1 Business Requirements
1.1 Project Overview
SMB Computation, a data collection and analysis company has been operating for less than two years and has grown exponentially. SMB Computation is seeking to create a repository for collected data beyond that of standard relational databases and their ten-terabyte data warehouse has been forecasted to grow about twenty percent each year. A plan of action to compensate for the growth of the company is in the making and the CEO and I, the CIO will go over options for data warehousing, analytics, interfaces and cloud technology, as well as the security and the infrastructure.
1.2 Background including current process
This project will help SMB Computation prepare a security assessment by defining which systems to consider and what approach for the assessment, determine the logistical considerations, determine a plan of assessment, and to ensure the policy and legal considerations are met. The goal of the project is to review all documentation and policies in place, go over the current system configurations, review of system logs, and testing current assets for vulnerabilities.
The role of the IT department during this project will be to provide but are not limited to the following:
CIO: The CIO will oversee the progress and determine the budget for the project at hand as well as the responsibility for purchasing the new equipment and upgrades, while supervising over the rest of the IT department.
The Analyst: The Analyst will communicate with the CIO about strategies to upgrade the company efficiently and be the main communication to any third-party vendor that will be needed during the project.
System Administrator/Database Administrator: The Administrator will be responsible for desi...
... middle of paper ...
...n resources has become an important task. The preparation of human recourses of the company includes planning for future needs of personnel, their required skills, employee recruitment, and employee development.
1.3.6 Definition of Terms
A list of definitions that will be used throughout the duration of the project include the following:
Best Practices: IT Best practices include the many processes and frameworks that a company will use to efficiently and effectively accomplish IT tasks.
Risk: Risks are the potential that an error will occur in the IT project.
Vulnerability: vulnerabilities are security holes that are in software or operating systems that could provide a way for the system to be attacked and penetrated.
Vulnerability Assessment: A vulnerability assessment is the test and documentation of the effectiveness of both the security policies and controls.
It will identify the identified constraints and assumptions of the infrastructure expansion and data warehouse build and design. As with any project it will identify the risks. The Scope of the project will be documented in the business requirements document and all other projects that are associated with this project will be documented.
The security evaluations performed by DWP Systems, take after a standard appraisal philosophy starting with observation, powerlessness list and entrance testing for validation. DWP performs these assessments with the least possible impact to the organization. This means our assessment tools have been throttled back as to not consume customer Internet bandwidth. Our assessments are also done at a mutually agreeable time which is determined to be least impacting to the
CVSS, or Common Vulnerability Scoring System, provides a method for assessing and prioritizing previously unknown vulnerabilities in an application’s code that have been identified for IT management to address (Scarfone & Mell, 2007). CCSS, or Common Configuration Scoring System, is based off of using similar metrics to CVSS but is focused on known vulnerabilities based upon decisions regarding security configurations of the program.
The two role that shared responsibilities are the project executive sponsor and the project leader. In the sponsor role, the stages initiating, planning, executing, and closing are performed or overseen by the project as well. They share responsibilities in numerous ways. The sponsor is ultimately accountable for the success or failure of the project. The sponsor has to ensure the project is focused on achieving its business objectives and delivering the forecast benefits. They also have to ensure that the project gives value for money and adopts a cost effective approach which balances the demands of the business, users, and suppliers. This role includes securing budgets and ensuring appropriate financial controls are in place. Appointing the project manager and its team including members of the project board. They also advocate the project both eternally and internally. Sponsors also support the project manager to successfully deliver the project and they sign off on project deliverables. (Kilmoski,
Just like any other security tool or software available, there are many different forms of vulnerability s...
For this assignment, I will discuss the evaluation process in assessing and calculating vulnerabilities for one of our nation’s Critical Infrastructures identified, as Defense Industrial Base. A vulnerability assessment is a tool used to evaluate weaknesses of a facility against threats and hazards. Norman describes vulnerability as (Norman, 2010, p.32),” Any condition or factor associated with the selected target that can be exploited to carry out an attack – vulnerabilities may be individuals or systems.” The more vulnerable an asset is, the more it’s deemed attractive, or susceptible to threats. In general, a vulnerability assessment identifies an organizations most critical assets needed to continue its function. They help determine, if functions can be repeated under threat scenarios, or need to be
Subsequently, in order to assess and understand the practices involved with KM, we must first recognize the underlying provisions and implications within the IT sector. Information technology has had a dramatic influence over organization overall performance, IT driven structures have been able to evolve over time, in part due to the integration and implementation of such practices alike. Resulting from such assimilations, most division have yet to maintain proper executive IT sectors and overall preservation, mainly due to either lack of knowhow or inefficient policies in place that limit any advancement.
Create or find definitions for Business Impact Assessment, Vulnerability Assessment, Penetration Test, and Risk Assessment..
The specific IT assets and technologies that are highlighted are internet applications, such as online transactions, human relations systems, wire systems and websites. Other resources are Blackberries, Android smart phones, I-Phones, cellular networks, short messages service (SMS), PC’s (include their operating systems), connected USB storage devices and any third-party software (Deloitte & Touche LLP, 2010).Most importantly, in this case, will be banking devices such as ATMs, kiosks, RFID enabled smartcards that allow secure financial access (Deloitte & Touche LLP, 2010). Finally included, are intranet portals, collaboration tools, authentication systems, voice over IP phones and private branch exchanges (PBX)’s, voicemail, identity management, log-on, password and user code technologies (Deloitte & Touche LLP,
Being the highest senior executive accountable for Information Technology (IT) and computer systems, they also have administrative functions such as creation and implementation of policies and procedures. Likewise, the CIO directly handles the IT employees and provides an adequate performance review based on Key Performance Indicators of the department.
Organizations’ other resources can be hired, retained and discarded at any time but human resources needs special treatment. It needs to be carefully hired, deserve an extra effort to retain it and requires training & development to upgrade and improve its capabilities. Other resources depreciate with the passage of time but when the human resource gains more and more experience, it becomes more beneficial for the organizations. These characteristics have brought human resources to be the central element for the success of an organization. (Mohammed, Bhatti, Jariko, and Zehri, 2013, pg. 129, para. 2)
The actors tasks include accomplishing project work, recording and editing project work accomplished, and reviewing project progress for goal accomplishment, along with administra...
"Risk management is the part of analysis phase that identifies vulnerabilities in an organization's information system and take carefully reasoned steps to assure the confidentiality, integrity, and availability of all components in the organization's information system" (Management of Information Security - second Ed, Michael E. Whitman and Herbert J. Mattord)
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.
The Importance of the Human Resource Function Human resources are the backbone of any business. It deals with the most important resource in the business – people. For any business to achieve its objectives they must plan their resources and one of their key resource is people. They need to get the right people and develop. them well in order to meet the organisation’s aims successfully.