Ramraj and Harjot are the owners of a small organization ($2.5-$3 million in annual sales) selling Drones from their store located in Guelph, Ontario.  They are doing well and currently have about 25 employees, but in order to grow their business, they know that offering their products to online customers will support their overall Strategy to increase sales.

Ramraj and Harjot are familiar with what steps they need to take to establish online sales, but they are do not know what is required to keep customer data private and secure and be in compliance with any regulatory requirements.  They see the "online" side of their business eventually outgrowing their current store sales and are committed to ensuring they are set up to successfully manage their business growth.   

As their longtime friend, they have approached you to provide them with some information security governance consulting advice on what they should do to support their strategic objectives.  They know that you have helped other organizations establish secure online sales and you have provided good advice.   You know that Ramraj and Harjot have invested their life savings into their business, and they are very conservative when it comes to taking risks.  You have agreed to make a very short report that includes recommendations for them to consider when setting up their online sales business.

In the near future, Ramraj and Harjot plan to hire an Information Security Manager to join their existing Management Team and to help them establish their secure online business. The Management Team includes the Manager of Sales and Marketing, the Manager of Inventory Controls, and the Director of Human Resources.  Ramraj and Harjot are the Business owners and management and deal with the Finances related to the business. They would like you to include a role (job) description in your report, so they know what to look for when bringing someone on board to support their strategy.

 

Requirements

Write a brief and friendly personal report or letter to Ramraj and Harjot that includes the following:

What are the benefits of good Information Security governance, and what can Ramraj, and Harjot expect if they manage there information assets and client information well?

Provide three examples of how the Information Security Strategy will align with their overall Corporate Strategy to increase sales.

Outline three risks that Ramraj and Harjot should know about as they start their online sales of Drones.  You will want to include potential impacts on their business.

1. How will the investment in good information security governance they are making add value to their business?
2. Provide a brief job description outline for the role Information Security Manager and provide a recommendation on how the role fits in the organization.
3. Would you recommend that Ramraj and Harjot establish an Information Security Steering Committee or can the existing Management Team incorporate that function into their charter?
4. Provide three examples of SMAART metrics that Ramraj and Harjot can put in place immediately to start measuring the effectiveness of their new security program.