3. 2
TEAM MEMBERS
● Rui Cao
● Aseel Farhud
● Idowu Kelvin Feyijimi
● Alanna Freese
● Nick Gerali
● Anne Greenfield
● Jiaqi Cai
BUSINESS DESCRIPTION
As technology continues to advance, companies are finding out they need a network security
program and different ideas on how they could be protected. This project is meant to give the
reader an outline and high level view of security topics to examine when creating a network
security program mainly for Broadway cafe. The purpose of this project is to keep Broadway
Café safe from Spyware, Malicious code, Entity Theft, Viruses, Cyber/Communications Security
(e.g., Internet/intranet security) and Property Crime (e.g., external theft). During this project we
analyze the best way that Broadway Café can implement a new security program and
technological software such as Firewall, Antivirus Software: customer’s identity theft
protection, Disaster Recovery, Physical Security (e.g. Biometrics), System Hardening,
Vulnerability Scanning and Penetration tests, Backup Solutions and Security Documentation.
The main purpose of this project is for us to remove all the current security threats Café may
have and implement the new technology, so that Café will be safe from any types of security
threats in the future and maintain secure network for all business transactions.
4. 3
PROBLEM STATEMENT
Broadway Café is implementing new technology to ensure the security of company data,
employee data, and customer information. Security precautions must be taken both physically
and virtually to prevent threats such as:
● Maliciousness – that results in compromise or destruction of information, or disruption
of services to other insiders and customer personal account
● Disdain of Security Practices – that results in compromise or destruction of information,
or disruption of services to other insiders.
● Carelessness – in the use of an information system and/or the protection of company
information from identity theft.
● Ignorance – of security policy, security practices and information system use
● Policy and procedures – Not strictly enforced
SYSTEMS REQUEST
SYSTEMS REQUEST – TECHNICAL SECURITY
Business Requirements: Provide trustworthy antivirus protection
Provide physical and cloud backup solutions
Provide easy-to-use wifi network for
customers to use for free
Develop internal control policies to ensure the
integrity of the information security system
Business Need: Maintain secure transactions for customer
services through secure internet
Keep customer identity safe from online
thefts.
Increase overall security of sensitive business
information
Business Value: 3% increase in sales
1% increase in market share
Special Issues or Constraints: Required immediately before any data can be
stored
5. 4
PROJECT SCOPE
Project Title: Information Security
Project Manager: MIS 360 Group 2 Anticipated Start Date: June 12, 2016
Sponsor: Broadway Café Owner Date Prepared: May 31, 2016
Project Risk Level: Low Estimated Completion Date: July 15, 2016
Team Members:
● Rui Cao
● Aseel Farhud
● Idowu Kelvin Feyijimi
● Alanna Freese
● Nick Gerali
● Anne Greenfield
● Jiaqi Cai
Project Purpose:
The purpose of this project is to implement a new information security system for the
Broadway Café. Broadway Café’s current information security system is outdated and
lacking the appropriate technology to effectively prevent security breaches.
The implementation of a new information security system will result in the protection
of the Broadway Café’s intellectual property, including, but not limited to: transaction
records, customer data, sales data, product recipes, and product preparation methods.
The implementation of a new information security system will also demand
improvements to Broadway Café’s internal controls system, such as who can access
these systems, permission restrictions based on employee role, and additional
protocols for recording transactions.
Background:
The Broadway Café, founded in 1952, has recently found new ownership after the
passing of the original owner. Since its inception, the Broadway Café has been lacking
in terms of modernization. Many of the current systems in place have not been
updated since the 1950’s.
As a result, the Broadway Café has relied on physical recording and managing its
intellectual property, as opposed to electronic systems. This has led to improper
calculations of inventory, payroll amounts, sales, and more. Accordingly, it is
imperative that Broadway Café updates its information security systems.
6. 5
Deliverables:
● Firewall/virus protection
● Network backup software
● Two secure WiFi networks, one for the organization and one for customers
● Electronic point-of-sale system with authentication features
● Facility security alarm/camera system
Resource Requirements:
● Software to be purchased: Firewall, Virus Protection, Cloud Backup
● Labor costs will be calculated based on actual labor time
● Personnel: Broadway Café owner and/or manager, external consultants, training
personnel
Safety and Risks:
Upon completion of the project, personal and data safety will be ensured. Any system
on the Broadway Café network will be protected from viruses, spyware, and malware.
Any issues in the implementation stage resulting in costs will be incurred for
reinstallation of software to ensure that the information security system is functioning
properly.
Stakeholders:
● The Broadway Café owner and manager
● Project sponsors
● End users, staff and customers
● Procurement team responsible for obtaining equipment, software, and/or services
● Training team
● Primary employees
7. 6
COST BENEFIT ANALYSIS
LIFE CYCLE COSTS AND BENEFITS
Year 1 Year 2 Year 3 Year 4 Year 5
Implementation $27,675 $2,460 $2,460 $2,460 $2,460
Maintenance $12,400 $12,400 $12,400 $12,400 $12,400
Total $40,075 $14,860 $14,860 $14,860 $14,860
LIFE CYCLE BENEFIT SUMMARY
To properly implement the information security system, the cost of hardware and software will
be approximately $26,375. In order to maintain the security system, the Broadway Café will
have to hire a consulting service, equating to $12,400 per year. These figures are subject to
change based on hardware/software upgrades, required improvements, or any unforeseen
issues relating both directly or indirectly to the information security system.
RISK ANALYSIS
This is a very low risk project, and the long-term maintenance costs are low. Broadway Café will
benefit greatly from a new information security system, as they will have two different types of
backups, a secure transaction system, and secure wifi networks for customers and employees,
respectively.
LIFE CYCLE COST-BENEFIT COMPARISON
The life cycle cost for this project is low. Broadway Café arguably cannot function without an
appropriate information security system, and therefore run a very large risk by not having a
system in place. Implementing an information security system protects from virus/malware
attacks, data breaches, and several other virtual attacks common in today’s information age.
ASSUMPTIONS
● Café doors are locked during closed hours
● Electrical systems are functioning and up-to-date
● No security measures have been previously implemented
● Customers have their own laptop or smartphone/tablet
● Networking services are in placed through an internet service provider
● The Broadway Café serves a high customer volume
8. 7
FEASIBILITY ANALYSIS
The Broadway Café was founded in 1952. In order to update our business to the 21st
century, it
is vital that we update and implement new security policies and technologies to protect
company and customer data. The goal of this project is to increase sales, market share, and
business assets by securing our company’s intellectual capital, customers, and employees
against security breaches and hackers. The feasibility analysis helps us make wiser investments
regarding security systems because it forces us to consider technical, economic, and
organizational factors that affect the project.
TECHNICAL FEASIBILITY – CAN WE BUILD IT?
Majority of coffee shops in this day and age require technology that gives the customer access
to a wide variety of networks at their convenience. Customers can enjoy an environment where
they can bring their personal computers, browse the web, and send/receive information. We
have the convenience of making payments without the use of cash but with a debit/credit card.
Wi-Fi hotspots and the ability to pay with credit card systems might put the customer at risk.
Things that might put the customer at risk are hacking into the networks and viruses that might
infect the software. Setting up firewalls for the network will help secure information. Secured
internet networks also provides Broadway Café employees and management a way to upload,
store, and backup their sensitive business information safely and comfortably. If proper security
measures are not implemented, the company could be held liable for any criminal activity done.
FAMILIARITY WITH FUNCTIONAL AREA/TECHNOLOGY
The cost to implement this project is important to ensure the success of the security and
network for the customers. To enforce this we’ll need to hire a system administrator to help
install all hardware and software for the Café. They’ll also need to continually develop, update
and maintain our system. We can do this by hiring an outside group who specializes in security
of networks. With this being the case, we’ll be able to save time on training or hiring someone
within our own company to maintain everything. This will also give us a fixed rate of labor due
to contractual agreements between us and the third party. We also lose the risk of any
mistakes done on our end by outsourcing a company who has years of experience in network
security. Their job is to provide and create a secure network that is safe for the company to
transfer sensitive company information, make sure all payment information (credit/debit) is
safe, and provide customers with a reliable network to access. They’ll need to maintain the
network security and make sure any updates that are needed are done. They will then develop
a system that is accessible to any phone or computer running on any operating system. The
system will need a firewall developed by the third party company to protect any information
9. 8
coming in and out. Lastly we’ll need to train people on site at the Café to use the new system
and ensure they know how to report/troubleshoot and issues that occur with it.
PROJECT SIZE
There will be many people involved in developing the network security. The team will consist of
a project manager, system administrator, and a system analyst working side by side to help
each other develop the new system. Although most of the work will be done by the third party
we will still work side by side to help ensure quality. The project will take an estimated time of
about 2 months to fully complete and have implemented into the Café. Distinct features that
will be included into the project will be listed below.
- T1 Circuit for high speed internet (might include backup T1 incase this one is down.)
- Router/Modem for wireless internet, will be run on T1
- Web and database server
- Firewall Firmware and WAF (Web application firewall)
- VPN (Virtual Private Network) for employees to remote into for ensured security of
information.
- IPS (intrusion prevention system) monitors ports and traffic flow for malicious activity on
network.
- Computers for employee use
COMPATIBILITY
Since the system is going to be completely new we do not need to rely on an existing system.
We will work with our experienced consulting IT/Security company to develop everything.
10. 9
ECONOMIC FEASIBILITY – CAN WE AFFORD IT?
DEVELOPMENT COSTS:
● Consulting Contract (Initial Setup): $23,000
○ Installation
○ Testing
○ Management training
● Modem: $125
● Wireless Router: $100
● Physical 10TB Solid State Drive storage: $3,000
● 10TB External Hard Drive: $600
● Norton AntiVirus (up to 10 devices): $150
● Lorex 8-Channel Surveillance System: $700
OPERATIONAL COSTS:
● Consultant security maintenance: $12,400/year
● Amazon Web Services Cloud Storage: $60/year
● T1 Connection: $2,400/year
TANGIBLE BENEFITS:
● 3% increase in sales
● 1% increase in market share
● Secured sensitive business data
● Dual backups of company records
INTANGIBLE BENEFITS:
● Increase business recognition
● Better marketing relations
● Improved customer service
● Increased company and customer information security
11. 10
ORGANIZATIONAL FEASIBILITY – WILL THEY USE IT?
Although installing new security measures is expensive, the project is low risk and will pay off.
Implementing an updated security system is critical to meet our business objectives of
increasing sales, increasing market share, and increasing business assets. The goal of the project
is protecting intellectual capital, which includes protecting our own company’s data, such as
product information like recipes; protecting financial information, like financial records and
market assessments; and protecting customer information, like credit card information. We
also want to protect customers and their personal information when using our wireless
network in the stores. These goals have a strong strategic alignment with our business
objectives, which means less risk.
The users of the information security system include both employees and customers. The third
party specialists will be responsible for coordinating and executing our security program, as
well as maintaining the system in the future. Employees will receive additional training in ethics
to understand the importance of security and confidentiality. Employees will also learn through
training, seminars, and meetings how integral they are to the success of Broadway Café’s
security measures by understanding how to use the new technology. We are confident that our
customers will be accepting of our new security procedures and safe wireless network as this
means more security for their personal information against hackers.
12. 11
THREATS
PHYSICAL SECURITY THREATS
● Equipment Damage (i.e. desks, chairs, tableware)
● Food Storage Problem
● Building Construction Hidden Danger
● Electricity Supply Risk
● Immature Physical Safety Guard System (alarm ring)
● Natural Disaster
VIRTUAL SECURITY THREATS
● Immature MIS System
○ Customer Information Management Issue
○ Staff Information Management Issue
○ Financial Information Management Issue
○ Competitive weakness
● Immature Internet Safety Guard System
○ Hacker Intrusion
○ Computer Virus Intrusion
● Immature Internet Service (cable & wireless)
○ Unsatisfied Service
RECOMMENDED SECURITY POLICIES
EQUIPMENT DAMAGE
● All damaged equipment must be replaced to new inventions.
● All equipment is required to be inspected every day after working time.
FOOD STORAGE PROBLEM
● Refrigerator must be verified to work properly.
● Food must be inspected before cooking.
BUILDING CONSTRUCTION HIDDEN DANGER
● Café construction must be inspected before actually starting business.
● Café construction must be maintained every year.
13. 12
ELECTRICITY SUPPLY RISK
● Old electrical system must be replaced to new equipment.
● Electrical system is required to be maintained every month.
● Back-up electrical system is required to be maintained.
IMMATURE PHYSICAL SAFETY GUARD SYSTEM
● Camera system must be installed correctly and tested frequently.
● Cashier must be locked after working time.
● Door must be locked after working time.
IMMATURE MIS SYSTEM
● All employees must understand how to use the MIS system.
● All employees are required to log in with their particular username and password to use
MIS system.
● All employees are required to record all transactions.
● No employee is allowed to have access to MIS system after working time.
● MIS system is required to be maintained and updated manually in order to improve the
management efficiency and quality.
● Accountants must verify the correctness of financial data every day.
IMMATURE INTERNET SAFETY GUARD SYSTEM
● Anti-virus software and firewall must be installed in all computers.
● Anti-virus software must be updated to newest version as soon as possible.
● Infected computer must be isolated as soon as possible.
● All employees are not allowed to have access to unsecured websites.
● Cookie messages must be cleaned every day.
● P2P services are not allowed to exist.
● Business data must be backed up every day to physical hard drive.
IMMATURE INTERNET SERVICE
● Customer wireless access point must have password.
14. 13
REQUIREMENTS
NON-FUNCTIONAL REQUIREMENTS
OPERATIONAL REQUIREMENTS
1. The system should be suitable and installable for the store
2. The system should be able to integrate with the existing inventory system
3. The system should be able to work on any operational system (Macintosh, Windows)
SECURITY REQUIREMENTS
1. The system can only be accessed by using username and password
2. Only direct managers can see personnel records of staffs
3. Customers can see their order history only during business hours
PERFORMANCE REQUIREMENTS
1. The system should be available for use 24 hours per day, 365 days per year.
2. The system should have capacity to store enough data
UPGRADEABILITY REQUIREMENTS
1. All software must be capable of completing future upgrades
2. The software has the ability to implement routine maintenance
FUNCTIONAL REQUIREMENTS
1. Employees and customers can use certain passphrases to access internet
2. Protect all business documents
3. Firewall should recognize and prevent virus from outside
4. Documents should be backed up everyday
5. Infected parts should be in containment
15. 14
BACKUP STRATEGY
● Amazon Web Services Cloud backup
● Physical SSD backup (10TB of storage)
● External Hard Drive backup (10TB of storage)
● Both physical and cloud backups scheduled daily; can be backed up manually
PHYSICAL SECURITY
INFORMATION SECURITY
Operating System Windows 10
Special Software Norton AntiVirus (up to 10 devices)
Microsoft Office
Hardware Intel i7 5820k
8GB RAM
10TB SSD
External monitor
Secure POS system
Network T1 Internet Connection
SECURITY CAMERA SYSTEM
Lorex 8-Channel Surveillance System
1TB HDD
4 wireless cameras