Information security management is guided by several pieces of legislation (Rezakhani, Hajebi & Mohammadi, 2009). The legislation guides the investigation of claims of information security breaches that are committed by individuals and companies. Investigations of breaches of information security rules should be open.
These investigations are conducted by parties which feel that there are breaches of laws and ethics that govern the use of information networks. Concerning the SCM case, the company detected an unusual traffic on its information network and sought to investigate the issue. The security manager detected a heavy flow of traffic. The abnormal traffic flow was taking place between the three main operational sites of SCM.
According to the senior manager of information security, there were database violations. Therefore, George, the senior manager of information security management reported the incident to the chief security officer of the company; Mr. Tom. Company laws on security management were followed.
Laws of companies on information security management base on the national laws on information security management. Up to this point, it is imperative to say that there was no breach of the company and the national legislation on investigation of alleged violations of information security (Whitman & Mattord, 2011).
Upon receiving information from George, Tom launched an individual investigation into the matter. The aspect of launching an individual investigation comes out as a lack of sensitivity to the national and international laws on information security management. SCM ought to have ordered for an audit of its information security system.
The external audit report from an independent investigation firm could have a strong legal force for launching a case against the alleged hacking of the company’s system. External auditing gives a company a strong edge for launching a case against another party. Such auditing comes up with an independent report, which can be trusted by national and international players (Whitman & Mattord, 2011).
According to Rezakhani, Hajebi & Mohammadi (2009), the management of a company’s information security system is an issue that has been given a lot of attention by many companies across the world. This resonates from the point that companies keep sharing information with their stakeholders. The wider sharing of information increases the risk of violations of information security principles and practices.
This is the reason why international procedures have been laid down. The procedures govern the introduction and implementation of practices in information security management by firms. Companies need to follow the international rules and procedures when sorting out the issues that concern information security management.
SCM is not exempted from following international rules and procedures on information security as the company operates internationally. The threat that was detected on the security system of SCM had potential to harm the security system of other companies. Several concerns are raised from the case.
These concerns point to the fact that the company could have violated the procedures of information security management, which are used globally. The first concern is that the company chose to use an individual system. This system was created by the chief information security officer of SCM.
According to the international rules of information security management, there are standardized systems, which ought to be used for investigating such cases (Ma & Mark, 2009).
The second concern entails the failure of the company to inform its partners of the threats. This is desired in information security management at the international level. It enhances the aspect of collective security in information security management (Siponen & Willison, 2009).
This case is an example of the numerous challenges that companies face as they deal with cases in information security management. The culmination of events in the case denotes some level of breaches in procedures of handling cases of information security breach. Therefore, it is likely that SCM will receive criticism from the other companies that partner with it.
The attack on the security system of SCM would be disastrous not only to SCM, but also other companies including its suppliers, clients and vendors. When they learn about the security attack, other companies will turn on SCM. SCM will bear the full responsibility for its laptop was used to hack the system.
An internal investigation needs to be launched by SCM in order to detect how its laptop was used to attack the security system (Rezakhani, Hajebi & Mohammadi, 2009).
Cases to do with breaches in information security rules tend to be delicate. Such cases need maximum cooperation and composure. This is critical to detecting the violations and people who are responsible for such violations. This is also vital for making improvements of security networks so as to prevent such violations from recurring. Big companies like SCM shares their operational networks with many other partners.
When the operative network is under threat, the risks will spread to the partner networks. In the SCM case, the company needs to launch an investigation into the alleged case of hacking.
The launching of the investigation should take place after the company has notified all its partners who include vendors, contractors, and government agencies. This helps the partners to take caution ad prevent further damage as the case is managed (Kakoulidis, Koskosas & Siomos, 2011).
References
Kakoulidis, K., Koskosas, I. & Siomos, C. (2011). A model performance to information security management. International Journal of Business and Social Science, 2(4), 47-51.
Ma, Q. & Mark, B. S. (2009). An integrated framework for information security management. Review of Business, 30(1), 58-69.
Rezakhani, A., Hajebi, A. & Mohammadi, N. (2009). Standardization of all Information Security Management Systems. International Journal of Computer Applications, 18(8), 4-8.
Siponen, M. & Willison, R. (2009). Information security management standards: Problems and solutions. Information & Management, 46(5), 267-270.
Whitman, M., & Mattord, H. J. (2011). Readings and cases in information security: Law and ethics. Boston, MA: Cengage Learning.