9. Let us consider the Enrollment Management and College server
issues. Responsibility for the Project Management role would
be assigned to the Information Systems Security Manager who
is tasked to resolve the problems.
The stakeholders include the owners of the servers, the users of
the system and the administrators of the systems. The owners
include the Asst. V.P. of Enrollment Management and the Dean
who spent their own funds to buy the hardware and software.
They also own the data that is stored on these devices and that
are used to help them complete their mission. More important
are the Custodians of these systems – the people who must
ensure the systems are secure and the data is protected.
The Enrollment Manager and Deans will typically assign expert
users to be part of the planning team along with their respective
System Administrators. Key is to assign at least one decision-
maker from each area who will protect the interests of their
managers. The CIO will assign System Administrators who will
function as the future Custodians of the system and serve as
consultants. The team members will typically meet a number of
times to identify, assess and find ways to mitigate the risks.
The Project Manager not only ensures the team stays on track
and is productive but also serves as an expert on the risk
management process and the decision maker for the CIO.
10
Affinity Diagram for the Other University
SystemsVulnerabilitiesServers housed in offices that are rarely
locked and have windowsUnstable ElectricityWater Sprinkler
System System Admin has no Security trainingNational ID
included in download extractsThreatsServers can be
stolenServers can be destroyed by vandalsServers can be
destroyed by wind damageServers can be destroyed by power
spikesServers can be destroyed by water from sprinkler
systemSystem Admins does not know how to protect the server,
software and dataNational ID downloaded and
12. will be and what steps must be taken. There may be cases
where the entire team isn’t involved in each recommendation –
only those who are stakeholders to the recommendation will
need to be involved.
Eliminating the National ID involves the users so the Project
Manager would meet individually with them to determine the
process.
Moving the servers and training of the System Administrator
will not require input from the users so they can be excluded
from this discussion.
Once the details are documented and the team agree to the
steps, the team must estimate the time it will take to implement.
In addition, the day-to-day operations must be analyzed so that
a timeline can be established that does not impact operations.
Next, management can be briefed on the Controls and any
Residual risks that may remain after the plan is implemented.
Management must agree to the recommendations and trust their
team members represent their mission goals and requirements.
Remember that in this case, management includes not only the
Asst. V.P. for Enrollment Management and the Deans but also
the CIO who has the responsibility to defend the interests of the
University’s security policies.
13
Reporting Requirements
Present recommendations
Document management response to recommendations
Document and track implementation of accepted
recommendations
Create plan of action and milestones (POAM)
Page ‹#›
17. content. The example shown in the book shows Work Elements,
Responsible person and Milestone dates. Some POAM
documents are actually Project Management Plans that include
many rows that identify every step/task, grouped by work
elements that end with a milestone. Typically the PM Plan
includes columns for a Task #, Task Name, Time to complete
the Task, task(s) that must be done before this one
(predecessors) and the resources (people, etc) needed to
complete the task. Since these Plans are often very complex, the
team may forget to add a tasks/steps and later, add that task to
the plan - a living document.
17
Project Management (PM) Plan MOVE SERVERSTask #Task
DescriptionDuration in HoursPredecessorResource1Identify
Enrollment Management servers to be moved40EM-
SysAdmin2Identify software running on the servers801EM-
SysAdmin3Identify peripherals connected to server401EM-
SysAdmin4Identify wireless/wired configuation401EM-
SysAdmin5Export data to external drive81EM-
SysAdmin6Export image of the server to external drive81EM-
SysAdmin7…EM-SysAdmin8Milestone: Server Prep
Completed09Identify new location in data center201IT-
SysAdmin10Run wireless/wired configuation for new
location209IT-SysAdmin11…IT-SysAdmin12Milestone: New
location prep completed013Disconnect server0.58, 12EM-
SysAdmin14Package server and components0.513EM-
SysAdmin;
IT-SysAdmin15Transport system to data center114IT-
SysAdmin16…17Milestone: Server moded018Connect server at
new location0.515IT-SysAdmin19Connect peripherals at new
location0.518IT-SysAdmin20Connect wires/wireless at new
location118IT-SysAdmin21…22Milestone: Server setup at new
location023Test Server OS at new location222IT-SysAdmin26…
Similar steps needed for each Dean’s Systems
22. Grading rubric
Content
The student does an excellent job organizing each response to
demonstrate an understanding of the concepts. All required
components are included in the response, including a summary
and overview of the issue; and a compare and contrast the
perspective on the issue. How are the articles similar or
different on how they expose the issues? What are the explicit
and implicit issues?
Analysis
Taking from the emergent literature (only journal articles or
textbook), what are some of the implications and
recommendations for conducting international business. The
student does an excellent job analyzing the issue(s) and does
not just provide a conclusion or an opinion without explaining
the reason for the choice. The analysis is supported by
reference(s) to the course material and includes a clear and
well-defined explanation of the relevant principle(s) or
concept(s) from the text.
Inquiry
The student does an excellent job organizing each response to
demonstrate an understanding of the concepts. Write at least
23. two questions that can be exposed (still without an answer)
from analyzing this issue. These inquiries can be
questions/issues that you were not able to answer or understand.
Clarify where or how do you believe you can obtain this
information. Mention specific sources (do not simply say,
“Searching on the Internet).
ISOL 533 Project Part 1 and part 2
Overview
Write paper in sections
Understand the company
Find similar situations
Research and apply possible solutions
Research and find other issues
Health network inc
You are an Information Technology (IT) intern
Health Network Inc.
Headquartered in Minneapolis, Minnesota
Two other locations
Portland Oregon
Arlington Virginia
Over 600 employees
$500 million USD annual revenue
24. Data centers
Each location is near a data center
Managed by a third-party vendor
Production centers located at the data centers
Health network’s Three products
HNetExchange
Handles secure electronic medical messages between
Large customers such as hospitals and
Small customers such as clinics
HNetPay
Web Portal to support secure payments
Accepts various payment methods
HNetConnect
Allows customers to find Doctors
Contains profiles of doctors, clinics and patients
Health networks IT network
Three corporate data centers
Over 1000 data severs
650 corporate laptops
Other mobile devices
Management request
Current risk assessment outdated
Your assignment is to create a new one
Additional threats may be found during re-evaluation
No budget has been set on the project
Threats identified
25. Loss of company data due to hardware being removed from
production systems
Loss of company information on lost or stolen company-owned
assets, such as mobile devices and laptops
Loss of customers due to production outages caused by various
events, such as natural disasters, change management, unstable
software, and so on
Internet threats due to company products being accessible on
the Internet
Insider threats
Changes in regulatory landscape that may impact operations
Part 1 project assignment
Conduct a risk assessment based on the information from this
presentation
Write a 5-page paper properly APA formatted
Your paper should include
The Scope of the risk assessment i.e. assets, people, processes,
and technologies
Tools used to conduct the risk assessment
Risk assessment findings
Business Impact Analysis
Part 2 project
You will add to your findings from part 1 and address with a
risk mitigation plan.
The plan should include
The plans to reduce risk and vulnerabilities
Determine if organization is risk averse or risk tolerant
Future plans to reduce residual risks
The requirements for this half is also 5 pages properly APA
formatted.