Networking SA Project

356 views

Published on

done for a school project at ITT Tech

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
356
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Networking SA Project

  1. 1. Student Consulting Services E-business Policy and Strategy Plan Contributors: Johnnie Farmer Alicia Merkins Dennis Parker Jovonda Rodgers Rashad Tarpley
  2. 2. 2 E-business Policy and Strategy Plan Contents Contents ................................................................................................................................................. 2 I. Mission Statement ......................................................................................................................... 3 II. Considerations .............................................................................................................................. 4 III. Network Security Strategy............................................................................................................. 7 IV. Disaster Recovery ......................................................................................................................... 8 Disasters likely to occur in the Midwest .................................................................................................. 8 Disaster Recovery Plan .......................................................................................................................... 9 V. Privacy Policy .............................................................................................................................. 10 Privacy Policy ..................................................................................................................................... 10 Email Use Policy................................................................................................................................. 10 Policy ............................................................................................................................................. 10 Enforcement ................................................................................................................................... 11 Definitions ...................................................................................................................................... 11 Transition Plan .................................................................................................................................... 12 Testing ............................................................................................................................................... 13 Communication Plan ........................................................................................................................... 13 VI. Testing and Back-Out Plans ....................................................................................................... 15 Testing Process for Network ................................................................................................................ 15 Test validity ........................................................................................................................................ 16 Back-Out Plan .................................................................................................................................... 16 VII. Monitoring System................................................................................................................... 17 Free Monitoring Software .................................................................................................................... 17 Commercial Monitoring Software ......................................................................................................... 17 The Recommended Choice .................................................................................................................. 19 VIII. The Help Desk......................................................................................................................... 20 ITT Student Consulting Services Confidential 2009
  3. 3. 3 E-business Policy and Strategy Plan I. Mission Statement This group consisting of Alicia Merkins, Johnnie Farmer, Dennis Parker, Jovonda Rodgers, and Rashad Tarpley has been charged with developing network policies and documented strategies for creating and growing an E-business, The proposed organization is to be a 24-hour, 7-day a week company that only takes orders from online access through the company’s website. Our proposed organization has selected Indianapolis, IN as its location for its easy access to the rest of the country. The proposed location was also chosen for the significant distribution and warehouse facilities there. ITT Student Consulting Services Confidential 2009
  4. 4. 4 E-business Policy and Strategy Plan II. Considerations Certain physical considerations must be made when planning for the network that will support our organization. The following functions must be taken into consideration for support: Customer Access (to identify products for purchase) o Account Registration - username and password o Account information will include but is not limited to the individuals name, address, date of birth, email address and security question for password recovery. o Database to store all above information o PayPal affiliation for online payment options o SSL and https for increased security Customer Support (for customers who are internet phobic) o Customer service center with 1-800 number o Online Chat o Automatically saved and sent to QA department o Email support Outlook Management Reporting o Managers will be linked to a separate server for enhanced security o Payroll functions Report time worked, breaks, scheduled vacations, etc Monitor employees o Incident reports o Call Monitoring at random to ensure employee accuracy ITT Student Consulting Services Confidential 2009
  5. 5. 5 E-business Policy and Strategy Plan Warehouse & Distribution Functions o Inventory reporting o Shipping reporting o Separate database and server Marketing Functions o All marketing is done primarily online Occasional Newspaper, Television, Radio o Advertise with several different websites Website linking and ads o Marketing employees must ensure accuracy across all advertisements System Development & Support Functions o Server based automated updates o Company proprietary systems that will only be accessible on company workstations. o IT helpdesk The first services we would implement would be: At the start of the business we will need to have a secure website, have phone support and employees set up, provide warehouse with inventory and database to monitor it. We will also need to ensure that we have an IT support team as well as several servers to support the various functions of the company. To accommodate for possible explosive growth we purpose: ITT Student Consulting Services Confidential 2009
  6. 6. 6 E-business Policy and Strategy Plan Depending on demand we may eventually support phone sales. We will ensure that our warehouse will support extra inventory in case we need to keep more in stock. Network will support extra workstations and servers. We envision the following services to be added in the future as our organization grows: As the company grows we may decide to expand our inventory to other avenues and services. We will eventually be able to add a FAQ page to our website. Depending on business we may eventually be able to move to store fronts as opposed to being an internet only company. ITT Student Consulting Services Confidential 2009
  7. 7. 7 E-business Policy and Strategy Plan III. Network Security Strategy Different aspects of security affect different constituencies within the organization and customers outside the organization in various ways. Security within the organization affects the employees by maintaining integrity from within. Ensuring that the security policies set forth within the organization promote customer confidentiality as well as securing all company confidential information. Customers will feel safe with their online orders and supplying financial information to our company. Our team will implement security by setting forth policies and procedures that is understood and followed across the board on all levels. Any new employees will take an online training course on company proprietary information and systems as well as security measures, integrity and customer privacy. All existing employees will take bi-quarterly training sessions as well. After each training session, all employees will be required to sign a form stating that they read and understood the policies and procedures. Furthermore, the system administrators will monitor the network from the email and internet usage to any external drives or downloads being used on workstations. Any employees that have been terminated or willing leave the company will be stripped of their network and facility entry abilities. This includes any facility badges, parking passes, building security or alarm codes and network log-ins. In addition, their employee email accounts will be frozen from access internally and externally. In cases where the employee is eligible for rehire, their log-ins will be disabled for 6 months before being completely deleted from the system. This will save time and money if the employee were to come back to the company within the allotted timeframe. All of the above procedures would be completed during or before a mandatory exit interview that is conducted by a member of management. ITT Student Consulting Services Confidential 2009
  8. 8. 8 E-business Policy and Strategy Plan IV. Disaster Recovery We will back up all of our information daily to both our local and non local servers. We will have network redundancy where if the local server were to go down for any reason we would be able to connect to the backup server. This will ensure that if a disaster were to occur locally we will have a server that is not local that we can connect to. We also create circuit redundancy where our network would be connected through a T1 local network with a DSL backup so that if the internet server were to go down we would have an alternate method of connecting. Our backup server would be administered by a server backup company since we are a small scale ecommerce business. As we grow we may begin to take the matter into our own hands with our backup systems. As for our inventory, we will only order enough stock to successfully run our business. We will keep enough of each item in stock and make weekly orders to our external supplier on a need-be basis. This will ensure that we do not have too much inventory so that if we were to be face with a disaster we will not lose millions of dollars worth of merchandise. Weekly reports will be run on both our inventory and sales to provide projected sales and inventory needs. Disasters likely to occur in the Midwest Tornados Blizzards Lightening Hail Floods Terrorist attack ITT Student Consulting Services Confidential 2009
  9. 9. 9 E-business Policy and Strategy Plan Jet fuel spillage/ leakage Earthquakes Improper local construction (including building structure, electrical, sewage, etc) Disaster Recovery Plan Insurance Generators Remote access Local and non local servers ITT Student Consulting Services Confidential 2009
  10. 10. 10 E-business Policy and Strategy Plan V. Privacy Policy Privacy Policy The privacy policy will consist of a document that the employees will sign that states exactly what the policy consists of. The privacy policy will state that all employees will have a photo ID badge that will be required to be in their possession at all times. It will also state the email and network security will be in place to prevent intruders from getting on the network and obtaining company and client confidential information. Email Use Policy To prevent tarnishing the public image of our organization, when email goes out from our organization the general public will tend to view that message as an official policy statement from the SA’s of our organization. This policy covers appropriate use of any email sent from our E-commerce Business email address and applies to all employees, vendors, and agents operating on behalf of our organization. Policy 1 Prohibited Use Our organization email system shall not to be used for the creation or distribution of any disruptive or offensive messages, including offensive comments about race, gender, hair color, disabilities, age, sexual orientation, pornography, religious beliefs and practice, political beliefs, or national origin. Employees who receive any emails with this content from any Company employee should report the matter to their supervisor immediately. ITT Student Consulting Services Confidential 2009
  11. 11. 11 E-business Policy and Strategy Plan 2 Personal Use Using a reasonable amount of our organization resources for personal emails is acceptable, but non-work related email shall be saved in a separate folder from work related email. Sending chain letters or joke emails from an organizational email account is prohibited. Virus or other malware warnings and mass mailings from our organization shall be approved by our VP Operations before sending. These restrictions also apply to the forwarding of mail received by an employee. 3 Monitoring Our employees shall have no expectation of privacy in anything they store, send or receive on the company’s email system. Our organization may monitor messages without prior notice. Our organization is not obliged to monitor email messages. Enforcement Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. Definitions Term Definition Email The electronic transmission of information through a mail protocol such as SMTP or IMAP. Typical email clients include Eudora and Microsoft Outlook. Forwarded email Email resent from an internal network to an outside point. ITT Student Consulting Services Confidential 2009
  12. 12. 12 E-business Policy and Strategy Plan Chain email or letter Email sent to successive people. Typically the body of the note has direction to send out multiple copies of the note and promises good luck or money if the direction is followed. Sensitive information Information is considered sensitive if it can be damaging to Our organization or its customers' reputation or market standing. Virus warning Email containing warnings about virus or malware. The overwhelming majority of these emails turn out to be a hoax and contain bogus information usually intent only on frightening or misleading users. Unauthorized Disclosure The intentional or unintentional revealing of restricted information to people, both inside and outside Our organization, who do not have a need to know that information. Transition Plan The transition plan will consist of the implementation strategy set fourth for new technologies and systems. It will consist of training schedules, upgrade schedules, etc. The transition plan that we have in place for new technologies and upgrades are: Develop a service checklist Verify software packages will work on new system Develop test for each service to verify its working Write a back out plan with specific triggers Select a maintenance window Announce upgrade Execute test ITT Student Consulting Services Confidential 2009
  13. 13. 13 E-business Policy and Strategy Plan Lock out users Do upgrades while being supervised Repeat test and do debugging (if necessary) If test fail or triggers back out, execute back out Let users back in Communicate success or back out to customer Analyze what went right and what didn’t; modify checklist Testing We have taken the steps to ensure quality, security and compatibility with our current systems. The new technology has gone through extensive testing to guarantee the above factors. Steps taken for the testing process: Plan a test process Test on a single system Test on multiple systems File a test request Get the test committee to approve system test Schedule a test process Communicate with users and administrators before test Test systems at scheduled times Post a test event analysis Communication Plan The communication plan will be implemented for any and all changes to our business strategies and plans. Any communication will be implemented through email, memos, phone, ITT Student Consulting Services Confidential 2009
  14. 14. 14 E-business Policy and Strategy Plan and voicemail. All emails will have a read / received receipt to the sender to ensure that the employees have read the email and it will also be communicated that this receipt ensures understanding of the communication unless the employee were to communicate back to the sender with any misunderstandings. The way we will implement our communication plan is first communicate change to all impacted people what changes are being made, which services will be unavailable, when and how long they will be unavailable, and what action do they need to take (if any). ITT Student Consulting Services Confidential 2009
  15. 15. 15 E-business Policy and Strategy Plan VI. Testing and Back-Out Plans Testing Process for Network All tests will be done on a redundant server used to do test. As each service is identified, a test will be developed that will be used to verify that the service is working properly after the upgrade. The easiest way to do this is to have all test recorded as scripts that can be run unattended. A master script can be written that outputs an “ok” or “fail” message for each test. This test can be run individually as problems are debugged. For more complicated services, customers may write the test or offer to be on call to execute their own set of manual tests. In the case of our E-business we use software packages that have an installation verification suite that can be run. This process is called Recession testing; you capture the output of the old system, make a change, and then capture output of the new system. What will be the services provided by our server? The servers will provide email support as well as client database information and support, billing information and support, backup support, internet support, etc. Who are the customers for each of our services? Email support and internet support apply to the employees of the company Database support, billing support and internet support apply to the customers. Backup support applies to the system administrators and employees of the company. Which software package will provide for each of our services For the internet we will use a L.A.M.P. (Linux, Apache, MySQL, Php) architecture to host our services Database support will be provided through MySQL. Email services will be provided using Microsoft Exchange/Outlook. ITT Student Consulting Services Confidential 2009
  16. 16. 16 E-business Policy and Strategy Plan Billing support for customers and employees will be provided using software called Netace. Verification tests for each service developed For all of the services we will enable testing within one of our call center facilities. If everything goes well within that one call center then the software would be administered throughout the company. In that call center we would have an IT support team that will support any potential issues that may occur within the new software and services. Test validity We would know if the tests are valid because they are being tested in the real world environment. Back-Out Plan Our back out plan will be based on the agreed upon end time minus the back out time, as well as the time it will take to test that the back out is complete. We will have an outside member to clock the progress like a manager. The back out plan would be to transfer any customers to another department if we were to have any issues within the particular department that is testing the new software and services. This will ensure that the customers or clients do not suffer during our testing process while also enabling us to test the product in the real time environment. ITT Student Consulting Services Confidential 2009
  17. 17. 17 E-business Policy and Strategy Plan VII. Monitoring System Free Monitoring Software Employees Monitor Free Edition 2.22 would be the real-time monitoring solution best suited for our environment. It would allow SAs to invisibly monitor the entire network from one centralized position, such as instant messaging, file operations, websites visited, applications used, etc. Employees PC Monitor also can log file operations of the employee's computer, such as copy, delete, print, create, rename, open, copy file to removable disk, etc. It can send alarms to the console computer when an employee does a file operation on removable disk, add or remove a removable disk, open an unwanted website, etc. SAs could also see live screenshots of multi network computers and take a control of a remote computer, this is especially useful when you need to assist the person who uses the remote computer or immediately stop unwanted actions, and you can edit, open, download, and upload files remotely. Employees PC Monitor can also restrict remote computers’ browsing in Internet Explorer, application using, network accessing, and send instant message and command (e.g. shut down, restart, run program, open website) to the remote computer. Additionally Employees PC Monitor provides a powerful remote task manager, which allows the SAs to view all processes on remote computer and end any of them. Commercial Monitoring Software SpectorSoft’s Spector Pro is the best selling commercial monitoring software on the market today. Spector Pro has deservedly earned its reputation as not only the most trusted monitoring software in the world, but as also the most feature-rich, while being easy and intuitive... even for beginners. Whether you want to monitor a computer in secret or in the open, Spector Pro can capture all the action with little effort on your part. ITT Student Consulting Services Confidential 2009
  18. 18. 18 E-business Policy and Strategy Plan The program will even contact you remotely by email or cell phone when activity on your computer triggers specific keywords. Spector Pro has an excellent combination of monitoring features: Screen Snapshots, Chat/IM Activity, Web Sites Visited, Email Activity, Program Activity and Keywords Detected. You can also monitor MySpace or Facebook activity, and even specific online searches. The Top 10 Summary Reports allow you to gauge what sites and activities are taking up the most time. Spector Pro can even monitor and track files downloaded over the internet (music, pictures, video, software, etc.). Furthermore, the software can keep track of what files and documents are being accessed, removed, edited, renamed, and even printed. More than just monitoring online activity, Spector Pro can monitor ever program or application run on the computer, including games. You can see what programs were launched, and how long they were actually used. Though you technically have to let any user know that they are being monitored Spector Pro has “Stealth Mode”, which hides the program. The program will not appear on the desktop or task manager. It won't even show up after a program search and it is not listed on the hard drive, so others cannot tamper or delete it. You can access the program with a combination of hot keys and a password. Instead of just a list of email and chat contacts, viewing the content of these messages greatly increases Spector Pro’s monitoring effectiveness. The ability to visually record and replay the captured activity can't be overstated. You can see every web site, every email, and every keystroke if you want. Spector Pro is certainly effective at what it does, recording all sorts of internet activity. But more importantly, Spector Pro makes this information easy to overview and monitor efficiently. ITT Student Consulting Services Confidential 2009
  19. 19. 19 E-business Policy and Strategy Plan The Recommended Choice With the added features of the commercial Spector Pro over the free Employees Monitor Free Edition 2.22 and the low cost of only $100.00 I would suggest the commercial software for our organization. Price, features, and the added benefit of a support contract for the software all factor into this being the better option for us. ITT Student Consulting Services Confidential 2009
  20. 20. 20 E-business Policy and Strategy Plan VIII. The Help Desk The types if people that we would hire for our help desk are people with strong customer service and sales skills and experience as well as individuals with IT degrees and IT experience IT Employees and managers- utilized to resolve any internal IT issues with database, systems, security, etc. Customer Service – Utilized to resolve customer issues, billing, and product related issues, etc. Sales and Shipping employees and managers- utilized to resolve any shipping or sales issues or requests. Quality Assurance employees and managers- ensure quality products, services, continuing improvement, customer surveys, etc. Escalation policy to help respond quickly and efficiently The first step to an escalation is for the representative create a trouble ticket and to attempt by any means possible (according to the policies and procedures set forth) to resolve the issue in a timely manner. Rep should spend no more than 15 minutes on an issue. If the representative is not able to resolve the issue then the trouble ticket should be forwarded to their direct manager. The Manager should attempt to resolve the issue within a timely manner, updating any progress on the trouble ticket and forwarding it to the department that is better able to solve the issue. ITT Student Consulting Services Confidential 2009
  21. 21. 21 E-business Policy and Strategy Plan The assigned department should be able to resolve the issue and update the trouble ticket. If the issue were to go further than the assigned department then the issue may require further investigation. ITT Student Consulting Services Confidential 2009

×