1Project Plan Six

Project Plan Six

Steve Austin

Instructor: Michelle Hansen

Strayer University: CIS 499

3/16/2014

Author Note

Steve Austin: Strayer University.

2Project Plan Six

Correspondence concerning this paper should be addressed to Steve

Austin, at sbaustin45@yahoo.com

Table of Contents

Document Control………………………….......…………………………………………………2

1 Executive summary.......................................................................................................3

2 Scope of the project and control measures……………………………………............3

3 Goals and objectives......................................................................................................4

4 Project deliverables……………………………………………...................................4

5 Estimated cost analysis………………………………..................................................4

6 Competitive advantage………………………………………………………..............5

7 Recommended solution providers………………………………………….................6

8 Business Requirements……………………………………………………….............6

9 Background including current process……………......................................................6

10 Sample network showing database and network traffic handling……………….........7

3Project Plan Six

11 Physical Network Diagram…………………………....................................................7

12 Sample network for three floors....……………………………………………………8

13 The IMS framework......................................................................................................9

14 Intruder Detection System...........................................................................................10

15 Security Services Framework for the ISMS................................................................11

16 ISMS Benefits..............................................................................................................11

17 Maintenance and Operations Planning........................................................................13

18 Documents and Analyzes.............................................................................................15

19 Post Project Review.....................................................................................................15

20 Project Acceptance.......................................................................................................16

4Project Plan Six

21 Transition Out Plan......................................................................................................17

22 Recourses.....................................................................................................................17

1. Executive summary

Intelligence. It's the ability to think abstractly. Challenge the

unknown. Solve the impossible. A pathway to Success with projects

designed to help businesses to business to companies of all sizes

and provides a comprehensive overview of all aspects of the

project from start to finish. We will be there to make sure your

needs are meet.

2. Scope of the project and control measures: Current Business

Process of MDR Inc. is a data-collection & analysis. The company

has been collecting data on medical facilities and patent

geographic information. MDR has been operating less than two

5Project Plan Six

years, is seeking to create a new data warehouse for collected

data beyond current relational databases, which hold ten

terabytes of data, and is expected to grow 20% each year. The

projected growth of the company will require much larger, secure,

faster, and backup management for a database with potential for

growth. The company will also be adding office space with up to

three thousand new workstations, and additional Wi-Fi access

points for wireless connections. We will be adding a point to

point fiber optic connection to the databases. Analytics is a

requirement, business leaders are distinguished by their ability

to leverage all information derived from analytics and data about

their industry. Public clouds that are pay peruse they are a

great fit for finite to huge data loads. Many public cloud

providers offer templates for popular big data platforms making

it easier for administrators to set up the required

infrastructure. The cloud's biggest contribution to solving the

big data problem is the number of analytics vendors that have

adopted the Software as a Service (SaaS) model. IT departments

don't need to buy infrastructure and don't need to set anything

up. This is a big savings for companies all over the globe.

6Project Plan Six

(Barrett, A. 2013) Sites for data storage will be distributed

across many areas of the US and abroad, IT will add to existing

network keeping re-engineering down to a minimum with plans to

expand in the future. After testing has been done we will do a

test conversion at midnight on the night before turnover. Testing

will include the new database and addition to the network.

Training and education on the system will be for new and existing

employees as the network is complete.

3. Goals and objectives: The new database must meet new demands

such as 200-terabyte capacities with plans to expand. The

schedule for the new addition of the network, database, and

additional cabling and furniture will be six months. The IT

department will assume the network needs and design, which will

be presented below. MDR has no outsourcing for any department,

after a review of operations it is clear that payroll, phone

support should be outsourced during this process to cut cost and

use revenues for the MDR expansion. MDR will hire 4,820 new

employees internationally to handle new branches of MDR satellite

offices. Cost of training will be covered up to 80% from revenues

saved from off shoring.

7Project Plan Six

4. Project deliverables: Intranet infrastructure, Site

organization, Templates, scripts and processes for creation,

publication, and management of the Administrative Services

Intranet, Implement (build and deploy) Phase 1 of the

Administrative Services Intranet, including the completion of all

development and infrastructure tasks necessary for the delivery

of administrative instructions and forms through the Intranet.

5. Estimated cost analysis: Full network management would cost

about $316,673.00 per month to manage your entire (or your

planned) 122 server and 5599 workstation/laptop environment.

Hardware installation will be $5,721,000.00 total.

6. Competitive advantage: Our team is investigating to configure

Network Topology from an existing Linear Topology using the

latest technology. Since most corporate network infrastructure is

already based on fiber optic networks, this is the perfect

breeding ground to prove that adding our project will indeed

decrease the cost. Adding the latest technology to an existing

infrastructure and the existing cost of network infrastructure to

be eliminated and combine with the existing network. This design

8Project Plan Six

shows how a system and computer network can coexist. By

completing the network successfully we will be able to implement

integrated services on the same network. This will return huge

profits to the business who implements the above network. We will

also set high standards for security for the physical access as

well as 802.3 Ethernet LAN, and 802.11 Wireless LAN to ensure

that your data is safe from intruders, while providing the

maximum bandwidth. Using web analytics to target your

demographics to reach your customers. We will also provide a cost

analysis on the entire Network. What's included in the

$316673.00?

The following items are included (in fact, it's easier to describe what isn't included:

Fixed-fee means you do not pay one penny more than agreed

upon.

On-site time is still a big part of properly proactively

managing business technology and there is no additional

charge for it.

9Project Plan Six

Responsibility is on Agility to keep system proactively

managed, attended to and responded to 24-7-365, all day

every day.

“All You Can Eat” 24-7-365 help desk is included; our senior

network consultants run the help desk.

24-7-365 help desk is NOT outsourced or off-shored.

7. Recommended solution providers: Agility Network

Headquarters, and Business Computers Inc. (BCI) had the best

prices and references. Agility did the cost estimation for this

project for free and the price is negotiable. Agility is a member

of the BBB and does not share your information. We can save you

money on your I.T. with a long-term strategy and learning your

business needs. BCI had good pricing as well but not as good

follow up on most projects we spoke to.

8. Business Requirements - Current Business Process of MDR Inc.

is a data-collection & analysis. The company that has been

operating less than two years is seeking to create a new data

warehouse for collected data beyond current relational databases,

which hold ten terabytes of data, and is expected to grow 20%

10Project Plan Six

each year. The projected growth of the company will require much

larger, secure, faster, and backup management for a database with

potential for growth. The company will also be adding office

space with up to 5599 thousand new workstations, and additional

Wi-Fi access points for wireless connections. We will be adding a

point to point fiber optic connection to the databases that may

(but should not) cause a disruption for other organizations

across the globe, we will conduct a network release of intentions

to all possible companies involved.

9. Background including current process - In June of 2012 the

MDR. Inc. has been collecting data on medical facilities and

patent geographic information. As of September of 2013 the

company has outgrown its current infrastructure and made the

decision to expand operations. This project is to develop a

comprehensive plan to expand the company to meet future needs.

Our goal for this project is to expand to 200 terabytes in data

storage facility with high security and a disaster recovery plan.

MDR also plans to add employees and offices with Ethernet

connections, Wi-Fi, and new workstations. The IT department will

11Project Plan Six

assume the network needs and design, which will be presented

below.

10. Sample network showing database and network traffic

handling:

11. Physical Network Diagram (Below)

“The physical diagram presents the following information about

your existing network:

• Details of physical communication links, grade, and

location of the physical paths of the wiring.

12Project Plan Six

• Servers, IP address (if static), server role, and

domain membership. A server can operate in many

roles.

• Location of devices such as printers, hubs,

switches, modems, routers, and proxy servers.

• Wide area network (WAN) communication links (analog

and ISDN).

• Number of users at each site, including mobile

users.”

(Microsoft TechNet, 2010)

12. Sample network for three floors:

13Project Plan Six

The ISMS is setup on the external server along with the firewall

and internet connectivity restrictions. I did this to save space

on the page. The IDS appears separate but is part of the access

to the intranet from the internet.

Logical Network Diagram

14Project Plan Six

The logical diagram shows the network architecture of three

floors.

Server roles, including primary or backup domain

controllers, servers, or WINS servers.

Domain architecture, including the existing domain

hierarchy, and addressing scheme.

Trust relationships, plus depictions of transitive, one,

and, two-way trust associations.

13. The IMS provides a framework by which businesses can assess

data risk and establish, impairment, and measure information

security and technology controls. (Lane, D. 2011) NOS directory

Object

User Acc.

Computer Printer Domain

User Name Full Name Password /

Directory

Object Name Globally unique

ID Required /

Optional attributes

Syntax Parent

15Project Plan Six

The Open IMS Core is an Open Source implementation of IMS Call

Session Control Functions (CSCFs) and a lightweight Home

Subscriber Server (HSS), which together form the core elements of

all IMS/NGN architectures as specified today within 3GPP, 3GPP2,

ETSI TISPAN and the Packet Cable initiative. The four components

are all based upon Open Source software (e.g. the SIP Express

Router (SER) or MySQL). For almost three years the Open IMS Core

has formed the heart of the Open IMS.

14. This is the IDS below: Intruder Detection System.

Acc. Description

Remote Access= OK

(Dean, T. 2010) Chapter 9 - P.430

Schema elements of user accounts. Setting security

16Project Plan Six

(Microsoft TechNet, 2010)

An intrusion detection system (IDS) monitors network traffic for

suspicious activity and alerts the system or network

administrator. In some cases the IDS may also respond to strange

or malicious traffic by taking action like blocking the user or

source IP address from accessing the network.

IDS comes in many different types and approach the goal of

detecting suspicious traffic in different ways. There are network

based (NIDS) and host based (HIDS) intrusion detection systems.

There are IDS that detect based on looking for specific

signatures of known threats- similar to the way antivirus

software typically detects and protects against malware- and

IDS

IDS

17Project Plan Six

there are IDS that detect based on comparing traffic patterns

against a baseline and looking for anomalies. There are IDS that

simply monitor and alert and there are IDS that perform an action

or actions in response to a detected threat. We’ll cover each of

these briefly.

15. Security Services Framework for the ISMS.

Organization

Architecture

Compliance

Information

Security Governance

People

Process

Security

Training

Program

Investigations

Key Management

SDLC

Security Audit

and Testing Information

Baseline

Technology

Anti- Virus

Intrusion

Firewall/Remote

Access Mgt.

Disaster

Recovery

Venerability

Management

Policy

Guidelines

Standards

Procedures

Process

Policy

Metri

18Project Plan Six

(Lane, D. 2011 Page 261)

16. ISMS Benefits:

MARKET DIFFERENTIATION The ability to stand apart from your

competition. Attaining ISO 27001 certification means

joining an exclusive group of growing companies and early

adopters will be able to leverage their ISO 27001

certification as a market differentiator, especially if your

competitors don’t have the certification. Soon, having ISO

27001 certification will be a requirement to do business in

many different verticals. Your competitors are most likely

already looking at or moving toward ISO 27001 certification.

You want to get there fast and we can help.

PROACTIVE VS. REACTIVE SECURITY MANAGEMENT Holding an ISO

27001 certification is widely accepted proof of a reliable,

defensible, standards-based information security posture.

It confirms to both management and clients that your

Incident

Monitoring

19Project Plan Six

organization is proactively managing its security

responsibilities.

INFORMATION RISK MANAGEMENT by making information security

decisions on the defensible basis of risk management, the

information security practitioner and business manager can

employ a common terminology. In addition, the information

security function becomes more integrated with the

organization as a whole.

TIME BASED ASSURANCE ISO 27001 certification is a dynamic

process, requiring at least annual audits and periodic

renewal of the certification. This offers independent proof

of ISMS adequacy and the ongoing benefit of continuous

process improvement. It offers clients and management

proof that the ISMS continue to meet its security

responsibilities.

PROCESS DEFINITION AND METRICS Management gains a clear

window into the results of its security investment, and

better insight into which security processes are working

well and which need improvement.  This increased visibility

helps to make the case for the information security group

20Project Plan Six

and often can serve as a model for other parts of the

organization.

CONSISTENT THIRD-PARTY GOVERNANCE, RISK, AND COMPLIANCE

(GRC) MANAGEMENT Clear communication of security

requirements to third parties and scheduled periodic reviews

of compliance with such requirements.

LEGAL AND REGULATORY COMPLIANCE The risk-based decision-

making inherent in an ISO 27001 ISMS means the system shares

a common basis with many new legal requirements. Changes to

the ISMS can be made in an orderly, incremental fashion,

inherently saving a ton of time and money.

DEFENSIBILITY Referencing decision making to an independent

standard and valid risk assessment means the organization

can easily defend and justify its choices to management,

customers and regulators.

Generating immediate customer confidence when ask about

information security.

Streamlining regulatory compliance process (SOX, HIPAA,

GLBA, CGR, PCI, privacy laws, etc.) by adopting a common

security controls framework.

21Project Plan Six

17. Maintenance and Operations Planning, describes the process

used to define resources and processes needed to sustain the

project's business outcome after installation or implementation.

Projects are, by definition, time limited. Projects create

business outcomes that need expected, ongoing attention in order

to operate proficiently and effectively over the long term. In

many cases, the project team does not keep responsibility for the

product after delivery. The type, and often the pace, of work

associated with maintenance are different than during development

and implementation. The need to administer change continues but

may continue in a different form. Governance structures are

different once the project ends. Without advance agreement on how

the product will be maintained, who will cover responsibility for

maintenance, how maintenance priorities will be set and

maintenance activities governed, the project could successfully

implement something that quickly becomes obsolete or unused. As

the final project outcomes are developed and delivered, more

attributes may be taken into account in the maintenance and

operations plan. Even though development of this plan begins

during the planning phase, completion of the maintenance and

22Project Plan Six

operations plan occurs in the execution phase. The project

manager may not retain responsibility for the development of the

maintenance and operations plan but does maintain responsibility

for ensuring this key deliverable is completed prior to

implementation. Many of the same areas addressed during a project

development lifecycle are contained in the maintenance and

operations plan. It is critical that the entity that will

ultimately responsible for maintenance of the installed outcome.

In the early stages of project planning, it is important to

identify the resources and schedule for development of the

maintenance and operations plan. The roles and responsibilities

of the various resources must be determined and an overall

approach developed. The overall approach will include:

Approach to determine maintenance planning needs.

Tasks associated with developing final plan.

Assumptions, constraints, dependencies related to

maintenance planning or product maintenance.

Options for staffing maintenance and operations, including

outsourcing.

23Project Plan Six

Costs associated with maintenance and operations, including

cost of outsourced resources.

Identification of key players or user groups involved in

planning and/or maintenance.

Roles and responsibilities of individuals involved in

planning and/or maintenance.

Timelines for developing and implementing maintenance plan

components.

Method for decision making on organizational and operational

issues, is how will you determine who is responsible for

maintenance, support strategy, maintenance change management

strategies, governance, etc.

Impacts on other parts of project or project resources.

Relationships to other project plan elements, such as change

management, communications, test plan, and Implementation

and transition plan, during the life of the project.

The size of the project doesn't necessarily dictate the

scale of the plan. The level of detail and complexity should

be dictated by considerations such as the overall impact of

the project outcome on the business operations or

24Project Plan Six

environment and the level or rate of change anticipated for

the project outcome.

Some kind of maintenance and operations plan is required for

all projects.

18. The most successful projects have lessons from which we can

learn. Whether you're building the next big idea, or upgrading an

network there will be lessons you can learn from your project. An

effective project manager documents and analyzes the lessons

learned from his project and applies them to future projects

throughout the organization.

19. Post Project Review - Reviewing your project to see how

actual operations compare to planned operations gives you a good

view of the project's performance. It's good practice to review

all projects at their completion. The post project review along

with lessons learned provides meaningful input to future

projects. Formal acceptance is one step of the close out process

and doesn't release the project manager or resources from the

project. It is the project manager's responsibility to release

25Project Plan Six

resources during the closing process and ensure that all closing

tasks are completed.

20. Project Acceptance - Formal project acceptance requires a

signature by the project sponsor or customer. Before a project

can be closed out the project manager needs formal acceptance of

the project by the project sponsor or customer.

21. Transition Out Plan - A well-written Transition Out Plan will

help make the transition seamless at the end of a project or

contract. Many Requests for Proposals (RFP's) require a draft

contract transition out plan to be submitted with your proposal.

There are many considerations when transitioning a project or

contract to a new contractor or back to the customer. You must be

sure to adjust it to the specific needs of your organization, the

specific contract and the customer.

26Project Plan Six

Recourses:

2012, Office of the Chief Information Officer, http://www.ofm.wa.gov/ocio/pmframework/examples/deliverables.asp#example3

Hamilton, G. Byatt, G. Hodgkinson, J. (2011), “The project

management survival toolkit.”

http://www.cio.com.au/article/382157/project_management_survival_

toolkit/

SCArt, Blogs, (2011) Businessballs Community Blogs.

27Project Plan Six

http://community.businessballs.com/blogs/the-perfect-business-

requirements-document.html

Cortada, J. 2009, How Societies Embrace Information Technology.

http://computer.org/cspress

Shelly, G. Rosenblatt, H. System Analysis and Design. 2012, www.cengage.com

Wiley & Sons, Inc. 2011, The Chief Information Officer’s Body of

Knowledge.

http://www.wiley.com/go/permissions

Carney, J. 2009, Why Integrate Physical and Logical Security?

https://www.google.com/search?

client=opera&q=justify+and+support+the+relationship+between+infra

structure+and+security&sourceid=opera&ie=UTF-8&oe=UTF-8

Lane, D. (2011). The Chief Information Officer’s Body of

Knowledge.

http://www.wiley.com/go/permissions

28Project Plan Six

Cortada, J. (2009), How Societies Embrace Information Technology.

http://computer.org/cspress

Sommerville, I (2011), Software Engineering. www.pearsoned.com

Dean, T. (2010), Network + Guide to Networks. www.cengage.com

Microsoft TechNet, 2010,

http://technet.microsoft.com/en-us/library/cc961037.aspx