Rimco Automobile Company specializes in repairs and custom modifications for high-performance sports cars. Dana Peaker, the CEO, is a former race car driver. Over the last 10 years, she has managed to open 18 shops in major U.S. cities. Rimco has been very profitable. Because it provides such specialized services for very expensive automobiles, it is able to mark-up both labor and materials at least four times cost and in many cases more than 100 times cost. Rimco's operations have several divisions, each with it is own national division manager.

Basic engine and automobile repairs.

Collision repairs.

Interior customization.

Body customization.

Parts procurement and distribution.

Central office support.

Most of the profits come from the two customization divisions. Each division manager updates monthly budgets and plans for his or her area in each of the 18 stores. The central office support division includes the CEO, various administrative staff, accounting, internal auditing, IT, and security support. The stores are connected to the main office through a network of VSAT satellite dishes, which permits all transactions to be centrally recorded in real time. Donna Hacher, a member of the IT support group, is in charge of security. She constantly ensures companywide information security through a series of procedures that include the following:

Checking to see that all of the latest security patches are applied to all company

software.

Telling all employees to notify her of any security problems.

Teaching employees about not sharing their login passwords for the accounting

system.

Overall, Donna feels pretty good about security because she recently moved all accounting functions to the latest version of the Zelical Accounting system, which has one of the best reputations in the industry for security features. She believed that with such a secure accounting system, her main concern would be ensuring that employees do not share their login passwords with others, for that would be the likely opening for any type of attack.

a. Describe Rimco's ISMS.

b. What weaknesses exist in the ISMS?