Five Business Processes
The processes such as the production process, research and development (R&D), information management, security management, and quality control deserve to be mentioned
Brainstorming
The risks to the production process can be minimized by improving logistics and delivering the required resources on time. The R&D issue can be addressed by funding the research, whereas the information management processes can be improved with the help of a coherent data management strategy and an update of the corresponding technology.
Key Steps
To carry out the changes described above, one will have to reconsider the principles of data processing and communication adopted in the company. Particularly, the problems occurring in the process of data transfer will have to be located and addressed correspondingly.
Purpose
The purpose of the memo is to identify the risks that Vology is facing at present as well as to locate the steps that can be viewed as the solution to the current issues.
Summary
Operating in the environment of the global economy means facing significant risks consistently, information-related concerns being the key ones. Seeing that the speed of information acquisition, processing, and further usage defines the success of a company in the global environment, the factors that slacken down the specified process may not only be viewed as serious impediments to the evolution of a firm but also pose a major threat to its security. To avoid the existing information risk and prevent the instances of data theft, the company should consider the reinforcement of its information management strategy.
Evaluation
The company is clearly facing issues regarding its information security. Therefore, the enhancement of the firm’s data safety tops the list of the essential objectives to be attained within the shortest amount of time possible. The R&D processes (Lu, Guo, Li, Lin, & Fang, 2015), particularly the development of a new smartphone that will become a brand and attract new customers, should be viewed as the second most important process to carry out.
Access Control
Because of the need to enhance the security of the company’s valuable data, one will have to consider access control as the tool for preventing instances of data leakage or theft. Particularly, the staff members will have to prove their identity prior to accessing the company’s data. The given measure must be taken by the managers of all departments; specifically, the R&D members will have to undergo a thorough identification and control. The firm is developing a brand product and, therefore, the information about the latter may be used by other enterprises to sabotage Vology’s success. Herein the necessity to prevent data leakage from the R&D department lies. It should be borne in mind, though, that the control tools should be easy to use so that the staff could manage information easily (Susanto, Almunawar, & Tuan, 2011).
Models
A combination of logical (account restrictions and passwords) and physical (door security and video surveillance) access controls with a strong emphasis on the former should be used to facilitate a complete safety of information in the organization. While it is important to prevent information leakage from online databases via electronic tools, such as networks, the threat of an actual invader accessing the organization physically and stealing data should not be underrated. Therefore, tighter security regulations need to be established (Hedström, Kolkowska, Karlsson, & Allen, 2011). The specified objective can be achieved by providing staff members with unique identification devices, such as passwords (Hahn, Thomas, Losano, & Carrenas, 2015).
Particularly, the R&D department will require the adoption of both types of security enhancement since the staff works with the data that is not to be disclosed to the third party. The members of the manufacturing department, in their turns, will have to be provided with ID cards that will prevent unauthorized people from trespassing. Thus, the employees will be obliged not only ethically but also legally to follow the company’s regulations as far as the information management is concerned.
Routine Security Measures
Apart from the above-mentioned changes to the design of the company’s operations, one must also make sure that the routine tools for promoting the security of the firm’s and its members’ data should be incorporated into the set of tools for regulating data safety rates. Specifically, the reinforcement of corporate ethics and organizational behavior standards needs to be viewed as an essential element of the security reinforcement strategy. For instance, the employees will need to be reminded of the corporate rules regarding information sharing. Moreover, the staff will have to submit reports concerning the key operations performed in the course of their shift. Thus, the possibility of data leakage may be detected rather soon and prevented in a manner as efficient and expeditious as possible.
It is expected that Vology has already created a password-protected database, where the firm’s key information is stored. However, the specified database is likely to contain a number of loopholes as far as the safety of data is concerned; thus, it is very likely that a new database will have to be created. Moreover, the staff members are likely to have IDs that they are recognized by in the firm. However, the rules regarding the ID check, as well as the IDs themselves, will have to be improved to prevent any instances of trespassing.
Summary and Recommendations
Though being rather successful in the target market, Vology needs to reinforce its security so that the rivals could not retrieve its data and use it to make the entrepreneurship lose its competitiveness. Therefore, it is strongly suggested that the company should reconsider the current approach to information and security management. The adoption of basic tools such as complicated passwords and improved IDs along with surveillance items, will help address the situation.
Reference List
Hahn, A., Thomas, R. K., Losano, I., & Carrenas, A. (2015). A multi-layered and kill-chain based security analysis framework for cyber-physical systems. International Journal of Critical Infrastructure Protection, 11(1), 39–50.
Hedström, K., Kolkowska, A., Karlsson, F., & Allen, J. P. (2011). Value conflicts for information security management. Journal of Strategic Information Systems 20(4), 373–384.
Lu, T., Guo, X., Li, Y., Lin, P., & Fang, B. (2015). Security model for sensitive information systems and its applications in sensor networks. International Journal of Security and Its Applications, 9(5), 1–18.
Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the Big Five. International Journal of Electrical & Computer Sciences IJECS-IJENS, 11(5), 23–29.