MAGICKA 3D PRINT COMPANY INFORMATION

A printing company, "Magicka 3D Print" consisting of three departments (Marketing,

Press, Customer Services) is attempting to become ISO27001 compliant. The companyinformation provided is as follows:

1) Each department has its own hierarchy with general staff the reporting to three specialised staff: the department leader, the department business manager and the department's IT officer. The smallest department has only 30 employees (Marketing) while the largest department has over 55 employees (Customer Services). The company also has four directors with each director having a personal assistant.

2) Each department has its own wired network which is turn, connected to a central company server which handles the company's email, web and financial services.

The central server has its own dedicated IT staff which are reporting by the

company's overall chief IT officer.

The central server is running SUSE Linux OS. The Press department is running a

Windows 2003 server and all its staff use WINXP SP3 on the their individual PCs, while the Marketing and Customer Services departments are running different version of the

UBUNTU Linux OS.

The IT equipment is replaced in batches over a period of 36 months to ensure that no piece of equipment is more than 36 months old.

The company is using a generic firewall solution and IT staff regularly monitor

the firewall logs. Remote connections are allowed once permission has been granted by

the appropriate department leader.

The authentication is done at the local machine level only and no mobile devices are allowed

to be connected to the company's network.

3) The company considers its client details and latest graphical designs for printing (developed and stored in the Press department's network) as its key assets.

4) All staff recruited for the IT needs of the comp any are interviewed and are sent to "upskill" programs by rotation with each staff undergoing training every 4.5 years.

5) All staff are regularly informed about the security policies via notices posted on each department's notice board.

6) Each department has a guideline on the proper use of computing resources.

7) The company is located in a large four story building in which it occupies the top three

levels

-

the ground level is occupied by two coffee shops. The Marketing and Press

departments have an op

en plan arrangement with only the specialised personnel having

offices. The Customer Service department is designed to allows each member of the staff

an office. All offices can be locked and only the department leaders as well as the

company directors hav

e copies of the master keys.

8) Access to the company's levels is done via a token based entry, with each staff member

being issued with a swipe card.

9) The company has 14 IT dedicated staff and their job is to ensure that the company's system are running without significant interruptions. The primary aim of the IT staff in the company is to ensure the availability of its services via the web presence and only one low level IT staff has had any prior exposure to computer security. The company considers security important and for this reason it has regularly purchased high end computing equipment and running a firewall.

Question 9. The printed customer data collected by the Magicka 3D Print company is owned by the Customer Services Department rather than by a specific staff member. Specify whether or not this is a problem and explain your reasoning. [8 marks]