| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

View
 

Deliverable 5-2 Use Cases

Page history last edited by Chih-Wei Tsai 10 years, 7 months ago

Person:

  • Jason Smith
  • Senior Security Officer, just hired

Company:

  • Global Trading Hedge Fund
  • ChicagoIL
  • Investment and finance management
  • 1,000 employees

Scenario:

Jason Smith, a recently hired Senior Security Officer of Global Trading Hedge Fund, reports to the Chief Security Officer (CSO).  Due to recent vast changes of trading policy mandated by Security Exchange Commission (SEC), those changes affect the existing security policy and programs in place at Global Trading Hedge Fund.  Therefore, the CSO assigns Jason his first mission: to evaluate and revamp existing corporate security policy and program.

 

Jason starts by assembling a security committee of 9 members, including himself. He works as chair of the committee, and the team consists of 1 primary user represented from different areas of the organization.  After several meetings and assessments, the committee decides it is better to redevelop the entire corporate security policy and program rather than revamp or revise the existing one. But the existing effective policies will be retained and incorporated.

 

Jason divides the committee of 8 into 4 sub-teams of two people each.  Each sub-team is responsible to one of the following primary responsibilities.

1.      Develop mission statements of the Security Policy and perform scope analysis of all departments.

2.      Perform organizational-wide risk management; this includes risk assessment and the mitigation plan.

3.      Develop security programs based on risk management and in compliance of governmental security exchange policy.

4.      Implement security programs and design matrix as a measure of the effectiveness of the security program.

 

Everyone is responsible to train their own department users and bring them up to speed about new security policy.

 

Jason also decides that the committee will meet on weekly basis and the deliverable assessment or analysis report will be furnished by the appropriate team and shared with the rest of the committee.  In addition, each sub-team can host their own meetings and surveys in order to collect information in more detail.  In those meetings, Jason’s presence is optional but Jason requires all meetings to be documented and available to the rest of the committee.

 

In order to conduct a risk assessment, methodical processes will be performed.  First is to define the scope of the analysis, then identify the corporate assets for review, evaluate the importance of organization assets, identify assets threats and vulnerabilities, develop risk profile for the assessed environment, and determine the risk mitigation or reduction plan for the environment.

 

As Jason is managing and leading this security committee as a project, he soon realizes he needs a collaboration software tool to keep track of all the meetings, communication memos, drafted policies, assessment reports, recommendations, implementation plans, and measurement matrix and maintenance programs.  He wants all the documents produced by any of the committee people to be available to the rest of the committee people as well as the board of the directors.  Jason will be responsible to write up theweekly status report for the committee and senior management.  Jason also would like to have version control ability on all the changes of the documents produced.

 

Jason shares this idea of having such collaboration technology tool or tools with the committee members and everyone agrees having such collaboration tool would help the communication, information sharing and operation efficiencies of this committee.  Now, Jason has limited time to find the tool that would help the committee as well as helping him to manage the entire project process. 

Comments (1)

Dr. Ruth Ter Bush said

at 3:21 pm on May 11, 2009

Good

You don't have permission to comment on this page.