The case presented is an example of the problems of information security management. This problem affects a substantial number of companies. In the case, SCM is facing a lawsuit because of failing to take responsibility in safeguarding its information security network. A partner company takes advantage of the interconnected security network belonging to SCM in launching an information security attack on Bullard Enterprizes.
In this case, there is a high possibility that SCM will be liable if the case is presented against it by Bullard Enterprizes. An argument in the case suggests that SMC failed to put in place sufficient mechanisms for controlling the use of the interconnection security network. Therefore, the company failed in its ethical responsibility as the owner of the security network.
SCM is not a direct party in the case in which it is implicated. However, the fact that the attack was launched by the security system belonging to the company makes the company a direct party. SCM will be required to settle the issue with its partner that launched the attack. This could perhaps take place after the verdict of the case presented by Bullard.
Ethical lapses occur when a company fails to exercise responsibility. This are practices which the company is mandated to guard. The securing of information systems is a strenuous task given the fact that there are many challenges associated with the management of security systems. The challenges are even extended when a company shares the security network with other companies (Johnson, Goetz & Pfleeger, 2009).
Basing on the given case, I believe that Stratified Custom Manufacturing had a low sense of responsibility in managing the vendor network which it shared with other business partners. According to the case, SCM had made strong recommendations guiding the use of the vendor network.
The company did not give the recommendations a strong force. This would have helped in fostering discipline on other users of the network. Allowing other companies to use the vendor network is a desired practice which was meant to enhance the flow of information and business (Whitman & Mattord, 2011).
The company was supposed to give the recommendations a legal force which would have served as a caution to its partners who used the network. In this case, it is argued that there existed weak measures of enforcing the recommended practices of using the interconnection network.
This could thus be cited as one of the reasons why the company found itself in this situation. Its partners took advantage of the weak system of safeguarding the network to attack other companies. This is the reason why SCM is being sued by Bullard Enterprizes as its network was used for attacking Bullard (Whitman & Mattord, 2011).
Hyeun-Suk, Young & Cheong-Tag (2012), observed that information security management is a sensitive subject which is handled with a lot of care by companies. In the meeting between the Chief Information Officer of SCM and the Managing Director of the company, a lot of sensitive issues are expected to be discussed at length. The meeting is supposed to help in uncovering all information security concerns.
This resonates from the fact that the company risks losing because of a lapse in security information management. The meeting will first uncover the facts of the case facing the company. The two will discuss how to launch an internal investigation into the accusations made by Bullard Enterprizes. This is the basis on which the company can identify the facts about the security of the shared network.
The second thing, which is expected to feature in the meeting, is the possibility of developing quick measures to help in securing the interconnection network. This is part of a rapid response which seeks to seal the information security breach loopholes as the company handles the case facing it.
Available evidence points out that the company could be held responsible for the information security attack made on Bullard. Therefore, it is expected that the two will discuss the approaches to take in handling the case.
As mentioned earlier, information networks handle a lot of information hence they can be easily used for defamation by players in the competitive corporate sector. The SCM case is a superb example. SCM faces a possible prosecution due to poor management of its information security network.
Auditing of information security networks is a desired practice as it aids in rating the company’s information security system. As an Information Systems Auditor, I would help SCM in conducting practices which will help in preventing future risks that are associated with information security management.
I will help in identifying the possible leakages that are likely to exist in the use of the all the security systems of the company. I will achieve this by making strong recommendations after a thorough audit.
I will also help in researching and devising tools that will be used in monitoring the use of shared information security networks of the company. These tools will be used in detecting real breaches of recommended practices on the use of shared networks.
This will help in preventing cases such as the one presented by Bullard. Continued auditing of the security information systems is vital in this era where there is continued growth in technological invention and innovation (Hedström, Kolkowska, Karlsson & Allen, 2011).
References
Hyeun-Suk, R., Young, U. & Cheong-Tag, K. (2012). Unrealistic optimism on information security management. Computers & Security, 31(2), 221 – 232.
Hedström, K., Kolkowska, E., Karlsson, F. & Allen, J. P. (2011). Value conflicts for information security management. Journal of Strategic Information Systems, 20(4), 373-384.
Johnson, M. E, Goetz, E. & Pfleeger, S. L. (2009). Security through Information Risk Management, IEEE Security & Privacy Magazine, 7(3), 45-52.
Whitman, M., & Mattord, H. J. (2011). Readings and cases in information security: Law and ethics. Boston, MA: Course Technology, Cengage Learning.