ADVO INC: INTEGRATING IT AND PHYSICAL SECURITY

ADVO Physical and IT Security Case Study

1. Case Learning Objectives
Analyze the benefits of integrating IT and physical security.
Explain the roles of top management in establishing and maintaining
security.
Analyze the physical security risks in the organization.
Explain the trade-off using consultants and third party to providing
security related services.
Identify security risks related to temporary employees.
Analyze the factors to be considered in choosing a backup centre.
Provide password guidelines for stronger user authentication.
Identify security measures to protect organizations facilities.
Identify technologies to protect the organizations information system
from attacks.
Analyze the benefits of performing frequent security audits in the
organization.

2. Case Description
Read this article and answer the following questions: "Advo, Inc.:
Integrating IT and Physical Security", Information Security: Contemporary
Cases, Jones and Bartlett Publishers, 2007.

3. Case Discussion Questions and Their Mappings to Blooms Taxonomy

Table 1: Mapping of Advo Physical Security case discussion questions to Bloom
Taxonomy.
Advo Physical Security Case Discussion Questions
Cognitive Levels
1. Traditionally, managing IT and physical security has been
treated as two separate domains. Why should they be
integrated?

Level 5 - Synthesis
Level 4 - Analysis

2. Why is top managements awareness and support essential

for establishing and maintaining security?

Level 3 Application

3. Why should those responsible for leading the organizations

security efforts be placed high in the organizations chart?

Level 1 Knowledge

4. The first decision made by Advos top management in the

aftermath of the 9/11 incident attacks was to improve physical

Level 4 - Analysis

Table 1: Mapping of Advo Physical Security case discussion questions to Bloom

Taxonomy.
Advo Physical Security Case Discussion Questions
Cognitive Levels
security. Why was attention focused on this particular aspect of
security?
5. What are the advantages and disadvantages of using
consultants and third party organizations to provide security
related services?

Level 2 Comprehension
Level 4 - Analysis

6. Identify the security risks involved in allowing networked

systems to be used by large numbers of temporary employees
Level 4 - Analysis
who do not need to log in. What password guidelines should be
implemented for stronger user authentication?
7. How far away should a backup site be located form company
headquarters? What factors should be considered in choosing a Level 4 - Analysis
backup site?
8. Why is it a good security practice to have a few visitors at
reception area?

Level 2 Comprehension

9. What security measures did Advo implement to protect

companies facilities?

Level 2 Comprehension

10. What technologies did the company use to protect

information system from the attacks?

Level 2 Comprehension

11. Advo believes that frequent audits help to ingrain a security

mindset among the company employees. What other benefits
Level 4 - Analysis
are there to performing frequent security audits?