Volvo and Mercedes Security Plan, Research Paper Example

Introduction

Companies and other business organizations often design appropriate measures that are useful in maintaining security within their information systems (Pfleeger & Pfleeger, 2003). Organizational networks are faced with a wide range of challenges and security threats. In taking a close analysis of Mercedes and Volvo Companies, this statement becomes a reality. In their operations, the two motor vehicle companies are faced with nearly equal security threats, though minimal. Such threats are either towards hardware components or software parts of their information system and networks.

Coming up with a workable security plan and designing the implementation strategy aims at solving the threats that these companies are faced with. Despite the implementation barriers and challenges that may be experienced in the installation process, the end result of such a plan would benefit the organization and help solve its security drawbacks.

Prioritization of Risks

The risks that are faced by most organizations come in different forms. The severity of such risks differ with their nature. There are two broad classes of security threats that an organization can be faced with. These include hardware-related risks and software-related risks. The hardware threats are commonly referred to as physical risks. They involve visible attempts to interrupt the normal operations of an organization’s data system. The software related risks are mainly directed towards the programs that are incorporated in the organizations databases and networks.

The most common and dangerous risks are the software-related ones. These have been on the rise in the recent past. They have caused large data losses to organizations. Volvo and Mercedes have had significant challenges with this type of threat. Volvo, upon implementing the Big Data concept in handling its operations, faced a number of software challenges.

Such risks as illegal access, hacking, improper software installation among other related risks can seriously cost an organization. The magnitude of losses caused by a successful hacking activity cannot be compared to that of a hardware malfunction. Huge financial losses can arise out of software-related evils. Defective hardware equipment or stolen hardware components can be replaced, but it is not easy to reconstruct lost data and information to reach the level of operation as it were before the hacking was carried out. Defective software applications can cost more losses compared to defective hardware elements.

Plan to Improve Security Situations

The plan to control the security situation is a critical activity that must be conducted in style. This is to ensure that all the security issues are handled, and that any possible future threats will be put into full control. There are techniques that are applicable to the hardware related risks, just as much as there are those directly designed for the software-related risks. Those that deal with the software will include plans to secure the networks of the two companies whereas those that are hardware related will simply aim at protecting the machinery that is used within the two companies.

Software Security Plan (Network Security Plan)

Network security is the main plan that should be taken into consideration when handling software risks. The main threats within the two organizations have more often than not involved illegal access to the systems’ databases and networks. There are a series of options that can be adopted, one of them being installation of an Intrusion Prevention System (IPS) and an Intrusion Detection System (IDS) simultaneously.

Installation of an IDS and IPS

Intrusion detection systems are software applications that are installed within a network to help detect any intrusion attempts into the companies’ networks. They are able to detect the threat but they only send alerts to the administrators of the networks. On the other hand the Intrusion Prevention Systems (IPS) are necessary since, other than detecting the threat, they will communicate this to the administrators and at the same time take an action against the attempted entry. They may shut the whole network down so as to secure it from the unwanted entry.

Activation of Authentication Protocol

These are restrictions enabled in the networks. Authentication protocols will assess the eligibility of an entrant into the network. There are options that are used such as biometrics or passwords that only identify specific people into the companies’ networks. This plan will help Mercedes and Volvo Companies to curb illegal access into their networks.

Physical Security Plan

Hardware risks that are experienced in Mercedes and Volvo companies include theft of gadgets and even damages that frequently occur. There are also chances of failure in the operation of these systems. To ensure the security situation is upheld, the following plan is necessary.

Install Physical Security Devices

Installation of alarms at strategic points within the organizations will help reduce possibilities of theft of equipment that is used in the two companies.

It is also advisable to create reinforcement along the walls and any openings in the companies’ infrastructure (Vacca, 2006). This will also aim at reducing chances of theft of the gadgets. Failure of devices to work usually arises from various reasons.

Training the employees on how to handle new machines will be instrumental in reducing the number of damages that are caused. In line with this, in the course of purchase, thorough testing should be done before the transactions are finalized on. There are many more options that will be important in dealing with the hardware-related risks but they mainly involve installation of physical devices.

Rationale of the Physical Security Plan

Physical threats are the most frequently experienced type of risks. It is very critical to ensure that all possible measures are taken to prevent these risks. The defects come from many possible sources, and it is very important that the measures taken help to curb all possible risks. Theft can be controlled in several ways. Other than the mentioned few, the two companies would also employ qualified security personnel to ensure maximum security of the equipment.

Policies to Implement the Security Plan

In order to satisfactorily install and implement the security plan (s), there are policies that must be included in the course of the implementation. Some of these are mentioned below.

• End-User Policy

For Mercedes and Volvo Companies, the users of the systems’ information range from salespersons, consultants, customers, and many other company stakeholders. The security plan adopted should include their interests and not interrupt their levels of operations. Proper documentation should be provided to guide the end-users.

• Governing Policy

This policy applies to the top management and more technical persons within the Companies. It serves to regulate the operations from all the sections and sub-sections within the organization.

• Technical Policy

This policy is designed for the personnel assigned to conduct network evaluation. Evaluation is done at regular intervals to enable proper security of the networks. The plan installed takes into consideration the technical aspects.

• Extranet Policy

The Companies’ networks interact with other networks. The boundary between any two networks needs to be secured. An IDS and IPS are good plans to cater for extranet options.

Barriers to Implementation of the Security Plan

There are certain constraints that will be faced by the two Companies in implementing the security plan developed. Some of these include:

• Interruption of Operations

In implementing the security plan, there are some operations that will have to be stopped. For example, while putting in place the authentication protocols, interactions between the Companies and their major stakeholders will have to be interrupted, which may lead to losses.

• Resistance to change

The current plan may be good enough for particular persons. There are those that will resist transition into a new security plan.

• Additional Costs

There are additional costs that will come along with the installation of the security plan. Training of the users about the plan will have to be conducted. Cost constraints are the most feared of all constraints by all Companies.

Possible Solutions

Implementation of the plan should involve the users from the initiation stage to the final implementation to prevent resistance. In addition, proper budgeting needs to be done in time to cater for the costs that will be involved in the entire implementation. There are several changeover strategies that can be adopted. Parallel changeover is more preferred, where the current plan is run together with the new plan till the old one is phased out. This will help solve the barrier of possible interruption of operations.

References

Calder, A., & Watkins, S. (2012). IT governance: An international guide to data security and ISO27001/ISO27002. London: Kogan Page.

Joshi, J. B. D. (2008). Network security: Know it all. Amsterdam: Morgan Kaufmann/Elsevier.

Mayer-Scho?nberger, V., & Cukier, K. (2013). Big data: A revolution that will transform how we live, work, and think. Boston: Houghton Mifflin Harcourt.

Pfleeger, C. P., & Pfleeger, S. L. (2003). Security in computing. Upper Saddle River, NJ: Prentice Hall PTR.

Vacca, J. R. (2006). Guide to wireless network security. New York: Springer.