Ans Doc361Y


Yoyodyne Propulsion Systems (YPS) is a contracting company that manages thousands of accounts across Canada, the United States, and Mexico. A public company traded on the NYSE, YPS specializes in supply chain management and in coordinating the warehousing, staging, distribution, transportation, and wholesaler/VAR relationship for their customers.
YPS employs over 3,500 employees and has been experiencing consistent growth keeping pace with S&P averages (approximately 10%) for nearly six years. A well‐honed management strategy built on scaling operational performance through automation and technological innovation has propelled the company into the big leagues; YPS was only recently profiled in Fortune MagazineYou are the Computer Security Program Manager (CSPM) educated, trained, and hired to protect the physical and operational security of YPS’s corporate information system.
You were hired by COO Don Jacobson and currently report to the COO. You are responsible for a $7.25m annual budget, a staff of 17, and a sprawling and expansive data center located on the 9th floor of the corporate tower. This position is the pinnacle of your career – you are counting on your performance here to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so significantly lacking from the executive team.
There is actually a reason for this. CEO Emilio Lizardo believes that the IT problem is a known quantity – that is, he feels the IT function can be nearly entirely outsourced at fractions of the cost associated with creating and maintaining an established internal ITdepartment; the CEO’s strategy has been to prevent IT from becoming a core competency since so many services can be obtained from 3rd parties. Since the CEO has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you: maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Jacobson’s act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a manager to whom theseobligationscouldbedelegatedto. Jacobson’sworstnightmareisasituation where the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the company to its knees – then having to rely on vendors to pull him out of the mess at a significant additional cost.
There’s no question that the company’s CEO sees the strategic importance of technology in executing his business plan, and in this way you share a common basis of principle with him: that IT is a competitive differentiator. However, you believe that diminishing internal IT services risks security and strategic capability, whereas the CEO feels he can acquire that capability immediately and on the cheap through the open market given the current glut of unemployed IT personnel. You’re told that CEO Lizardo reluctantly agreed to your position if only to pacify COO Jacobson’s concerns.You are responsible for a corporate WAN spanning 81 remote facilities (warehouses) and interconnecting those facilities to the central data processing environment. Data is transmitted from suppliers and customers through an FTP bridgehead server situated in the DMZ; files are encrypted and copied to the FTP server through automated replication; remote automation or users connect with the FTP server to transmit or receive encrypted EDI files.
A bulk of the data processing for your company is handled by twin IBM System/390 mainframes, with event logs shipped to a VAX/VMS system by direct proprietary network connection off the TCP/IP‐based network; all GL and financial functions are located on the mainframe platform; a microcomputer cluster manages email routing, file storage functions, HRIS, and other value‐added applications; an application‐layer proxy server serves as the central gateway for Internet connectivity for the corporate office and 81 remote sites – a strict philosophy of control, centralization, and outsourced services has guided much of the design of this network; YPS’ web server and e‐commerce functions are hosted by an external party outside of the scope of this topology.
1. Risk Assessment to include:
Identify the organizational assets•
Assess the organizational risk•
Describe the current organizational security posture•
Describe the problems that YPS is having•
Recommend a mitigation strategy•