Kudler Fine Foods Case
Autor: ummhumm02 • July 14, 2014 • Case Study • 3,591 Words (15 Pages) • 1,185 Views
Kudler Fine Foods is in the process of creating a customer rewards program. This will create a new database full of customer’s private information. This will also create more hardware and software that needs to be protected from threats. Kudler Fine Foods wants to make sure that security is the main priority in every step of the creation of this program. They want to prepare for current and future threats. This report was created to accomplish this goal and provide the CIO, Kathy Kudler, with information that will allow her to make decisions on the overall project. To create the program, they will be following the basic system development life cycle methodology. Our team will be consulted for each step in the process. This is a basic plan for each phase and what security aspects our team believes will be essential. Our team will be considering the risk from our last report and apply them to this report. Each phase has a separate security risk and needs to be understood by everyone involved. Beginning with the planning phase and what security concerns must be planned for.
The safety problems that should be considered in the development procedures are critical to making sure the data is safe. Every stage of the systems development procedure will have its own risks, and appropriate measures ought to be taken to minimize these types of risks. While not each problem may be planned for, the objective of a great plan is to permit versatility so as to fix any safety problems that can be found in the future. The table below demonstrates the phases as well as the problems that should be thought about.
Kudler Fine Foods is in the process of creating a customer rewards program. New policies will be needed for this project. The policies will cover access to the information, integrity of the data, and confidentiality for the database. The primary system will be an Enterprise Information Security Policy (EISP). This policy will be following points from the book;
An overview of the corporate philosophy on security
Information on the structure of the information security organization and individuals who perform the information security role
Fully articulated responsibilities for security that are shared by all members of the organization (employees, contractors, consultants, partners, and visitors)
Fully articulated responsibilities for security that are unique to each role within the organization (Whitman, 2014)
Training will also be an important part of the transition into a new program. Employees need to be made aware of the security threats that the new program presents. These threats have been outlined in the Top Threats to the Program that was developed in week two. A schedule of the subject matter will be prepared and presented to employees in a series of interactive presentation.
Planning
...