IT Security and Privacy

Ever since 9/11, IT security and privacy has become a major IT management issue.  Many large companies have created the role of Chief Security Officer or Chief Information Security Officer, whose jobs are to cost effectively protect data security and privacy.  Your aim is to provide the class with an organizational perspective on IT security.

 

Your group might begin your presentation with stories of recent IT security breaches—for example in Fall 2008, someone stole IT records from Express Scripts and was trying to get the company to pay a large amount of money (ransom).  These horror stories will get the audience’s attention and help them to understand why general managers need to be involved in IT security.

 

Other topics to cover:

      The costs of IT security and/or privacy prevention (at macroeconomic and microeconomic levels)

      The most common types of security threats

      The types of security threats that cost organizations the most money

      The role of CSO/CISO within organizations

      Short videos on IT security solutions

 

Provide one to three in-depth examples of an organization's security and privacy policies, technologies, and procedures, based on at least one original case study.  For each organization studied, provide the company background by including:

• Size of company in terms of sales and profits
• Major products the company sells
• General characteristics of their customers
• Organizational chart--who does the CIO report to?
• How many people work for the IT organization?
• What is the annual IT budget?

 

The IT security and privacy portion of the case should include:

• Description of the organization's IT security and privacy policies, technologies, and procedures
• Who is responsible for IT security and privacy
• Specific examples of risks and risk mitigation practices
• What are the perceived benefits and limitations of the IT security and privacy as described by IT managers you interviewed
• What plans does the organization have for the future of the IT security and privacy
• Lessons learned by the company

 

The group should end the presentation on best practices for creating a good IT security and privacy, then map how your cases fit into best practices.  This is essentially a cross-case comparison that integrates your primary (case studies) and secondary (journal articles & books) research.

 

Note on topics that are not effective:

• Topic from the individual’s perspective (we don’t need coverage on what to do if your identity is stolen)
• In-depth coverage of things we already understand like SPAM, viruses.  It is appropriate to say how organizations prevent these, but we don’t need in-depth explanations as to what these are.

 

 

I am sure that your group will have many creative ideas, so please feel free to discuss them with me.