Name: Dorothy N.

Santiago (2014-0578)
Class & Unit: Applied Business Tools and Technologies 3
Due Date: October 29, 2021
Title: 03 Case Study

Case Study

Sue operated a small fully licensed restaurant that was making a reasonable profit from the food, but she

believed that liquor sales should be higher. Ray, her bar manager, decided that it would be a good time to

take a holiday and it was agreed he would take three weeks off. He returned with ten non-alcoholic

recipes purchased overseas. He suggested that they go partners where he would make the drinks and the

establishment would sell them and buy all ingredients. They would split the revenue 80/20 with the large

share going to the business. All went well for a month until Ray had to leave early and asked Sue to store

the collection of recipe pages in the safe where the evening's takings would be stored. At the end of the

night all takings had been by credit card so there was no need to open the safe. When she arrived the next

morning the recipes were in a different order and in a different place. They had been read, possibly

copied, and the confidential information was now known by others. Ray threatened to sue the business.

Work task: As a result of this experience and the resulting costs and embarrassment the owner of the

business has asked to consider what procedures should be used in the future to improve the management

of information within the business.

Recommendation Memo:

Scanning through this case featuring Sue and Ray, who suffered a management failure in their

information security system. Thus, as a competitive and astute business owner, I recommend that one

should employ a variety of approaches to further enhance the organization's management of data stored in

the organization, leading to enhanced security performance However, this can be troublesome, especially

in view of the fact that the modern society in which we live is filled with hackers, cyber-attacks, and the

like. As a response, we must resist being swayed by these forces and instead confront them with greater

conviction and alternative techniques for avoiding and mitigating circumstances similar to the case

described above.

Hence, each industry is formed by a variety of choices, technical developments, and trends; this includes

developing a comprehensive information management program. The company's physical and cyber

security must be enhanced. To elaborate, physical security measures such as document (log book), swipe

card access, password, security cameras, police checks, and contracts are critical for protecting the

company's reputation, confidentiality, and other assets from external factors. Meanwhile, cybersecurity is

a form of internal protection within the company; examples include network access control (NAC), data

loss prevention (DLP), firewalls, intrusion prevention systems (IPS), and endpoint protection. Therefore,

implementing these two security measures, effectively prevents hackers and cyber-attacks in the

company.

There should be an increased collaboration between the organization and external consultants. Engage

consultants to assist in the development of systems and technologies, as they can more easily adopt a

strategic perspective. This frees up internal information technology departments to focus on operations.

Establish a specialized group tasked with the responsibility of evaluating and improving enterprise-wide

information management. You cannot just allow systems to grow organically, as individuals will always
have a blind spot when it comes to fulfilling group functions. Effective enterprise information

management necessitates a close examination of this critical function.