Introduction
Coca Cola Company has procurement section which has bogus suppliers where procurement officer can submit quotations that are fabricated to circumvent procurement rules of the company. A procurement officer may manipulate specifications by drawing up overly specifications which are restrictive or biased to be able to favor a supplier. This makes the product that is sold by the company to appear as if it bears the specifications that are listed and customers purchase because the specifications are in line with what they want but in reality, the product sold does not contain those specifications.
Problem
Coca Cola Company may obtain sub-standard goods and services that are accepted by procurement officer from supplier and pay for them without knowing that they are not of the right quality. There are unauthorized rebates or commissions where rebates are solicited from supplier without permission from employer after orders are placed with supplier. Quotation information of one supplier is disclosed to another supplier through leaking information and this interferes with privacy of suppliers. (Kristensen, 2003 pp10-13)
Sales and marketing in Coca Cola Company has vulnerable areas of security where discounts are manipulated by salesperson through pocketing bulk purchase discounts and sales discounts by using intermediate company for re-selling goods to potential customers. Information is disclosed to customers about the competitors of the company making the company loose its customers to competitors and salesperson accepts commissions without getting permission from the employer. Collusion exists in salesperson through falsifying record of sales in order to allow a particular person get higher bonus or incentive after sales made are over a certain volume.
The supervisor gives false reports about number of staffs who are recruited on temporary basis and gives the employers forged records of attendance in order to deceive Coca Cola Company and make those employees be paid their salaries. Members of staff who are served by corrupt supervisor false their records of attendance to be able cover up their absence from duty. The supervisor colludes with members of staff so that false claims can be made about the number of overtime hours worked in order to receive salaries they have not worked for.
A supervisor responsible for promotion and hiring does not disclose close relationship that exist between him and the candidate which results to the candidate being favored at the expense of other potential candidates. Medical and rental certificated are forged to deceive employer and make him pay housing and medical allowance to staff that may not deserve it. (Kristensen, 2003 pp14-17)
Failure to manage stores at the Coca Cola Company may make the areas be vulnerable to security because; theft occurs to the goods that are kept in the storeroom that are physically insecure. Records are falsified by storekeeper to reduce levels of stock so that some stocks are taken for personal use and some of the stocks that are still in good condition are written off and taken out for personal use. The person responsible for disposing written-off items decides to sell those items for his own personal gain and the company does not allow that to happen. The storeroom may be misused to keep other stocks of the company where the storekeeper receives storage fees for his own use.
The information system may be insecure and cause disruption to business where staff member who is corrupt install virus in Companys computer system causing all files to be deleted thereby disrupting Companys business. Leakage of information by members who abuse their right to access confidential information and information that is commercially valuable is very dangerous because the information is sold to the competitor. Members of staff who access system may amend data from the system for their own benefit. (Taylor, 2004 pp35-42)
Solutions to the problems
Data gathering is very important in order to know security policies, procedures and processes that exist at Coca Cola Company. The security resources that are in existence are very important to be aware of and information about security that has been experienced by the company. Know about security breaches that have existed in the past, the prior process of reconciliation, final outcome and whether there was involvement of law enforcement or termination of employees.
Good understanding of available resources is important and what is expected of fellow management team and categorizing each of the vulnerability in terms of potential impact it has to the company such as low risk, moderate risk or high risk. In categorizing the levels of risk, consider contractual agreements that you have with customers, privacy notice and existing transactions that are financially or life threatening.
The network hardware devices requiring security inspection are hardware platforms the applications exist on because, if firewalls are not there and authentication systems, the job becomes more challenging and need for developing and implementing specialized security systems should be identified. Information security should be put together and project plan for overall security and use external auditing firm to identify the vulnerabilities. (Ellertson, 2006 pp57-59)
When deciding on the testing service for security penetration to use, ask for the types of vulnerabilities that they can be able to test and consulting service should test for more than 500 vulnerabilities. Penetrating service must include vulnerability assessment report that assigns level of risk to the reported vulnerabilities and recommendations on how each of them is typically fixed.
Documented procedures and processes should be reviewed by security managers and auditing processes done through human analysis. Shortcomings of the security checks should not be picked by online penetration test because it is necessary to review procedures and processes of security to be able to maintain the on-going security and help it move forward. The process of changing passwords needs to be reviewed and the procedures for ensuring accounts have secure remote access. When proper attention is paid to these areas, potential success to improve security is increased and the process of maintaining security is on-going and every time there will be a new area that requires attention. (Ellertson, 2006 pp54-56)
References
Taylor M. (2004): A case study of Coca Cola Company: public relations review, pp. 35-42.
Kristensen M. (2003): The Coca Cola Company: Total quality management, pp. 10-17.
Ellertson C. (2006): Beyond Coca Cola: International perspectives, pp. 54-59.