Posted: January 25th, 2017

What factors should be included in an official policy statement sent out with the request for proposal to the vendors?

Marcum State University  The personnel department at Marcum State University has recently purchased PCs for individual offices in the various departments so that they can keep their own records. In the past, all records were stored on the university’s mainframe computer. By decentralizing this computer function, each department will have better control over its individual records, and the security of these records will be easier to manage. Most of the departments would like to transfer personnel records of faculty, staff, and student employees in their departments to their PCs from the mainframe. Dr. John Gould, Chairperson of the Accounting Department, would like to use the personnel data regarding the people in his department to generate some statistics concerning salaries, vacation days used, and absences. Rather than code the files or use social security numbers, Dr. Gould would like to keep the names of the individuals with the information that is recorded about them.   What are some of the security considerations in this conversion? What are some of the ethical and legal ramifications of keeping files with a person’s name attached? What might be a better way of extracting (and storing) this information to ensure maximum security and control?   [10 Marks] Case 2   Bank of Shenandoah Valley  Today, banks are transferring large sums of money electronically and facing enormous exposure in the process. The Bank of Shenandoah Valley, located in Roanoke, Virginia, is actively involved in this process. The possibility of funds transfer fraud is prompting many banks to adopt protective measures. The two most common techniques used in the banking industry are encryption and message authentication. Encryption involves the scrambling of messages sent-for example, from a commercial bank to the Federal Reserve Bank. An authenticated message is sent clear-anyone who intercepts it can read it. Tacked on to the message is a related secret code that only the receiving party is capable of decoding.   Most observers say that authentication offers more security than encryption because a key is involved.   The Bank of Shenandoah Valley is considering both options and needs to address the following questions:   ·         Are there major differences between the two techniques? ·         Are all messages critical or would encryption/authentication be applied only to certain transmittals? If so, which ones? ·         Will these processes slow down operations? ·         What other safeguards should be considered? (Provide 3 suggestions)    [10 Marks] Case 3   Bishop Enterprises   Bishop Enterprises, located in Seattle, Washington, is a medium-sized business specializing in building concrete structures (storage building, bridges, utility buildings, and various defense-related installations).   Peter Bishop, president of the company, states that security of its computer systems is critical due to the competitiveness of the commercial concrete industry and the need to protect defense-related information. BE’s computer system, as is typical of many, grew on an ad hoc basis as the company grew. Security was not an issue in the early days when there were only a few key employees and the day-to-day, hands-on-management style assured constant vigilance. Mr. Bishop now feels that a solid security package should be added to ensure the ongoing protection of the computer operation.   Mr. Bishop has assigned the task of evaluating several security packages to the director of computer operations, James Clarke. The four objectives that Mr. Clarke has defined for the package selected are:   1.       Accountability 2.       Auditability 3.       Integrity 4.       Usability   What factors should be included in an official policy statement sent out with the request for proposal to the vendors? Write a clear and concise statement so that the vendor is able to respond correctly.