Upload
strayer
View
3
Download
0
Embed Size (px)
Citation preview
1Project Plan Six
Project Plan Six
Steve Austin
Instructor: Michelle Hansen
Strayer University: CIS 499
3/16/2014
Author Note
Steve Austin: Strayer University.
2Project Plan Six
Correspondence concerning this paper should be addressed to Steve
Austin, at [email protected]
Table of Contents
Document Control………………………….......…………………………………………………2
1 Executive summary.......................................................................................................3
2 Scope of the project and control measures……………………………………............3
3 Goals and objectives......................................................................................................4
4 Project deliverables……………………………………………...................................4
5 Estimated cost analysis………………………………..................................................4
6 Competitive advantage………………………………………………………..............5
7 Recommended solution providers………………………………………….................6
8 Business Requirements……………………………………………………….............6
9 Background including current process……………......................................................6
10 Sample network showing database and network traffic handling……………….........7
3Project Plan Six
11 Physical Network Diagram…………………………....................................................7
12 Sample network for three floors....……………………………………………………8
13 The IMS framework......................................................................................................9
14 Intruder Detection System...........................................................................................10
15 Security Services Framework for the ISMS................................................................11
16 ISMS Benefits..............................................................................................................11
17 Maintenance and Operations Planning........................................................................13
18 Documents and Analyzes.............................................................................................15
19 Post Project Review.....................................................................................................15
20 Project Acceptance.......................................................................................................16
4Project Plan Six
21 Transition Out Plan......................................................................................................17
22 Recourses.....................................................................................................................17
1. Executive summary
Intelligence. It's the ability to think abstractly. Challenge the
unknown. Solve the impossible. A pathway to Success with projects
designed to help businesses to business to companies of all sizes
and provides a comprehensive overview of all aspects of the
project from start to finish. We will be there to make sure your
needs are meet.
2. Scope of the project and control measures: Current Business
Process of MDR Inc. is a data-collection & analysis. The company
has been collecting data on medical facilities and patent
geographic information. MDR has been operating less than two
5Project Plan Six
years, is seeking to create a new data warehouse for collected
data beyond current relational databases, which hold ten
terabytes of data, and is expected to grow 20% each year. The
projected growth of the company will require much larger, secure,
faster, and backup management for a database with potential for
growth. The company will also be adding office space with up to
three thousand new workstations, and additional Wi-Fi access
points for wireless connections. We will be adding a point to
point fiber optic connection to the databases. Analytics is a
requirement, business leaders are distinguished by their ability
to leverage all information derived from analytics and data about
their industry. Public clouds that are pay peruse they are a
great fit for finite to huge data loads. Many public cloud
providers offer templates for popular big data platforms making
it easier for administrators to set up the required
infrastructure. The cloud's biggest contribution to solving the
big data problem is the number of analytics vendors that have
adopted the Software as a Service (SaaS) model. IT departments
don't need to buy infrastructure and don't need to set anything
up. This is a big savings for companies all over the globe.
6Project Plan Six
(Barrett, A. 2013) Sites for data storage will be distributed
across many areas of the US and abroad, IT will add to existing
network keeping re-engineering down to a minimum with plans to
expand in the future. After testing has been done we will do a
test conversion at midnight on the night before turnover. Testing
will include the new database and addition to the network.
Training and education on the system will be for new and existing
employees as the network is complete.
3. Goals and objectives: The new database must meet new demands
such as 200-terabyte capacities with plans to expand. The
schedule for the new addition of the network, database, and
additional cabling and furniture will be six months. The IT
department will assume the network needs and design, which will
be presented below. MDR has no outsourcing for any department,
after a review of operations it is clear that payroll, phone
support should be outsourced during this process to cut cost and
use revenues for the MDR expansion. MDR will hire 4,820 new
employees internationally to handle new branches of MDR satellite
offices. Cost of training will be covered up to 80% from revenues
saved from off shoring.
7Project Plan Six
4. Project deliverables: Intranet infrastructure, Site
organization, Templates, scripts and processes for creation,
publication, and management of the Administrative Services
Intranet, Implement (build and deploy) Phase 1 of the
Administrative Services Intranet, including the completion of all
development and infrastructure tasks necessary for the delivery
of administrative instructions and forms through the Intranet.
5. Estimated cost analysis: Full network management would cost
about $316,673.00 per month to manage your entire (or your
planned) 122 server and 5599 workstation/laptop environment.
Hardware installation will be $5,721,000.00 total.
6. Competitive advantage: Our team is investigating to configure
Network Topology from an existing Linear Topology using the
latest technology. Since most corporate network infrastructure is
already based on fiber optic networks, this is the perfect
breeding ground to prove that adding our project will indeed
decrease the cost. Adding the latest technology to an existing
infrastructure and the existing cost of network infrastructure to
be eliminated and combine with the existing network. This design
8Project Plan Six
shows how a system and computer network can coexist. By
completing the network successfully we will be able to implement
integrated services on the same network. This will return huge
profits to the business who implements the above network. We will
also set high standards for security for the physical access as
well as 802.3 Ethernet LAN, and 802.11 Wireless LAN to ensure
that your data is safe from intruders, while providing the
maximum bandwidth. Using web analytics to target your
demographics to reach your customers. We will also provide a cost
analysis on the entire Network. What's included in the
$316673.00?
The following items are included (in fact, it's easier to describe what isn't included:
Fixed-fee means you do not pay one penny more than agreed
upon.
On-site time is still a big part of properly proactively
managing business technology and there is no additional
charge for it.
9Project Plan Six
Responsibility is on Agility to keep system proactively
managed, attended to and responded to 24-7-365, all day
every day.
“All You Can Eat” 24-7-365 help desk is included; our senior
network consultants run the help desk.
24-7-365 help desk is NOT outsourced or off-shored.
7. Recommended solution providers: Agility Network
Headquarters, and Business Computers Inc. (BCI) had the best
prices and references. Agility did the cost estimation for this
project for free and the price is negotiable. Agility is a member
of the BBB and does not share your information. We can save you
money on your I.T. with a long-term strategy and learning your
business needs. BCI had good pricing as well but not as good
follow up on most projects we spoke to.
8. Business Requirements - Current Business Process of MDR Inc.
is a data-collection & analysis. The company that has been
operating less than two years is seeking to create a new data
warehouse for collected data beyond current relational databases,
which hold ten terabytes of data, and is expected to grow 20%
10Project Plan Six
each year. The projected growth of the company will require much
larger, secure, faster, and backup management for a database with
potential for growth. The company will also be adding office
space with up to 5599 thousand new workstations, and additional
Wi-Fi access points for wireless connections. We will be adding a
point to point fiber optic connection to the databases that may
(but should not) cause a disruption for other organizations
across the globe, we will conduct a network release of intentions
to all possible companies involved.
9. Background including current process - In June of 2012 the
MDR. Inc. has been collecting data on medical facilities and
patent geographic information. As of September of 2013 the
company has outgrown its current infrastructure and made the
decision to expand operations. This project is to develop a
comprehensive plan to expand the company to meet future needs.
Our goal for this project is to expand to 200 terabytes in data
storage facility with high security and a disaster recovery plan.
MDR also plans to add employees and offices with Ethernet
connections, Wi-Fi, and new workstations. The IT department will
11Project Plan Six
assume the network needs and design, which will be presented
below.
10. Sample network showing database and network traffic
handling:
11. Physical Network Diagram (Below)
“The physical diagram presents the following information about
your existing network:
• Details of physical communication links, grade, and
location of the physical paths of the wiring.
12Project Plan Six
• Servers, IP address (if static), server role, and
domain membership. A server can operate in many
roles.
• Location of devices such as printers, hubs,
switches, modems, routers, and proxy servers.
• Wide area network (WAN) communication links (analog
and ISDN).
• Number of users at each site, including mobile
users.”
(Microsoft TechNet, 2010)
12. Sample network for three floors:
13Project Plan Six
The ISMS is setup on the external server along with the firewall
and internet connectivity restrictions. I did this to save space
on the page. The IDS appears separate but is part of the access
to the intranet from the internet.
Logical Network Diagram
14Project Plan Six
The logical diagram shows the network architecture of three
floors.
Server roles, including primary or backup domain
controllers, servers, or WINS servers.
Domain architecture, including the existing domain
hierarchy, and addressing scheme.
Trust relationships, plus depictions of transitive, one,
and, two-way trust associations.
13. The IMS provides a framework by which businesses can assess
data risk and establish, impairment, and measure information
security and technology controls. (Lane, D. 2011) NOS directory
Object
User Acc.
Computer Printer Domain
User Name Full Name Password /
Directory
Object Name Globally unique
ID Required /
Optional attributes
Syntax Parent
15Project Plan Six
The Open IMS Core is an Open Source implementation of IMS Call
Session Control Functions (CSCFs) and a lightweight Home
Subscriber Server (HSS), which together form the core elements of
all IMS/NGN architectures as specified today within 3GPP, 3GPP2,
ETSI TISPAN and the Packet Cable initiative. The four components
are all based upon Open Source software (e.g. the SIP Express
Router (SER) or MySQL). For almost three years the Open IMS Core
has formed the heart of the Open IMS.
14. This is the IDS below: Intruder Detection System.
Acc. Description
Remote Access= OK
(Dean, T. 2010) Chapter 9 - P.430
Schema elements of user accounts. Setting security
16Project Plan Six
(Microsoft TechNet, 2010)
An intrusion detection system (IDS) monitors network traffic for
suspicious activity and alerts the system or network
administrator. In some cases the IDS may also respond to strange
or malicious traffic by taking action like blocking the user or
source IP address from accessing the network.
IDS comes in many different types and approach the goal of
detecting suspicious traffic in different ways. There are network
based (NIDS) and host based (HIDS) intrusion detection systems.
There are IDS that detect based on looking for specific
signatures of known threats- similar to the way antivirus
software typically detects and protects against malware- and
IDS
IDS
17Project Plan Six
there are IDS that detect based on comparing traffic patterns
against a baseline and looking for anomalies. There are IDS that
simply monitor and alert and there are IDS that perform an action
or actions in response to a detected threat. We’ll cover each of
these briefly.
15. Security Services Framework for the ISMS.
Organization
Architecture
Compliance
Information
Security Governance
People
Process
Security
Training
Program
Investigations
Key Management
SDLC
Security Audit
and Testing Information
Baseline
Technology
Anti- Virus
Intrusion
Firewall/Remote
Access Mgt.
Disaster
Recovery
Venerability
Management
Policy
Guidelines
Standards
Procedures
Process
Policy
Metri
18Project Plan Six
(Lane, D. 2011 Page 261)
16. ISMS Benefits:
MARKET DIFFERENTIATION The ability to stand apart from your
competition. Attaining ISO 27001 certification means
joining an exclusive group of growing companies and early
adopters will be able to leverage their ISO 27001
certification as a market differentiator, especially if your
competitors don’t have the certification. Soon, having ISO
27001 certification will be a requirement to do business in
many different verticals. Your competitors are most likely
already looking at or moving toward ISO 27001 certification.
You want to get there fast and we can help.
PROACTIVE VS. REACTIVE SECURITY MANAGEMENT Holding an ISO
27001 certification is widely accepted proof of a reliable,
defensible, standards-based information security posture.
It confirms to both management and clients that your
Incident
Monitoring
19Project Plan Six
organization is proactively managing its security
responsibilities.
INFORMATION RISK MANAGEMENT by making information security
decisions on the defensible basis of risk management, the
information security practitioner and business manager can
employ a common terminology. In addition, the information
security function becomes more integrated with the
organization as a whole.
TIME BASED ASSURANCE ISO 27001 certification is a dynamic
process, requiring at least annual audits and periodic
renewal of the certification. This offers independent proof
of ISMS adequacy and the ongoing benefit of continuous
process improvement. It offers clients and management
proof that the ISMS continue to meet its security
responsibilities.
PROCESS DEFINITION AND METRICS Management gains a clear
window into the results of its security investment, and
better insight into which security processes are working
well and which need improvement. This increased visibility
helps to make the case for the information security group
20Project Plan Six
and often can serve as a model for other parts of the
organization.
CONSISTENT THIRD-PARTY GOVERNANCE, RISK, AND COMPLIANCE
(GRC) MANAGEMENT Clear communication of security
requirements to third parties and scheduled periodic reviews
of compliance with such requirements.
LEGAL AND REGULATORY COMPLIANCE The risk-based decision-
making inherent in an ISO 27001 ISMS means the system shares
a common basis with many new legal requirements. Changes to
the ISMS can be made in an orderly, incremental fashion,
inherently saving a ton of time and money.
DEFENSIBILITY Referencing decision making to an independent
standard and valid risk assessment means the organization
can easily defend and justify its choices to management,
customers and regulators.
Generating immediate customer confidence when ask about
information security.
Streamlining regulatory compliance process (SOX, HIPAA,
GLBA, CGR, PCI, privacy laws, etc.) by adopting a common
security controls framework.
21Project Plan Six
17. Maintenance and Operations Planning, describes the process
used to define resources and processes needed to sustain the
project's business outcome after installation or implementation.
Projects are, by definition, time limited. Projects create
business outcomes that need expected, ongoing attention in order
to operate proficiently and effectively over the long term. In
many cases, the project team does not keep responsibility for the
product after delivery. The type, and often the pace, of work
associated with maintenance are different than during development
and implementation. The need to administer change continues but
may continue in a different form. Governance structures are
different once the project ends. Without advance agreement on how
the product will be maintained, who will cover responsibility for
maintenance, how maintenance priorities will be set and
maintenance activities governed, the project could successfully
implement something that quickly becomes obsolete or unused. As
the final project outcomes are developed and delivered, more
attributes may be taken into account in the maintenance and
operations plan. Even though development of this plan begins
during the planning phase, completion of the maintenance and
22Project Plan Six
operations plan occurs in the execution phase. The project
manager may not retain responsibility for the development of the
maintenance and operations plan but does maintain responsibility
for ensuring this key deliverable is completed prior to
implementation. Many of the same areas addressed during a project
development lifecycle are contained in the maintenance and
operations plan. It is critical that the entity that will
ultimately responsible for maintenance of the installed outcome.
In the early stages of project planning, it is important to
identify the resources and schedule for development of the
maintenance and operations plan. The roles and responsibilities
of the various resources must be determined and an overall
approach developed. The overall approach will include:
Approach to determine maintenance planning needs.
Tasks associated with developing final plan.
Assumptions, constraints, dependencies related to
maintenance planning or product maintenance.
Options for staffing maintenance and operations, including
outsourcing.
23Project Plan Six
Costs associated with maintenance and operations, including
cost of outsourced resources.
Identification of key players or user groups involved in
planning and/or maintenance.
Roles and responsibilities of individuals involved in
planning and/or maintenance.
Timelines for developing and implementing maintenance plan
components.
Method for decision making on organizational and operational
issues, is how will you determine who is responsible for
maintenance, support strategy, maintenance change management
strategies, governance, etc.
Impacts on other parts of project or project resources.
Relationships to other project plan elements, such as change
management, communications, test plan, and Implementation
and transition plan, during the life of the project.
The size of the project doesn't necessarily dictate the
scale of the plan. The level of detail and complexity should
be dictated by considerations such as the overall impact of
the project outcome on the business operations or
24Project Plan Six
environment and the level or rate of change anticipated for
the project outcome.
Some kind of maintenance and operations plan is required for
all projects.
18. The most successful projects have lessons from which we can
learn. Whether you're building the next big idea, or upgrading an
network there will be lessons you can learn from your project. An
effective project manager documents and analyzes the lessons
learned from his project and applies them to future projects
throughout the organization.
19. Post Project Review - Reviewing your project to see how
actual operations compare to planned operations gives you a good
view of the project's performance. It's good practice to review
all projects at their completion. The post project review along
with lessons learned provides meaningful input to future
projects. Formal acceptance is one step of the close out process
and doesn't release the project manager or resources from the
project. It is the project manager's responsibility to release
25Project Plan Six
resources during the closing process and ensure that all closing
tasks are completed.
20. Project Acceptance - Formal project acceptance requires a
signature by the project sponsor or customer. Before a project
can be closed out the project manager needs formal acceptance of
the project by the project sponsor or customer.
21. Transition Out Plan - A well-written Transition Out Plan will
help make the transition seamless at the end of a project or
contract. Many Requests for Proposals (RFP's) require a draft
contract transition out plan to be submitted with your proposal.
There are many considerations when transitioning a project or
contract to a new contractor or back to the customer. You must be
sure to adjust it to the specific needs of your organization, the
specific contract and the customer.
26Project Plan Six
Recourses:
2012, Office of the Chief Information Officer, http://www.ofm.wa.gov/ocio/pmframework/examples/deliverables.asp#example3
Hamilton, G. Byatt, G. Hodgkinson, J. (2011), “The project
management survival toolkit.”
http://www.cio.com.au/article/382157/project_management_survival_
toolkit/
SCArt, Blogs, (2011) Businessballs Community Blogs.
27Project Plan Six
http://community.businessballs.com/blogs/the-perfect-business-
requirements-document.html
Cortada, J. 2009, How Societies Embrace Information Technology.
http://computer.org/cspress
Shelly, G. Rosenblatt, H. System Analysis and Design. 2012, www.cengage.com
Wiley & Sons, Inc. 2011, The Chief Information Officer’s Body of
Knowledge.
http://www.wiley.com/go/permissions
Carney, J. 2009, Why Integrate Physical and Logical Security?
https://www.google.com/search?
client=opera&q=justify+and+support+the+relationship+between+infra
structure+and+security&sourceid=opera&ie=UTF-8&oe=UTF-8
Lane, D. (2011). The Chief Information Officer’s Body of
Knowledge.
http://www.wiley.com/go/permissions
28Project Plan Six
Cortada, J. (2009), How Societies Embrace Information Technology.
http://computer.org/cspress
Sommerville, I (2011), Software Engineering. www.pearsoned.com
Dean, T. (2010), Network + Guide to Networks. www.cengage.com
Microsoft TechNet, 2010,
http://technet.microsoft.com/en-us/library/cc961037.aspx