NOTE:
This
is
just
one
of
many
answers
that
can
be
written
for
this
question
because
there
are
many other potential strategies that can be taken.
1).
Considering
the
recent
security
issues
in
PowerSafe
Inc.,
mistrust
between
the
insurance
companies
and
attempts
to
alter
the
documents
by
certain
companies,
I
proposed
to
introduce
an independent authority for data management.
To
implement
these
solutions
at
the
strategic
level,
decisions
should
be
taken
to
introduce
an
independent
authority
for
data
management.
Key
security
objectives
and
goals
to
be
established
by
the
third
party
should
be
decided.
For
example,
one
of
the
priorities,
in
this
case,
is
that
consensus
among
all
companies
must
be
achieved
for
any
actions
on
stored
data,
policies,
regulations
and
customer
information.
Also,
sufficient
resource
allocation
should
be
organised
to
effectively
achieve
the
defined
security
goals
through
independent
authority.
For
example
decisions
such
as
what
level
of
access
to
the
organization's
information
should
be
given,
and
what
internal
staff
support
needs
to
be
provided
should
be
decided
at
this
stage,
should the company hire new staff, etc.
At
the
Administrative
level,
it
is
required
to
create
a
proper
authority
and
responsibility
structure
to
realize
the
solution.
To
control
the
access
level,
security
models
such
as
BLP
or
Biba
can
be
introduced.
This
will
assure
not
only
the
personnel
within
the
independent
authority
but
also
the
insurance
companies
have
controlled
access
to
the
information.
Also,
a
proper
hierarchy
of
authority
and
responsibility
should
be
created
within
Powersafe
Inc.
to
cooperate
with
independent
authority.
If
any
conflict
is
encountered
between
different
parties
(i.e.,
Insurance
companies
and
the
independent
authority)
active
decisions
should
be
made
to
solve
those
conflicts.
At
the
operational
level,
we
have
to
continuously
monitor
the
action
not
only
of
independent
authorities
but
also
the
insurance
companies.
Costing
for
initiating
third
party
involvement
should
be
done
while
clearly
identifying
what
are
the
requirements
that
need
to
be
fulfilled
by
the
independent
authority
to
solve
the
issues
with
insurance
companies.
When
handling
multiple
insurance
companies
it
is
expected
to
have
repetitive
problems.
Therefore,
the
company
should
support
independent
authority
and
insurance
companies
making
sub
optimizations
to
the
security decisions made before.
2) Yes
Blockchain is suitable in multiple aspects.
At
PowerSafe
Inc.
multiple
insurance
companies
need
to
work
together.
At
the
same
time,
they
do
have
their
independent
agendas
for
financial
gain
over
others.
Therefore,
this
forms
an
environment
of
untrusted
parties
collaborating
while
also
contesting
each
other.
There
is
no
central
authority
that
everyone
trusts
to
manage
the
coordination.
Thus,
Blockchain
could