Project Deliverable 4: Analytics, Interfaces, and Cloud Technology
By: Justin M. Blazejewski
CIS 499
Professor Dr. Janet Durgin
25 November 2012
Main screen
Overview | Export data | Tools | Realtime | Logout
Current month
Last
Month
Trends
c
Top selling products
Low selling products
Overview
Realtime information
Overview | Export data | Tools | Realtime | Logout
Unique ID
Activity
Result
Overview | Export data | Tools | Realtime | Logout
Reporting tools
Statistical tools
Trends
Sales 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 8.1999999999999993 3.2 1.4 1.2 Sales 1st Qtr 2nd Qtr 3rd Qtr 4th Qtr 8.1999999999999993 3.2 1.4 1.2 Series 1 Category 1 Category 2 Category 3 Category 4 4.3 2.5 3.5 4.5 Series 2 Category 1 Category 2 Category 3 Category 4 2.4 4.4000000000000004 1.8 2.8 Series 3 Category 1 Category 2 Category 3 Category 4 2 2 3 5 Series 1 Category 1 Category 2 Category 3 Category 4 4.3 2.5 3.5 4.5 Series 2 Category 1 Category 2 Category 3 Category 4 2.4 4.4000000000000004 1.8 2.8 Series 3 Category 1 Category 2 Category 3 Category 4 2 2 3 5
Project Deliverable 4: Analytics, Interfaces, and Cloud Technology
By: Justin M. Blazejewski
CIS 499
Professor Dr. Janet Durgin
25 November 2012
Introduction
Business Analytics means the practice of iterative and methodological examination of a business’s data with a special emphasis on statistic making. Business Analytics can further help businesses automate and optimize their business processes. Companies in which data plays a pivotal role, treats its data as a corporate assets and leverages it for gaining competitive advantage. A successful business analytics would typically depend on data quality, highly skillful and experienced professionals who understand the technologies, knows how to work with it and also understands the organizations processes in depth. Apart from this, the organization should have a capable infrastructure to support the operations of business analytics.
Usage of Business Analysis is done for the following purposes:
· Exploration of data so as to find patterns and trends
· Identifying relationships in key data variables for forecasting. For instance next probable purchase by the customer
· Drilling down to the results to find out why a particular incident took place. This approach is done by performing statistical analysis and quantitative analysis with business analytical tools
· Predicting future results by employing predictive modeling and predictive analytics
· Testing previous decisions using A/B and Multivariate testing
· Assisting business in decision making such as figuring out the amount of discount to be given for a new customer
Post identifying of business goal, an analysis methodology needs to be selected and the data is acquired to support the analysis. This data acquisition normally involves extracting data from systems that may be spread throughout different locations an ...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
Project Deliverable 4 Analytics, Interfaces, and Cloud Technolo.docx
1. Project Deliverable 4: Analytics, Interfaces, and Cloud
Technology
By: Justin M. Blazejewski
CIS 499
Professor Dr. Janet Durgin
25 November 2012
Main screen
Overview | Export data | Tools | Realtime | Logout
Current month
Last
Month
Trends
c
Top selling products
Low selling products
Overview
Realtime information
2. Overview | Export data | Tools | Realtime | Logout
Unique ID
Activity
Result
Overview | Export data | Tools | Realtime | Logout
Reporting tools
4. Introduction
Business Analytics means the practice of iterative and
methodological examination of a business’s data with a special
emphasis on statistic making. Business Analytics can further
help businesses automate and optimize their business processes.
Companies in which data plays a pivotal role, treats its data as a
corporate assets and leverages it for gaining competitive
advantage. A successful business analytics would typically
depend on data quality, highly skillful and experienced
professionals who understand the technologies, knows how to
work with it and also understands the organizations processes in
depth. Apart from this, the organization should have a capable
infrastructure to support the operations of business analytics.
Usage of Business Analysis is done for the following purposes:
· Exploration of data so as to find patterns and trends
· Identifying relationships in key data variables for forecasting.
For instance next probable purchase by the customer
· Drilling down to the results to find out why a particular
incident took place. This approach is done by performing
statistical analysis and quantitative analysis with business
analytical tools
· Predicting future results by employing predictive modeling
and predictive analytics
· Testing previous decisions using A/B and Multivariate testing
· Assisting business in decision making such as figuring out the
amount of discount to be given for a new customer
Post identifying of business goal, an analysis methodology
needs to be selected and the data is acquired to support the
analysis. This data acquisition normally involves extracting data
from systems that may be spread throughout different locations
and facilities. The extracted data is then cleansed and integrated
into a single repository such as a data mart or a data warehouse.
5. Since the data collected is extremely large and vast, the analysis
cannot be performed on all of the data. So a sampling method is
employed and analysis is performed. The analytical tools ranges
from more commonly used spreadsheets coupled with statistical
functions to even more complex data mining and predictive
modeling tools. Once the patterns, trends and relationships
begin to uncover, new insights would come into light and the
analytical process continues until all of the business goals are
met.
Each passing year presents companies with new challenges that
stress out the current generation of IT infrastructure to its limit.
However spending a large amount of money might be a good
way to overcome the challenges, it is not always the feasible
solution. This is where cloud computing comes into the picture.
Cloud computing technologies are revolutionizing the
Information technology world by making computing
ubiquitously available leveraging on factors such as agility,
flexibility, storage capacity and the redundancy to manage
information assets. The penetration of the internet and the
creative usage of it’s in the business world has enabled cloud
computing to utilize the current infrastructure in such a way
proving it to be beneficial to enterprises by saving costs and
increasing efficiency at the same time. Enterprises are realizing
that there is a limitless potential with cloud computing and that
leveraging it would prove beneficial to both customers and
business.
The company could have the following benefits once business
analytics tools are brought in use:
· Better awareness and knowledge of each of the business
process
· Better understanding of key stakeholders
· Cost effective operations
· Timely response of customer’s needs for availability of data
· Important enterprise-wide real-time information
· Improved competitiveness
6. We can conclude that Business Analytics could prove
immensely beneficial to the company where business data plays
a pivotal role by enabling them to have right information at the
right time. This enables them to make sound decision quickly
thereby gaining a competitive edge. However the company
should choose an appropriate vendor which has the right
solution for the company that can offer a variety of techniques
and solutions for collection, clarification, analysis and
interpretation of data so as to uncover patterns, anomalies, key
relationships and variables leading to better insights and much
more informed decisions. The vendor should also bring strategic
advice along with the services which is required to address the
cultural, process and performance issues of business analytics.
Why the company should consider steering its directions to
cloud computing technologies:
Cost effective
Cloud computing offers enterprises to leverage the power of
many powerful servers and robust industry proven platforms
without serious financial commitments. Moreover there is
almost no maintenance and no upfront capital expenditure. Such
services are usually available as Pay-as-you-go services and are
highly customizable that would enable the company to pay for
only those services which are required.
Implementation
Cloud computing technologies have very little or no
implementation time and usually such services can be
configured or deployed on a single day as most of these use a
standard web browser to use cloud services.
Availability
Cloud service providers have the required infrastructure and the
available bandwidth to accommodate business requirements to
7. provide for high speed access and applications.
Resilience
Cloud service providers use a robust storage infrastructure and
have mirrored solutions which can be utilized in a disaster
scenario and as well as for load-balancing traffic. Disasters
could be in any shape or form such as intrusion attempts or
virus attacks to even external disasters such as natural
calamities, cloud computing providers have resilience and
capabilities to ensure sustainability through an unfortunate
event.
Scalability
Cloud services are virtually limitless scalable and can shrink
and expand based on the business requirement. Provisioning and
implementation are normally done on-demand that could handle
unconditional traffic spikes or other such urgent business needs.
Efficiency
Moving the information management on cloud enables business
to realize tension on various operational activities enabling
them to have more time and resource to focus on other aspects
of business including innovation and effort. This enables the
business to grow and innovate making cloud offerings to go
beyond financial advantages.
For all these reasons, we can come to a conclusion that the
company should consider cloud computing as an attractive
potential service offering so as to enhance their IT resources
while also controlling the investments in these fronts. However
the company should not jump the ship without researching cloud
offerings from various providers first because there are certain
risks and security concerns brought upon by cloud computing on
top of its benefits. There would be an increased dependency on
third-party service providers for many critical operations of the
company so the company should make sure that the vendor
8. should be capable of providing fast, flexible, robust and
resilient services. Easy to see why cloud computing is an
attractive potential service.
Offering for any business looks to enhance IT resources while
controlling costs. However,
it should be noted that along with the benefits come risks and
security concerns that must
be considered. As IT services are contracted outside of the
enterprise, there is added risk
with increased dependency on a third-party provider to supply
flexible, available, resilient
and efficient IT services. While many enterprises are
accustomed to managing this type
of risk in-house, changes are required to expand governance
approaches and structures to
appropriately handle the new IT solutions and enhance business
processes analysis. The primary usage of business analytics in
those companies whose various past and present data plays an
important role in decision.Recommendation for solution
provider
IBM - Smarter Analytics is one of the most renowned analytical
tools available in the market today. It is developed and
maintained by IBM and also has proven track record in the
market. It is suitable for various types of industries and can
integrate in nearly all business operations.
Workflow diagram:
Customer
Staff
Online forms
9. IT equipment
CustomerSEOVendors
Third IT parties
Payments
In-House IT
team
Private/
Public cloud
(Analytical
reports)
(Private cloud)
Data collection and web analytical records
(Public cloud)
Third party AaaS
applications
(Private cloud)
Computer resource (IT
infrastructure)
Cloud community
�
�
�
Customer
Staff
Online forms
IT equipment
Customer
SEO
10. Vendors
Third IT parties
Payments
In-House IT team
Private/Public cloud
(Analytical reports)
(Private cloud)
Data collection and web analytical records
Cloud community
(Public cloud)
Third party AaaS applications
(Private cloud)
Computer resource (IT infrastructure)
Project Deliverable 3: Database and Data Warehousing Design
By: Justin M. Blazejewski
CIS 499
Professor Dr. Janet Durgin
11. 11 November 2012
Document Control
Change Record
Date
Author
Version
Change Reference
11/11/2012
JMB
Reviewers
Name
Position
Justin Blazejewski
CIO
Table of Contents
Document Control1
Business Data Warehouse Needs3
Project Overview3
12. Background3
This Database and Data Warehousing Design documentation is
to ensure the project plans are constantly updated and
continually supported to adhere to best business practices and
maintaining a competitive advantage during the project
lifetime.3
The project goal is to Goal – The project aims at upgrading the
company’s Database and Data Warehousing which will provide
data collection, analysis, and reporting services.3
The IT role for this project - IT plays a very important role.
Right from data collection to data analysis, at every step IT is
being deployed. Data collection tools, data analysis tools and
data warehouse are heavily used by the company in
accompanying its business goals.3
Scope3
Scope of Project3
Need:3
In order to have a successful data warehouse design the IT
management must closely follow the development and
implementation of every step along the way. The need for a
good data warehousing design is critical in the supporting the
storage of enormous amounts of data. The records of a database
are specific data and references of every individual transaction
of any passing of data in the database system as a whole. This
data needs to be readably accessible at any time to be analyzed
or used. In order to meet the needs of the organization they data
warehouse must be organized in a way that allows rapid access
to data for analysis and reporting.3
Framwork:7
Business Data Warehouse Needs
Project Overview
As a data collection and analysis company one of the main
functions is to leverage a strategic completive advantage by
13. keeping the data warehouse infrastructure and best business
practices up to date and completive. BackgroundThis Database
and Data Warehousing Design documentation is to ensure the
project plans are constantly updated and continually supported
to adhere to best business practices and maintaining a
competitive advantage during the project lifetime.The project
goal is to Goal – The project aims at upgrading the company’s
Database and Data Warehousing which will provide data
collection, analysis, and reporting services.The IT role for this
project - IT plays a very important role. Right from data
collection to data analysis, at every step IT is being deployed.
Data collection tools, data analysis tools and data warehouse are
heavily used by the company in accompanying its business
goals.Scope
Scope of ProjectNeed: In order to have a successful data
warehouse design the IT management must closely follow the
development and implementation of every step along the way.
The need for a good data warehousing design is critical in the
supporting the storage of enormous amounts of data. The
records of a database are specific data and references of every
individual transaction of any passing of data in the database
system as a whole. This data needs to be readably accessible at
any time to be analyzed or used. In order to meet the needs of
the organization they data warehouse must be organized in a
way that allows rapid access to data for analysis and reporting.
Architecture – Application and technical architecture will be
designed once the requirements are approved by the senior
management.
Entity-Relationship (E-R):
14. Data Flow Diagram (DTD):
Schema:
The data warehouse Schema is
Entity-Relationship (E-R):
Data Flow Diagram (DTD)
Flow of data:
Framwork:
Scope/Contextual
Business Model/Conceptual
System Model/Logical
Technology Model Physical
Detailed Representations
Project Deliverable 2: Business Requirements
By: Justin M. Blazejewski
CIS 499
Professor Dr. Janet Durgin
4 November 2012Document Control
Change Record
Date
Author
16. 4
1.1
Project Overview
4
1.2
Background including current process
4
1.3
Scope
4
1.3.1
Scope of Project
4
1.3.2
Constraints and Assumptions
5
1.3.3
Risks
5
1.3.4
Scope Control
5
1.3.5
Relationship to Other Systems/Projects
5
1.3.6
Definition of Terms (if applicable)
5
1 Business Requirements
1.1 Project Overview
A data collection and analysis company aims at upgrading the
information system infrastructure and establishing new
components of information system.1.2 Background including
current process
This project is to ensure that new upgraded information system
17. infrastructure must support the expected company’s growth i.e.
60%, in next 18 months.
The project goal is to Goal – The project aims at upgrading the
company’s information system infrastructure which provides
data collection and analysis services.
The IT role for this project - IT plays a very important role.
Right from data collection to data analysis, at every step IT is
being deployed. Data collection tools, data analysis tools and
data warehouse are heavily used by the company in
accompanying its business goals.
1.3 Scope
1.3.1 Scope of Project
Applications - In order to achieve its goals, company uses
following tools:
a) Data collection tools
b) Web Analytics tool
c) Resource tracking application
Information System specialist will be responsible for carrying
out these tasks.
Sites - At offshore, data collection is being carried. Data
processing and analysis is done at onsite. Project managers at
both sites will prepare the project plan for their respective sites.
Process Re-engineering - IT Re-engineering implementation can
be divided into three phases: before the process is defined,
during process designing and after the process is designed. Re-
engineering will include defining new business opportunities by
re-defining the processes, proficient database utilization and
18. data mining. Information System Specialist will be responsible
for it.
Customization - Customizations will be limited to improvement
of old hardware with new infrastructure. Network engineer
along with Information System Specialist will be responsible
for this task.
Interfaces - The company’s IS has interfaces for evaluating data
i.e. reports defined by users with MS Office (Excel and
Microsoft word), standard components of software like Crystal
reports and Business Objects. Licensed software will deal by
the human resource team.
Architecture – Application and technical architecture will be
designed once the requirements are approved by the senior
management.
Application architecture:
Presentation Layer
(Web User-Interface)
Query Processor
Persistence Layer
Technical architecture:
Windows GUIInternet BrowserWindows DevicesCustom
MacrosInterfaces
Common Business Logic Interface (API, XAPI)
Distributed Process Server
Common Database Server Interface (API)
MySQL
19. Conversion - Since company is not very old, so all of the online
data will need to be converted in new format as per the
upgraded infrastructure.
Testing - It will include integration testing, load testing, tuning
and network testing
Funding - It is limited to $1million
Training - It will be include sessions on using new hardwares,
softwares, and technologies. Functional lead will lay down the
training plan.
Education - It will include Bachelors of Engineering and
certification in information systems.
1.3.2 Constraints and Assumptions
The following assumptions have been identified:
· Finance & Marketing activities for the training organization
are out of scope of this engagement
· Signoff for the various project artifacts happen within 4
working days to ensure the project is complete on time. And if
there are any recommended changes in the artifacts then those
are been notified
· 100% funding has been from sponsors
· Economic conditions like land & infrastructure prices are
relatively stable
· Availability of minimum skilled labor is there to start the
20. project
· Government Rules and Regulations would be stable.
· Functional lead, technical lead, database administrator are
already been recruited.
The following constraints have been identified:
· The upper limit for the expected budget should not be
exceeded by 10%. In case of overshooting of budget within 10%
range, the additional capital will be raised through loans or VC
funding.
· The upper limit for the expected time should not be exceeded
by 45 days. The assumptions of stable government policies,
economic conditions may not hold true after 45 days.
1.3.3 Risks
The following risks have been identified as possibly affecting
the project during its progression:
#
Risk Area
Project Impact-Mitigation Plan
1
Economic Downturns
Unmet budgetary constraints –
Identify locations within company’s location area which are
cheap and have less fluctuations
2
Technology Changes
Obsolete IT Infrastructure –
21. Take correct sizing decisions by studying the market
3
Technology Changes
Increased Opportunity Cost –
Need to purchase the right configuration at the right time, only
possible by a proper market study
4
Project Schedule
Milestones not achieved & Budget may be exceeded –
Use another vendor and have constant follow-ups to decrease
delay
#
Risk Area
Risk
Probability**
Impact**
Probability*Impact
1
Economic Downturns
Fluctuating real estate prices
Low
High
High
2
Technology Changes
Hardware & Software Upgrades
High
High
Critical
3
Technology Changes
22. Decreasing IT Infra Cost
Med
High
High
4
Government Processes
Delay in Company Registration
High
Med
Medium
5
Project Schedule
Vendors not meeting deadlines
Low
High
High
1.3.4 Scope Control
· If budget changes, then look out for new sources of funds.
· If project schedule changes it may require fast tracking,
crashing or re-base lining of the schedule depending on the
significance of the impact.
1.3.5 Relationship to Other Systems/Projects
Client business will need to notify about the up gradation such
as if the company is serving healthcare domain then probable
delay in transferring information.
1.3.6 Definition of Terms (if applicable)
NA
23. 1
_1412180285.vsd
�
Presentation Layer
(Web User-Interface)
Query Processor
Persistence Layer
_1412180348.vsd
�
�
Windows GUI
Internet Browser
Windows Devices
Custom Macros
Interfaces
Common Business Logic Interface (API, XAPI)
Distributed Process Server
Common Database Server Interface (API)
MySQL
Project Deliverable 1: Project Plan Inception
By: Justin M. Blazejewski
24. CIS 499
Professor Dr. Janet Durgin
21 October 2012
Background
In an uber globalized market of today, companies are faced with
challenges in each and every step of their business. Our
analytics and research services are geared towards giving those
companies that extra edge over the competition. We process and
analyze terabytes of data and break down all the fuzz and
chatter around it to give our customers meaningful insights
about their competition and the market they are engaged in.
By leveraging our data collection, processing, and research and
analytics expertise and by focusing on operational excellence
and an industry standard delivery model, we help the leading
companies making insightful business decisions.
A comprehensive portfolio of our services include, Market,
Business and financial research, Domain based analytics and
Data processing services. Our industry wide focus is into
Banking, Finance, FMCG, Insurance, Retail and Manufacturing
industries.Role and responsibilities
On studying the company’s profile, it seems that company has
following resources which form the personnel of its information
systems:
a. Chief Information Officer - It provides assistance to senior
management on IT related tasks.
25. b. Develop and maintain IT infrastructure.
c. Develop efficient design to implement operations of the
company.
d. Information System specialist - It designs and administers
infrastructure development and support.
e. Database administration - Storing data and mining it for
future goals of the company.
f. Project Manager - He/She will be responsible for managing
the project issues.
g. System Analyst - He/She analyzes the whole system and
conduct technical research. Also prepares documentation for
future goals.
h. System Administrator - He or she will be responsible for
resolving internal network issues of the company.Data
collection
a) SP-based data - It is the data collected over network traffic.
It provides data to tool vendor. It does not collect secure data.
b) Panel based data - It collects internet user data.
c) Tool-monitoring data - It is installed at user end. Alexa is
one of the examples in this category.
d) Online monitoring data - Here user takes survey and provides
data to company.
Description of Information System
Positioning - The Company has online database for processing
data, messages, batch and manual data input processing. It has
two integrations: Vertical integration where processing of data
is done for office area (ERP) and Horizontal integration where
archival of data of various archival system takes place.
Databases include the open SQL database where process values,
batch data and messages are stored. It provides client-server
architecture for displaying data. Along with displaying of data,
user can also evaluate data, analysis data and generate reports.
Hardware & Software
a) Hardware Server - P IV (minimum), 1 GB main memory, 100
GB hard drive
26. b) Hardware Client - PII (minimum) 500 MHz
c) Operating System Server - Windows 2000 Server or Windows
2003 Server
d) Operating System Client - Windows 2000 or Windows XP
e) Database Server - Sybase or Microsoft SQL Server 2000
f) Database : Sybase/Microsoft SQL Server
Additional Modules
a) Process Values (500 – 15.000 Values/min)
b) Messages
c) Redundant Coupling
d) Data Backup
e) Backup Server
f) Batch Archiving, Batch Reports (incl. electronic signature)
g) Manual Data/Value Correction
h) Excel Addin
i) Standard Reports
j) Document Archive
k) Electronic Signature
l) Interface “Web Server”
m) Parameter Control
n) Maintenance
o) Interface “Other Systems”
p) Development ToolkitType of Business
Web Analytics
The company’s expertise in Web Analytics includes the
following functions :
Online traffic analysis
Content research and analysis
Conversion rate analysis
Data Mining and Social Media Analytics
CRM Analytics
Management of the Campaign from its Execution to completion
alongwith ROI Analysis
27. Acquisition and Cross-sell/Up-sell Analytics
Customer Retention
Finance and Business research
The company’s expertise in Finance and Business research
supports its client’s strategic decision making and day to day
operations by assisting with intelligence, research and reports.
Detailed company and Industry based research
Tear Sheets and Company profiles.
Analysis of value chain, Stocks, Shareholdings and SWOT
Benchmarking of Industries and detailed sector reports
Business Intelligence
Market entry and positioning strategy
Trend Analysis and future predictions
Economic and Demographic studies
Corporate Finance and M&A Support
Support for preparing of Pitch Book
Benchmarks and Comparisons, LBO Models
Valuations and Financial Analysis
Equity Research
Financial Models and Predictions
Research Reports
Summaries of Earnings
Market research and end-to-end solution provider to corporate
and research houses.
Survey Design
Researching proposal
Compiling proposal
Designing questionnaires
Survey Management
Survey Programming (Web)
Conducting Web Surveys
Online Panel Management
Data Management and Processing
28. Data Processing
Scripting and Coding
Data Transcription
Validating Data
Content Analysis (for Qualitative DIs and GDs)
Presentation/Report Writing
Validation of Report
Charting the Tabulated data
Presentation reports on major presentation software
Market Research Analytics
Brand Modeling
Consumer Modeling
Market Segmentation
Targeting
Marketing MixOutsourcing Activities
Offshore and outsourcing activities includes the following
Data Processing and Data Conversion -Data Collection and
processing in MS Excel, CSV and Other databases format to
SPSS, Quantum, SAS etc. for further processing.
Data Processing: Banner Tables
Data processing and converting in tabulated form
Data Processing: Data Analysis Services
Advanced statistical services to promote fact based decision
making for companies.
Interfaces
The company’s IS has interfaces for evaluating data i.e. reports
defined by users with MS Office (Excel and Microsoft word),
standard components of software like Crystal reports and
Business Objects. Since the company is less two years old, it is
using Google Analytics as its web analytics tool.
Infrastructure and Security
The company has implemented security policies Enterprise
Security Policy, Issue-Specific Security Policy and Systems-
29. Specific Security policy. It follows NIST security model and
follows IETF security architecture. It has chosen firewalls based
on generation and structure. Along with this, it implements a
type of Intrusion Detection and Prevention System. Privileges
are defined for accessing Virtual Private Network.
Week - 5/Report.docx
justify and support the relationship between infrastructure and
security as it relates to this data-collection and analysis
company.
For a data collection and analysis company, the data is their
most valued asset. Hence its security should be of utmost
importance to the company. The overall value of the data
depends on its context i.e., how it is used, how often it is used,
what value it derives for the company and so on. The value of
Information Technology to any company is its ability to store,
present, manage, analyze and protect the data to support the
company do its business operations with the help of it. Some
types of data have inherent value for example profiles of a large
number of customers. Some data have derived value for
example; large amount of data relating to customer’s buying
behavior analyzed using social media tools during the period of
black Friday. Some data might be worth more and some data
would be of lesser value. Data collected and analyzed from
various sources related to customer satisfaction and feedback,
sales enticements, competitive differentiation etc all have value.
However the ultimate value of the data is quite complicated as
it’s built from a composite of all these sub-dates. When more
and more people within the company access the data and derive
information out of it, makes the data more valuable.
How good the data is secured, depends on various factors and
one of the biggest factors is he IT infrastructure of the
organization. Following are some reasons through which we can
determine the relation between infrastructure and data security :
30. a) Loss of data confidentiality: The data which is being
transmitted over a network is always at a risk of being
eavesdropped by an unauthorized party. The weak controls over
access to the company network might result in data stored on
the company's servers and workstations subject to unauthorized
access.
b) Loss of data integrity: If the network nodes are not setup
properly and secured, the data in transit between these network
nodes may be modified deliberately or otherwise. This would
result in the Data may be modified in transit between network
nodes, deliberately or
otherwise. This might result in the system receiving the data
process it incorrectly or perhaps malicious data might get
transmitted. However the end result is a loss for the company.
c) Denial of Service: The network infrastructure of the company
relies on the continued functionality of all the network links
that connects to its component codes. The disconnection of a
network or slowdown of a network link may prevent the system
from providing necessary services for the data analysis and
collection process to effectively continue.
d) System compromise: The network infrastructure includes
routers, Modems, DNS Servers, other communication and
connectivity devices are at risk of being compromised and their
resources being used by unauthorized party for illegitimate
purposes as denial-of-service (DoS) attacks or bandwidth theft
occurs.
Present the rationale for the logical and physical topographical
layout of the planned network.
Current - Before up gradation, the network is straightforward
like that of any of small business. Both logical and physical
layout consist of mail server, database, firewalls, and so on i.e.
all those elements which form a backbone of data-collection
company.
Planned - In planned one, the company is moving from 1 floor
to three floors. To avoid complexity, the layout will remain the
same. On each of the floor the physical and logical layout
31. remains identical. Only at the hub connection, the entire wired
are gathered and tied at one place. For Wi-Fi related
equipments, router with heavy-loading capability is required.
The entire server will be shifted to third floor, so that it is not
easily accessible to any client and unauthorized person.
Design a logical and physical topographical layout of the
current and planned network.
Current - Physical layout
Logical
Planned – Physical
Logical is more or less same like that of current’s logical
diagram which more number of devices and wiring.
Illustrate the possible placement of servers.
Enhanced availability and resiliency - Hardened devices are
placed as shown in the figure so as make sure that company has
optimal service availability and remove any system and
interface-based redundancy.
Network Foundation Protection - As shown in the figure, device
hardening, and control and managment plane protection is
ensured throughout the entire infrastructure to maximize
availability and resiliency.
Public Services DMZ - This portion depicts the placement of
devices to ensure endpoint server protection, intrusion
prevention, stateful firewall inspection, application deep-packet
inspection and DDoS protection.
Secure mobility - Under this, VPN protection is a priority for
mobile users. It performs the persistent and consistent policy
32. enforcement independent of location of staffs. It integrates web
security and malware defense systems.
Internal Access - The equipments are arranged as shown in
figure to ensure email-web security, stateful firewall prevention
and global correlation and granular access control.
Threat detection and management - this part ensures intrusion
prevention and infrastructure based telemetry so as to identify
and mitigate threats.
Edge protection - This placement ensures traffic filtering,
routing security, firewall integration and IP spoofing protection
to discard anomalous traffic flows, prevent unauthorized access
and block illegitimate traffic.
Create and describe a comprehensive security policy for this
data-collection and analysis company.
Classification of Data
Any company’s user having authoritative access to data of the
company may, modify data’s classification. The user may be in
a position to change classification of data if there are sufficient
and justifiable reasons of doing so. Resources doing so will be
held strictly responsible for their changes. When a new data is
created, it should be classified as “Company Only” data till it
user reclassifies it as per one’s modifications. Users are held
strictly for any change in classification they do.
Classifications for existing company’ data are given below:
· Company’s business information (memos, financial
documents, planning documents etc) should be classified as
"Company Only";
· Company’s customer data (contact details, contracts, billing
information etc) should be classified as "Company Only";
· Network management data (IP addresses, passwords,
configuration files, etc.) should be classified as "Confidential";
· Human resources information (employment contracts, salary
information, etc.) should be classified "Confidential";
· Published information (pamphlets, performance reports,
marketing material, etc.) should be classified "Shared";
· E-mail between Company’s employees should be classified
33. "Company Only"; and,
· E-mail between Company’s employees and non-Company
employees should be regarded as "Unclassified".
Classifications: Roles and Responsibilities
1. Responsibility of the user to:
· Know one’s own clearance level and to understand what are
the rights and limitations associated with that clearance
· Ensure all the data one’s going to work on is correctly
classified;
· Ensure one is familiar with the restrictions associated with the
data one’s working on and
· ensure all the data one works with is protected properly.
2. Responsibility of all system owners and system
administrators to:
· determine the security level for all users.
· proper verification of the equipment user is going to work
with.
· installation of the equipment.
3. Responsibility of each divisional manager is:
· Getting approval on clearance for employees.
· Clarifying the classification of data on systems.
· Clarifying the classification of equipment.
· Understanding and implementing the policy.
4. Responsibility of the Security Officer to:
· approving all classifications
· Maintaining a list of all classifications
· Approving the final layout of the company’s network.
· controlling and managing all trusted points
Compliance
1. Any unauthorized user accessing data, device, equipment or a
location with insufficient privileges can face disciplinary
action.
2. Any user who is allowed to access a system that he/she
controls on behalf of someone else with insufficient clearance
can face disciplinary action.
34. 3. Any person who is trying to connect to an equipment for
which one is not classified to access the network with an
inappropriate part of the network can face disciplinary action,
4. Any person who is transmitting data over the network without
specific privileges can face disciplinary action.
�
�
�
�
�
�
�
Ethernet Switch
Web server
Mail server
Database server
File server
Admin Hub
Hub
Hub
Hub
Router
�
�
�
�
�
Company Server
Admin Group
Router-Firewall
Mail Server
192.168.2.1