Scenario: Raxlon Inc.
Case Study Title (Case Study):
Raxlon Inc. is a Fortune 500 Company dealing in high value drugs and pharma products. Its annual
turnover is over 120 billion $. It has more than 100,000 employees all over the globe in its R&D,
Manufacturing and Marketing Units.
Raxlon’s CEO, Dr Peter Fowles, is a pharmacology expert and has over 72 patents on various types of
drugs mainly used for treating patients with genetic disorders. Raxlon is now moving into a suite of
high end critical drug products used for Genetic Repair of congenital Diseases like Alzhmeir’s disease
and Epilepsy. Rexlon has a well developed EA practice and in 2009 the EA practice has adopted
TOGAF 9 as the primary Framework for Enterprise Architectural Change Agent.
Dr Fowles’ main concerns are:
Security of the critical data which they have gained over the years after painstaking research.
Although Rexlon had an adequate security system Dr Fowles feels it may not be adequate to deal
with the new order of things, especially with data which is highly confidential and if leaked would
have major financial impact on the Company.
Dr Fowles calls his CIO and explains his position to him and entrusts whim with the responsibly of
evaluating the current security system, operation and governance and determine which are the gaps
which need to be addressed during the fresh architectural work. Assume that a new Security
Framework would be used in the ADM life cycle. To protect Rexlon’s valuable IP.
The CIO apprises the Lead Architect of the sensitive nature of the work he has to complete within
the next 2 months.
Identify which of the following processes would be most appropriate for the Lead Architect to adopt
in this situation.
A.
Identify the sources of threat, review the relevant security statutes, see how disaster recovery can
be achieved, find who are the actors vis vis the system and design suitable access control
mechanisms, identify critical data and applications and ensure that they are given the highest level
of security
B.
First revisit the Preliminary Phase to determine the tailoring of ADM vis a vis Security. Identify any
change in the Principles or additions to be carried out. Engage with all Stakeholders to finalize the
Vision. Then in Business, Information systems and Technology Architectures ensure the Security
Frame work adopted to the ADM addresses all critical security issues. Finally conduct an overall
review to assess how effective the security ecosystem designed is and whether it meets the security
level desired
C.
Invoke Preliminary Phase and Vision Phase Identify Sources of threat, review and determine
revised regulatory, security and assumptions, document them get management buy in , develop
business continuity plans especially for critical data operations, assure data, application and
technological component security.
D.
Determine who are the people who are hacking into similar organizations, ensure that highly
secure measures are taken when external people enter the R&D and manufacturing locations,
ensure that there is a very strong firewall so that people cannot get illicit entry into the system,
periodically check the effectiveness of the security measures