Upward Bound Airlines case, computer science homework help

User Generated

anqbbfu

Computer Science

Description

Read the Upward Bound Airlines case thoroughly in the attached file. Assume your given role in the case and accomplish your tasks in a 3-5 single-spaced paper.

Your Tasks:

  1. Identify the key information criteria for the B2C project.
  2. Provide some sample concerns of controls for the B2C project.
  3. Analyze what appropriate architectural changes of controls and security would be for the cloud project.
  4. Briefly discuss how the organizational policies and standards must be modified to adjust for the new cloud strategy.

Unformatted Attachment Preview

Case Study: Upward Bound Airlines1 Using COBIT® 5 Information Security Information at its very base is what is important to any person or enterprise. Protecting and ensuring its completeness and validity and access to that data is the point where the word ‘security’ comes in. How does it benefit an enterprise? It is an organizational practice that ensures that information (data) is protected from unauthorized use, modifications, access and destruction and is available at all times to the right people. The triad of confidentiality, integrity and availability (CIA) is a basic principle of information security. This ensures that only authorized users have the required permissions to use information at all times. Enterprises need to safeguard and control the use of their information including their customers’ confidential information and prevent malicious attacks from unauthorized users or software. In the absence of effective information security, enterprises may suffer heavy financial losses and damage to their reputations. How does it benefit an information security professional? An information security professional needs to be able to assess and provide informational security controls to ensure information confidentiality, availability and accessibility. Upward Bound Airlines – Profile International airline, founded in 1980, serving 31 cities; 16 in the US, two in Canada, two in Mexico and 11 in Europe. International headquarters in Chicago, Illinois, USA; with a small office at each airport and five regional offices Has approximately 9,000 employees and a few hundred long-term contractors Background – What We Do • 1 Financed, for the most part, by investment banks, it has grown from a small, ‘hometown’ airline into a profitable international carrier. The ‘secret sauce’ for Upward Bound is efficiency of operations. Copyrighted by ISACA. 1 • • • • • All airplanes are the same basic model and version, and this airline has spare parts for airplanes at every airport out of which it operates. These two key factors have led to the lowest time per repair in the industry. Additionally, ground operations, including maintenance, baggage handling, fueling, etc., are extremely efficient, leading to, amongst other things, the best on-time record in the industry. At the same time, though, Upward Bound has been squeezed by the high cost of aviation fuel and, unfortunately, the standard model of airplane that this company uses is not particularly fuel efficient. The jet fleet is aging—the average age of an Upward Bound airplane is 12 years—and the vice president (VP) of ground and flight operations is pushing the idea of buying a new jet fleet. Doing so will drain the company of its cash reserves, but the high cost of aviation fuel combined with the age of the jet fleet make starting to replace jets soon inevitable. Upward Bound is bracing for the anticipated cash crunch by putting austere cost-saving measures in place: ₋ Reducing the workforce—up to 20 percent of employees will be terminated by the end of the year ₋ Outsourcing most IT operations by moving to cloud computing services Background – Financial • • • Publicly owned company Last year the gross revenue was US $296 million and profit was US $19 million Debt amounts to US $110 million Background – Org. Structure 2 The board of directors: • Consists of highly qualified professionals made up of CEOs and chief operations officers (COOs) of prominent corporations within the transportation industry • Has one member who was the former US Secretary of Transportation • Is very active and meets at least every month • Sometimes has additional meetings to cover urgent issues (budget issues, in particular) that cannot wait until the next board meeting The CEO: • Is Sara Robbins, for the past seven years • Is, above all else, a true visionary • Has initiated many of the operational improvements • Is a reasonable person who will take calculated risks to fatten the bottom line Background – Departments • The company consists of departments which are assigned one or more major functions. For example, some of the departments are: ₋ ₋ ₋ ₋ • Business operations Ground and flight operations External relations (public relations [PR]/customer relations) Administration (legal, human resources [HR], regulatory compliance) IT reports to the chief information officer (CIO) and has a staff of 120 employees who, for the most part, are technical. Most of this staff will be gone by the end of the year due to the move to cloud services. Background – Industry • Competition for passengers and freight shipping within the airline industry is tough. • Upward Bound Airlines competes well by passing on the savings from its efficient operations to customers, thereby offering attractive prices on most tickets. • The airline’s marketing efforts are average; it could be more competitive if it increased its marketing efforts. • With the coming cash crunch, though, the company cannot afford to invest more money in marketing at this time. 3 Background – Marketing • Upward Bound Airlines relies heavily on marketing to boost its sales. • Its marketing budget is one of the biggest line items. • Its marketing staff consists of many marketing-savvy individuals. • The main message that the marketing organization tries to get across is the airline’s efficiency and reliability and the advantages these hallmarks of the airline offer to busy passengers. The Problem • The cash crunch that Upward Bound Airlines will almost certainly experience in the near future will cause repercussions in the company’s information security practice. • The CEO has told you to expect to lose at least one of your team members by the end of the year, but this is only a minor problem compared to the advent of cloud services. • You have been informed that much of the IT infrastructure will be scrapped in favor of cloud services. For example, all mail servers are going to be taken out of service, their hard drives will be erased and they will all be sold on eBay® by the end of the year. • Google will provide all mail services instead. • The same is true of business applications— software as a service (SaaS) provider Zoho will provide all business applications. • All corporate web servers will be hosted by Amazon. You need to modify the security architecture that you and your staff developed less than one year ago to make it appropriate for the massive changes in the IT infrastructure that are about to occur. The existing security architecture contains the following elements: • Policy and security standards that cover all major types of computing and network technologies • Screening routers, stateful firewalls and a virus wall at each exterior gateway • Spam filter and antivirus software on each mail server • Network-based intrusion detection in each of Upward Bound’s six networks and sensors distributed within each network • Endpoint security (antivirus plus antispyware plus personal firewall) on each Windows ® workstation 4 The decisions concerning the modified security architecture will be made by you and your team members, one of whom is the security architect. The change control board led by the CIO must approve any proposed changes before they go into effect. Your Role • You are the chief information security officer (CISO) of the airline and are based at the Chicago headquarters. You report to the chief executive officer (CEO) and attend the weekly senior management meeting. You have been with the company for slightly more than 10 years. • The Information Security Department has four full-time information security staff members, all of whom report directly to you and are based at the Chicago headquarters. Short biography: • Are a seasoned veteran • Have been in some kind of information security management position for nearly 20 years, with the majority of the time in a CISO position • Were grandfathered as a Certified Information Security Manager® (CISM®) in 2002 and hold a bachelor’s degree in IT and a master’s degree in business administration (MBA) • Hold CISSP certifications and COBIT 5 foundation certificate The Business Need B2C Project • With the growing need to cut costs and provide swift client services, the CIO is charged with transforming the business using Internet technology in business-to-consumer (B2C) relationships. • The B2C web site, the business and the information systems should be coupled tightly to achieve the business benefits and fast client service. Note: Therefore, a review of B2C e-commerce should, in general, address the business risk as well as the IS risk. The B2C e-commerce model, should cover these broad e-commerce activities: • • Informational (public)—Making information regarding the enterprise and its products available on the Internet for whoever wants to access the information Customer self-service (informational)—Making information, such as products/services and prices, available on the Internet for customers 5 • • • • • Customer self-service (transactional other than payments)—In addition to making information available on the Internet, accepting customer transactions, such as orders and cancellations, through the Internet, but payments are handled through conventional means Customer self-service (payments)—Accepting customer transactions including payments through the Internet Customer reporting—Providing reports, such as statement of accounts and order status, to customers online Interactive self-service—Providing interactive responses through emails for requests/queries logged through a web site Direct selling—Selling products and services directly to prospective buyers through the Internet Cloud Project There is a need to revise to the existing security architecture to the cloud option. To do so, you need to: • • • Understand not only what elements and functions within the IT arena are moving to the cloud, but also what will remain after the IT infrastructure is gutted. Learn from each cloud provider which controls can be put in place for data in motion and data at rest in the cloud and for networking in the cloud. Determine when a cloud service provider cannot provide a control that you need, the types of compensatory controls that should be implemented. (Hint: Amazon cloud services can include a wide variety of controls—just about the same as you currently have in your network. You just have to pay as you go—the more controls, the greater the charge for cloud services.) Rationale • • • • The rationale for each architecture change that you decide on must include a discussion of the pros and cons associated with the change or proposed change. For instance, you may decide to scrap the application firewalls that used to be in front of each web farm and, instead, work with your IT and contracts departments to ensure that application firewalling is built into your service level agreement (SLA) with Amazon. For enterprises where security is a low priority, security provided by a trustworthy cloud vendor may be a substantial enhancement. As with any outsourcing, failure of the vendor can cause the enterprise to be without a connection to its vital resources. Although this is improbable, it is possible and should be considered. Pros and Cons Pros: 6 • May be that this could be the only way to protect your now cloud-hosted applications and that there may also be a cost savings because of outsourcing maintenance. Cons: • • Your company will not be able to directly control the application firewalls, something that may substantially increase residual risk associated with web operations. Business continuity planning (BCP) and operations need to start at step one once your company’s web servers are hosted by a cloud services provider. Exhibit – Network Architecture Exhibit – Template for Change Pros/Cons 7 Notes: • • • • • • • • • • • • • Two groups that have offered a baseline of definitions (for cloud computing) are the National Institute of Standards and Technology (NIST) and the Cloud Security Alliance. They both define cloud computing as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Another way to describe services offered in the cloud is to liken them to that of a utility. Just as enterprises pay for the electricity, gas and water they use, they now have the option of paying for IT services on a consumption basis. Three major types of cloud services currently exist: Software as a service (SaaS)—Capability to use the provider’s applications running on cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). Infrastructure as a service (IaaS)—Capability to provision processing, storage, networks and other fundamental computing resources, offering the customer the ability to deploy and run arbitrary software, which can include operating systems and applications. IaaS puts these IT operations into the hands of a third party. Platform as a service (PaaS)—Capability to deploy onto the cloud infrastructure customercreated or acquired applications created using programming languages and tools supported by the provider. In the Upward Bound Airlines scenario, in moving its IT operations to the cloud, this company is, in effect, outsourcing these operations (including web-hosting services) using one or more IaaS providers. From a security risk management perspective, this means that many of the mainstay network security controls that Upward Bound’s information security practice has used for years are no longer likely to be relevant. No longer will relevant controls need to be phased out over time; new, cloud-based controls need to be phased into a revised security architecture. For instance, as Upward Bound moves to the cloud, externally originated attacks against hosts within Upward Bound’s networks are not likely to comprise as great a level of risk as before. Externally originated attacks against Upward Bound applications, databases and web servers in the cloud will, in contrast, comprise major risk. Mitigating this risk will be more difficult because Upward Bound cannot directly control what happens in the cloud. If Upward Bound management is wise, security controls should be included in its statement of work (SOW) or service level agreement (SLA) with the cloud provider. So instead of having a screening router, stateful firewall and virus wall at the gateway to its internal network, Upward Bound may instead want to contract for gateway-based filtering of network traffic at the entrance to Upward Bound’s cloud space. 8 • Note that Upward Bound has a very strong operations orientation. Any risks and related control measures that can potentially disrupt operations are, thus, an especially important. consideration. COBIT 5 Some sections of COBIT 5 may also be helpful in determining your best course of action: • • • • • • • • • • APO03 Manage enterprise architecture. APO04 Manage innovation. APO08 Manage relationships. APO12 Manage risk. APO13 Manage security. BAI05 Manage organisational change enablement. DSS04 Manage continuity. DSS05 Manage security services. MEA02 Monitor, evaluate and assess the system of internal control. MEA03 Monitor, evaluate and assess compliance with external requirements. Your Tasks: 1. Identify the key information criteria for the B2C project. 2. Provide some sample concerns of controls for the B2C project. 3. Analyze what appropriate architectural changes of controls and security would be for the cloud project. 4. Briefly discuss how the organizational policies and standards must be modified to adjust for the new cloud strategy. 9
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

It has been great working with you right from the start to the end. I wish you all the best in your academics.

Running Head: CASE STUDY ON UPWARD BOUND AIRLINE

Case Study on Upward Bound Airline
Student’s Name
Institutional Affiliation
Instructor
Submission Date

1

CASE STUDY ON UPWARD BOUND AIRLINE

2

Question 1
The B2C project is formed with the purpose of making one standard decision of reducing
the costs in the organization and ensuring the faster provision of services to the clients. The
project comes up with different criteria like the use of internet technology which would help in
transformation in the B2C. The management comes up with established procedures and the use
of securities to help in keeping the consumer’s information intact and protected. The B2C project
involves the act of having different e-commerce activities which like giving relevant information
to the clients concerning the type of services to be offered for any client whose is interested in
accessing the information from the web page.
The information is ensured so that it goes public to help in creating awareness to as many
customers as possible for the airline company to make huge profits. The project provides all the
clients’ information on the types of products offered through communication on TVs or any
advertisement forum. The project will help the company to achieve the object of providing the
client's services with ease through the use of internet and online transactions. The idea of a B2C
project comes up with better services offered like acceptance of all the customer’s self-services
activities whereby in case the client cancel the transaction it would be accepted. The payment is
also made through the internet and balance is offered. There is also the conventional means of
operation whereby many clients can be served at once.
The B2C project will enable the customers to purchase directly from the internet. It
means that the customers will have advant...


Anonymous
Great study resource, helped me a lot.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags