Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Enterprise Security Management
Security and Ethics at Cincom Systems
Cincom Systems is a global leader in the development, implementation and service of enterprise software that is specifically designed for the needs of complex manufacturers. Its security and ethics policies reflect the company's long-standing customer relationships with defense contractors both in the U.S., and in the United Kingdom, France and Australia. Each of these nations use Cincom's software to manage their complex defense systems. As a result of these long-standing and trust-based relationships, Cincom must adhere to very stringent requirements for data and information security. The intent of this analysis is to explain how Cincom Systems used the Confidentiality, Integrity, and Availability (CIA) triad to better manage security requirements, and to also define the formal and informal security policies the company has in place. Having served as an intern for the company for two years, specifically during summer and winter breaks, much of the information shared in this paper was a result of those experiences. The main security information threats, how information security is managed, and how Cincom monitors computer and online usage are also discussed. Restrictions on the access to company data is also provided in this analysis.
Cincom's Adoption of the Confidentiality, Integrity and Availability (CIA) Triad
The Cincom security platform is predicated on the security requirements triad of Confidentiality, Integrity and Availability (CIA) and there are formal, audit-based procedures in place for gaining access to specific information assets based on the use of this model. As a former intern for the company in their IT and marketing services organization over the span of two years, many of these aspects of their security strategy became clear. The CIA triad model is supported through a series of user and data taxonomies, each role-based, that define the specific data sets, fields and in the case of transaction systems, specific records and customer data (Bertino, Sandhu, 2005). The CIA Model is also used for managing the reporting...
Department of Defense as part of their yearly audits, in addition to defense audits from the UK, France and Australia. These audits completed to ensure Department of Defense (DoD) compliance are also predicated on having servers for their projects physically located in a completely separate section of the computer room, with different security processes and procedures to gain access. Consistent with the use of the CIA Model, Cincom also has aligned their CIA framework to the strategic IT Plan and overall strategic plan of the entire enterprise. One of the most challenging aspects of using the CIA triad is to ensure enough agility in the business model to attain strategic plans while also having enough of the security infrastructure and frameworks in place to protect information assets and access (Knapp, Marshall, Rainer, Ford, 2006). Cincom has adopted the CIA triad in conjunction with the role-based access control (RBAC) model (Bertino, Sandhu, 2005) as the audit and security requirements of the U.S. Department of Defense and foreign ministries of defense require this level of auditability, visibility and verifiability of activity within each database and across the entire IT complex of systems the company has. Cincom adopted the RBAC Model specifically to allow for greater agility in their global software development, testing and selling efforts while also ensuring a hardened and secure IT infrastructure. The CIA triad is specifically designed to provide enterprises with the flexibility of attaining these strategic objectives (Knapp, Marshall, Rainer, Ford, 2006). Cincom has designed in compliance to their IT strategic plan with specific focus on attaining the shared objectives of confidentiality, integrity and availability of data while also ensuring its authenticity, as it is verified every six months or more by government agencies whose projects Cincom completes.
The formal and informal security policies in place within Cincom vary significantly across the divisions of the company. For those divisions actively involved in projects and…
References
Elisa Bertino, & Ravi Sandhu. (2005). Database Security-Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing, 2(1), 2-19.
Cheryl L. Fulkerson, Mark A Gonsoulin, & Diane B. Walz. (2002). Database security. Strategic Finance, 84(6), 48-53.
Kenneth J. Knapp, Thomas E. Marshall, R Kelly Rainer, & F. Nelson Ford. (2006). Information security: management's effect on culture and policy. Information Management & Computer Security, 14(1), 24-36.
Eugene H. Spafford. (2008). INSPIRATION AND TRUST. Association for Computing Machinery. Communications of the ACM, 51(1), 61-62.
Protections for hardware, software, and data resources. (American Health Information Management Association, 2011, paraphrased) V. Legal and Ethical Issues Security professionals are held responsible for understanding the legal and ethical aspects of information security including crimes, investigation of computer crimes and specifically it is stated that certified security professionals "…are morally and legally held to a higher standard of ethical conduct." (U.S. Department of Health and Human Services, 2011) There are four
Security Manager Leadership Analysis & Assessment of Main Management Skills of Security Managers The role of security managers and their progression to Chief Information Security Officers (CISO) in their careers is often delineated by a very broad base of experiences, expertise, skills and the continual development of management and leadership skills. The intent of this analysis and assessment is to define the most critically important management skills for security managers, including those
Social & Ethical Issues in Management Brief Background/History of Corporation Epitech is a technology company that creates and develops software for administrative use for other corporations. The company was founded in the year 2009 and has since then grown to become one of the renowned software technology companies in the region. The headquarters of the company is situated in the state of Virginia. The company is best known for its Omega software
Management Philosophies Samsung Group Samsung group is South Korean company headquartered in Seoul Samsung town. Samsung group comprises of many subsidiary groups that are under the Samsung group. Founded in 1938 by LeeByung-chull as a trading company, Samsung group has grown to diversify into insurance, textile industry, retail and security industries. Samsung entered the electronics industry in the 1960s. It has grown to be the leading manufacturer of cell phones in the
Ethics, Corporate Governance and Company Social Responsibility OCED state-owned enterprises and Privatized companies In the past few decades, emerging economies have launched ambitious plans to privatize their state owned enterprises (SOEs). The volume of privatization in emerging economies has increased from $8 billion in 1990 to about $65 billion in 1997 (Dharwadkar, George, & Brandes, 2000). In privatization, ownership is transferred from the state to new private and public owners, which may
Ethics Corporate Governance & Business Ethics It is quite interesting to note that, academic research in business ethics was a totally distinct discipline from research in corporate governance, and the application of the word 'ethics' was uncommon in available research on corporate governance. The chief responsibility of corporate governance was understood to be safeguarding the benefits of the shareholders. Because of the severance between ownership and management, and the incapability of the