Management Information Systems Assessment for Secure Asset Management

Learning Outcomes

As part of the formal assessment for the programme you are required to submit a Management Information Systems assessment. Please refer to your Student Handbook for full details of the programme assessment scheme and general information on preparing and submitting assignments.

Learning Outcomes:

After completing the module, you should be able to:

1. Demonstrate an understanding of information needs within different functional areas of organisations.
2. Identify and compare information systems within different functional areas of organisations.
3. Use information systems to produce management information at middle and senior management levels of organisations.
4. Identify and examine the legal implications associated with information handling and security.
5. Identify and examine the ethical implications associated with information handling and security.

Responsible Global Citizen - Understand global issues and their place in a globalised economy, ethical decision-making and accountability. Adopt self-awareness, openness andsensitivity to diversity in culture.

Please note that exceeding the word count by over 10% will result in a reduction in grade by the same percentage that the word count is exceeded.

You must not include your name in your submission because Arden University operates anonymous marking, which means that markers should not be aware of the identity of the student. However, please do not forget to include your STU number.

You have been engaged as a MIS consultant for the following organization.

“Secure Asset Management” – often known as SAM - specialize in ultra-high secure data storage and digital asset management. Their clients are primarily in the banking and financial services industries – but not exclusively. SAM is not a bank or traditional financial institution. It does not store money in any form. However, it does store something even more important – sensitive corporate data. Examples of such data include: internal accounts (as opposed to publicly disclosed accounts), auditing reports, staff and salary data, back-ups and archives of operational data, regulatory & legal data, corporate strategy data including market share, competitor analysis and take-over/merger & acquisition target data. Not the kind of stuff their clients want floating around on the internet.

Because of their main client base, they are headquartered in the City of London, where existing and prospective new clients can come in and meet the firm face-to-face. The staff here include all central services plus the CEO and senior management team.

Apart from the London HQ, the company also owns and operates two ultra-secure data centres – named DC1 and DC2 - where all the above client data is held. Security is obviouslyof utmost importance. For that reason, DC1 is located on an abandoned oil rig 100 miles outfrom Aberdeen, Scotland in the North Sea while DC2 is located in a de-commissioned nuclear bunker complex somewhere in remote Wales. For enhanced resilience, data is ‘mirrored’ (duplicated) at both centres. All data is managed locally ‘on-premise’.

Client Overview

When trying to win new business, most clients want to see high-quality video presentations of the data centre security and what services the company can offer. Sometimes the clients will come to the London HQ, other times they want to view the presentations at their own premises. All this audio-video data has to be stored, transferred and presented smoothly and securely in the conference room – potentially at any time.

Another lucrative part of the business is the installation of tamper-proof hard drives and other physical computer security devices to the actual client laptops and desktop computers. This cannot be done on client premises and so the company has a specialized facility on the outskirts of London where all such work is done by company technicians. Unlike data itself, the laptops and desktops cannot be sent down a wire or transmitted over the air – they must be physically collected and delivered by company vehicles – known as Secure TransitVehicles. Each has a unique number (STV1, STV2 etc.) There are currently ten such vehicles. This transit operation is a major security concern and so all vehicles – as well as being physically secure – must be tracked at all times. Each clientdevice must also be uniquely trackable. The whole collection-delivery-fix-return lifecycle must be fully tracked and audited – just in case a device goes missing or there is an attempted robbery.

Clients have also expressed a desire to be able to track their devices in real-time.

More recently, the company has added a third type of service - over and above the traditional secure data centres and the enhancing of client devices at itsfactory. This involves the supply of a Personal Data Guard - like a bodyguard but for data rather than people. Many staff at blue-chip banking and financial clients have to regularly go overseas – often to hostile environments and they are naturally concerned about their own personal safety but also the safety of their computing devices and the sensitive data held on them. They want to feel safe.

SAM satisfies this need by supplying – either on a regular, contract basis or an irregular adhoc basis – a dedicated individual (or even a whole team) who can protect the client, their computing devices and their data from unwanted attention. Such staff are almost exclusively drawn from the special forces who have the training to deliver this service.

At present, the company have several major concerns:

1. The safety and security of ‘on-premise’ data storage, backup and recovery and businesscontinuity in the case of a catastrophic data loss at one of the sites – even allowing for themirroring across both data centres.
2. The current weakness in using data more strategically to plan the future growth of the business. For example, the board would like to know which clients are least/most profitable? Which types of service and data are most common and which are most/least profitable? Are there any patterns or trends hidden in the vast amount of data they store?
3. The impact of the new GDPR data protection legislation coming into effect. The company are very sensitive to data leaks and reputational damage – probably more than most companies – for obvious reasons. Staff vetting, secure data storage and data transit are vital.
4. The lack of in-house IT skills and due to the central London location of the company HQ (where the small IT department is based) – they are worried about the cost of recruiting and retaining the required new IT skills in such a competitive IT recruitment market.
5. The company wants secure 24 x 7 off-site access to the London HQ systems by HQ staff – perhaps because they are working at home or away seeing a client. For security reasons, only the staff physically inside the London HQ can access the two data centres and so remote access to DC1 and DC2 is not needed.