2. Beginner
Focus
Company Background
Authors
Simha Magal
Stefan Weidner
Jeff Word
Version
3.0
Last Update
July 2016
MOTIVATION
A general understanding of GBI
(the enterprise) prior to embarking
on hands-on exercises and case
studies in the SAP ERP client is
critical for success.
This narrative provides a historical
background for how GBI began
and an overview of its operations
4. Time 15 min
The Global Bike Group has a pragmatic design philosophy that
comes from
its deep roots in both the off-road trail racing and long-distance
road racing
sports. Nearly 20 years ago, its founders designed their first
bikes out of
necessity—they had races to win and the bikes that were
available at the
time did not perform to their extremely high standards. So, they
took matters
into their own hands and built legendary bikes that would
outlast and
outperform the competition. From these humble origins, Global
Bike
Incorporated was born and continues to deliver innovative high-
performance
bicycles to the world’s most demanding riders.
This heritage of entrepreneurial spirit and quest for design
perfection is still
the cornerstone of GBI’s corporate philosophy. GBI produces
bikes for the
5. most demanding competitors—whether the competition is on
pavement or
dirt, for money, fame or just bragging rights.
John Davis earned his racing scars in the mountain racing
circuit in America,
where he won numerous downhill and cross-country
championships. Early
on, John realized that the mass-produced bicycles available
were inadequate
in many ways for the type of racing he was doing. So, John
stripped four of
his old bikes down to the bare metal and rebuilt them into a
single
“Frankenstein” bike that he rode to win the national
championship. Once
news of his Frankenstein bike got out, John’s friends and even
his
competitors began asking him to build them a Frankenstein bike
too. While
recovering from an injury in 1990, John started producing the
first series of
Frankenstein bikes in his garage—each one custom-built from
cannibalized
parts from other bikes. As more and more orders came in, John
6. successfully
expanded Frankenstein Bikes from his garage operations into a
full-blown
manufacturing facility in Dallas and began producing custom
trail bikes
which he sold through a network of specialized bike dealers
throughout the
country.
At nearly the same time, halfway around the world in
Heidelberg, Germany,
Peter Schwarz was studying engineering and competing in
regional touring
races on weekends. In between his races and studies, Peter
worked at a bike
shop in Heidelberg, fixing student bikes and tuning the touring
bikes that he
and his friends rode for competitions. As Peter’s reputation as a
fierce
competitor and mechanical wizard grew, he also began to design
and build
road bikes based on an ultra-light composite frame that he had
created for
one of his engineering courses. Peter’s innovative use of carbon
composite
8. teams, eventually becoming the leader in lightweight touring
frames in
Europe.
Through a twist of fate, Peter and John met each other in 2000
and
immediately recognized their mutual passion for performance
and
complimentary business models. Each had been looking for a
partner in
another racing field and each had been looking for a partner in a
different
market. They quickly realized that a merger between their two
companies
would be extremely synergistic and that the combination of
their product
lines and regional distribution channels would generate a great
deal of
efficiencies.
So, in 2001, Heidelberg Composites and Frankenstein Bikes
merged to form
Global Bike Incorporated. Today, John and Peter share the
responsibilities
for managing GBI’s growing organization as co-CEO’s. John is
responsible
9. for sales, marketing, service & support, IT, finance and human
resources
groups and Peter is responsible for research, design,
procurement and
manufacturing groups from an organizational reporting
perspective.
Figure 1:
Organizational Structure
However, GBI is a process-centric organization, so John and
Peter prefer to
think of the processes that they are responsible for, rather than
the functional
areas of the company that report to them. From this perspective,
Peter is
responsible for Idea-to-Market and Build-to-Stock and John is
responsible
for Order-to-Cash and Service & Support, as well as the
supporting services
for all four key processes. The simple way to look at their
responsibilities
would be to say that Peter spends money and builds products
and John sells
products and brings in money.
12. standards. GBI operates a subsidiary company, GBI Europe,
which is based
in Heidelberg and is subject to IFRS accounting standards and
German tax
regulations.
Material planning, finance, administration, HR and IT functions
are
consolidated at the Dallas headquarters. The Dallas facility
manufactures
products for the US and export markets and its warehouse
manages product
distribution for the central US and internet retailers. GBI also
has
warehouses for shipping and export in both San Diego and
Miami. San
Diego handles West Coast distribution and exports for Asia,
while Miami
handles East Coast distribution and Latin America exports.
GBI Europe has its headquarters in Heidelberg Germany. The
majority of
research and development is housed in the Heidelberg offices.
Heidelberg is
also the main manufacturing facility for GBI in Europe. The
Heidelberg
13. warehouse handles all shipping for southern Europe. The
Hamburg
warehouse handles all shipping for the UK, Ireland, Middle East
and Africa.
GBI sells its bikes throughout the world and employs
approximately 100
people, 2/3rds of the employees are in the US and the remaining
1/3 in
Europe.
Notes
Organizational Chart
15. to
continuously improve the performance, reliability and quality of
its bicycles.
In the touring bike category, GBI’s handcrafted bicycles have
won numerous
design awards and are sold in over 10 countries. GBI’s
signature composite
frames are world-renowned for their strength, low weight and
easy
maintenance. GBI bikes are consistently ridden in the Tour de
France and
other major international road races. GBI produces two models
of their
signature road bikes, a deluxe and professional model. The key
difference
between the two models is the type of wheels used, aluminum
for the basic
model and carbon composite for the professional model.
GBI’s off-road are also recognized as incredibly tough and easy
to maintain.
GBI trail bikes are the preferred choice of world champion off-
road racers
and have become synonymous with performance and strength in
one of the
most grueling sports in the world. GBI produces two types of
18. year. Total
production capacity is roughly 6000 bikes per year, but can be
increased by
15%-20% by using overtime hours and part-time workers.
GBI has outsourced the production of both off-road and touring
frames and
the carbon composite wheels to trusted partners who have
specialty facilities
to fabricate the complex materials used. GBI maintains very
collaborative
research and design relationships with these specialty partners
to ensure that
innovations in both material and structural capabilities are
incorporated into
the frames. GBI primarily assembles semi-finished goods into
finished goods
at its production facilities. Finished goods are either stored in
the local
warehouse or shipped to other regional distribution centers to
fulfill
customer orders.
Notes
20. known and
respected Independent Bicycle Dealers (IBDs). These dealers
employ staff
members who are experts in off-road and tour racing to help
consumers
choose the right GBI bike and accessories for their individual
needs.
Notes
Figure 6
GBI Customers in
US and Germany
Due to the highly technical nature of its products, GBI has
embraced the
Internet primarily as an information channel, maximizing its
potential for
educating consumers and partners and marketing its products to
a large
audience.
Since GBI’s main sales channel is through specialty resellers
and there are
complex tax issues associated with selling in multiple states and
countries,
they have a limited amount of internet sales.
23. functions,
located in the Dallas office. Along with this move to centralized
IT, GBI also
implemented SAP ERP (version 6.0). Prior to this, divisions
were running
multiple, independent application environments. All ERP
functions are
centralized with the primary objectives to reduce costs and
deliver best-in-
class technology to all divisions globally. This centralized
approach offers
GBI an advanced business platform under a highly controlled
environment,
which enables consistency of operations and process integrity
across the
globe.
Notes
1
Guidelines for Project Proposals*
24. A technical proposal, often called a "Statement of Work,” is a
persuasive document. Its
objectives are to
1. Identify what work is to be done
2. Explain why this work needs to be done
3. Persuade the reader that the proposers (you) are qualified for
the work, have a plausible
management plan and technical approach, and have the
resources needed to complete the
task within the stated time and cost constraints.
What makes a good proposal? One attribute is appearance. A
strong proposal has an
attractive, professional, inviting appearance. In addition, the
information should easy to access.
A second attribute is substance. A strong proposal has a well -
organized plan of attack. A strong
proposal also has technical details because technical depth is
needed to sell your project.
Remember: A proposal is a persuasive document.
Required Format
Format consists of the layout and typography of a document. In
formatting your
proposal, use the guidelines in Table 1. A template to produce
your proposal exists at the
following web page:
http://www.writing.eng.vt.edu/design/proposal_template.doc
One aspect of layout is the incorporation of illustrations. In
your proposal, each
illustration should have a name and be formally introduced in
25. the text. Illustrations consist of
figures and tables. Figures include photographs, drawings,
diagrams, and graphs. Each figure
should have a stand-alone caption, and the key points and
features should be labeled. Tables
are arrangement of words and numbers into rows and columns.
Use tables to summarize lists
that the audience will try to find later (the budget, for instance).
Table 1. Format guidelines for requested proposal.
Aspect Description
Font for headings Boldface serif or sans serif: size in
accordance with hierarchy
Font for text portion 12-point serif such as Times New Roman
or Book Antiqua
Margins Standard, at least 1 inch
Layout One column, single-sided
Paragraphing Indented paragraphs, no line skip between
paragraphs in a section
Page number Bottom centered
Figure names Numbered: Figure 1, Figure 2, Figure 3, and so
forth
Figure captions Below figure in 10 point type
Table names Numbered: Table 1, Table 2, Table 3, and so forth
Table headings Above table in 12 point type
* Adapted from Guidelines at the Penn State Learning Factory:
http://www.lf.psu.edu/
2
Organization
26. As given in the proposal template, your proposal should have
the following sections
and headings:
Title Page
a. Title of project in initial capital letters
b. The sponsoring company and contact person’s name and
information
c. Team name and individual member names
d. Date
e. An appropriate picture of the product, a team logo, or both
Executive Summary
Content: A brief summary of the proposal
Length: one-third to one-half page, never more than one page
Emphasis: highlighting of the proposed technical and
management approach
Table of Contents
Statement of Problem: the “Why?”
Summary of the request by the sponsor (the original problem
statement)
Background:
Brief description of company and their business
Relevance or importance of problem
Background information to educate the reader
Previous related work by others—literature review with credible
sources
27. Patent search, if applicable
Detailed problem description, as you now understand it
Objectives: the “What?”
In the Objectives section, you translate the customer’s
quantitative and qualitative needs
into clear, objective design specifications. Define the scope of
work and clearly state the project
objectives, including the following:
a. Design specifications in specific, quantitative terms. For
example, “The plate must be
rotated three times at a speed of between 1 and 3 rev/s” or
“Control the temperature of a 1
liter non-insulated standard glass beaker of water to 37.5 ±
0.5oC for three hours without
temperature deviation.”
b. Critical design issues, constraints, limitations.
Technical Approach: the “How?”
Although you may not know all the details of the problem
solution, you should know a
first design on how you will attack the problem, and you should
have some design concepts.
The purpose of this section is to present the process by which
you will arrive at the final answer.
This section answers the following questions:
3
1) What are the steps in the design process? (Describe and use
the nine-step model from
28. Chapter 1 of Hyman’s text)
2) What are the benefits and advantages of employing a
structured approach to design?
3) How will you generate solution concepts?
4) How will you analyze the performance of your solution?
5) How will you decide on the best alternative?
Specific recommendations for this section include the
following:
a. First, describe your overall design process in general terms.
A one-page synopsis of Chapter
1 in the Hyman text would be appropriate here.
b. Provide at least three possible solution alternatives and
document your methodology to
choose the best alternative. Include illustrations such as Figure
1. Try to be as inclusive and
creative as possible with your ideas. Strive to achieve at least
one non-conventional or “out
of the box” alternative.
c. List and describe all the analytical, or computational tools
you will employ to analyze your
design, such as ProEngineer®, SolidWorks®, MathCAD, and
MATLAB.
d. List and detail all the experimental procedures you will
use to test your design concepts.
e. Evaluate your alternatives based on how well they
satisfy the design specifications. Explain the selection
criteria by which you will evaluate design
alternatives in specific, quantitative terms, such as
cost, weight, reliability, ease of use, and ease of
manufacture. A matrix table can clearly illustrate this
29. information.
f. If possible at this time, rank your solution concepts
and list the pros and cons of each. At minimum, state
what further information or additional work is
needed in order to arrive at a final solution
alternative.
g. If any solution is totally unfeasible (or may have been
Figure 1. SolidWorks® model of a
tried before), state the reason for its elimination. Manual filter
wheel with C-Mount
adapters.
Project Management: “How and When?”
The Project Management section describes how the project will
be managed, including a
detailed timetable with milestones. Specific items to include in
this section are as follows:
a. Description of task phases (typical development tasks:
Planning, Concept Development,
System-Level Design, Detailed Design, Testing and Refinement,
Production)
b. Division of responsibilities and duties among team members
c. Timeline with milestones: Gantt chart (see Figure 2 for an
example). The following are
required elements of your Gantt chart:
i. Project duration is from the date your project is assigned to
the completion date:
25th April
ii. Each milestone is to be labeled with a title
iii. Schedule all tasks not just “Design” or “Testing.” Break
30. this schedule down to
specific assignments.
4
iv. Each task is to be labeled with a title and person or persons
assigned to the task.
v. Subdivide larger items so that no task is longer than about
one week
vi. Link tasks which are dependent on the completion of a
previous task.
vii. Continue to update your schedule throughout your project.
This tool is important
for organizing and viewing the progress of your project.
viii. Where possible, avoid a serial timeline (one task at a time,
which must be
completed before next task can proceed).
Figure 2. Example of a Gantt Chart.
Deliverables
The culmination of the proposal negotiation with your sponsor
will be a completed
“Deliverables Agreement.” In this section, provide a detailed
description of what you are
providing and when you will provide it. Be as specific as
possible. Possible items include
Detailed design drawings (specify Computer Aided Design
31. format)
Physical prototype
Scale model
Engineering analysis (Finite Element Analysis, MATLAB, etc.)
Economic analysis (return on investment calculations)
Detailed description of test procedures
Data from experiments
Computer program code, flowchart, documentation
Circuit diagrams
User-friendly instructions including training for personnel
Budget: “How Much?”
Provide your best estimate of how project funds will be spent
for your first design. For
an example, see Table 2. The sponsor will allow for only this
amount. At this time, you need to
know the details for your initial design. You can divide up your
budget into some major
categories, such as equipment, materials, supplies, shipping (if
Hershey), and Learning Factory
costs (that is, for the computerized numerical control, rapid
prototyping, etc). Remember: You
are spending sponsor dollars and the sponsor needs to see that
the money is spent wisely. If
additional funds or resources are needed from your sponsor
compared to their original “request
for proposals,” ask for them here but justify the request.
1. Be as exact as you can but estimate slightly higher for
shipping. For any quantities, add an
additional 10–20% for error.
5
32. 2. Read all ordering requirements for each company. Some
companies have a minimum
order amount so you need to be aware of this in advance.
3. You’ll need to have all (100%) your items ordered and
reconciled by the week before spring
break for your first design.
4. Additional funds will not be released after this day without
written justification for the
deviation (that is, why do you need to go with your alternate
choice? What went wrong
with the first design?).†
Table 2: Requested items and funds for initial design.
Item Supplier Catalog No# Quantity Unit Price Total
Vacuum Pump McMaster Carr IJ-60825 1 $183.47 $188.72
Flow Pump Northern Tool CJX-689 1 $139.99 $156.62
Water Filter Whirlpool Lowe's Hardware WHER25 1 $33.73
$33.73
23/32" Plywood 4'x8' Lowe's Hardware none 1 $24.95 $24.95
4" Ondine Rainmaker Smartbargain.com 129808 1 $19.99
$37.86
Acrylic Tubing 5' (OD 8") McMaster Carr 8486K626 1 $236.70
$250.95
"8" Flange (13" OD) McMaster Carr KD-ERW 1 $44.24 $44.24
Total $737.07
Communication and Coordination with Sponsor
Specify the interaction with your sponsor:
a. Establish communication schedule and the responsibilities of
each participant. See the
33. syllabus for exact dates of progress report, mid-semester
presentations, final-presentations,
Showcase, etc.
b. Establish the form of communication (visits, weekly updates,
conference calls,
teleconferences).
c. Specify who will receive information and how it will be
transmitted.
d. Clearly state what actions are requested with each
communication: information only, reply
requested, etc.
Special Topics
Define any sponsor specific items, such as the handling of
confidential information, and
loan and return of equipment.
Team Qualifications: the “Who?”
a. In a paragraph for each person, establish the team
qualifications for the project. Highlight
any specific job or course experiences that are relevant to the
project.
b. Include a one-page resume of each team member in the
Appendix. Do not include your
hobbies.
† If your first approach has problems you should be ready to
switch to your alternate. To do this switch,
you will need to submit a revised “Full Proposal.”
34. Identification and Authentication
GBI - John Davis & Peter Schwarz
Team - Group 4 (Chase Guss, Alexander Apodaca, Matthew
Ulloa, Tamer Rabea, and Hernan Hernandez)
April 29th, 2022
Executive Summary
The purpose of this paper is to propose an audit on GBI’s
company and suggest things that should be looked into when
given the opportunity to audit their system in the area of
identification and authentication. It would take approximately
four month to complete the audit if given full access to GBI’s
systems. Our objective is to go in depth into your systems
policies on identification and authentication and depict who is
allowed into your company. We will interview employees and
see how much access they are granted and if they are required
to have the necessary authorization that your company provides
them. We want to ensure that we can spot out anyone that has
the necessary credentials and does not exceed their necessitie s
for your company. By the end of this audit, we would be able to
explain how we would appropriately modify your systems and
ensure the safekeeping of all data and information for your
company. We would break it down into a table of significant
issues, types, and priorities. If GBI decides to use Team Four as
their auditor, we will provide dates that we can implement all
solutions by.
Table of Contents
Page 1 - Cover page
35. Page 2 - Executive Summary
Page 3 - Table of contents
Statement of Problem: the “Why?”
In 2001, two companies merged into one and formed what we
know as GBI. Global Bike Inc. is a North American and German
company run by co-CEOs John Davis and Peter Schwarz. As the
name implies, the company builds innovative bikes made to
outperform others and last for a long time. In terms of
responsibilities, Davis handles selling the products, and
Schwarz deals with manufacturing the product. Departments
such as marketing, IT, HR, service and support, finance, and
sales make up Davis’ portion of the company. He is the money
maker. Schwarz manages research, the designs of the bikes,
getting supplies, and other manufacturing groups. He is the
money spender.
GBI wants a Department of Defense contract, and to be granted
this contract, they must meet the level three requirements of the
CMMC. GBI needs a CMMC audit. The Cybersecurity Maturity
Model Certification audit will carefully dissect GBI’s cyber
hygiene under the “Identity and Authorization” domain. This
domain categorizes the best procedures and practices the
company needs to follow. The identity and authorization domain
deals with employee logins, access to resources, passwords,
etc. GBI must face this cyber challenge, and we can provide the
audit as a company.
Technology has ingrained itself into everyday business and will
continue to do so. With this technology comes good and evil.
On the one hand, we have information systems that handle vast
portions of data, but on the other hand, we have hackers who
want to steal that data for many reasons. A CMMC audit would
test the company’s cyber hygiene and point out what can be
improved to prevent data from being stolen and business
stopping because one employee inserted a thumb drive into their
computer. The audit brings GBI one step closer to protecting
their company, employee, and customer data. While preserving
36. the company and its assets, this audit gives the potential of
allowing GBI to work with the DOD and expand its business. If
the company fails to reach level three of the CMMC, GBI still
receives an audit that tells them what gaps need to be filled to
reach that level. This may be for expanding work opportunities,
but cyber security is critical currently in today’s climate.
Objectives: the “What?”
During the scope of the project, our objective will be to propose
an audit for Global Bike Inc. We intend to finish the audit
within four months and by doing so, we shall be able to ensure
your business maintains its proper working environment. We
will be able to spread our work in a timely manner to allow your
company to meet its daily requirements. By the time we are
done with this project, we will have a thorough understanding
of the company systems and policies. The company must meet
the requirement of good cyber hygiene according to the CMMC
guidelines. We can assure that our company will take the proper
steps and procedures throughout the auditing process, which
will ultimately decide whether GBI is certified to be at the level
three CMMC and be granted a DOD contract.
·
Design specifications in specific, quantitative terms. For
example, “The plate must be rotated three times at a speed of
between 1 and 3 rev/s” or “Control the temperature of a 1 liter
non-insulated standard glass beaker of water to 37.5 ± 0.5oC for
three hours without temperature deviation.”
·
Critical design issues, constraints, limitations.
Technical Approach: the “How?”
37. Our goal will be to completely analyze their systems. We will
be focusing on identities and authentications. First thing we will
do is identify all the system users. Identify the processes acting
on behalf of the system and identify all the devices that are
accessing the companies systems. After doing so, we will want
to review all Identification and authentication policies and
procedures. We will review the system security plans and
system design documentation. We will need to review the
configuration settings and any other policies associated with it.
We would need a copy of audit logs and records, and a list of
system accounts. After reviewing all of these documents and
policies, we would want to get some interviews with personnel
that work in system operations, information security, system or
network administrators, and system developers. We would then
be able to evaluate the organizational process for identifying
and authenticating users. We would also evaluate the
mechanisms and process that supports the identification and
authentication process.
Following that we would determine if the identity of each user
is authenticated or verified as a prerequisite to system access,
ensure its acting on behalf of a user is authenticated or verified
to access the system.
By doing so, we would be able to source out any challenges the
company may be enduring. We would be able to come with a
plan to get over these challenges. Our objective is to ensure that
there are policies in place and that the company is abiding by
them. Everyone that requires access to the systems for the
company should be given a certain level of clearance. With this
comes responsibility and trust. Users may be granted access
based on their level of clearance. That being said, we would
break down all policies and pinpoint the job specifications for
every person through the chain of command. We can then
interview employees around the company and ensure that they
are following their job specifications. After that, we need to
38. ensure that the employees are given access based on their
identity and authentication clearance level.
Design Process
1) Process Overview
The design process will consist of reviewing documents,
password logs, security logs, configuration settings, policies,
and other information relevant to identity and authentication.
Anything found that has any significance towards policy,
procedure, and relevant information that can help our audit. We
will also be conducting interviews to establish if our findings
match the everyday business workflow.
The identity and authentication domain has one capability and
eleven practices that certifies companies under CMMC. There
are two practices in level one, five in level two, and four in
level three. We will approach the audit one practice at a time,
dividing our time based on the CMMC levels.
Capability
“Grant access to authenticated entities”
2) Step by step guide of design process
3) What are the benefits and advantages of employing a
structured approach to design?
Having a structured approach to design will keep everything
uniform. We will be able to track every step we take and plan
ahead according to the designs and findings we come across.
We will document everything as we find things that work well,
work okay, and do not work at all. There will be a process
organization responsibility matrix that will easily breakdown
the moving parts that work well or have value of being in the
company.
4) How will you generate solution concepts?
We will generate solutions by auditing the policy, interviewing
39. employees and administration. We shall test all of our findings
and prepare a final report.
5) How will you analyze the performance of your solution?
We will be able to ensure who needs access to what and why it
might be potentially damaging to your company. GBI process
would know there assets would be more secure and not have the
potential to risk losing money on places it should not be
allocated to.
6) How will you decide on the best alternative?
Upon completion of the audit we are proposing, once finished
we would have a breakdown chart of areas in which they are in
compliance with. We will be able to explain to them which
areas they are not in compliance with and that they need to fix it
by the next meeting to gain compliance and meet the standards
for CMMC. We would not be able to change anything for them,
if in doing so, we would no longer be able to audit them.
Specific recommendations for this section include the
following:
First, describe your overall design process in general terms. A
one-page synopsis of Chapter 1 in the Hyman text would be
appropriate here.
·
Provide at least three possible solution alternatives and
document your methodology to choose the best alternative.
Include illustrations such as Figure 1. Try to be as inclusive and
creative as possible with your ideas. Strive to achieve at least
one non-conventional or “out of the box” alternative.
40. ·
List and describe all the analytical, or computational tools you
will employ to analyze your design, such as ProEngineer®,
SolidWorks®, MathCAD, and MATLAB.
·
List and detail all the experimental procedures you will use to
test your design concepts.
·
Evaluate your alternatives based on how well they satisfy the
design specifications. Explain the selection criteria by which
you will evaluate design alternatives in specific, quantitative
terms, such as cost, weight, reliability, ease of use, and ease of
manufacture. A matrix table can clearly illustrate this
information.
·
If possible at this time, rank your solution concepts and list the
pros and cons of each. At minimum, state what further
information or additional work is needed in order to arrive at a
final solution alternative.
·
If any solution is totally unfeasible (or may have been tried
before), state the reason for its elimination.
Project Management: “How and When?”
The Project Management section describes how the project will
41. be managed, including a detailed timetable with milestones.
Specific items to include in this section are as follows:
a. Description of task phases (typical development tasks:
Planning, Concept Development, System-Level Design, Detailed
Design, Testing and Refinement, Production)
Phases of the Project Development
· Planning (Submission of the proposal) April 24th. From April
24th to May 30, 2022 We will be able to meet with owners of
GBI and discuss project details and ensure we can meet time
frames and plan accordingly for the project to meet its time
restraints.
· Audit/Review / May 1st to May 30th, will be time for our
Team to come in to audit and review policies and documents
pertaining to identity and authentication. We will prepare
ourselves during this period and prepare interview questions.
This would allow GBI time to plan for employees to spare
approximately 1-4 hours for interviews based on the scope of
their assignment.
· Interviews June 1st to June 31st all employees will be
scheduled with two of our team members and we will interview
accordingly based on positions. Our fifth person will be
responsible for ensuring all interviews will be on the proper
schedule and comparing the notes from each interview. We will
compare our findings based on policies and form every
interview.
Responsibilities for each team member
· Team member 1- Project administrator, oversees the project
and meets with the company. Reviews policy and interviews.
Coordinates the tests amongst the rest of the team. Team
member 1 will set up all interviews and divide the work
amongst the team members to ensure nothing is repetitive and or
missed.
· Team member 2 - Responsible for reviewing policies,
auditing, interviewing, and testing.
· Team member 3 - Responsible for reviewing policies,
42. auditing, interviewing, and testing.
· Team member 4 - Responsible for reviewing policies,
auditing, interviewing, and testing.
· Team member 5 - Responsible for reviewing policies,
auditing, interviewing, and testing.
Gantt Chart
Gantt Chart Attached is a gantt chart with a basic timeline
and the procedure of how and when things will be completed.
This project should take approximately four months in time and
we will be able to spread it in a timely manner to allow your
employees to find coverage during times of interviews and
reviewing documents.
ii. Each milestone is to be labeled with a title
iii. Schedule all tasks not just “Design” or “Testing.” Break this
schedule down to
specific assignments.
iv.
Each task is to be labeled with a title and person or persons
assigned to the task.
v.
Subdivide larger items so that no task is longer than about one
week
vi.
Link tasks which are dependent on the completion of a previous
task.
vii.
Continue to update your schedule throughout your project. This
43. tool is important
for organizing and viewing the progress of your project.
viii.
Where possible, avoid a serial timeline (one task at a time,
which must be completed before the next task can proceed).
Deliverables
We will provide a document at the end that will show an
overview of our findings. It will be color coordinated and
reflect the CMMC guidelines. Red will indicate critical.
Vulnerabilities will be listed inside the highlighted section that
correlate with the identification and authorization domain.
Critical means that the exploitation of this vulnerability could
cause catastrophic damage to the company’s reputation,
workflow, operations, etc. Anything in orange would be a less
severe vulnerability, but with the potential to be exploited and
cause minor workflow issues. Green will indicate that no
vulnerabilities were found. With this information it is up to GBI
to decide how and if they would want to fix these problems.
After the audit, we can offer our services to fix these
vulnerabilities and implement proper security controls. GBI
would get a 15% discount on this specific service. If accepted,
we would not be able to audit GBI in the future.
The culmination of the proposal negotiation with your sponsor
will be a completed “Deliverables Agreement.” In this section,
provide a detailed description of what you are providing and
when you will provide it. Be as specific as possible. Possible
items include
Detailed design drawings (specify Computer Aided Design
format) Physical prototype
Scale model
44. Engineering analysis (Finite Element Analysis, MATLAB, etc.)
Economic analysis (return on investment calculations)
Detailed description of test procedures
Data from experiments
Computer program code, flowchart, documentation Circuit
diagrams
User-friendly instructions including training for personnel
Budget: “How Much?”
Provide your best estimate of how project funds will be spent
for your first design. For an example, see Table 2. The sponsor
will allow for only this amount. At this time, you need to know
the details for your initial design. You can divide up your
budget into some major categories, such as equipment,
materials, supplies, shipping (if Hershey), and Learning Factory
costs (that is, for the computerized numerical control, rapid
prototyping, etc). Remember: You are spending sponsor dollars
and the sponsor needs to see that the money is spent wisely. If
additional funds or resources are needed from your sponsor
compared to their original “request for proposals,” ask for them
here but justify the request.
The amount for our budget will be 150,000 for the audit if we
are chosen, there might be an additional 10-20% charge during
the process if errors are made by your company or employees
refusing to comply with the orders given in a timely manner.
Below is a breakdown of where the funds will be supplied.
Budget Breakdown
Personnel/ Labor - 100,000 amongst 5 employees over a four
month period, 5 employees, earning equal wages 20,000 each
for a four month period.
Supplies - 25,000 - Technology and implementation
Transportation- 10,000 - Gas, stays, vehicle wear
45. Programs - 15,000 - system authentications
0.
Read all ordering requirements for each company. Some
companies have a minimum order amount so you need to be
aware of this in advance.
1.
You’ll need to have all (100%) your items ordered and
reconciled by the week before spring break for your first design.
2.
Additional funds will not be released after this day without
written justification for the deviation (that is, why do you need
to go with your alternate choice? What went wrong with the
first design?).†
Table 2: Requested items and funds for initial design.
Item
Vacuum Pump
Flow Pump
Water Filter Whirlpool 23/32" Plywood 4'x8'
4" Ondine Rainmaker Acrylic Tubing 5' (OD 8") "8" Flange
(13" OD)
Supplier Catalog No#
McMaster Carr IJ-60825 Northern Tool CJX-689 Lowe's
Hardware WHER25 Lowe's Hardware none Smartbargain.com
129808 McMaster Carr 8486K626 McMaster Carr KD-ERW
Quantity
46. Unit Price
$183.47 $139.99 $33.73 $24.95 $19.99 $236.70 $44.24 Total
Total $188.72
$156.62 $33.73 $24.95 $37.86
$250.95 $44.24 $737.07
Communication and Coordination with Sponsor
Point of Contact:
GBI is to provide their policy documents in regards to security.
This includes documents regarding passwords, authentication,
how users are authorized, etc. They are also to provide any
recurring scripts and access to logs and files.
We will meet with our point of contact at least once per week
for at least a half hour to inform of progress, who we need to
speak with and to rearrange the schedule if there is a conflict
for either party or employee. Parties must be able to meet either
in person or via zoom.
Response to e-mail and phone communications should be
prompt and done within 24 hours, barring weekends having a 48
hour window. In the case of e-mail or phone communications in
which there is only information given and no questions either
asked or that arose; parties will send a message of
acknowledgement.
The final report will be given to the CEO and head of IT (look
on ARRIS). If there is an issue it must be presented to us within
72 hours and we will work to resolve it. Our conclusions will be
drawn based on evidence and word of mouth alone is not
sufficient.
Special Topics
Our company will meet with GBI, during the initial meeting we
can discuss handling of confidential information. We need
access to all policies and procedures that relate to identity and
47. authentication. These things may require information about the
employees, employers, and company as a whole. We will
discuss the parameters of the project and what our team will be
able to utilize. Our team will ensure the privacy of all
information regarding employees, employers, and the company
itself. We will agree to secure all information when we are done
with the project and we will ensure we do not take any
information and use it for personal gain. Our company will
write up a contract with GBI and both parties will agree to the
terms before the start of an audit. If the contract is voided, the
project will be terminated and our company will no longer have
access to GBI’s information systems. We pride ourselves in
maintaining integrity and confidentiality during the work
process.
Any loaned equipment to our company will be returned on a
daily basis, unless specifically requested by our management
team and agreement with GBI’s management. We will not retain
systems overnight nor transport them off the facility.
Team Qualifications: the “Who?”
In a paragraph for each person, establish the team qualifications
for the project. Highlight any specific job or course experiences
that are relevant to the project.
Alexander Apodaca
Chase Guss - 7 years of working as a Supervisor in my current
line of duty as a Corporal for the Sheriff’s department. I would
maintain computers and technology for my station that I was
assigned to. Familiar with Linux, Windows, and Mac OS’s.
Utilized a Raspberry Pi to link it to an outside network, from
my pc at home I was able to gain access into the Raspberry Pi
and access the outside network from a distance and monitor
traffic, viewing users that have access to certain things or if
they weren't working and just surfing the web. I received a
certificate in AccessData Certified Examiner. I would run audits
48. of over one hundred personnel in our department and ensure
their training records were up to date and placing them in the
right categories. I would also be responsible for ensuring that
they are given access to department drives when logging into
their user on department systems. I would ensure that they can
access the files they need and no more than that.
Hernan Hernadez
Tamer Rabea
Matthew Ulloa
Include a one-page resume of each team member in the
Appendix. Do not include your hobbies.
† If your first approach has problems you should be ready to
switch to your alternate. To do this switch, you will need to
submit a revised “Full Proposal.”
Ethical and Legal Compliance Statement
As a company, we strive to maintain a trusting relationship with
any company we do business with. Our company will follow all
federal and state laws applicable to GBI’s data. Any work done
with GBI will comply with all laws and ethical business
codes…
Arbitration Clause:
Any disputes that arise should be resolved civilly. In the event
of arbitration, it is to take place in San Bernardino County. …
..
