2. Assignment 6 2
Executive Summary
Our company is experiencing a lot of growth in a short amount of time and our current
facilities are becoming crowded and overflowing with equipment, employees, close quarters, and
our storage for data is close to capacity. Our need to expand and grow is ever present and ability
to use additional work space, larger storage capacity, using analysis for the data that is collected
from our clients is real.
By utilizing analytics on the data that is collected and examined our company can have a
real-time monitoring and overview of everything needed to deliver accurate results and details to
our customers, both internal and external. Data warehousing is an ever-growing and evolving
technical venture that can be done locally as well as using cloud technology to get the desired
results.
The term "Business Intelligence" describes the process a business uses to gather all its
raw data from multiple sources and process it into practical information they will apply to
determine effectiveness of business processes, create policy, forecast trends, and analyze the
market and much more. Data warehousing is an integral part of any effective business
intelligence endeavor. Data warehousing is more than just a database-like method of storing
information. While a database simply holds data, a well-designed data warehousing system is
actually comprised of three segments (Watch Wise, 2016).
The ability to analyze data over time that is used to operate business production systems
is a distinct advantage and the reason for this Project Plan. The data warehouse supports online
analytical processing (OLAP), which allows high-level users to gain overview and vision into
business operations through an interactive user interface that provides access to the stored data.
3. Assignment 6 3
This will allow business executives to improve organizational strategies and operational decision
making by querying the data warehouse to research business processes, performance and trends.
There will be risks involved with implementing this data warehousing project, as with
any project. However, there is a plan to help mitigate these risks so that the project as well as the
operations of the data warehouse will operate smoothly, accurately, efficiently, and actively. Not
all risks will be identified, and will be handled and addressed accordingly if these are to occur,
but the ones that are identified will be dealt with according to the risk plans.
1. Number of integration points. Projects that attempt to integrate everything at
once, sometimes called “the big bang approach,” are prone to adverse results due to the
extreme complexity and large number of interdependencies. Scale down the scope of
your first few projects and focus on quick, easy wins while your team increases its
capabilities.
2. Changing Requirements. When the use case has been poorly thought through,
requirements can change frequently and create chaos in an ERP integration project. Make
sure you spend enough time in the requirements gathering and process planning phases to
gather the best possible set of requirements for your project. There is nothing wrong with
using agile methodology, but it still helps to have a clear vision before you begin.
3. Inadequate integration infrastructure. Undertaking an ERP integration project with the
wrong infrastructure to support your team can lead to serious issues and excessive costs.
Avoid solutions that rely on manual programming or overly complex, heavy middleware
software sets. Focus on single stack, single studio solutions with an integration platform
for enterprise class integration projects.
4. Assignment 6 4
4. Impossible Schedules. Aggressive schedules are fine but impossible schedules must be
avoided. Set realistic expectations by establishing an accurate estimate of the integration
efforts required for your project. If necessary, bring in an outside firm to provide an
estimate of the effort required.
5. Staff Turnover. Changes in project management, business analysts, developers, and
stakeholders can complicate completion of a project. Try to avoid turnover by gaining
commitments from participants that they are available for the expected duration of the
project.
6. Inadequate Change Management Procedures. Some organizations lack the formal
methodology to handle change orders. In addition, changes to the ERP and other systems
being integrated may not be locked down during the integration project. The result can be
chaotic from a requirements, implementation and testing perspective.
7. Lack of Staff and Management Experience. ERP integration may be new territory for
your IT staff and management. Try supplementing your experience with proven
consultants or consulting firms that can leverage experience across a wide array of ERP
integration projects.
8. New Business Processes. Introducing change to an organization always carries with it
the risk of institutional or market resistance. Make sure the processes have been vetted by
stakeholders and customers and that they are introduced properly so as to gain maximum
adoption and adherence.
9. New integration infrastructure. New or unproven integration infrastructure represents a
risk factor. Make certain vendor experts are available to back up your team not only with
5. Assignment 6 5
technical bugs but with implementation experience and best practice advice and or
services.
10. Inadequate testing plans. Test plans should introduce testing early and often. Test scripts
and automated testing may be able to help ensure accelerated and more complete discovery of
problems early in the ERP integration project.
Recommendation
To complete this project in time for our expected increase in employee growth, expansion
of customer growth, and to complete our projected analysis of operational data, we need you to
increase our IT budget by $75,000 so that we have the funds necessary to acquire two additional
floors, additional employee’s salaries, networking hardware, computer systems, and license fees
for cloud technology acquisition.
Background Information
Analytix R Us – Founded by Thomas Jones in 2014. The company collects large amounts
of data for various aspects of their employees, customers, demographics, and opposition.
During the first six months of their first assignment, Analytix R Us was the name given
to this small group and moved into a small office building in the heart of Ft. Lauderdale all while
gaining the required information and using it to help their client succeed in their own endeavors.
Within six months more and more businesses used Analytix R Us to increase their revenue based
upon the information and essential data that they gathered.
Analytix R Us now employees 6 members that are major players in their respective
fields of studies. Currently, the company is utilizing one floor of a large warehouse in the
6. Assignment 6 6
industrial zone of city. Becoming too large for this area, it is needed to expand to three floors.
The cost of renting out the upper two floors is a needed expense as the revenue generated from
more staff will outweigh the costs incurred.
Business Operations
The staff at Analytix R Us is responsible for collecting crucial information for various
businesses that depend on the results to help their business grow. The type of data that is
accumulated is anything from the businesses internal information to that business’s customer
information. The data is collected by different means and times.
Name and contact details:
Allows you to market directly to them.
Also lets you make communications personalized.
You may also need to contact them if an order is running late.
Transaction history:
Indicates user preferences - which products they're most inclined to buy, when
and how often.
Reveals how valuable a customer they are: how much they spend and how often.
Communications from you to customers and any response they make:
You need to keep records of this to make sure you space out your
communications correctly (i.e. not too often).
7. Assignment 6 7
It also lets you monitor how effective different types of communication are and
which the customer best respond best to. If you compare their transaction history
with the communications record, you may find one method of communication
encourage them to buy more than others (Smarta, 2016).
Ways in Which Data is Collected
Survey Questions
Mail
Door to Door
Email
Web sites
Focus Groups
Organized at set locations
Online forums
Other Data Collection
Quantity of certain items (counting)
Variables of objects (color, make, descriptions)
Outsourcing and Offshoring
Limited operations are performed in the company’s foreign locations in Europe and Asia.
These smaller offices and operations are to acquire and store data for customers at a reduced
8. Assignment 6 8
price for operating costs and increased revenue. The current stampede toward offshore
outsourcing should come as no surprise. For months now, the business press has been
regurgitating claims from offshore vendors that IT work costing $100 an hour in the United
States can be done for $20 an hour in Bangalore or Beijing (Overby, 20033).
Contracted employees that are overseas are in indirect contact with corporate
headquarters on a daily basis with feedback of their day to day routines, expected outcomes for
the day, their performance and any other pertinent information. Using a secure VPN tunnel from
these foreign locations, the outsourced employees can securely retrieve, send, and access
information with minimal fear of intrusion, interception, or fraud of customer data.
At one fifth the cost of paying these employees the pay rate of local staff, the company
saves much needed operating costs therefore can become a more lucrative organization and can
expand even more in the near future.
Personnel
Chief Information Officer
o Brandon Hicks – Oversees the day to day operations of all IT staff that gather
required data from customers the management of IT resources as well as the
planning of new business including policy and practice development, planning,
budgeting, resourcing and training
IT Director
9. Assignment 6 9
o Luke Skywalker - responsible for the management, strategy and execution of IT
infrastructure for an organization. Typical job duties include: Overseeing
technical projects in alignment with organizational goals.
DBA Manager
o Jean Luc Picard – In charge of the team responsible for administering the
database, queries, tables, and other data stored on local discs, cloud services, web
sites, email, and active directory.
Security Manager
o Erik Steele – Oversees the security posture of the organization; in all areas
including, physical, network, end users, and servers. Maintains records, identifies
risks, threats, and acts to mitigate and or eliminate these threats.
Data Analyst
o Cody Mahoney – Responsible for collecting the data from customers in form of
electronic mail, over the phone, web site forms, and remote computer forensics.
Collects, analyzes, enters data in database for DBA team to provide closer in-
depth look.
Analytics can help business needs by looking into past experiences and business development to
examine what has worked in the past and what has not. By researching the past events, it will
teach us to use better judgment and ideas for the future of our company. Analytics gives better
strategy and a competitive advantage to our company our vision and direction. Analytics and
quantitative decisions are being used to optimize business processes—to identify the best
customers, select the ideal price, calculate the best supply chain routing or pick the best person to
hire (Davenport, 2005).
10. Assignment 6 10
Today, just about everything can be stored and utilized in the cloud. The Cloud meaning
some type of service implemented on the internet. Storage, communication, applications,
systems, and even analytics are examples of types of services that are used from the Cloud.
Cloud technology with analytics is relatively new way of analyzing business needs but it is
becoming a very useful and valuable tool for research. By using past statistics of our company
among others to find patterns, flaws, strengths and important data; this company can be better
prepared for our future growth.
Cloud Analytics is a data driven frontier; the term for a set of technological and analytical
tools and techniques specifically designed to help clients extract information from massive data.
It leverages the use of Cloud and related computing, communications, and data management and
visualization technologies to quickly and more economically perform sophisticated multivariate
analysis on massive centralized, distributed, and/or federated data sets to better understand and
help solve complex problems (Booz Allen, 2016).
Collaboration among business users within the company and other organizations sharing
the same ideas and business research are stored in the cloud and examined and processed into a
model that gives insight and valuable information about our company’s needs. “Cloud
computing is a model for enabling ubiquitous, convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks, servers, storage, applications,
and services) that can be rapidly provisioned and released with minimal management effort or
service provider interaction (Woodward, 2016).
Benefits of using Cloud include:
11. Assignment 6 11
Ability to move the service intricacy off-premise to provide more efficient availability,
resilience, and security placement
Automatic upgrades
Quick access and tracking
Ability to source and expend IT services on a demand use structure
While there may be some reservations about moving into the Cloud, business globally are
moving in this direction. Cloud computing is a front-runner in the world of technology and how
businesses operate, so moving this company into the Cloud is inevitable. Analyzing our data
from a service in the cloud will prove to be advantageous to our team as we can interpret data in
new and exciting ways.
Businesses that build strong analytically oriented teams can play “moneyball” by adopting
new ways to use information and new ways to leverage the power of the cloud to challenge
conventional wisdom and jump ahead of the competition. Innovative technologies will enable
businesses to quickly respond to rapidly changing events in unprecedented ways, allowing highly
personalized and coordinated real-time interactions with their customers, suppliers and partners.
Presented with fact-based choices and tangible results from sophisticated systems, businesses
will rely on individuals who are comfortable with balancing quantifiable benefits against risks to
make decisions, instead of depending on intuition and gut feel (IBM, 2016).
My recommendation for a service provider for our Cloud analytics is SAS. This provider is a
well-known organization that has a proven success record. Reasonably priced and flexible to our
needs. They offer industry leading analytics, scalable infrastructure that is optimized for our
12. Assignment 6 12
business, and supported by a financially sound vendor with several years of exceptional customer
service.
A data warehouse is a relational database that is designed for query and analysis rather
than for transaction processing. It usually contains historical data derived from transaction data,
but it can include data from other sources. It separates analysis workload from transaction
workload and enables an organization to consolidate data from several sources. With the web
analytics provided by our company, this type of infrastructure is needed.
Data warehousing is a complex design that weaves and interleaves multiple types of data
from specific targets that tie together into a relational database. n addition to a relational
database, a data warehouse environment includes an extraction, transportation, transformation,
and loading (ETL) solution, an online analytical processing (OLAP) engine, client analysis tools,
and other applications that manage the process of gathering data and delivering it to business
users.
Schemas used with our organization be types of information that is both vital and
efficient to show factual information of our data. Clear and concise design and integration will be
used with our schema.
1.1.1 Table features
SQL Data Warehouse does not use or support these features:
Primary keys
Foreign keys
Check constraints
Unique constraints
Unique indexes
Computed columns
Sparse columns
13. Assignment 6 13
User defined types
Indexed views
Identities
Sequences
Triggers
Synonyms
1.1.2 Data type differences
SQL Data Warehouse supports the common business data types:
bigint
binary
bit
char
date
datetime
datetime2
datetimeoffset
decimal
float
int
money
nchar
nvarchar
real
smalldatetime
smallint
smallmoney
14. Assignment 6 14
2 BusinessRequirements
2.1 Project Overview
Creation of data warehouse beyond relational databases. Expected increase of 20% each year,
beginning with 10TB of storage.
2.2 Background including current process
Describe the background to the project, (same section may be reused in the Quality Plan) include:
This project is Repository for data collection and analysis datawarehouse
The project goal is to put in place enough capacity for 10TB of storage and expected increase of
20% each year
The IT role for this project is Provide expert insight in the requirements, protection, backups,threat
identification, and performance of data collected
2.3 Scope
2.3.1 Scope of Project
The scope ofthis project includes a number of areas. For each area, there should be a corresponding
strategy for incorporating these areas into the overall project.
Applications MS Access,MS Word, MS Project, Windows, Vipre, Norton
Ghost, and Visio
Sites Home office, Hot site located in Charleston, WV
Process Re-engineering Re-engineering will
Customization Customizations will be limited to appearance, theme, and
time zones.
Interfaces the interfaces included are: SCSI, IDE, USB, FireWire
Architecture Application and Technical Architecture will be dependent
upon the overall success ofthe project starting with 64-bit
Conversion Only the following data and volume will be considered for
conversion: Consumer name, address,age,products
purchased
Testing Testing will include only test accounts’data converted.
Integrity of the test accounts,the speed at which it was
converted.Backups of data collected.
Funding Project funding is limited to IT infrastructure department
Training Training will be given to all those in Infrastructure and
Applications teams.
Education Education will include the reason for the expansion, how it
will carried out, the ultimate goal of the expansion.
15. Assignment 6 15
2.3.2 Constraints and Assumptions
The following constraints have been identified:
Time allotted could go beyond
Funds are limited and cutbacks may need to be incurred. The common phenomenon is an
absolute insufficiency of funds. Anotherkind of constraint is the uncertainty of forthcoming
funds even when the budget has been approved (FAO, 2016).
The following assumptions have been made in defining the scope, objectives and
approach:
An increase of 20% growth
All applications work flawlessly and work as expected
2.3.3 Risks
The following risks have been identified as possibly affecting the project during its
progression:
Lack of executive and stakeholder commitment. This is often followed by bad requirements,
constant change,bad project managers and bad resources (Mar, 2015).
Unauthorized personnelthat is involved in project could gain access to clients’ data
Lack of locking doors to datawarehouse expanded facility
Unencrypted data until all conversion are complete
2.3.4 Scope Control
The control of changes to the scope identified in this document will be managed through
the Change Control, with business owner representative approval for any changes that
affect cost or timeline for the project.
2.3.5 Relationship to Other Systems/Projects
It is the responsibility of the business unit to informIT of otherbusiness initiatives that may impact
the project. The following are known business initiatives:Speed of network and accessing files and
resources could be impacted during conversion of data
16. Assignment 6 16
Every industry has a person or team designated to undertake various projects within their
organization. With the advancement of technology and the ever changing landscape of various
business tactics and new ways of doing things, projects are almost inevitable. A project manager
is needed to plan, organize, oversee, direct, and manage the project as a whole and to make sure
everyone is on task.
Project managers should not carry out project work, managing the project is enough.
Here are some of the activities that must be undertaken:
The project manager must define the project, reduce it to a set of manageable tasks,
obtain appropriate resources and build a team to perform the work
The project manager must set the final goal for the project and motivate his or her team to
complete the project on time
The project manager must inform all stakeholders of progress on a regular basis
The project manager must assess and monitor risks to the project and mitigate them
No project ever goes exactly as planned, so project managers must learn to adapt to and
manage change (Haughey, 2016).
Being the project manager is very time-consuming and take a lot of resources to be
effective. The manager should not be doing the project work as stated above, instead he/she
should appoint a lead in the project for the different aspects and phases of the project. This will
help the project move along efficiently and smoothly – in most cases.
Many organizations do not have someone with the title Project Manager, instead they are
appointed during the startup of a project. This gives that person the opportunity to learn a lot
17. Assignment 6 17
about whatever the project is going to entail. Almost making them somewhat of an expert on the
matter. Attention to detail, time management, money management, critical thinking, and people
skills are just a few traits that make a successful Project Manager.
Some of the biggest industries that have a high need for project managers are Aerospace,
technology, and healthcare. Of course there are many more and I am positive that I left out some
big industries, but these to me are the ones that stick out to me. Let’s take a look at each one.
Aerospace is booming here lately with the prospective companies vying for the contract
to build spaceship and opportunity to take astronauts into space in the coming years. Many
projects will need to be planned and put carried out over the years for this industry as it will take
a lot of planning for undertaking this massive and expensive endeavor. Project and program
professionals from outside the industry should emphasize experience in complementary fields,
such as automotive, engineering and manufacturing, says Ahmed Abed, PMP, aerospace
program manager (Project Management Institute, 2012).
Of course I am going to speak about technology industry. With technology, we know that
it changes daily, if not by the minute. There is so much advancement when it comes to this type
of industry due to the changing the needs of consumers and electronics. We want more speed and
convenience with everything we do, and that is still true when it comes to workplaces.
IT is still expected to grow exponentially over the next few years and with that growth
comes the need for more people. Project management in the IT industry is very innovative
because of the needs of changing technology and the way an IT skilled person thinks on a daily
basis. This is a good trait to have when it comes to being a project manager. Being up to date on
technology is a key trait also to have for project managers in the IT field.
18. Assignment 6 18
The medical field is another that is a booming business in regards to IT. With that there is
a need for specialized project managers that know how to incorporate IT into healthcare frame of
mind. A 20 percent growth from last decade is proof that this industry is huge and not going to
slow down any time soon. The increased demand and increased costs for those demands comes
the need for efficiencies. Projects will bring these efficiencies to fruition and project managers
are the ones that are needed to put together the projects.
Project managers in different industries require the same basic skillset and traits, yet there
are subsets of those skills that will be different across the board. As for IT, a project manager that
has an IT background knowing that technology advances and changes very frequently and must
be able to adapt to that. Healthcare project managers know the laws and policies for HIPAA and
how to incorporate that into their projects.
A project manager will be successful in their project when the initiation, design, plan,
execution, monitoring and closure of a project is complete and the stakeholders are satisfied with
that. He/she is the first point of contact for the issues and discrepancies from other heads of
departments within the company. This is crucial so that it will not develop into a larger blown
out of proportion issue with the executives. These project managers are those that will tackle the
issues as they arise and find a solution in a time effective manner.
IT projects in any given year of the past decade, roughly 25% of projects are done on
time and on budget and meet the stakeholders’ specifications; roughly 25% of projects have to be
abandoned before completion, and roughly 50% of these projects are executed late or over
budget. In other words, the success rate is 25 percent (Portes, 2010). Most of this is due to lack
of leadership, poor communication, those not fully understanding their given roles in the project,
and being too optimistic about the timeline of the project completion.
20. Assignment 6 20
Overall security posture of a company is a very important aspect of its standpoint and
design, so when expanding a company’s facilities significantly, one must pay close attention to
how secure the design of it will be. Many things need to be taken into consideration for the
protection of the data, the network, the physical security included as it is all part of the entirety of
the infrastructure and security.
Originally, the company utilized one floor of a building to complete its tasks, but the
project calls for it be expanded into 3 floors. This massive expansion will need to have security
in mind from start to completion. Introducing new types of firewalls, network access
permissions, physical locks, and UPS devices to help insure that the information and hardware is
all secured.
In today's corporate security offices, it's not uncommon to find a mix of disparate security
tools reporting on diverse segments of security data that are of interest to the security analyst
looking for problems. Logging tools, security monitoring tools, perimeter security devices,
application access control devices, provisioning systems, vendor risk analysis programs, GRC
products and others collect large volumes of information that must be broken down and
normalized to identify security risks (Gamby, 2016).
The use of certain tools and software for security in respect to a data-analysis company
has many of the same traits used as any other company, but will also need specialized tools and
software as well. For instance, redundancy is a large consideration as the data is the most
valuable part of this company. Replication and backups are key, and keeping those secure from
unauthorized access will be taken extremely seriously.
21. Assignment 6 21
Organizations that collect such data need to determine what type of data is being
recorded. They should assess what is copyrighted, and determine how the data should be
classified from a privacy perspective (Saran, 2014).
My designed network layout is well-thought out and should be the most efficient use of
network resources. The topography of a network is the purely physical structure of the network
as it is visible with cables. In contrast to this, the topology of a network is the logical structure as
it appears to network components. The topography and topology of a network are therefore not
necessarily identical. By nature, topography mostly relates to the spatial environment of the
building (Bundesamt für Sicherheit in der Informationstechnik 2000, 2000).
The internet circuit that comes into our facility from CenturyLink will provide our main
connection to the outside world. This will be terminated inside our equipment room. The
demarcation point will have a smartjack so that CenturyLink can do any type of testing when
necessary.
From the demarc it will connect to our firewall appliance that uses state of the art
technology to secure all of our connections coming in and going out of our network. This
firewall also has the ability to be managed remotely by our network engineer. From the firewall,
it will connect to many switches, these switches will also be managed remotely by our network
engineer. Several servers, wireless access points, printers, and other host machines will be
connected to these.
As far as the logical topography, it will be fairly simple layout. A core switch will be
connected to our firewall, this core switch can be managed across the network or remotely using
SSL and a secure connection by our network engineer. The core switch will provide connections
22. Assignment 6 22
to distribution switches on all floors of the company, on these will be servers, and access
switches will be used so that the network nodes such as computers, and printers can be
connected.
At the time, I do not see the reason to separate our network into multiple subnets as it
consists of 3 floors of one building. The use of many subnets will only complicate the network
and resources that live on them. When we grow into a more diverse company with multiple
buildings and sites, only then we will use different subnets within our organization to allow for
maximum use of IP addresses to suffice our demanding infrastructure.
Firewall
Core Switch
Access
Switch
Access
Switch
Distribution
Switch
Access
Switch
23. Assignment 6 23
The above illustration shows what all is accessed from the Core switch. The distribution
switches will act as a main connection point for servers and network monitoring servers that will
send alerts via email when a network intrusion is detected. Also, access switches will connect to
these distribution switches.
Security Policy
Last Update Status: Updated February 2016
1. Purpose
This document describes a required minimal security configuration for all routers, switches and
any other device connecting to a production network or used in a production capacity at or on
behalf of this company.
2. Scope
Taken from
above
Core Switch
Distribution
Switch
Web Server
Security
monitoring
server
Distribution
Switch
Access
Switch
24. Assignment 6 24
All employees, contractors, consultants, temporary and other workers at Cisco and its
subsidiaries must adhere to this policy. All routers, switches, wireless access points, servers
including Exchange email servers, connected to Cisco production networks are affected.
3. Policy
Every router must meet the following configuration standards:
1. No local user accounts are configured on the router. Routers and switches must use
TACACS+ for all user authentication.
2. The enable password on the router or switch must be kept in a secure encrypted form.
The router or switch must have the enable password set to the current production
router/switch password from the device’s support organization.
3. The following services or features must be disabled:
a. IP directed broadcasts
b. Incoming packets at the router/switch sourced with invalid addresses such as
RFC1918 addresses
c. TCP small services
d. UDP small services
e. All source routing and switching
f. All web services running on router
g. Cisco discovery protocol on Internet connected interfaces
h. Telnet, FTP, and HTTP services
25. Assignment 6 25
i. Auto-configuration
4. The following services should be disabled unless a business justification is provided:
a. Cisco discovery protocol and other discovery protocols
b. Dynamic trunking
c. Scripting environments, such as the TCL shell
5. The following services must be configured:
a. Password-encryption
b. NTP configured to a corporate standard source
6. All routing updates shall be done using secure routing updates.
7. Use corporate standardized SNMP community strings. Default strings, such as public or
private must be removed. SNMP must be configured to use the most secure version of
the protocol allowed for by the combination of the device and management systems.
8. Access control lists must be used to limit the source and type of traffic that can terminate
on the device itself.
9. Access control lists for transiting the device are to be added as business needs arise.
10. The router must be included in the corporate enterprise management system with a
designated point of contact.
11. Telnet may never be used across any network to manage a router, unless there is a secure
tunnel protecting the entire communication path. SSH version 2 is the preferred
management protocol.
26. Assignment 6 26
12. Dynamic routing protocols must use authentication in routing updates sent to neighbors.
Password hashing for the authentication string must be enabled when supported.
13. The corporate router configuration standard will define the category of sensitive routing
and switching devices, and require additional services or configuration on sensitive
devices including:
a. IP access list accounting
b. Device logging
c. Incoming packets at the router sourced with invalid addresses, such as RFC1918
addresses, or those that could be used to spoof network traffic shall be dropped
d. Router console and modem access must be restricted by additional security
controls
All wireless infrastructure devices that reside at our company’s main site and connect to a
corporate network, or provide access to information classified as Confidential, or above must:
Abide by the standards specified in the Wireless Communication Standard.
Be installed, supported, and maintained by an approved support team.
Use Company approved authentication protocols and infrastructure.
Use Company approved encryption protocols.
Maintain a hardware address (MAC address) that can be registered and tracked.
Not interfere with wireless access deployments maintained by other support
organizations.
27. Assignment 6 27
Lab and Isolated Wireless Device Requirements
All lab wireless infrastructure devices that provide access to company Confidential or above,
must adhere to section 4.1 above. Lab and isolated wireless devices that do not provide general
network connectivity to the company network must:
Be isolated from the corporate network (that is it must not provide any corporate
connectivity) and comply with the Lab Security Policy.
Not interfere with wireless access deployments maintained by other support
organizations.
Home Wireless Device Requirements
Wireless infrastructure devices that provide direct access to the company corporate
network, must conform to the Home Wireless Device Requirements as detailed in the
Wireless Communication Standard.
Wireless infrastructure devices that fail to conform to the Home Wireless Device
Requirements must be installed in a manner that prohibits direct access to the company
corporate network. Access to the company corporate network through this device must
use standard remote access authentication.
28. Assignment 6 28
4. Policy Compliance
Compliance Measurement
The InfoSec team will verify compliance to this policy through various methods, including but
not limited to, periodic walk-throughs, video monitoring, business tool reports, internal and
external audits, and feedback to the policy owner.
Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and
including termination of employment.
What is Intellectual Property?
Although the law provides for a several different types of Intellectual Property, employee
concerns center on two: copyrights and patents. The following definitions are taken from
relevant federal statutes:
When used in this agreement, the term "Copyright" shall be understood to mean that package of
rights that protect original works of authorship fixed in any tangible medium of expression, now
known or later developed, from which they can be perceived, reproduced, or otherwise
communicated, either directly or with the aid of a machine or device. "Works of authorship"
(including computer programs) include, "Tangible media" include, but are not limited to, books,
periodicals, manuscripts, phone records, films, tapes, and disks.
When used in this agreement, the term "Patent" shall be understood to mean that package of
rights that protect inventions or discoveries which establish any new and useful process.
29. Assignment 6 29
A patent is an intellectual property right, granted by a country’s government as a territorial right
for a limited period. Patent rights make it illegal for anyone except the owner or someone with
the owner’s permission to make, use, import or sell the invention in the country where the patent
was granted Patents protect the features and processes that make things work. This lets inventors
profit from their inventions. Patents generally cover products or processes that contain ‘new’
functional or technical aspects (Davies, 2016).
The ownership that copyright law grants comes with several rights that you, as the owner, have
exclusively. Those rights include:
The right to reproduce the work
to prepare derivative works
to distribute copies
to perform the work
and to display the work publicly (Plagiarism Today, 2016)
Computer software: Computer programs fall into a gray area between the two types of
intellectual property. Programs that are a part of a "new and useful process" may be eligible for
patent protection, while programs representing minimally original expression may be eligible for
copyright protection.]
Duration of patents and copyrights: The duration of a patent is 20 years from the date of the
filing of the patent. Actual patent protection begins when the patent actually issues from the
Patent & Trademark Office.
30. Assignment 6 30
Who May Use the Intellectual Property?
A collective bargaining agreement or policy may also allow for employees to use works created
by other employees without charge for work purposes within the Company. Employees should
be encouraged to include such uses in their agreements transferring copyright for such works to a
publisher. These uses would be to enable the organization to operate more efficiently.
To Report Copyright Infringement
The company accepts online Internet crime complaints from either the actual victim or from a
third party to the complainant. We require accurate and complete information from you. The
following information is needed when filing a complaint
Your name
Your address
Your e-mail address
Your telephone number
The name, address, telephone number, and Web address, if available, of the individual or
organization you believe defrauded you.
Specific details on why you believe you have been defrauded
Any other information you believe is necessary.
Penalties for trademark violations can vary greatly depending on the nature and extent of the
trademark violation. In limited instances, civil and criminal penalties can be imposed for
willful violation of trademark law (Kroeck, 2016).
31. Assignment 6 31
References
Booz Allen. (2016, February 20). Cloud Analytics. Retrieved from Booz Allen:
http://www.boozallen.com/consulting/technology/cloud-computing/cloud-analytics
Bundesamt für Sicherheit in der Informationstechnik 2000. (2000, April 6). S 5.2 Selection of an
appropriate network topography. Retrieved from IWAR:
http://www.iwar.org.uk/comsec/resources/standards/germany/itbpm/s/s5002.htm
Davenport, T. (2005, October 1). The Right Way to Use Business Analytics. Retrieved from CIO:
http://www.cio.com/article/2448414/metrics/the-right-way-to-use-business-analytics.html
Davies, T. L. (2016, February 21). Reporting Copyright Infringements. Retrieved from Copynot:
http://www.copynot.com/
Gamby, R. (2016, February 28). Security big data: Preparing for a big data collection
implementation. Retrieved from Search Security:
http://searchsecurity.techtarget.com/tip/Security-big-data-Preparing-for-a-big-data-
collection-implementation
Haughey, D. (2016, January 16). Introduction to Project Management. Retrieved from
Projectsmart: https://www.projectsmart.co.uk/introduction-to-project-management.php
IBM. (2016, February 20). Business Analytics in the Cloud. Retrieved from Corporate Leaders:
http://www.corporate-
leaders.com/sitescene/custom/userfiles/file/White_Papers/Business%20Analytics%20in%
20the%20Cloud.pdf
32. Assignment 6 32
Kroeck, L. (2016, February 21). What is the Penalty for Violating a Trademark. Retrieved from
AZ Central: http://yourbusiness.azcentral.com/penalty-violating-trademark-6012.html
Overby, S. (20033, September 1). The Hidden Costs of Outsourcing. Retrieved from CIO:
http://www.cio.com/article/2442089/offshoring/the-hidden-costs-of-offshore-
outsourcing.html
Plagiarism Today. (2016, February 21). What is a Copyright. Retrieved from Plagiarism Today:
https://www.plagiarismtoday.com/stopping-internet-plagiarism/your-copyrights-online/1-
what-is-a-copyright/
Portes, F. (2010, December 6). Improving Project Success Rates through Standardization.
Retrieved from Pharmamanufacturing:
http://www.pharmamanufacturing.com/articles/2010/169/
Project Management Institute. (2012, July 3). 3 Hot Sectors for Project Management Jobs.
Retrieved from PMI: http://www.pmi.org/learning/professional-development/career-
central/3-hot-sectors-for-project-management-jobs.aspx
Saran, C. (2014, May). The infrastructure to protect data is a thorny issue especially in an age
where data is being proliferated throughout an organisation. Retrieved from Computer
Weekly: http://www.computerweekly.com/feature/CW500-IT-infrastructure-for-data-
protection
Smarta. (2016, January 14). How to Collect Customer Data. Retrieved from Smarta:
http://www.smarta.com/advice/sales-and-marketing/advertising-and-marketing/how-to-
collect-customer-data/
33. Assignment 6 33
Watch Wise. (2016, March 12). Why Data Warehousing. Retrieved from Watch Wise:
http://www.watchwise.net/data-warehousing.htm
Woodward, S. (2016, February 20). Cloud Concepts and the Impact on Business Analysts.
Retrieved from IIBA: http://www.iiba.org/ba-connect/2014/january/cloud-concepts-and-
impact-on-business-analysts.aspx