ISEC-655 Security Governance Management

Assignment 1 Guidelines
Objectives

Nowadays, information security governance has become a top priority in small, medium
and large organizations. This assignment aims to explore senior managers’ governance
and strategic approach to information security operations. The learning outcomes for this
assignment are to provide students the ability to examine and analyze decisions related to
insourcing/outsourcing information security services, describe the strengths and
weaknesses (SWOT analysis), and relate it to the appropriate stakeholder units in the
organization. Finally students will assemble and propose a set of recommendations and a
strategic direction to the board of directions.

Structure

This security operations management assignment is designed to provide students with

hands-on experience solving real-world information security governance challenge.
Students will analyze a case study -
McFarlan, F. W., Austin, R., Usuba, J., & Egawa, M. (2007). Secom: Managing
Information Security in a Risky World. Harvard Business School Press. Harvard
Business School Press: Case study, No. 9-308-015, Vol.. 31.07.2007
*Case provided in the assignment box
The project will consist of one executive summary and one presentation. The presentation
will require the preparation of a 15 minutes presentation to the Secom board of directors
(using PowerPoint with audio)
* Express answers in your own words, avoid excessive quotation of text
Assignment 1 Guidelines

Prepare a 15 minutes presentation with an executive summary of your analysis and

solution, focusing on the following guidelines:

1. Overview of Secom
1.1. What business and industry is the company operating in?
1.2. What are its strengths and weaknesses and opportunities? (Hint: SWOT analysis,
focused on information security operations)
1.3. Who are their customers and what do they have to do to satisfy them?
2. Description of the issue and decision factors
2.1. What is the main problem and decision to be made in the case? (Hint: main
problem and sub-problems)
2.2. What facts are relevant to a solution? Provide your interpretation
2.3. What are the decision criteria?
2.4. What are the risks? (Hint: risk impact)
3. Description of the alternative solutions
 3.1. What are the alternative solutions?
3.2. Provide your evaluation of each alternative given the decision criteria.
What are the pros and cons of each? (Support your answers with metrics,
analytics, risk analysis and justifications from case, etc.)
3.3. Provide your recommendation to the board and justification (build a case)
4. Description of the solution implementation plan.
4.1. Describe how you would implement your solution (Hint: outline your plan,
timeline, state who, what, where, when, why, and how.)
4.2. Predict and justify the results (Hint: make a case and support with facts and
industry/academic research)
5. Outline the strategic roles of the following organizational stakeholders at Secom in
planning and governing security, including:

− Board of Directors
− Senior Management
− Chief Information Security Officer (CISO)
− IT Management (CIO, IT Director, etc.)
− Functional Area Management
− Information Security personnel
− End users (employees, customers, etc.)

6. Research a matrix relevant to the utilization of a third party services

6.1. Describe the matrix in your own words and the justification to use it
6.2. Describe a set of objectives in your matrix (Hint: 5 objectives)

You will need to present your ideas to Dr. Ramim, and classmates via a recorded
presentation. Your PowerPoint presentation file (about 15 slides) should be submitted to
the assignment box via Canvas prior to the presentation. Feedback will be provided
following your submission to the assignment box. Also, you will need to provide an
executive summary to Dr. Ramim (Word document format, essay style including section
titles) addressing the key guidelines points above. Ensure to include a cover page with
your name, the term (Fall 2020), the course name (ISEC-655), and the professor’s name
(Dr. Ramim), and a reference page (a minimum of 2 industry and academic peer
reviewed references are expected.
**This box has been set to accept multiple files submissions.
Any question about this assignment should be communicated to Dr. Ramim before,
during, or after class sessions as well as via email @ [email protected].