IWC Background Information


The IWC ISSO must understand the business and processes of IWC if a quality, cost-effective, CIAPP is to be developed for IWC. Part of that process requires the ISSO to identify those key elements of IWC's history and business that must be considered in developing the IWC CIAPP as well as its organizational structure (see Figure 4.1).

click to expand
Figure 4.1: The high-level organizational structure of IWC.

Although information is an asset and its protection should rightly fall under the purview of the corporate security department that is responsible for the leadership role in corporate asset protection, many security departments neither want nor are prepared to take on such responsibility. It is hoped that someday they will be prepared, since information and information systems are corporate assets and should be protected in a holistic manner as with any other corporate asset. (Note: If the security professionals of the past had aggressively lived up to their assets protection responsibilities, this would be a moot point. Furthermore, we might not be experiencing the problems we are experiencing today, such as IT personnel being responsible for asset protection when the systemic problem of information and information systems protection is first and foremost a people issue.)

The following is a summary of IWC's business environment:

  • IWC is a high-technology corporation that makes high-technology widgets. In order to make these widgets, it uses a proprietary process that has evolved over the 5 years that IWC has been in business.

  • The proprietary process is the key to IWC's success as a leader in the manufacturing of high-technology widgets. The process cost millions of dollars to develop, and protecting it is vital to IWC's survival.

  • The manufacturing of widgets uses computers to control the robots in this manufacturing process. The use of robots has over the years drastically reduced costs by eliminating many of the human manufacturing jobs. This automated manufacturing process is the pride of IWC and one of its "crown jewels." Without this automation, the widgets could literally no longer be produced by IWC. This is not only because of cost factors, but also because the manufacturing requires such small tolerances that humans are not even capable of manufacturing today's widgets.

  • IWC is in an extremely competitive global business environment. However, based on changes in technology that allow for a more efficient and effective operation through telecommunications and networks, it has found that it must network with its global customers and subcontractors.

  • To provide for maximization of the high-technology widget process, it shares or interfaces its networks with its subcontractors, who must also use IWC's proprietary processes. The subcontractors, under contractual agreements, have promised not to use or share IWC's proprietary information with anyone. They have also agreed to protect that information in accordance with the security requirements of their contract with IWC. (Note: All contracts that include the sharing of sensitive IWC information and/or networks should include security requirement specifications and address liability issues.)

  • Because of today's global marketplace, IWC has over the past several years expanded its operations to include some manufacturing plants, coupled with a small marketing and sales force, in Europe and Asia. This was done in order to take advantage of lower manufacturing and operational costs due to nation-states' incentives and the high cost of manufacturing in the United States. In addition, it has taken this approach to be able to take advantage of political considerations—for example, the corporation is looked upon as a local enterprise, thus gaining at least some political support to make marketing and selling easier in and from the countries where they are located.

  • There currently is a small manufacturing plant in the Dublin, Ireland, area, and consideration is being given to opening up a plant outside of Prague, Czech Republic, within the next 1 to 2 years. Once that plant is operating as expected—with operating costs at least 25% less than those of the Dublin plant—the plan is to close the Dublin plant and use Prague as the European home manufacturing base.

  • In order to also take advantage of the Asian market and the cheap labor and overhead costs in China, IWC has decided to move its Asian plant from Taiwan to China (PRC) within a year. The China plant will be located outside of Guangzhou. The decision to open the plant in China was hotly debated by the IWC executives. Before it will allow the plant to be opened in China, the Chinese government requires IWC to share its technology and do so as a joint partner with a Chinese firm known as Lucky Red Star. High-ranking members of the People's Liberation Army (PLA) own this firm. There is also a concern that this partnership will allow the PLA to use the widgets to support their military development. However, the United States government, and IWC, headquartered in Los Angeles, California, in the United States, approved of this move. Therefore, the IWC executive management did not concern itself with the issues related to technology transfer.

  • The concern is that this joint venture involves sharing the "crown jewels," the proprietary processes of IWC. This information could subsequently be used to compete against IWC on a global basis, and with the Chinese government's support, the IWC executives were concerned that they might eventually be priced out of business. The executives decided that the business risks must be taken if IWC is to expand its sales throughout Asia and leverage the cheaper manufacturing costs in China and the Czech Republic. IWC will consider the elimination of the manufacturing plant within the United States sometime within the next 5 to 10 years, after the European and Asian operations have proved successful.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net