or rather information being breached, the CSO will be able to tackle the possible dangers and record any potential agents that caused the malfunction. The information of the target, some occurrences that may be more harmful to the system, inspection of countermeasures, and creation of a program that will be able to protect emergent risks within the system.
Methodology of the Plan: An Analyze, Control Efficiency Plan
The following will be essential when tackling any hazard within the system. ,
- Control Efficiency Index used to recognize the accomplishment for every control connected.
- Control Adequacy Index is a part of lingering risk to the benefit taking after control consummation (Tetra Tech, Inc, 2005).
These controls, which have a record of security events, are the delicate controls.
- The bottom lining of power productivity is essential to finish persevering changes.
- Root frail assessment needs coordinating to perceive the purposes for the fragile controls.
- Standard security evaluations on controls will uncover any feeble spot, which can realize risk sign.
Similarly, it would have been insightful to apply the Security Incident Monitoring (SIM) which will have an event will start security event screening philosophy. An event portrayed as any infringement of ISO 27001 executed controls for a predefined resource or any sporadic occasion, which can make lost openness of Information (Infor, 2011).
Implementation Plan’s Starting Point
A number of controls can be the excellent starting point for the accomplishment of a safe information strategy. These control checks are dependent on a particular prerequisite or as a standard practice for information as well as data security. Additionally, these controls depend entirely on an appropriate enactment.
- Data assurance and security of individual information/data,
- Protection of the company’s files,
- Rights for intellectual assets.
Controls that are focused on the safety of information entails;
- A strategy for safe keeping data documents,
- Allotment of data security requirements,
- Training, training and creating awareness regarding data security,
- A postulated procedure for employee applications,
- Vulnerability management
- Stability for business administration,
- Management of information security changes and occurrences
These provisions noticed that despite the fact that all controls in these standards are objective and requires the congruity of any control requirements settled in the light of particular dangers that a conglomeration might confront. Subsequently, the above method is a remarkable beginning stage; it does not substitute a selection of controls in light of peril evaluation.
The understanding clearly depicted that the subsequent aspects that are the most frequent and noteworthy to the achievement of executing information safety inside and outside the aggregation.
- Data safety procedure, objectives, and exercises which uncover company’s objectives.
- Process and structure to applying, controlling, directing, as well as upgrading data safekeeping that is steady with the hierarchical society.
- Detectable support and devotion from all levels of organization
- An impressive cognizance of the data security essentials, risk evaluation, peril organization
- Stipulation to financing information security organization exercises
- Providing legitimate mindfulness, instructing, and training
- Establishing an effective data security event coordination process
Planning will decide the business affect examination or shortcoming study contingent upon the type of benefit. Every crucial resource will encounter “business affect analysis” and additionally defenselessness examination (Levine and Gilbert, 1999).
This technique will analyze and amass a broad range of advantages secured under the security approach of West Marine Company. This system will make different archives/documents as depicted in the above (Infor, 2011).
Business Impact Analysis
This strategy will be accomplished for every single essential resource, once the issues recognized under resource examination. As per the definition, “the inside substance of business effect analysis is to understand dangers straightforwardly faced by an aggregation in light of the fact that to any result that may happen by virtue of asset non-openness.” This philosophy requires cooperation with ownership holder. The property holder will tell key criteria for belonging for example – Peak used time dependency on huge assignments availability of substitutes e.g. manual process acceptable downtime. Lastly, perform general security examinations on BC plan to research their convenience (Infor, 2011).
Vulnerability philosophy is the typical procedure for perceiving a broad range of dangers and shortcomings defined by resources secured by the information assurance policy. It focuses on three sections of the security organization, operations, and advancement. Root source examination in the past performed on the safety events and non-adjustments can uncover shortcomings or perils. This V-T Analysis is as nearby with the others in Vulnerability-risk posting record. This posting is sent to the hazard evaluation procedure for risk assessment and avoidance purpose (Tetra Tech, Inc, 2005).
The whole perceived risk influencing an advantage measured and filtered will base on the peril assessment arrangement of the combination. Those dangers which are regarded as controllable are isolated, and ISO 27001 archetypal controls are designated to them. Resource vulnerability evaluation report points of interest to the risks and their controls for any given advantage. In conclusion, SOA upgrades within a matter of seconds for active controls.
Conclusively, the West Marine Company
worked in 1968 has revolutionized to being the best in the range of boating
materials and development, working with more than 350 stores in 38 distinct
states. West Marine Company furthermore has a mail ordering division that
serves 150 countries all around the globe. The improvement of the business has
opened up latest markets and similarly has made the business defenseless to
perils, and breaks to the information framework, resources, belonging, laborers
and visitors of the organization. The CSO at the West Marine Company is the
capable master inside the administration and searches for the care of the partnership’s data framework,
belonging, resources, specialists, and
visitors. The security professionals and
organization collaborate to execute a shortcoming examination, risk assessment,
and develop countermeasures to demoralize all threats to the combination characteristic or simulated. The security
approach’s of the aggregation are actualized
and maintained all through the aggregations in a steady, standard, sensible,
and proficient way ensuring the methodologies and information get streamlined to laborers through
instruction, courses, classes, online classes, and gatherings.
David I. Levine & April Gilbert, (1999). Institute of Industrial Relations, University of California, Berkeley. Managerial Practices Underlying One Piece of the Learning Organization. Retrieved from http://www.irle.berkeley.edu/cohre/knowledge.html
Infor, (2011). Infor ERP (Enterprise Resource Planning). Retrieved from http://www.infor.com/solutions/erp/
Lyn Denend, (2005). Board of Trustees of the Leland Stanford Junior University. WEST MARINE: DRIVING GROWTH THROUGH SHIPSHAPE SUPPLY CHAIN MANAGEMENT. Retrieved from http://www.vics.org/docs/committees/cpfr/Stanford_Case_Study_West_Marine_040705.pdf
Tetra Tech, Inc, (2005). Marine Resources Study. Retrieved from http://www.garrison.hawaii.army.mil/shellfishstudy/pdf/01_Introduction.pdf
West Marine, (2011). Company History. Retrieved from http://www.fundinguniverse.com/company-histories/West-Marine-Inc-Company-History.html
West Marine, (2011). West Marine Press Releases. Retrieved from http://www.westmarine.com/webapp/wcs/stores/servlet/PressRoomView?langId=-1&storeId=11151&catalogId=10001&nav=LeftNav&page=Press-Release-08200