Secom: Managing

Information Security in
a Risky World

Group 7
KRITEE SINHA
R.P. HARI HARA KARPAHA RAM
PRIYANKA BHAGAT

2014PGP171
2014PGP308
2014PGP273

PULAKALA SUMA PRASANTH

2014PGP275

TEJASHRI NISHIKANT GAWAI

2014PGP404

GONDANE SAURABH ANAND

2014PGP121

PALLAV KUMAR SINGH

2014PGP242

Background
Jashopper.com
Small internet company which hosted an e-commerce
website
Revenue from retailers who paid to place a virtual store
on their website
Stored personal data like name, address, date of birth
and credit card details for carrying out transactions
Sales of 1 billion yen, 20 employees, retailer base of
400 shops, consumer base of 600,000
Might go public to gain funds to grow business

Secom Trust Systems

Provided comprehensive information security and
network system services like data centres, security
audits, intruder detection systems, digital certification,
consulting service etc.
Offered both virtual and physical security
Part of the Secom group, the largest security service
provider in Japan with a market share of over 60%
Sales around 613.9 billion yen and profit of 97.8billion
yen

Triggers which caused Mamoru Sekine, CEO of Jashopper.com to look at Secoms security
proposal
Internal - Current IT & information security
assessment

Licenses for several cyber security services were up

for renewal
Focus was more on growth than security
Small IT team which reported directly to Mamoru
Their website wasnt secured by digital encryption
Needed to upgrade its servers to five ~one-fourth of
rack space
Didnt have a CIO or CTO
IT department worked along with general affairs to
solve security problems

Problem statement

External triggers

Personal Information protection Law had come into

effect in Japan
Information leaks of personal data was rampant in the
market, even big players Visa & MasterCard had been
compromised
Violation of Personal Information Protection Law could
result in a loss of 10-20 billion yen for compensation,
opportunity cost for lost business & change in
security system
The e-Document Law stipulated that government
required documents could be stored electronically,
thereby increasing the need for protection

As the current security systems are not enough to meet the future needs, how should Mamoru Sekine go about choosing
which security product to use? What are your recommendations?

Alternative - 1
Advanced Housing service
Physical and cyber security
Minimizes threat of viruses and hackers
One rack which could support 8 IP address
which had an Initial cost - 300000 yen and
monthly fee of 300000 yen.
Secoms SDC had state of the art facility
for disaster recovery and security.
Pros
1. Secured hosting
2. IPS and IDS
3. High availability - 24*365
4. Improves Jashopper.coms
current hosting security level
5. No additional manpower needed
to monitor threat of viruses and
attacks and intrusion
6. Economic investment option

Cons
1. Internal information leakage still
feasible
2. Confidentiality level - low , information
leakage is still feasible.
3. Integrity - low level. As the website is
not encrypted, transactional data can be
modified while data transfer. Also
customers may feel insecure about the
website as there is no presence of a
"security logo watermark" on the e-

Alternative - 2
Identification and access control system
+ advanced housing service
Apart from the services of advanced housing the
following services would be added:
Would track data about employee accessing
systems and premises thereby enabling
monitoring of employee activity
Would limit unauthorized access to premises
and systems
ID ONE, TR2, Smart On total cost of 2520000
yen

Pros
All benefits of advanced housing along
with
1. Internal security is strengthened
2. Reduces chance of information
leakage by employees
3. Physically secure premise to prevent
intrusion
4. High confidentiality, integrity and
availability

Cons
Con's
1. Cost is higher
2. Lacks digital certification

Alternative - 3
Assess vulnerability of physical and cyber
security
Analysis of
Organization/system/policies
Physical security
Data access and control
Network security
Would clarify risk tolerance of the company
Evaluate priorities and cost of various security
measures
Identify weaknesses in the network, system,
physical environment which could lead to breach
Cost- 500,000 yen, time - 2 week

Pros
1. Proactive measure
2. Could identify weaknesses in
system

Cons
1. High cost
2. Not entirely necessary
3. Audit result would result in further
investment in security system as systems
cannot be completely up to mark

Points to ponder

The employees
were not well
Their website
The e-Document
70%-80% of
trained about
wasnt secured
Law stipulated
information leak
cyber security and
thereby making it that government
incidents were
information
more vulnerable
required
caused by insiders
security was not a
to attacks. Thus
documents could
hence
priority for them.
digital encryption/
be stored
Identification and
They learnt about
SSL Certification
electronically,
Access control
it from IT
would be a must thereby increasing
Systems will be
magazines,
to protect data
the need for
required
colleagues and
and privacy
protection
security product
vendors.

Recommendation
Based on the evaluation of the alternatives,
the following products from Secom TS are
recommended for Jashopper.com

Key security
parameters

Hosting/Housing service which would provide

firewall, monitoring of 24*365
Monitoring/Protection Service which would
include IDS and IPS
Identification and Access control System
Digital Certification Service Secom Passport for
Web
Additional considerations :
1. Should appoint a chief information officer - as
they are in the digital ecommerce business, having
a CIO who tracks information/security needs is
important
2. Training employees about cyber security so that
it becomes a priority for them.

Integrity

Availabilit
y

Confidenti
ality

Thus option 2 along with digital certification is the best product to resolve
Jashopper.Com's security dilemmas

Secom

Thank You!