Home >> Free Essays >> All Subjects >> IT
IT Examples and Topics
Your Name
Instructor Name
Course Number
Date
Title: Information Security Policies
A Chief Information Security Officer (CISO) is responsible for implementing policies and procedures to protect the information and data of the organization. These may include implementation of programs for protection, allocation of budget, and other activities related to the protection of the information assets of the organization ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ORZMIL4y","properties":{"formattedCitation":"(Sohrabi Safa et al.)","plainCitation":"(Sohrabi Safa et al.)","noteIndex":0},"citationItems":[{"id":137,"uris":["http://zotero.org/users/local/WKtM8IGm/items/LHCNEGBU"],"uri":["http://zotero.org/users/local/WKtM8IGm/items/LHCNEGBU"],"itemData":{"id":137,"type":"article-journal","title":"Information security policy compliance model in organizations","container-title":"Computers & Security","page":"70-82","volume":"56","source":"DOI.org (Crossref)","DOI":"10.1016/j.cose.2015.10.006","ISSN":"01674048","journalAbbreviation":"Computers & Security","language":"en","author":[{"family":"Sohrabi Safa","given":"Nader"},{"family":"Von Solms","given":"Rossouw"},{"family":"Furnell","given":"Steven"}],"issued":{"date-parts":[["2016",2]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sohrabi Safa et al.).
PC Protection Software Policies
The following policies regarding the PC protection software should be implemented within an organization to avoid any data loss due to viruses or errors.
There would be periodical testing of the entire PC by the software to check for any trouble that may be existing in the system. The systems would be checked for corrupted files, virus-infected files and existence of malware on the system.
Any system that is detected to be faulty by the software, would be disconnected from all the resources like the office network and internet, and would be tested remotely to remove any errors that are disrupting the performance.
The data on the infected PC would be recovered on first priority. The tasks of handling the malware and corruption would be the secondary task for the concerned team.
The PC protection software like anti-virus software would be updated as soon as the new updates arrive for the particular software to make sure that it is at an optimal performance level. New software shall be installed and maintained on all the PCs as soon as the approval of them arrives ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"a31lAm2V","properties":{"formattedCitation":"(Baker)","plainCitation":"(Baker)","noteIndex":0},"citationItems":[{"id":139,"uris":["http://zotero.org/users/local/WKtM8IGm/items/AK69SJS7"],"uri":["http://zotero.org/users/local/WKtM8IGm/items/AK69SJS7"],"itemData":{"id":139,"type":"book","title":"Evaluating the Necessity of Third-Party Antivirus Software","author":[{"family":"Baker","given":"Erik"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Baker).
Any system that the employees might be using that doesn’t belong to the organization would be given the same treatment as the official systems. This would include the installation of the standard PC protection software. The PCs would also be tested to make sure that it won’t be of any harm to the organizational data.
In case there is an issue detected by the employee then he would be responsible for reporting it immediately to the concerned department for handling.
External Access to Corporate Network Policies
Many large organizations tend to utilize their own networks to make sure that the performance is maximum and that the data is secured from any unauthorized usage. Some of the employees may be given the right to access the network from outside the office environment ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"y2AzWilW","properties":{"formattedCitation":"(Safa and Von Solms)","plainCitation":"(Safa and Von Solms)","noteIndex":0},"citationItems":[{"id":138,"uris":["http://zotero.org/users/local/WKtM8IGm/items/X678UQAE"],"uri":["http://zotero.org/users/local/WKtM8IGm/items/X678UQAE"],"itemData":{"id":138,"type":"article-journal","title":"An information security knowledge sharing model in organizations","container-title":"Computers in Human Behavior","page":"442-451","volume":"57","source":"DOI.org (Crossref)","DOI":"10.1016/j.chb.2015.12.037","ISSN":"07475632","journalAbbreviation":"Computers in Human Behavior","language":"en","author":[{"family":"Safa","given":"Nader Sohrabi"},{"family":"Von Solms","given":"Rossouw"}],"issued":{"date-parts":[["2016",4]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Safa and Von Solms). Policies regarding such concepts are
The external access privileges would only be granted to the designated employees of the organization. These employees would be able to utilize the office network on designated PCs only. The PCs that would be utilized would be properly checked and equipped with the necessary software to make sure that the standards of the corporation are maintained.
The privileges to access the corporate network would be restricted for the employees. Each employee would be using the corporate network for particular tasks while other tasks would not be allowed. The privileges assigned would be on the basis of the task that has been assigned or the designation that the employee holds in the office.
Utilization of the corporate network would be only be for the purpose of the tasks of the corporation and no outside the business tasks would be handled through this network.
It would be the duty of the employee to protect the corporate network through any unauthorized usage from any outsider. This would mean keeping the credentials a secret and not allowing anyone else to handle the tasks related to the business. Failing to do so would result in actions against the employee at fault.
All the tasks shall be done on the official servers and no data shall be saved on the personal PCs that are related to the business.
Works Cited
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Baker, Erik. Evaluating the Necessity of Third-Party Antivirus Software. 2018.
Safa, Nader Sohrabi, and Rossouw Von Solms. “An Information Security Knowledge Sharing Model in Organizations.” Computers in Human Behavior, vol. 57, Apr. 2016, pp. 442–51. DOI.org (Crossref), doi:10.1016/j.chb.2015.12.037.
Sohrabi Safa, Nader, et al. “Information Security Policy Compliance Model in Organizations.” Computers & Security, vol. 56, Feb. 2016, pp. 70–82. DOI.org (Crossref), doi:10.1016/j.cose.2015.10.006.
Subject: IT
Pages: 2 Words: 600
Philosophy
[Name of the Writer]
[Name of the Institution]
Part 1:
Conceptual Design:
A conceptual model is a representation of a system, made of the composition of concepts which are used to help people know, understand, or simulate a subject the model represents.
Entities:AdminProfessorStaffDepartmentFacultyCourseStudentRoomBuilding
Supertype:EmployeeSubtype:StaffAdminProfessor
Primary key:
Employees:id
Studentstudent
Coursecourse_id
Facultyfaculty
DepartmentDeptt_id
Candidate Key:
Primary keys are also used as a candidate key. There can be more than one candidate key. Candidate key is used to identify uniquely data from database
Surrogate key:
Room:
Room_id
Relationships and Cardinalities:
One to One relationship between Student and Department because one student has only one department.
One to many relationships between Student and Course because one student has enrolled in many courses.
One to one relationship between Building and Room because each room is associated with each building.
One to one relationship between faculty and Department because every faculty member has one department.
Many to Many relationships between Course and professor because one professor has taught many courses at a time.
One to many relationships between faculty and Student because one faculty member has advised many students at a time.
Conceptual ER Diagram:
Part 2:
Logical Design:
A logical data model describes the data in as much detail as possible, without regard to how they will be physical implemented in the database. Features of a logical data model include: Includes all entities and relationships among them. All attributes for each entity are specified.
Describe Data Attributes and their types for each entity
Employee:
+Id: int (PK)+First_Name: Varchar+Last_Name: Varchar+Hire_date: Date
Admin
+Admin_position
Professor
+Rank: int +Specialty: Varchar
Staff:
+level: int
Student
+Stud_id: Varchar (PK) +First_Name: Varchar +Last_Name: Varchar +Email: Varchar
Department
+Deptt_id: int +Deptt_Name: Varchar
Faculty
+Faculty_id: int (PK)+Faculty_Name: Varchar
Room:
+Room_id: int+type: char
Identify Foreign keys for each identity:
In student class stud_id is the foreign key for courses class and the course_id in Courses class is the foreign key for student class.
In Professor class Emp_id is the foreign key for Faculty class and the Faculty_id in faculty class is the foreign key for professor class.
In Department class Deptt_id is the foreign key for Course class and the Course_id in Course class is the foreign key for Department class.
If there are any one to one relationship then describe:
One to One relationship between Student and Department because one student has only one department.
One to one relationship between Building and Room because each room is associated with each building.
One to one relationship between faculty and Department because every faculty member has one department.
Logical Model Diagram:
Subject: IT
Pages: 7 Words: 2100
UNIVERSITY
Uber: Strategic Security Policy and Potential Threats
By
18017
Date
Lecturer’s Name and Course Number
Summary
Uber is an application that allows individuals to travel to their desired locations using their cell phone. The company was originated by Travis Kalanick and Garrett Camp in 2009 in San Francisco, US and according to its website, Uber, by connecting passengers with drivers through its application, makes cities more accessible, which allows more possibilities for passengers and more business for drivers. In December 2011 Uber left the United States to conquer other countries and began operating in Paris (France). In March 2012, it arrived in Toronto (Canada) and in July in London. In April 2014, it arrived in Barcelona, in September in Madrid, and in October in Valencia and Bogota. The company has not stopped growing since then. However, with the rising business, the company has faced numerous security threats in the past. Therefore, this report will point out the strategic security policy of Uber, highlight the potential threats, and devise a strategy to mitigate them.
Table of Contents
TOC \o "1-3" \h \z \u Summary PAGEREF _Toc9807762 \h 2
1Introduction PAGEREF _Toc9807763 \h 4
2Origin of Uber PAGEREF _Toc9807764 \h 5
3Security Situation PAGEREF _Toc9807765 \h 5
4Strategic Security Policy PAGEREF _Toc9807766 \h 5
4.1Confirmation of real-time of the driving partner PAGEREF _Toc9807767 \h 6
4.2Strengthen admission processes PAGEREF _Toc9807768 \h 6
4.3Effective communication PAGEREF _Toc9807769 \h 7
5Threats and vulnerabilities PAGEREF _Toc9807770 \h 7
6Mitigation of potential threats PAGEREF _Toc9807771 \h 8
7Conclusion PAGEREF _Toc9807772 \h 9
Bibliography PAGEREF _Toc9807773 \h 10
Introduction
"Uber is the private driver of everyone." That's the slogan of this startup originated in San Francisco. Uber is a platform through which it is possible to order and pay for transportation services, and on a daily basis, it makes more than 350,000 trips spread over five continents. The user must download the application and register a credit card. The customer chooses between different types of cars and rates and the payment is deducted from the registered card. The fares depend on each city, and in many parts of the world, the rates can be cheaper than a traditional taxi. Uber receives 20 percent of the payment. The rest is for the driver.
The rapid expansion of Uber and its penetration level in 52 countries and 249 cities is due to several reasons, which are ease of accessing the service, punctuality, and trust in the fulfillment of the requested service, cleaning and comfort of the cars, quality of service for drivers, possibility to know how much the service costs in advance and the promise of security. Drivers who work with the platform are reviewed and the comments made by users about the service are confidential.
The company founded in 2009 is one of the startups that came to break the world of business, from a small technology company to a world leader in the transport service. Currently, it has an estimated value of 68 billion dollars, surpassing others such as Xiaomi and Airbnb, according to data projected in Statista. However, today speaking about the company based in San Francisco is almost synonymous with talking about problems with security; many of them related to the safety of the users and the drivers themselves (Admin, 2017).
Origin of Uber
The idea behind Uber arose when Travis Kalanick, serial entrepreneur, and Garret Camp, co-founder of StumbleUpon, left a conference in Paris and could not find a taxi to take them to the hotel. At that moment, they thought that "it would be incredible" to have an on-demand service of transportation, with which they could go everywhere. When they returned to San Francisco, they began to develop the project and now they are well known in the whole world.
Security Situation
The security situation that different countries are experiencing has become a problem for Uber users and driving partners and although the company warned that a minimum of 8 million people and 250,000 drivers who use the platform have suffered a security incident during a trip. There are multiple concerns and doubts about the security offered by the application. The basic principle of the company is nothing more than a new economic system in which goods and services are shared and exchanged (often between private parties) through digital platforms. Uber is responsible for developing and maintaining the quality of systems, as well as offering various competitive benefits for users. It is they who are responsible for the security of its users and drivers. Based on this principle, the responsibilities of Uber is to offer the best possible application for the use of citizens. They need to implement new security tools to improve the quality and safety of each trip (Conger, 2017).
Strategic Security Policy
The strategic security policy of uber can be grouped into three guidelines: Verification of real-time of the driving partner; strengthening admission processes for both driving partners and users; as well as a communication campaign on these measures.
Confirmation of real-time of the driving partner
The application has a security feature of internal chat that enables communication between drivers and users without the need to share personal information between both, and the possibility for both users and drivers to report on trips in real time and have added more information about who drives the units. Moreover, Uber added a telematics technology that allows analyzing driving patterns, which includes variables such as acceleration, braking and a comparison between the suggested routes (Crook, 2019).
Strengthen admission processes
Since August 2017, Uber has implemented a verification mechanism for those who pay for the service in cash through Facebook, which provides more certainty to the driving partners. Despite the problems of security of information on Facebook that has been revealed in recent time, this platform is used for reasons of accessibility, since 66 million people have a Facebook account, and they can also study other options to verify the digital identity of users.
As a part of strategic security policy, with effect from September 2017, people who want to join Uber as driving partners must go to the company's service centers to perform the psychometric examination in person and since December of the same year, the company has blocked the option to the driving partners who update their photo online, so now they must do it in one of these care centers, which seeks to minimize the criminal activities. The trust filter has also been improved so that the drivers' data is verified in more than 500 federal and state databases, which includes the databases of some border states (Bawden-Davis, 2019).
Effective communication
The top security consultants of the company suggest that the communication about the incidents and the way they occur and report should be a priority for Uber. This is part of the motivation for which the company launched this security program whose actions will be unveiled in the coming weeks. Regarding whether the company could adopt an open data policy to improve both mobility and security within the cities in which it operates, any option that allows improving security should be evaluated internally. Uber must be willing to take a measure like this because this would mean giving access to the information of users and driving partners. They must evaluate all the innovative security options.
Threats and vulnerabilities
Uber may face a variety of threats and vulnerabilities. The drivers may be unhappy with profit margins. This could lead to extending bad publicity about Uber and discourage the entry of new drivers. Some legal regulations may also prohibit the use of Uber. There may also be problems with local authorities. Moreover, the increase in competition will cause a decrease in prices. This will lead to discouraging new drivers from joining these platforms. These threats will negatively harm the brand. Self-Driving cars will eradicate the need for these services. The overvaluation can also lead to overinvestment in places where there is no place for businesses of a similar kind.
The security of the uber application is also very important. The platform works through a smartphone application, whose GPS locates users location and shows the options of nearby cars available. Then, they choose the car, see the profile of the driver, contact him on his cell phone and pay with a credit card, so there is no physical exchange of money. In a few minutes, the driver appears with a car ready to take users to their destination with premium attention. It's a sophisticated, comfortable and low-cost business for the quality it offers but the possible threats cannot be ignored (Sheridan, 2017).
Mitigation of potential threats
To deal with these threats, the company need to take some serious steps to improve safety. The actions are 1) Verification of the people who register in the application; 2) Protecting the account of all users; 3) Taking care of the experience on all trips; 4) Offer the user safety functions in the application during each journey; 5) Keeping support and customer service active 24/7; 6) Guaranteeing liability insurance coverage on all trips; 7) and building a community with the best users and driving partners.
Uber needs to hire top security consultants with experience to deal with such threats. The goal should be to improve the company's processes and improve user experience. The company has implemented various functions aimed at improving the security of the app. During the last two years, there have been reported various incidents related to assaults to users. The steps described above would strengthen its strategy to strengthen user confidence.
Moreover, User verification, travel sharing and chat from the application, are the three functions that the Uber should implement to ensure the safety of its driving partners. The company must also be given importance to driver feedback and concerns. This will further enhance their technology and implement new security measures that will provide greater peace of mind and control to drivers (O'Leary, 2017).
Most of the uber users in the world have a Facebook account. This can be used to confirm the identity of users and it will be very beneficial to mitigate the potential threats. In addition, drivers must share the tracking of their trip in real time with one or up to five family or friends and should have at their disposal an emergency number available 24 hours a day, 365 days a year.
These functions can be added to those that already counts, such as the blocking of telephone numbers when calls are made to maintain the confidentiality of both driving partners and users. More functions and strategic alliances must be announced to improve the security of its users and drivers (Bawden-Davis, 2019).
Conclusion
Thus, Uber is a world-class transport service that has benefitted people from all parts of the world. However, this new technology has brought multiple security threats. The criminal activities which have been noticed in the past are worrisome. The strategic security policy of the organization needs to be improved in order to improve customer satisfaction. On the other hand, the safety of drivers is also very important. The recommendations given in this report are of great importance as they can help the company to fight against potential threats and vulnerabilities.
Bibliography
Admin, J. (2017). The History of Uber and their Logo Design. [online] LogoMyWay Blog. Available at: http://blog.logomyway.com/history-of-uber-and-their-logo/ [Accessed 26 May 2019].
Bawden-Davis, J. (2019). Uber Can Be Risky: 5 Reasons Why (for Drivers and Passengers). [online] SuperMoney!. Available at: https://www.supermoney.com/2016/05/5-reasons-uber-can-risky-choice-drivers-passengers/ [Accessed 26 May 2019].
Conger, K. (2017). Uber Is Getting A New Privacy Policy. [online] Gizmodo.com. Available at: https://gizmodo.com/uber-is-getting-a-new-privacy-policy-1818620713 [Accessed 26 May 2019].
Crook, J. (2019). Uber, Lyft implement new safety measures – TechCrunch. [online] TechCrunch. Available at: https://techcrunch.com/2019/04/18/uber-lyft-implement-new-safety-measures/ [Accessed 26 May 2019].
O'Leary, R. (2017). Who's Driving Security for Uber? | WhiteHat Security. [online] WhiteHat Security. Available at: https://www.whitehatsec.com/blog/uber-security-breach/ [Accessed 26 May 2019].
Sheridan, K. (2017). Uber's Security Slip-ups: What Went Wrong. [online] Dark Reading. Available at: https://www.darkreading.com/attacks-breaches/ubers-security-slip-ups-what-went-wrong/d/d-id/1330496 [Accessed 26 May 2019].
Subject: IT
Pages: 6 Words: 1800
Initial Investigation
Student’s Name
Institution
Course Code
Date
Table of Contents
TOC \o "1-3" \h \z \u 1.0.Summary PAGEREF _Toc6702034 \h 3
2.0.Background PAGEREF _Toc6702035 \h 4
3.0.Organization Structure PAGEREF _Toc6702036 \h 5
4.0.Business Function PAGEREF _Toc6702037 \h 6
5.0.Project Management PAGEREF _Toc6702038 \h 7
6.0.Project Schedule PAGEREF _Toc6702039 \h 7
7.0.Total Duration PAGEREF _Toc6702040 \h 8
Problem Description PAGEREF _Toc6702041 \h 8
8.0.System Capabilities PAGEREF _Toc6702042 \h 9
9.0.Business Benefits PAGEREF _Toc6702043 \h 10
10.0.Policies PAGEREF _Toc6702044 \h 10
10.1.0. Customers PAGEREF _Toc6702045 \h 10
10.2.0Staff PAGEREF _Toc6702046 \h 10
11.0.Risk Analysis PAGEREF _Toc6702047 \h 11
12.0.Cost benefit Analysis PAGEREF _Toc6702048 \h 11
13.0.Budget PAGEREF _Toc6702049 \h 12
Summary
The core aim of the project is to design and develop a system to help Eat Organic Food to solve some of the challenges it is facing in the market. It is important for the company to find a permanent solution to the problem. The best solution is the implementation of Information System, which can help the company to address its deficit in service delivery. Integrated Website would be the best recommended solution to the problem being faced by Eat Organic Food Company. This paper analyses the case of Eat Organic Food and provide detailed recommendation on system design and implementation.
Background
Eat Organic Food was founded by Ion Jones as a family business for production of food for domestic use. It is a partnership business owned by Ruth Jones ad Ian Jones. Ian believed he could do farming better and this made him to retire from his work as a mechanic to start farming. It is noted that Ian started farming using his back yard and expanded to neighbors’ backyard before expanding to a larger portions of land. Eat Organic Food has experienced growth since it was started and employees other employees to provide assistance. It has over six employees working for the company. Eat Organic Food is owned by Ian Jones and Ruth Jones and therefore, it is a family business. I am and Ruth is both married and Eat Organic Food was started by Ian to offer sustainable income for his family. Eat organic Food is well known as the provider of fresh and organic food and therefore, this has been used a critical business tool to create customer loyalty in the market. The business focus of East Organic Food is fresh vegetable produced without using any kind of pesticides. The company does not use any kind of artificial fertilizer in the production of food. This has helped the company to increase its market share faster creating a big challenge to the management on the efficient service delivery of orders made by customers.
Eat Organic Food has expanded over the last years. An assessment done established that it has increased its market share and this has increased demand of products from the company. As a result of increased demand, the company has employed some employees to help in sorting out customers’ orders and process for delivery. The number of customers with interest in Organic Food continues to increase daily. It has customers from various localities from across the country and this also act as a big challenge to the company and therefore, it requires a system which can help it address the problems of inefficiency in delivery services to customers. The information system will help the company to address the problems related to service delivery and become efficient in receiving, process and delivery of orders. The company receives hundreds of orders daily and without the system it is difficult to track and process all the orders for delivery.
The assessment established that Eat Organic Food has expanded its customer based over the last years. It delivers fresh food to customers and therefore, it faces challenges related to delivery of products to customers. However, the business focus of East Organic Food I fresh vegetable produced without using any kind of pesticides. The company simply does not use any kind of artificial fertilizer in the production of food. This has helped the company to increase its market share faster creating a big challenge to the management on the efficient service delivery of orders made by customers.
Organizational Structure
The organizational structure of Eat Organic Food is very simple and it is headed by a manager, Ian and Assisted by his Wife Ruth who is in charge of customer management. The company also has other employees, which helps it provide services to customers. In total, Eat Organic Food has a total of six employees.
Ian Jones
General Manager
Ruth Ian – Manager Customer
Marsha Staff
Christina Staff
Chris Staff
Cathy Staff
Figure 1: Eat Organic Food’s Organizational Chart
Project Management
The project is an ICT system design and development. Eat Organic Food intend to implement an ICT system which can help the company improve its service delivery. The project includes designing and development of website and CRM system which can be used to track products and also help clients in delivery products efficiently to customers. The project will be handled by a team of experts in ICT and project management to ensure that all the objectives of the project is meant. The project objective is to deploy an information system for the company to provide help in the efficient management of information. The project will be managed by Ruth Jones because of her knowledge in the customer management department. However, the implementation of the project to be done in phases, the first phase will be the assessment of the viability and the needs of the company. After the assessment is completed, the designing and development of the information system will start and completed with three months. However, each project team will be specific responsibility and the team expected to meet daily for brief on the status on each section of the project until the project is completed. It is important to have regular meeting to ensure that the project team are working together coherently, in meeting the objective of the project CITATION Kon12 \l 1033 (Konjaang, Tankia, & Laar, 2012). The project will be completed within six months from the time the agreement to design and developing the ICT system is signed.
System Vision development
Eat Organic Food Problem
Eat Organic Food has experience high growth hence increasing demand from the market. Customers have complaint of slow delivery of products. Orders take hours before they are received process and delivery to customers. The company is also not in constant contact with its customers and this make the company worried of losing customers if the situation remains the same for a longer time. It is therefore, evident that there is inefficient in service delivery because of the manual system being used by the company. Tracking payment is also a challenge to the company and the cost of delivery is also high because clients must call mutual to placed orders.
Solution
The best solution to the problem faced by Eat Organic Food is the implementation of ICT system. Eat organic Food receives order manually and this make it difficult for it to process all the orders. The designing, development and implementation of website with enterprise system is likely to help the company improves its service delivery. Through the information system, customers would be able to order products online, track the delivery of product and have constant interaction with customers. The system will allow clients to place orders using mobile phone or on their computers and track the products using the generated code. This is likely to improve the company market share and profitability. It will also help the company to build trust with customers and it might result into high level of customer loyalty, which can help improving the company market share in the food store industry.
Project Schedule
No
Description
Duration of each activity
1
Assessment
1 month
2
Designing and development of the software
3 months
3
Installation
1 months
4
Transfer of data
1 moth
5
Testing of the system
1 month
6
Training
1 month
7
Handing over
8
Launching
Total Duration
The implementation of the entire project to take 6 months, and it will be done in phases.
System Capabilities
The system automatically alert the company that a customer has made an order and immediately it is being processed and delivered to customers. The integrate website with CRM platform, will improve Eat Organic Food service delivery and ensure that all orders are processed and delivered immediately to customers. This will help the company to increase its market share hence increased profitability as well. The system has detailed functionality. Eat Organic Food’s client would able to place orders, monitor the order and delivery process using the system generated code. It shall gives customers an opportunity to create an account, view products being sold and chart with the company regarding the products, which are being sold. Through the system the company would be able to track all the deliveries to customers. The CRM offers a platform to keep track and good relationship with customers. Therefore, the system would also give the company a platform to receive feedback from customers. According to Wasson (2015, p. 18), feedback from customers are essential can be used customer management. The information are used analyze customers perceptive and use the information to provide services to customers.
Business Benefits
Eat Organic Food is likely to improve its market share because of the integrated website. It is because customers will be satisfied with the service delivery and therefore, many people would demand the service from the company. It is also likely to increase its profits due to increased market share CITATION Bla10 \p 12 \l 1033 (Blanchard & Fabrycky, 2010, p. 12). Eat Organic Food will therefore, increase its efficient in service delivery to customers. As a result it attracts both local and international investors, which is important for any start-up company with a vision to grow. Therefore, the system will give the company a larger market and attract investors, and therefore, the system will be a key ingredient for the future growth of the company.
Policies
. The company will have to implement policies to protect the system. The policies will be related to login and out to ensure that authorized person do not get accessed to the system CITATION Kon12 \p 28 \l 1033 (Konjaang, Tankia, & Laar, 2012, p. 28).
10.1.0. Customers:
The policy regarding the Automatic logout for inactive account for 30mins.
Customers will be required to create account using personal information, which is very unique. Customers will be required to key in First name and last time, personal identification number, email and telephone number.
10.2.0Staff
Automatic logout for inactive account
Unique identification for all the staffs, which will be used identify every entry to the system.
The level of access and security will also be given to staffs to avoid violation of data privacy.
Risk Analysis
There are several risk involved with the system which the company will have to addressed. One major risk is system vulnerability which should be addressed as a matter of urgent to avoid violation of data CITATION Tan14 \p 21 \l 1033 (Tan, 2014, p. 21). The data would be exposed to both internal and external attack, which should be addressed before it is launched for use. The internal attacks could be from virus and human attack and especially from employees. The attack from employees include carrying authorize flash disk, or information, which can compromised the system. In order to avoid any attack based on the vulnerabilities the company will be required to implement strict ICT policies.
Cost benefit Analysis
Information System improves service delivery and it is expected to benefit Eat Organic Food directly and indirectly. . The return of investment is expected to be high due to increase service delivery and market share. Therefore, the company expect to increase its profitable by at least 135% within 6 months. The cost benefit of the project is therefore, positive since it is also expected to help the company to attract investors which is a key strategy for the company to achieve its market growth.
Tangible benefits
Increase profit.
Improved service delivery to customers
Increased market share in the industry.
Intangible benefits
Increased market value.
It is likely to attract investors.
Positive feedback from clients.
Budget
The project o cost $65,000. This budget to fund designing and other logistics required for the project to be delivered.
Conclusion
It is recommended for the company to implement an effective ICT system to improve its customer service delivery. Based on the analysis of the company challenges, Eat Organic Food, require an elaborate integrated website, which can allow clients to purchase products online and receive them without much problems. The website should be integrated with CRM system to improve the relationship between the company and customers.
Bibliography
BIBLIOGRAPHY Blanchard, B. S., & Fabrycky, W. J. 2010. System Design and Development. New Jersey: Prentice Hall.
Konjaang, J. K., Tankia, B. A., & Laar, D. 2012. Design and Development of a Sales Management System for SMEs in Northern Ghana. International Journal of Innovative Research in Advanced Engineering (IJIRAE , 2-35.
Roth, D. W., & WIXOM, B. H. 2014. System Analysis and Design. Washington: RR Donnelley.
Tan, Y. 2014. INFORMATION SYSTEMS : System analysis. Journal of Information system , 2-34.
Wasson, C. S. 2015. System Analysis, Design, and Development: Concepts, Principles, and Practices. New York: John Wiley & Sons, Inc.
Subject: IT
Pages: 7 Words: 2100
Saroj Pandey
Report
28th Sept, 2019
ABSTRACT
The methodology describes that this study involved two sources of information while the preparation of this report. The primary sources include personal learning and co-operative group members. And the secondary sources of the report writing are previous internship reports, internet and the annual report of Warid telecom in Abu-Dhabi. “In this report, I conclude that warid telecom has the infrastructure, business set-up, and campaign management expertise to facilitate customers in building a solid reputation through the delivery of reliable technologies and services, along with dedicated management and customer service personnel”. The main area which is important to improve is the operation performance, training, and development of the employees. Most of the time training is conducted by the outs side of the organization. So we need to better develop their system hiring and maintaining the local staff. This can be achieved if the practical operations management scenario develops their procedures for the training and development of the employees.
“Table of Contents”
TOC \o "1-3" \h \z \u
Introduction 5
visio 6
mision 6
objectives 7 6
Description 6
Managing Operations Strategies
product service 7 Quality 7
Purpose 7
Analysis 7
Rules 8
consequences 8 tools 8
SWOTAnalysis 8
CONCLUSION AND RECOMMENDATIONS
BIBLIOGRAPHY
“Executive Summary”
In the first chapter, the purpose of the internship, scope of work, method of the information and scheme of the report has been described.
In chapter second, the historical background of warid, mission and vision statement of warid, ethical values, branch expansion strategy, organizational structure, and organizational structure of warid (franchise) is given.
In the third chapter, the HR activities of warid telecom, including an overview of HR, Job description, Job Specification, Job Evaluation and including HR functions Recruitment, Selection, Training, Development, and employee motivation, compensation strategies, Administration benefits, and international HRM aspects. In chapter four, including a SWOT analysis of the organization (Warid). And at the end of the report, the conclusion and the recommendation have been given.
1. Introduction
This report is aimed at studying and analyzing the telecommunication sector and different activates holding about operations management practices and policies in Warid telecom, Abu-Dhabi (Annual report, 2017).
“This is the report on an organization “Warid Telecom” came into existence in 23-May-2005. This corporation started by Sheikh Nahayan Mabarak Al-Nahayan”.
1.1 Scope of Work/Report:
Telecommunication is a very broad field to learn and experience due to the short period. I couldn't learn every aspect of managing operations strategies and HRM practices in the telecommunication sector. Evaluation of certain departments is carried out. Recommendations are given for the analysis. Accordingly, due to the short time frame, the scope of the internship was very confined.
1.2 Sources
Primary Sources:
There are two ways such as,
· Discussion with the employees of the HR department from time to time.
· Personal learning
Secondary Sources:
· Newspapers, Journals
· Annual reports
· Websites.
1.3 Limitations of the Report:
Due to the limited time frame of report, it was not possible for me to learn every aspect of telecommunication sector. The management also doesn’t allow the employees to describe every secrets of organization to an internee and operational performance in the organization. But the main factor that limits the areas of my report was the organization’s secrecy policy as well as the ethical responsibilities on my shoulders.
1.4 Vision
“The vision statement of warid is,
To be the leading national communication provider with a strong international presence.
Warid Telecom believes in working with strategic partners and employees for long term relationships.
1.5 Mission Statement of organization (warid):
The mission statement of warid telecom is,
With a reflection of a new strategy, the company mission is to be perceived not only as a telecommunication operator of voice services but also as a universal provider of comprehensive communications services for both residential and business customers.
1.6 Objectives
“Warid Telecom establishes the principles of total quality management which, blended with the tenets of active leadership ensures that the entire workforce dynamically participates in the company-wide efforts to achieve superior customer satisfaction. To ascertain that nothing important is neglected or overlooked and that everyone is an active participant in the overall process”.
2. Description of the company
The main idea, in this case, was that in the course of activities it is impossible to simultaneously achieve equally high results in all respects (Best et al., 2007). Focusing requires first of all determining development priorities, and then to concentrate management efforts on those company resources that allow achieving goals. The ethical values of the company are
Ø customer satisfaction
Ø Integrity
Ø Teamwork
Ø Commitment
Ø service
2.1 Product and Service
2.1.1“Quality:
Quality is a significant driver for its continuing success as well as that of its customers. The commitment to quality and the continuous improvement of services and processes enables us to consistently exceed customers' expectations. Management's active leadership assures that all employees participate in the company-wide total quality environment.
2.1.2 Hajj Service:
In this organization have started a special campaign for special Hajj package for this purpose they made special contracts with the Saudi Organizations i.e Aljawal and Etihad Al-Etisalat.
2.1.3 Al-Jawal:
For the subscribers who will choose the network of Aljawal, they have the facility of receiving an Incoming SMS free of cost from anywhere in the world.
2.1.4 Ethical Al Etisalat:
For using Etihad Al Etisalat network, 5 Outgoing SMS to all over the world are free of cost”.
2.2 Managing Operations Strategies:
Operational strategies are divided into types depending on the priorities allocated to the functioning of the business operating system. These priorities include cost minimization;
Development of flexibility of the operating system in terms of expansion
Nomenclature, assortment or changes in output. Development of the quality of aompany processes, products or services;
Minimizing lead time for custom orders.
The first two groups of operational strategies (focused on minimizing costs and developing the flexibility of operating systems) are traditional strategies. They are used in a this company from the first years of the development of classical management to the present day. The last two groups of strategies (development of quality and minimization of time) are new strategies, the emergence of which is associated with the implementation of modern standards for operating system management (Mutumba et al., 2016).
In this warid tel focuses on reducing the time for executing orders, business processes are carried out using the ideas of direct-flow movement of objects of labor based on the flow form of organization of activity. As a rule, this focused on the mass or large-scale type of operating systems that do not have high flexibility in terms of response to changes in the volume and content of demand. Similarly, it is rather difficult to ensure the flexibility of operating systems operating within the framework of a strategy of minimizing costs, which is largely achieved also based on activities of mass and large-scale type. In this company will achieve higher revenues and low costs are an undoubted advantage in developing a priority for product quality. In general, it can be said that no company should count on the fact that at the same time it will achieve the highest results in all performance indicators, namely in terms of cost, product quality, production flexibility, speed of development of new products, lead time for custom orders. On the contrary, each company must fulfill a limited number of tasks, and those that would best contribute to the realization of its main corporate goals (MUKORAKO, A., 2013).
2.3 “Purpose of Strategic Planning In Warid Tel”:
“The purpose of strategic or long-range planning is to assist a Warid Tel in establishing Priorities and to better serve the needs of its constituency. A strategic plan of organization is flexible and practical and yet serves as a guide to implementing programs, evaluating how programs are doing, and making adjustments when necessary. A strategic plan reflects the thoughts, feelings, ideas, and wants of the developers and molds them along with the organization's purpose, mission, and regulations into an integrated document”.
Warid is facing a lot of competitors in the telecommunication industry so due to that very reason strategic planning of Warid is very good (Annual report, 2018).
3. Analysis
Overview of practical operations management scenario in Warid Telecom:
The main direction of the restructuring of the management structure and its radical improvement, adaptation to modern conditions has become the massive use of the latest computer and telecommunication equipment, the formation on its basis of highly effective information management technologies.
3.1 Rules in Warid Tel:
“Managers and employees need to share a clear understanding of what is and what is not acceptable behavior within the organization. Unfortunately, in today’s workplace, an employer can be held liable for the bad behavior of an employee, especially when that bad behavior affects other employees, clients or individuals. Having a clear set of behavioral expectations is critical to establishing that we are not contributing to that bad behavior as an employer”.
3.2Consequences of rules violation in Warid Telecom:
“It is important that we clearly state consequences for violations of the behavioral standards so that employees know what to expect and have fair warning of those expectations”.
3.3 Tools:
The modern tool should manage the production process and continuously monitor its parameters to deviate from the acceptable values, starting from the planning stage of the sales order to the shipment of finished products to the consumer
The modern tool in an organization should implement a cost management methodology and cost centers. This technique requires planning the cost of products, approval of planned standards and monitoring deviations of actual costs from their standards for timely action. Cost accounting should be carried out at the places of their occurrence and allow management personnel to conduct analysis (Sabri, E.H. and Beamon, B.M., 2000). Based on the production plan and standard cost, the system must calculate the estimated cost of production. The system should ensure the unity of financial and management accounting data. In modern conditions of operation of the enterprise, it is essential that the data entered into the system be available immediately after the registration of the business transaction to everyone who needs them: from the accountant in the workshop to the manager of the enterprise. For example, the unity of financial and management accounting data. Financial and business operations should be registered in the system immediately after their completion. This will allow for the control of production at the level of production estimates.
4. SWOT Analysis:
The basic purpose of SWOT analysis is, that first to analyze the key strengths and then compare them to the competitors to gain a competitive edge against the competitors and then to sustain it. And to remove the weaknesses of the organization.
4.1 Strength:
The Network:
“Warid are partners with some of the leading vendors in the telecom industry, who help us in providing the best and latest network solutions for the businesses. These vendors include cellular giant Ericsson, Nortel, Siemens, Cisco, and Hawaii”.
4.2 Weaknesses:
Although along with some of the major strengths, there are some major weaknesses that the warid need to overcome. These weaknesses are described below.
4.2.2 Message problems:
This is the one problem, that warid recently is facing for its users. The message delivery is not good. Most of the time, the message cannot be delivered to the other operators.
4.2.3 Service delivery:
This is another very critical problem with warid telecom. Its service that they are given to the users is not effective. Most of the areas, the call is not connected by the users of warid, or even if it will get connected, during the call, it will be ended automatically.
Right now the series of warid is 0323. It’s also not effective. Some times, in some other net works including Paktel, PTCL, it will not be connected.
4.2.3 Promotional campaign
Although, the warid has started its promotional campaign, it’s not as effective, as its competitors have. Warid telecom is not adopting effective tools for their promotional campaign.
4.2.4 Management problem
One of the most important problems, due to which all of the above problems are occurring, is the problem of management. Although the warid telecom has invested a large amount in Pakistan. But they have skillful people to manage all their activities but not as competent as their competitors have. Warid is a very well known Organisation so they are not hiring competent or skill full employees. This is the most important problem. The warid telecom needs to overcome this problem and most of the above problems automatically vanished due to effective management (Izaguirre, A.K. and Perard, E., 2008).
4.2.5 Call Rates:
One of the major weaknesses of Warid is its call rates. Their call rates are very expensive as compare to their competitors. Their call rates to other networks are very much expensive as compare to their competitors.
4.5 Opportunities:
Warid is offering different opportunities to its potential employees.
4.5.1 Job opportunities:
This is the main opportunity that fresh graduates looked with some organization. Over time, as warid is working on a branch expansion strategy, there are opportunities for searching for a job with warid telecom.
4.5.2 Hajj services:
At the upper post of warid telecom, warid gives the services of employees to get the facility of hajj services on the head of warid. Recently, one employee from warid head office has gone at hajj on warid expenses. Even the salary of that person is not deducted.
4.5.2 Threats:
Every organization has some threats from the competitors.
Warid also have some threats currently facing from other mobile operators.
As technology is improving over time, warid needs to remain up to date with the new technology. Otherwise, it would not be possible to be run with the competitions.
There is another threat that, the different problems like service delivery, message problem, promotional campaign and call rates.
The weaknesses of warid telecom, the warid must need to resolve those problems, else it should be difficult for warid to continuously sustain its users.
4.6 Compensation Management:
Organization gains a powerful competitive advantage from a well designed compensation strategy, as part of an integrated approach to human resources. A poorly designed rewards program, on the other hand, can contribute to dissatisfied employees, excessive workforce turnover, and the inability to attract quality candidates.
Compensation strategy means taking an informed approach to rewarding employees relative to organisation competitors, in support of business culture and objectives. organisation help the clients establish the purpose of each component in the compensation package (including base salary, short-term and long-term incentives, benefits, perks, and recognition programs) as well as how the total package should be positioned versus the market.
5. Conclusions:
“Warid Telecom’s main aim is to provide the latest, cutting-edge technology, yet affordable.
Means of communication, catering to people from all walks of life. They have the infrastructure, business set-up and campaign management expertise to facilitate us in building a solid reputation through the delivery of reliable technologies and services, along with dedicated management and customer service personnel.
As fixed and mobile technology constantly evolves, excellent resources will enable the organization to develop new solutions that can enhance the demands and offerings by bringing new and innovative services to the market first.
With the world of business becoming increasingly sophisticated, the requirement for rapid, reliable and cost-effective solutions is critical to the success of the corporate clients and individual customers. Most businesses have a common range of requirements, but many have far more complex needs. As a dynamic company, Warid Telecom takes pride in its ability to respond rapidly and with great flexibility to meet individual customer needs”.
5.2 Recommendations:
Although Warid telecom is going at its best, still I would like to recommend something which I have observed that there are some flaws in the procedures and policies during my internship in Warid.
The network of Warid Telecom is not as superior as it could be. There are many problems with the network coverage. However, due to poor network coverage users are afraid to take the services of Warid Telecom. So I would like to recommend Warid Tel that Warid management should work on the network problems, so it should concentrate to improve the network coverage in all areas.
“Employee involvement and employee empowerment enable people to make decisions about their work. Employee involvement and employee empowerment increase loyalty and foster ownership. Warid not take as many inputs from their employees and not involve the employees in organization decision making”.
Another problem that I have seen in the organization is extensive paperwork. Managers and employees for issuance of anything even for a pen must fill the forms after approval they take that very thing so I recommend warid must minimize that vary thing. Gave authority to employees to use the things without using extensive paperwork.
“The external recruitment of Warid Telecom is not so effective and impressive. External recruitment and proper campaigns increase the popularity of the organization on the job market, which helps to improve the position for further expansion. On the other hand, eternal recruitment takes a lot of energy from the HRM to handle all the job candidates in the selection process. Thus Warid should improve its external recruitments campaign”.
Warid hiring criteria is not so much effective. They should hire only those employees who are competent and are highly qualified. The education criteria should be like a four-year Graduation or Masters Degree, thus not hire those employees whose qualification is less than four years of Graduation and Masters.
The turnover rate of employees in private sector organizations is more. However, the turnover rate of Warid is also high so Warid should use strategies to overcome the turnover rate. The organization can only be successful by retaining the best talent. Warid should more motivate its employees to retain the employees. If turnover is increasing ultimately productivity will suffer.
Job insecurity is another major problem in Warid Tel. The organization must minimize or overcome the job insecurity problems, Thus, I recommend to Warid must concentrate on the job insecurity problem.
Biblography
Best, R., de Valence, G. and Langston, C., 2007. Strategic management. In Workplace Strategies and Facilities Management (pp. 91-102). Routledge.
Sabri, E.H. and Beamon, B.M., 2000. A multi-objective approach to simultaneous strategic and operational planning in supply chain design. Omega, 28(5), pp.581-598.
Kim, W.S., Lee, M. and Kim, K.D., 2009. Strategic differentiation of internationalization in the mobile telecommunications industry: case studies. ETRI Journal, 31(1), pp.51-61.
Mutumba, A., Masese, A.W. and Sabano, S.O., 2016. Mutual Franchise Success as a Result of Strategic Staffing Fit in Mobile Telecom Business: The Moderating Effects of Complementary Resources. International Journal of Business and Social Science, 7(2).
Aziz, S.F., 2013. Changes of human resource practice between Warid Telecom and Airtel Bangladesh Limited after merger and acquisition.
Rafay, A. and Khan, A., 2016. Shift Towards Next Generation Networks (NGNs) for Sustainability: Evidence from an Emerging Economy. Journal of Cases on Information Technology (JCIT), 18(3), pp.1-12.
Ahmed, A., 2013. The Abu Dhabi Group plans to sell its 100% stake in WARID Telecom Private Limited (WTPL)–AHL Research. Investor Guide 360.
Galpaya, H., U i l S i P li i Af i A i Universal Service Policy in Africa, Asia.
MUKORAKO, A., 2013. INSTITUTIONAL FACTORS INFLUENCING CUSTOMER SATISFACTION IN WARID TELECOM VOICE SERVICES (Doctoral dissertation, Uganda Management Institute).
Izaguirre, A.K. and Perard, E., 2008. Investment Commitments in Sub-Saharan Africa Stayed at a Peak Level in 2007.
Annual Report (2017). Online available at: https://tcaabudhabi.ae/en/media.centre/2017.annual.report.aspx
Annual report (2018). https://www.adnocdistribution.ae/en/investor-relations/investor-relations/annual-report-2018/
Subject: IT
Pages: 10 Words: 3000
RUNNING HEAD: IT
Report on Westmead Hospital information security
By Frederick Lewis Allen
[Name of the Writer]
[Name of the Institution]
Contents
TOC \o "1-3" \h \z \u Introduction PAGEREF _Toc20066831 \h 2
Executive summary PAGEREF _Toc20066832 \h 3
Discussion PAGEREF _Toc20066833 \h 4
Conclusion PAGEREF _Toc20066834 \h 8
Introduction
Information security has become one of the main concern and area of focus for many hospitals. With the advancement of time, technology is getting towards the next level of advancement and institutions are becoming more conscious of their maintainance and upgrading of their IT security systems . For Westmead Hospital, securing data and its safe transmission is of central importance. Westmead hospital is focusing on implementing straightforward and strict security policies. It is also using more reliable security procedures so that it could keep its Information security networks more secure and could make sure safe transfer of the data so that confidential data of the patients could be protected. In order to conduct audit and monitoring practices, Westmead Hospital is trying to provide a safer and secure IT environment. For the security management, IT department of Westmead is training its best personnel to allocate resources effectively and proactively manage matter linked with information security so that fluctuating regulations and ever-evolving threats could be resolved timely. Information technology clears one thing that when technology is not handled carefully, institutes could get harm. Information security system and management plays a significant role in making Westmead trustworthy for people who are more concerned about their privacy and personal data.
Executive summary
In this paper, various aspects of IT security management has been highlighted as for the hospitals, it is important to manage and update the security system. In this report, there are certain areas that are providing basic information how Westmead is improving its information security system and encouraging its management to be equipped against all the challenges that all the other companies and security institutes are facing in order to increase authentication of its information system. In this report, not only challenges are being mentioned but at the same time, there have been given all the possible solutions. It has also been mentioned in this report that why information security departments are trusted so much when it is about the confidential data about which patients used to show much concern. There have been listed a number of benefits for which information department of Westmead designed its effective security policies. For avoiding the cyber-attacks, it is important to secure the information system. Information security department needed to be equipped with the latest technology and informational strategies. List of benefits is being given that sheds a light on why organizations and hospitals like Westmead are spending more time and money on improving their information security. In the health market competition is becoming tougher as people prefer to visit hospitals that provides better security to their details.
Discussion
With the advancement of technology, like other institutes, Westmead Hospital has also centred its focus on providing safety to the patient data that could be used for different purposes. For knowing and improving the level of safety of patient's data Westmead is trying to consider challenges that could serve as the real threat to the information security system of Westmead. There are certain areas that Westmead is considering while improving the security system so that personal details could be made more secure (Cucchiaro, et al, 2019, pp.S100-S101). Field of information security is at more risk of breaching and as the area of information technology is growing more, challenges and risks are also arising at same rate. Security management of Westmead Hospital have become more aware of confidentiality, integrity and uninterrupted availability of the required data (patient’s data in most cases) and these are the three main areas and concepts of security concerning computer systems. One of the main threats that Westmead information technology management is trying to mitigate is, checking the unauthorized access to the patient’s data, which they termed as the loss of confidentiality. For Westmead Hospital, confidentiality is an important attribute that provides its patient with confidence that their personal details and medical records are safe and would not be misused. Confidentiality could be at a risk when information would be shared or present on insecure networks. Security management of Westmead is trying to make its security networks more secure for which it is trying to use access control and authentication techniques. Integrity is another major area that is being focused on when critical safety of the patient's data is concerned. In the field of technology, there are many ways through which unauthorized alterations are being made in information. Both human errors and intentional tempering have become a real threat for the information security mamangement of Westmead.
Main challenges faced by Westmead Hospital in the area of information security
There are different attacks that the information security department of the Westmead Hospital is facing. Different security attacks that have become a risk for the information security are not easy to handle and for solving these security issues, management of Westmead needed to be updated regarding security challenges. Westmead information security management is currently working on mitigating few main issues that are becoming a real threat for its network security syste. Like all other major institutions, Westmead is trying to make its information system secure from security risks. Two of the main challenges that Westmead is facing at present are people and access control. The investigation has shown that one of the main causes of data breach from the information security system of Westmead is that people unintentionally do something that they should not (Australia, et al, 2019). People always try to access the control system or the associated data for which mostly they don’t have the proper guidance.
Next big security-related challenge that Westmead is facing is “authentication”. It has become difficult to know whether the information shared between the two hospitals or other parties is authentic or reliable as security systems could be hacked and information could be tampered. Authentication is of great importance as it has been seen that in some cases law agencies i.e. courts need medical reports so, in order to deal with the challenge of the threat of authentication, Westmead information security experts are trying to find best possible solution.
Rise of CaaS comes next on the list of challenges that Westmead Hospital is facing. Crime –as-a-Service is one of the ever-growing batches of malicious software-based elements. It is used for stealing the requirred data from any of the information systems and as it has already been mentioned that in some cases when the legal departments want any medical report from Westmead for patients, it becomes important for them to assure them of credibility of high-level security of the information system.
External breaches are another grasping challenge that encourages Westmead IT security management to pay more attention towards securing and updating patient’s data. It is considered as the most damaging security risk and it is because of the inherent vulnerability of the security policies and the framework. External breaches could be because of the poorly equipped security team, so Westmead is trying to providing its information security department with all the latest equipments.
Solutions
The main factor that Westmead is focusing on is designing high-quality software as it has been seen that most of the security risks and challenges arise because of the poorly designed software. So, it could be said that information management department must be focused on the designing of software that could not be tampered and hacked easily (Wurst, et al, 2019). Next element that has been given the most important is keeping into consideration the limitations of hardware. For finding the solution, it is important to understand what exactly security threat is and what is needed for coping with the challenges and fixing the breach.
Most of the information security issues arise because of personal negligence. Westmead information security department is focusing on hiring the well-trained security personnel so that the rate of personal error could be mitigated. Hiring people who are well-versed with knowledge regarding information security is being used as a solution as most of the issues are because of personal errors. This fact cannot be denied that all the potential challenges being mentioned above have solutions. Westmead is trying to find out a single cybersecurity solution that would meet all the needs and requirements of the security network and system. Solutions like cryptographic segmentation that could control and meet all the necessities is being considered. 3i Infotech comes first in mind when it is about solutions regarding information security. Systems and networks are interconnected so Westmead needs to have an effective and operative security that could check any kind of unnecessary invasions. 3i Infotech is being used by Westmead as it provides end-to-end solutions to the hospital. One of the most effective solutions that are being used by Westmead is preventing data from being stolen. Leaking of the data is the main threat to the whole of the network or system. So like most of the other hospitals, Westmead is also aiming at providing proper protection and security to the networks and systems.
Advantages of the effective information security system
It is important to mention purpose of improving and updating the information security. There are various reasons for which information securityof Westmead is upgraded and proper department of security was founded. Data of the patients is one of the most private and confidential things that Westmead wants to protect so, preventing data theft is given the maximum value. Information security is also helpful for thwarting identity theft so that personal details of the patients could be safeguarded. Numbers of cases have been seen in which the hospitals are being charged with the allegation of not securing patient’s data so information security also helps in avoiding the legal consequences of not screening information. Maintaining information security systems also help in increasing the productivity of the hospital. Information security helps in the streaming of the communication as hospitals and government institutes need to share the patient information most of the time, so for the smooth flow of information and facilitating the communication, information security department plays an important role. IT security department of Westmead helps in storing and safeguarding valuable information. IT of Westmead is famous for storing, preserving and maintaining information and it is another domain for which this department is known for (Makeham, et al, 2019, pp.S3-S4). IT helps in storing, sharing and having the backup of the files that could be accessed for later use. Though IT seems expensive when it is implemented for the first time but in long run, it becomes cost-effective, as it streamlines the hospital's managerial and operational processes. IT helps in improving Westmead’s internal processes by reducing the time spent outside of work and reducing the coverall cost. This department also helps in creating jobs for those who show interest in this field of information security. Information security also helps in improving the economic conditions of a country. Westmead by improving its information security networks and systems is competing with the top rank hospitals of world.
Conclusion
Taking a look at the above-mentioned facts related to information security network and system, it could be concluded that providing hospitals with safe security is much more important than providing security to any other organization as hospital industry is highly information-intensive and involves more human interferences that lead towards more human errors. Generally, it has been witnessed that professionals (doctors and nurses) linked with health industry usually lack cybersecurity information and knowledge. Information security department of Westmead is responsible for taking care of all the operations by making sure the safety of patient’s data. Taking into consideration all the challenges, it won’t be wrong to say that keeping in consideration the latest happens in the field of information technology has become important As a whole, it could be promulgated that information security risks need to be taken seriously in order to avoid damaging breach that may threaten the reputation of Westmead hospital. Westmead higher management knows how important is to secure the information security. Patients must be realized that they are in safe hands and their confidential information is safe and secure. Training of security personnel is also an important factor that helps Westmead in avoiding many security threats and risks. Selecting and training highly competent people is an important factor that could make this hospital more trustworthy for the patients.
References
Australia, H., 2019. The public and private hospital systems.
Cucchiaro, S., Delgaudine, M., Princen, F. and Coucke, P., 2019. OC-0194 Continuous improvement by crossing patient satisfaction surveys, adverse events and complaints. Radiotherapy and Oncology, 133, pp.S100-S101.
Makeham, M.A. and Ryan, A., 2019. Sharing information safely and securely: the foundation of a modern health care system. The Medical Journal of Australia, 210(6), pp.S3-S4.
Wurst, B.E., 2019. Systems and methods for biometrically retrieving medical information. U.S. Patent Application 10/204,704.
Subject: IT
Pages: 7 Words: 2100
Initial Investigation
Student’s Name
Institution
Course Code
Date
Table of Contents
TOC \o "1-3" \h \z \u 1.0.Summary PAGEREF _Toc6702034 \h 3
2.0.Background PAGEREF _Toc6702035 \h 4
3.0.Organization Structure PAGEREF _Toc6702036 \h 5
4.0.Business Function PAGEREF _Toc6702037 \h 6
5.0.Project Management PAGEREF _Toc6702038 \h 7
6.0.Project Schedule PAGEREF _Toc6702039 \h 7
7.0.Total Duration PAGEREF _Toc6702040 \h 8
Problem Description PAGEREF _Toc6702041 \h 8
8.0.System Capabilities PAGEREF _Toc6702042 \h 9
9.0.Business Benefits PAGEREF _Toc6702043 \h 10
10.0.Policies PAGEREF _Toc6702044 \h 10
10.1.0. Customers PAGEREF _Toc6702045 \h 10
10.2.0Staff PAGEREF _Toc6702046 \h 10
11.0.Risk Analysis PAGEREF _Toc6702047 \h 11
12.0.Cost benefit Analysis PAGEREF _Toc6702048 \h 11
13.0.Budget PAGEREF _Toc6702049 \h 12
Summary
The purpose of the project is to design and develop a system will could help Eat Organic Food to address some of the challenges the company is facing in the market. It involve analysis the company challenges and deriving the solution. Eat organic Food main problem is lacking of information system which can help the company to deliver service to customers. In this project., Eat Organic Food is analyzed and solution to the problem is provided. The problem can be addressed through the implementation of integrated website.
Background
Eat Organic Food is a medium sized company, which produce organically certified food for its customers. It was started by Ian Jones who believed that he was born to be a farmer. Ian Jones retired from mechanic job to pursue a career in farming because he believed he could do a good farming. Eat Organic Food has expanded in the last few years to become one of the largest companies producing organic food for domestic use. Ian started the company in its backyard and utilized neighbors’ unutilized land to increase its produces before expanding to a larger farm. Eat Organic Food is a partnership company owned by Ian and Ruth being managed as a family business. It has over six employees Ian, Ruth, Chris, Christina, Cathy, Charlie and Marsh who are providing assistance in the farm in terms of repair and other essential deliveries. It is important to point that Eat Organic Food was started to produce food for house use but within few months the aspect of business change due to increase interest from neighbors and other people interested in organic food. Eat Organic Food is a proud company for only producing organic food for customers and this is what has given it an advantage in the market.
The assessment established that Eat Organic Food has expanded its customer based over the last years. It delivers fresh food to customers and therefore, it faces challenges related to delivery of products to customers. However, the business focus of East Organic Food I fresh vegetable produced without using any kind of pesticides. The company simply does not use any kind of artificial fertilizer in the production of food. This has helped the company to increase its market share faster creating a big challenge to the management on the efficient service delivery of orders made by customers.
Eat Organic Food sells fresh and organic food to customers from various locations in the country. This requires efficient processing or order and delivery of the products to customers and since, the company is a middle sized company, it lacks the system, which can provide help in efficient service delivery to customers. It is established that the customers only make calls and then order are processed, which has proved to very difficult of to follow. It is therefore, important for the company to have an ICT system which can provide help in service delivery. The information system would be able help the company mitigate some of the complex problems being faced by the company. The implementation of the information technology will help the company to mitigate the problems related to issuing and delivery of orders, which have been identified as a major problem.
Organization Structure
Eat Organic Food has over six employees working in various departments or area to ensure the company delivers efficient services to customers. Eat Organic Food was founded by Ian Jones who is the Chief Executive Officer of the company. Ruth is also one of the employees of the company. Ruth is married to Ian and she is in charge of customer relationship management. Other employees are Chris, Christina, Cathy, Charlie and Marsh. Each of these employees has responsibilities to deliver. In position and rank Ian Jones is the CEO, Ruth Jones is the Customer relationship Manager and the rest of employees are in charge of delivery and farm technical support.
Figure 1: Eat Organic Food’s Organizational Chart
Business Function
Eat Organic Food provide fresh and organic food to customers. The company’s customer based has increased in the last few years and this demand efficient service delivery to customer. Eat Organic Food is regarded highly in the market because of the fresh food it produce and the use of organic manure has also made the company to increase its market share faster. It is therefore, important to point that Eat organic Food sells fresh vegetable, milks, chicken and other food products. All the food the company sells it produces locally using organic manure. In order to accomplish this Eat Organic it requires efficient and effective information system to help in service delivery to customers.
Project Management
The intended project is the system design for the company. Eat Organic Food intend to design website and other system, which can help the company in improving its service delivery. The system design project will be done by a team of experts in ICT and project management. The team intends to work on the project based on the assesssment conducted by the company. In order to efficeienlt implement the projecrt, it will be important to implement the project in phases. The first step would be the assessment of the company to understand its operations. This will take at least 1 month. After that the ICT expert will start designing and developing the system required to solve the problem faced by the company. The designing and development of the system will take approximately three months. And the implementation of the projecet is expected to take a maximum of 6 months.
System Vision development
Eat Organic Food faces challenges related to inefficient service delivery. The company does not have platform, which customers can use to make orders and track delivery of services as well. This has made customers to raise a lot of questions and complaints due to inefficient service delivery. It takes several hours for the company to process and delivers products to customers. The problem makes it difficult for the company to engage customers and this can affect its service delivery. The entire problem arises because it does not have system, which can help the company track the orders, process and deliver food. It is therefore, proposed that Eat Organic Food should implement an ICT system to help in addressing the bottleneck. The system would be an integrated website with CRM. This system will provide a platform, which clients can use to order for products and monitor or track the product when being delivered. It intends to reduce the time speed processing and delivery of orders.
Project Schedule
Project Schedule and Time
Project Schedule
No/S
Description
Duration of the Project
1
Assessment and signing agreement
2 months
2
Designing and development of system
3 months
3
Installation of the system
2 weeks
4
Trial of the system
1 weeks
5
Transfer of data to a new system
1 month
6
Training of staffs
1 month
7
Handing over the system
1 week
8
Launching of the system
1 week
Total Duration
Theentire roject will take a maximum of 6 months to complete. The first one month will be for asssement, and assignment agreement. This will make the beginning of the project.
Problem Description
Eat Organic Food experience problem related to inefficient service delivery. Interview with Ruth revealed that Eat Organic Food has experienced increase in market share and therefore, it receives several orders, which it can process efficiently. This is likely to affect the performance of the company negative in the market if it is not resolved immediately. Several customers are making orders and it takes the company hours before each order is processed and delivered. This is because the company is using manual system to receive and deliver orders. It is also noted that some of the orders are not being processed due to lack of system to track all the orders and process them for deliver. Therefore, lack proper mechanism to process and deliver orders for clients is a major problem, which Eat Organic Food faces.
It is therefore, important for the company to find a permanent solution to the problem. The best solution is the implementation of Information System, which can help the company to address its deficit in service delivery. Integrated Website would be the best recommended solution to the problem being faced by Eat Organic Food Company. The integrated website will include customer relationship management CRM or enterprise management system ERS application. The system would give the clients a platform to make orders and monitor delivery. It is likely to increase and improve delivery of orders to customers. The website shall be user’s friendly and contain all the list of products being offered by company. Clients will not be required to make calls after making an order (Roth & Wixom, 2014). The system automatically alert the company that a customer has made an order and immediately it is being processed and delivered to customers.
The integrate website with CRM platform, will improve Eat Organic Food service delivery and ensure that all orders are processed and delivered immediately to customers. This will help the company to increase its market share hence increased profitability as well.
System Capabilities
The system is an elaborate system which provides a detailed functionality. Customers will able to place orders, monitor the order and delivery process using the system generated code. It shall gives customers an opportunity to create an account, view products being sold and chart with the company regarding the products, which are being sold. Through the system the company would be able to track all the deliveries to customers. The CRM offers a platform to keep track and good relationship with customers. Therefore, the system would also give the company a platform to receive feedback from customers. According to Wasson (2015, p. 18), feedback from customers are essential can be used customer management. The information are used analyze customers perceptive and use the information to provide services to customers.
Business Benefits
Eat Organic Food is likely to improve its market share because of the integrated website. It is because customers will be satisfied with the service delivery and therefore, many people would demand the service from the company. It is also likely to increase its profits due to increased market share CITATION Bla10 \p 12 \l 1033 (Blanchard & Fabrycky, 2010, p. 12). Eat Organic Food will therefore, increase its efficient in service delivery to customers. As a result it attracts both local and international investors, which is important for any start-up company with a vision to grow. Therefore, the system will give the company a larger market and attract investors, and therefore, the system will be a key ingredient for the future growth of the company.
Policies
For efficient operations of the system, an effective policies and will be required to maintain the privacy of the system. The company will have policies related to login and out to ensure that authorized person do not get accessed to the system CITATION Kon12 \p 28 \l 1033 (Konjaang, Tankia, & Laar, 2012, p. 28). The policies will cover staffs and customers as well. The system will have automatic logout for customers and staffs. The accounts of staffs and customers which are inactive for more than 30mins will automatically be signed out.
10.1.0. Customers:
The policy regarding the Automatic logout for inactive account for 30mins.
Customers will be required to create account using personal information, which is very unique. Customers will be required to key in First name and last time, personal identification number, email and telephone number.
10.2.0Staff
Automatic logout for inactive account
Unique identification for all the staffs, which will be used identify every entry to the system.
The level of access and security will also be given to staffs to avoid violation of data privacy.
Risk Analysis
There are several risk involved with the system which the company will have to addressed. One major risk is system vulnerability which should be addressed as a matter of urgent to avoid violation of data CITATION Tan14 \p 21 \l 1033 (Tan, 2014, p. 21). The data would be exposed to both internal and external attack, which should be addressed before it is launched for use. The internal attacks could be from virus and human attack and especially from employees. The attack from employees include carrying authorize flash disk, or information, which can compromised the system. In order to avoid any attack based on the vulnerabilities the company will be required to implement strict ICT policies.
Cost benefit Analysis
The implementation of the system will benefit the company directly and indirectly. The tangible benefits will be based on increased profit as a result of increased market share. It is expected to increase its profit by at least 135% within the first six months after the completion of the project. The project is expected to be funded with approximately $50,000. This amount will go into system design and integration and development of website. However, Eat organic Food is expected to increase its market share based on the service delivery. The return of investment is expected to be high due to increase service delivery and market share. Therefore, the company expect to increase its profitable by at least 135% within 6 months. The cost benefit of the project is therefore, positive since it is also expected to help the company to attract investors which is a key strategy for the company to achieve its market growth.
However, the intangible benefits would be related to make share growth, which is a key benefit of the project. The increase market share is likely to change the market setting and this is one ways which the company would help the company to get potential investors. The tangible benefits include increased profit. Eat Organic Food is likely to receive positive feedback from clients and other competitors and this will allow the company to competitors effective with its market competitors.
Budget
It is expected that the project will take $55,000, which will be used for assessment, development, the implementation and training of employees. It is also pointed that almost 45% of the budget for the project will be spend to design and development of the system required by the company.
Bibliography
BIBLIOGRAPHY Blanchard, B. S., & Fabrycky, W. J. 2010. System Design and Development. New Jersey: Prentice Hall.
Konjaang, J. K., Tankia, B. A., & Laar, D. 2012. Design and Development of a Sales Management System for SMEs in Northern Ghana. International Journal of Innovative Research in Advanced Engineering (IJIRAE , 2-35.
Roth, D. W., & WIXOM, B. H. 2014. System Analysis and Design. Washington: RR Donnelley.
Tan, Y. 2014. INFORMATION SYSTEMS : System analysis. Journal of Information system , 2-34.
Wasson, C. S. 2015. System Analysis, Design, and Development: Concepts, Principles, and Practices. New York: John Wiley & Sons, Inc.
Subject: IT
Pages: 7 Words: 2100
CRM Report
Student’s Name:
University Affiliations:
Professor’s Name:
Course Title:
CRM Report
Customers are considered as a vital asset for any business and they can easily be managed through the utility of a CRM software (Gonzalez & Venturini, 2017, Pg.427). The delivery of top-notch quality products is enough reason to have your clients loyal and happy and this attainment is measured through sales made. To have consistent sales can be a challenge for e-business companies especially when one does not have the right means of carrying out the activities that contribute to high sales. Well, currently most organizations have discovered the secret to having more customers through the use of customer relationship management (Venturini & Benito, 2015. Pg. 873). The system can help an online entity increase its sales greatly without facing huge operation costs. In the past years, the term CRM has spread rapidly in the business world since it has helped in making profits through increased sales (Venturini & Benito, 2015. Pg. 871). This paper is driven towards developing an e-business application through a CRM software.
The chosen application will aid in managing; accounts, contacts, opportunities, meetings, leads, sales, procurements, workflow marketing, and activity streams. The CRM software used for this task is the SuiteCRM tool. The latter was chosen due to its diversity and efficiency. The name of the organization chosen for the task is – Zuntram food export. The online business is engaged in making supplies of varied dehydrated food products worldwide hence the need of having an established platform that one can organize and control customers and sales.
Manage Accounts
A CRM software application can do so much for a firm. It can assist in storing data collected from; meetings, forums or through other communication channels (Venturini & Benito, 2015. Pg. 871). However, one of the most relevant of its functions is account management. Through an account management software, the company will be empowered to keep track of any account information in an up to date and organized manner. In a CRM software, the function of account management is made up of varied key functions. The essence of account management is attaining motion whereby a firm can attain the next deal which requires the accounting department to collaborate with the sales team (Venturini & Benito, 2015. Pg. 873). Through account management, sales representatives can close more important deals through the access of deals made, contacts and other relevant data. A complete view of managed accounts helps in keeping track of any improvements or downfalls that need to be rectified. The accounts team is also able to configure sectors that need improvements.
Manage Contacts
The process of contact management in a business is the recording of clients' contacts to enhance monitoring of interactions (Venturini & Benito, 2015. Pg. 873). The systems of handling this function have slowly evolved into the aspects of most Customer Relationship Management Systems. Through such applications, companies can manage their contacts, which help in improving services and sales levels. It is eminent that customer relationship management evolved from contact management. Each interaction with any contact can aid in making a sale or a referral. Follow-ups are also made possible through the organization of customer's contacts. SuiteCRM has premium services which can be considered as the next evolution of management of contacts known as cloud-based CRM software. The function enables an organization's employees to update the CRM with the latest data concerning contacts from wherever they are situated. This can be carried out for as long as one has a web-enabled device. The feature is made possible by the fact that a company's data is collected in a single database, therefore, making it possible to input new or updated data, which instantly becomes visible to relevant parties in the company. Integration of customer information through a CRM enables a company to keep in touch with clients, which is important in promoting customer loyalty.
Manage Opportunities
Opportunity management when it comes to getting new clients or in making new sales is an important requirement for a firm that wants to succeed or to expound its selling efforts (Venturini & Benito, 2015. Pg. 875). When a lead shifts into the sales pipeline, it turns to be an opportunity. This ultimately means that there is a real chance for the sales force to be a closed sale. Qualifying to get a lead seems to be simple but when it comes to opportunity management things turn to be a bit complex. This is brought out by the fact that there are higher stakes hence more time and effort are required to maintain the opportunity.
Activities involved at this point include; the engagement of the right people from the export company, creating relevant presentations and making sales techniques that should be shown to the persons interested in making the imports (Venturini & Benito, 2015. Pg. 875). At this point, individuals from other departments are likely to get involved. Through Customer Relationship Management software, a company is given the platform to take control of its opportunities (Venturini & Benito, 2015. Pg. 873). Zuntram Food Export has the responsibility of making sure that there is consistency during all stages that portray some opportunity. Through the application, the company can identify relevant priorities that can purchase products and manage these leads accordingly by the use of the ‘manage opportunity' feature.
Manage Meetings
Customer Relationship Management software is dedicated to making sure that an organization can manage its activities, strategies, and plans (Lok & Dimantha, 2016. Pg.14). Meetings handled by the firm are vital in making primary decisions, strategies, and ventures that may lead to sales. It is therefore important to keep up with all meetings held that are linked with the company's business. Through proper management of meetings, Zuntram will manage to develop better relationships between workers and administrators or between the sales team and the customers. Being prompt in meetings can help in gaining customer loyalty and can be a means of retaining clients. The SuiteCRM acts as a great management strategy for both formal and informal meetings linked to the company. The tool has developed a simple user interface through which users can key in when they have meetings and the persons involved in the meetings making it easier for follow-ups. Reminders are also provided days before the meeting for adequate preparation. CRM software will help the business to optimize its clients' interactions before and after meetings. This is carried out by streamlining complex clients' interaction processes. Optimization of business meetings helps in improving customer satisfaction (Lok & Dimantha, 2016. Pg.10). One of the paramount benefits of lead management is that it offers updates about customer data, this means that firms do not have to wait for quarterly reports to make new sales strategies. With great access to clients' insights, firms can obtain the best from the CRM software. Zuntram team plans on paying close attention to customer data reports to get an insight into the best decisions to make while trying to convert leads into paying clients.
Manage Leads
It is one thing to obtain leads but it is another thing to turn best-qualified leads into bringing in profits (Ahmad et al, 2019. Pg. 125). This makes the management of leads to be a very important process in any company. By the use of CRM software, an organization can track conversations with clients making sure that the leads are converted into sales. Management of leads is crucial when a company's sales team is focused to increase revenue or sales. Having a better management of leads through CRM does not merely help the sales team to be on top when it comes to maintaining qualified leads, it also assists them in cultivating firm relationships with existing customers and leads. Through the continuous process of tracking customers' patterns and needs, the sales team becomes better equipped with proficient customer service (Kumar & Reinartz, 2018. Pg. 242). SuiteCRM is enabled to generate capable leads and those which are likely to be fruitless.
Manage Sales
One of the core objectives of companies; large, small or medium is to accelerate sales for a long period (Cruz & Vasconcelos, 2015. Pg, 27). Through the utility of SuiteCRM, the company has the ability to create a plan of action that can help to reach out to customers interested in our products and prompt them to make export purchases. Hereby are some of the several ways through which Zuntram Food Export will increase its sales through SuiteCRM.
Elimination of Inactive Activity; If a business attains unnecessary costs, this means that the business will be acquiring hidden costs. In a business sense, such costs should be avoided in all means possible. When the CRM application will be used by Zuntram Food Export online business, the sales team will manage to align activities depending on target customer prospects and data, this avoids approaching wrong customers. Through such an organization, the firm will manage to present relevant information to appropriate clients at the right time. Through the utility of the application, the sales team will manage to develop an accurate plan in keen consideration of profitable activities that can enhance sales for the business. Lastly, the firm will manage to easily handle day to day activities such as; lead follow-ups, sales history, call lists, call reminders and also manage data relating to loyal contacts. All of the latter are relevant in ensuring that an organization can plan its schedule in a manner that it can contribute to higher sales.
Increase the momentum: The CRM system will aid in the recording of fundamental activities according to customers and time(Ahmad et al, 2019. Pg. 124). Through the help of an automated system, the sales team will manage to accelerate touchpoints for clients. For instance, the firm can automate approvals related to sales such as; timelines, start dates, stock at hand and discount requests. Through the Suite CRM application, the firm will manage to maintain its workflows, which aids in attaining faster approvals. This by itself helps in having a fast turn-around and an improvement in customer service. Delays experienced in delivering orders will be eliminated. With an elaborate CRM, an online business can manage to attain target sales only with the right organization. With proper planning, workflow processes can be easily handled without involving too much labor which saves the company a lot.
Manage Procurements
Procurement executives in a firm can adapt CRM to help in establishing priorities, allocating resources and also in engaging relevant stakeholders (Hennekey et al, 2016. Pg 862). The customer relationship management software is enabled to support procurement and supply management in vast ways. In conventional means of managing procurement, e-mails are used often in making follow-ups and sales (Ahmad et al, 2019. Pg. 125). However, this has changed over time. CRM is developed in a manner through which suppliers and procurement communities can easily assess real-time data and utilize it in making profits. The software supports procurement activities due to the availability of corporate memory. CRM has a platform that is enabled for discussion groups and for transmission of knowledge which are important activities in procurement. Lastly, Zuntram will benefit from SuiteCRM since it is well integrated to ensure that suppliers can consistently communicate with clients concerning products they need supplied to their destinations.
Manage Workflow
Most companies find numerous advantages through the management of tasks and other workflow processes by the use of CRM software (Gonzalez & Venturini, 2017, Pg.425). The software is developed in a manner through which clients' contacts can be processed and saved in on orderly manner. For most companies, the CRM software ensures that the whole system tasks and workflow are adequately managed since most of the firms are centered on clients. It is a brilliant idea for Zuntram to use SUiteCRM considering the numerous tasks that should be handled on a daily basis. There are vast functions that are involved in the management of workflow. The CRM software helps in planning the company's sales funnel since it has the capability of comprehending clients' lifecycles (Venturini & Benito, 2015. Pg. 873). SuiteCRM is enabled to automate varied tasks that are quite time consuming. These automated tasks include; communication with clients, setting up a meeting, doing follow-ups and creation of orders as per the client's instructions. One prerequisite task in any company is communication which can be carried out through SuiteCRM. The CRM increases chances for communication in vast ways. To obtain the best workflow management, it is important to integrate the CRM application with other apps.
Manage Marketing (Campaigns, surveys)
A Customer Relationship Management system helps in generating extensive contact records as well as focused tracking reports (Cruz & Vasconcelos, 2015. Pg, 27). Through the software application, the business can manage to track which sales or marketing tactics are efficient with their clientele. The software is developed in a manner that important contacts that can help in marketing can be accessed.
A modern CRM such as SuiteCRM is integrated with marketing tools so that online businesses or rather companies can develop efficient email campaigns, create advertisements and keep up with trending prospects in one's funnel. Through the CRM application, Zuntram Food Export will keep track of relevant business prospects that can help in marketing such as; famous online searches, trending customer interests and elaborate marketing campaigns used by competitors. Through the utility of the organization's sales interactions, the company's marketing team can configure frequently asked questions in their marketing campaigns. Such data is also important in comprehending the concerns of the firm's relevant clients and how these concerns should be addressed during advertisements. Through a well developed CRM, the company can manage to create a cost-efficient marketing platform that targets the most important clients. The SuiteCRM has features that will aid in setting up relevant promotions for profitable groups and execute at the best time. Through this marketing optimization, the firm allows itself to grow and increase its revenue.
Manage Activity Stream
Through an integrated CRM, Zuntram will allow its employees to access an activities list that has been performed over a certain period. Records provided will have comments' interfaces through which the users can post or comment about the activities. The platform helps the workers to easily track current updates in the entire firm through records and from other users' posts. (Kumar & Reinartz, 2018. Pg. 242) SuiteCRM activity streams can be accessed through record views, a module list or through a dashboard. Activity streams help in making important follow-ups that are relevant in developing Zuntram establishment.
Sources
A Al-Homery, H., Asharai, H. and Ahmad, A., 2019. The Core Components and Types of CRM. Pakistan Journal of Humanities and Social Sciences, 7(1), pp.121-145.
Cruz, A. and Vasconcelos, A., 2015. A Reference Application Architecture for the CRM Domain: The Portuguese Citizen Space Case Study. International Journal of Enterprise Information Systems (IJEIS), 11(2), pp.24-49.
González-Benito, Ó., Venturini, W.T. and González-Benito, J., 2017. CRM technology: implementation project and consulting services as determinants of success. International Journal of Information Technology & Decision Making, 16(02), pp.421-441.
Kumar, V. and Reinartz, W., 2018. Impact of CRM on marketing channels. In Customer Relationship Management (pp. 237-264). Springer, Berlin, Heidelberg.
Lok, S.H. and Dimantha, R., PROTEL COMMUNICATIONS LIMITED, 2016. Unified integration management—contact center portal. U.S. Patent 9,521,207.
O'donnell, C., Pitre, A., Schnitt, M., Sit, E., Hennekey, T., Ball, M., Brown, G., Kaplow, Z.E., Sobin, Z., Williams, J. and Neuwirth, M., 2016. Method of enhancing customer relationship management content and workflow. U.S. Patent Application 14/854,591.
Venturini, W.T. and Benito, Ó.G., 2015. CRM software success: a proposed performance measurement scale. Journal of Knowledge Management, 19(4), pp.856-875.
center48577500SUITE CRM APPLICATION SCREENSHOTS
-47625039179500
-75565043243500
center5016500
center1482090
-5143502540
-6477008890
center55118000
-62865143688000
Subject: IT
Pages: 15 Words: 4500
Detailed Analysis of Security in in Operating Systems
1st Author
1st author's affiliation1st line of address2nd line of addressTelephone number, incl. country code
1st author's E-mail address
2nd Author
2nd author's affiliation1st line of address2nd line of addressTelephone number, incl. country code
2nd E-mail
3rd Author
3rd author's affiliation1st line of address2nd line of addressTelephone number, incl. country code
3rd E-mail
ABSTRACT
The paper is intended to cover a Detailed analysis of Security in Operating Systems. It will involve explanations of different types of operating systems including bash, time sharing, distributed and network operating systems and cover central criterions which are required to meet including user accounts management, account policies, file systems and security of network services. It will also explain how to avoid threats due to inadequate operating system security, which are based only on user identity information and require to achieve kernel level security. The paper will extensively cover possible security issues using conventional operating systems with details of various security levels, including D, C1, C2, and B2, until A1, which is considered as the most secure level, where most operating systems are secure up to C2 or below. Recent cases study that provide secure operating system controls on kernel level will also be discussed.
Keywords
Security of Operating System; Kernel Level
INTRODUCTION
1.1 Operating System
Operating system is a low-level software that works as an interface to link the computer user and hardware of a computer. It manages all tasks relating to software and hardware like scheduling tasks and managing peripherals. The operating system acts like a ‘manager’ to provide memory, central processing unit and storage to multiple programs running simultaneously.
Figure SEQ Figure \* ARABIC 1-General Operating System ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"sbTnCChy","properties":{"formattedCitation":"[8]","plainCitation":"[8]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/JowGESj9","uris":["http://zotero.org/users/local/YgsdZK9k/items/YQRXKH3U"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/YQRXKH3U"],"itemData":{"id":110,"type":"webpage","title":"Operating Systems","URL":"https://www.cl.cam.ac.uk/teaching/1011/OpSystems/os1a-slides.pdf","author":[{"literal":"Steven Hand"}],"accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [8]
1.2 Operating system security
Operating system security (OS Security) is a vital process to ensure the availability, discretion and integrity of an operating system. OS security includes a set of measures which shield the OS from distant hacker attacks, malware invasions, warms, viruses and threats. OS Security is established in multiple ways which include:
LITERATURE REVIEW
The first operating system was introduced in early 1950s. In ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"9vhlKA81","properties":{"formattedCitation":"[2]","plainCitation":"[2]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/hsp11vdX","uris":["http://zotero.org/users/local/YgsdZK9k/items/YQMBYQ65"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/YQMBYQ65"],"itemData":{"id":91,"type":"book","title":"Classic Operating Systems: From Batch Processing to Distributed Systems","publisher":"Springer Science & Business Media","number-of-pages":"597","source":"Google Books","abstract":"An essential reader containing the 25 most important papers in the development of modern operating systems for computer science and software engineering. The papers illustrate the major breakthroughs in operating system technology from the 1950s to the 1990s. The editor provides an overview chapter and puts all development in perspective with chapter introductions and expository apparatus. Essential resource for graduates, professionals, and researchers in CS with an interest in operating system principles.","ISBN":"978-1-4757-3510-9","note":"Google-Books-ID: ya3hBwAAQBAJ","title-short":"Classic Operating Systems","language":"en","author":[{"family":"Hansen","given":"Per Brinch"}],"issued":{"date-parts":[["2013",4,17]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [2], the complete background of operating systems ranging from batch processing system in 1950s to the distributed system in 1990s is described. With time, new operating system is introduced according to market needs.
However, there are six operating systems worth mentioning hat altered the concept of user’s access to computer. These include simple batch system, open shop, multiprogramming, distributed system, personal computing, and time-sharing operating systems. Earlier, there was no methodology to lessen the computer idle time to tackle that issue. Therefore, the batch system was introduced. Batch system used the swift tape stations and small-sized satellites computers. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"57IGObUo","properties":{"formattedCitation":"[2]","plainCitation":"[2]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/hsp11vdX","uris":["http://zotero.org/users/local/YgsdZK9k/items/YQMBYQ65"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/YQMBYQ65"],"itemData":{"id":91,"type":"book","title":"Classic Operating Systems: From Batch Processing to Distributed Systems","publisher":"Springer Science & Business Media","number-of-pages":"597","source":"Google Books","abstract":"An essential reader containing the 25 most important papers in the development of modern operating systems for computer science and software engineering. The papers illustrate the major breakthroughs in operating system technology from the 1950s to the 1990s. The editor provides an overview chapter and puts all development in perspective with chapter introductions and expository apparatus. Essential resource for graduates, professionals, and researchers in CS with an interest in operating system principles.","ISBN":"978-1-4757-3510-9","note":"Google-Books-ID: ya3hBwAAQBAJ","title-short":"Classic Operating Systems","language":"en","author":[{"family":"Hansen","given":"Per Brinch"}],"issued":{"date-parts":[["2013",4,17]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [2] The batch systems required user to submit a program on a card and the operator would pit multiple programs on the input devices without interaction between the user and the computer system.
A time-sharing OS lets multiple users access resources of the computer at same time. The main objective is to reduce the response time by letting multiple programs utilize resources in their specified time slots ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"4QbRH7an","properties":{"formattedCitation":"[3]","plainCitation":"[3]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/qgqbQ9Tm","uris":["http://zotero.org/users/local/YgsdZK9k/items/YJYILRK7"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/YJYILRK7"],"itemData":{"id":95,"type":"book","title":"Operating System (WBUT)","publisher":"Vikas Publishing House","number-of-pages":"350","source":"Google Books","abstract":"Operating System is an insightful work that elaborates on fundamentals as well as advanced topics of the discipline. It offers an in-depth coverage of concepts, design and functions of an operating system irrespective of the hardware used. With neat illustrations and examples and presentation of difficult concepts in the simplest form, the aim is to make the subject crystal clear to the students, and the book extremely student-friendly. The book caters to undergraduate students of WBUT, who would find the conceptual discussions highly informative and enriching. Tailored as a guide for self-paced learning the book equips budding system programmers with the right knowledge and expertise. Key Features • Case studies of Linux and Windows 2000 to put theory concepts into practice • Points to Remember boxes for a quick recap • Check your Progress questions running along the text to test comprehension • Summary of the chapter, a list of key terms and insightful questions as retention aids • Past question papers with solution to equip students for future examinations","ISBN":"978-93-259-7416-6","note":"Google-Books-ID: i2ZDDAAAQBAJ","language":"en","author":[{"family":"Khurana","given":"Rohit"}]}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [3]. It can be described through an example of a mainframe computer, where numerous users are logged in simultaneously.
Networking operating systems are based on internet and computer networking. The Networking Operating system uses stack protocols in their architecture so as to provide means to computer networking ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"DGiFf4UB","properties":{"formattedCitation":"[5]","plainCitation":"[5]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/oweIddbL","uris":["http://zotero.org/users/local/YgsdZK9k/items/L2M4QYI5"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/L2M4QYI5"],"itemData":{"id":97,"type":"book","title":"UNIX Operating System: The Development Tutorial via UNIX Kernel Services","publisher":"Springer Science & Business Media","number-of-pages":"382","source":"Google Books","abstract":"\"UNIX Operating System: The Development Tutorial via UNIX Kernel Services\" introduces the hierarchical structure, principles, applications, kernel, shells, development, and management of the UNIX operation systems multi-dimensionally and systematically. It clarifies the natural bond between physical UNIX implementation and general operating system and software engineering theories, and presents self-explanatory illustrations for readers to visualize and understand the obscure relationships and intangible processes in UNIX operating system. This book is intended for engineers and researchers in the field of applicable computing and engineering modeling. Yukun Liu is an Associate Professor at the Department of Computer Science and Technology, Hebei University of Science and Technology, China; Professor Yong Yue is Director of the Institute for Research of Applicable Computing and Head of the Department of Computer Science and Technology, University of Bedfordshire, UK; Professor Liwei Guo is Dean of the College of Information Science and Engineering, Hebei University of Science and Technology, China.","ISBN":"978-3-642-20432-6","title-short":"UNIX Operating System","language":"en","author":[{"family":"Liu","given":"Yukun"},{"family":"Yue","given":"Yong"},{"family":"Guo","given":"Liwei"}],"issued":{"date-parts":[["2011",11,24]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [5]. Networking OS is fundamentally designed facilitate personal computer systems, workstations, and sometimes older terminals, connected on any local area network (LAN).
There is not only research conducted on Distributed Operating System but also, they are available for commercial use. The selection of machine in Distributed OS is automated ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Z5ISsHsH","properties":{"formattedCitation":"[7]","plainCitation":"[7]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/ZCWrEcZe","uris":["http://zotero.org/users/local/YgsdZK9k/items/I4LU4PU2"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/I4LU4PU2"],"itemData":{"id":99,"type":"book","title":"DISTRIBUTED OPERATING SYSTEMS: CONCEPTS AND DESIGN","publisher":"PHI Learning Pvt. Ltd.","number-of-pages":"761","source":"Google Books","abstract":"The highly praised book in communications networking from IEEE Press, now available in the Eastern Economy Edition.This is a non-mathematical introduction to Distributed Operating Systems explaining the fundamental concepts and design principles of this emerging technology. As a textbook for students and as a self-study text for systems managers and software engineers, this book provides a concise and an informal introduction to the subject.","ISBN":"978-81-203-1380-4","note":"Google-Books-ID: SewHKWac2I4C","title-short":"DISTRIBUTED OPERATING SYSTEMS","language":"en","author":[{"family":"SINHA","given":"PRADEEP K."}],"issued":{"date-parts":[["1998",1,1]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [7]. The main purpose to develop a better operating system is to make low-cost and efficient microprocessor.
Criteria
In case at any time, operating system becomes defenseless, the application security is compromised as the operating system provides the environment to any application to run. There exists security policies and criteria for operating systems.
One of them is user Account policy which defines actions of a user for better security ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"JGAmUwmW","properties":{"formattedCitation":"[13]","plainCitation":"[13]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/vXPC1k8L","uris":["http://zotero.org/users/local/YgsdZK9k/items/S4ZRTQ9D"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/S4ZRTQ9D"],"itemData":{"id":101,"type":"webpage","title":"Computer Security - Policies - Tutorialspoint","URL":"https://www.tutorialspoint.com/computer_security/computer_security_policies.htm","accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [13]. The number of users is limited on a server computer to Avoid system complexity and vulnerability. It also decreases the amount of time required on administration. Limiting number of administrators can also help make process easier.
Another policy that can be adopted is Network Services, which gives the least number of essential services on that main server computer. It decreases the permission to access for users and makes sure that users with access to web, cannot access the shell functions. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"aqL42anO","properties":{"formattedCitation":"[11]","plainCitation":"[11]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/2SMrm1vI","uris":["http://zotero.org/users/local/YgsdZK9k/items/F5FZAAVQ"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/F5FZAAVQ"],"itemData":{"id":105,"type":"webpage","title":"Techniques for Securing the Operating System","URL":"www.ibm.com/support/knowledgecenter/en/ssep7j_10.1.1/com.ibm.swg.ba.cognos.crn_arch.10.1.1.doc/c_securing_the_operating_system.html","language":"en-US","issued":{"date-parts":[["2014",10,24]]},"accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [11]
File system permits to set permission and examination setting for folders and files etc. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"B1tDcw73","properties":{"formattedCitation":"[4]","plainCitation":"[4]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/mhFNfE9v","uris":["http://zotero.org/users/local/YgsdZK9k/items/IZ2W5DXT"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/IZ2W5DXT"],"itemData":{"id":107,"type":"book","title":"Inside Active Directory: A System Administrator's Guide","publisher":"Addison-Wesley Professional","number-of-pages":"964","source":"Google Books","abstract":"Inequality in Education: Comparative and International Perspectives is a compilation of conceptual chapters and national case studies that includes a series of methods for measuring education inequalities. The book provides up-to-date scholarly research on global trends in the distribution of formal schooling in national populations. It also offers a strategic comparative and international education policy statement on recent shifts in education inequality, and new approaches to explore, develop and improve comparative education and policy research globally. Contributing authors examine how education as a process interacts with government finance policy to form patterns of access to education services. In addition to case perspectives from 18 countries across six geographic regions, the volume includes six conceptual chapters on topics that influence education inequality, such as gender, disability, language and economics, and a summary chapter that presents new evidence on the pernicious consequences of inequality in the distribution of education. The book offers (1) a better and more holistic understanding of ways to measure education inequalities; and (2) strategies for facing the challenge of inequality in education in the processes of policy formation, planning and implementation at the local, regional, national and global levels.","ISBN":"978-0-201-61621-7","note":"Google-Books-ID: 36t7zE8VTeAC","title-short":"Inside Active Directory","language":"en","author":[{"family":"Kouti","given":"Sakari"},{"family":"Seitsonen","given":"Mika"}],"issued":{"date-parts":[["2002"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [4] It allows users read-only access to essential directories (except those who obtains exclusively), so even when the attackers gain access, they only have permission of a user for that application. In this way, it guards the assets that were neglected by the administrator. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"oMysUoHS","properties":{"formattedCitation":"[11]","plainCitation":"[11]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/2SMrm1vI","uris":["http://zotero.org/users/local/YgsdZK9k/items/F5FZAAVQ"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/F5FZAAVQ"],"itemData":{"id":105,"type":"webpage","title":"Techniques for Securing the Operating System","URL":"www.ibm.com/support/knowledgecenter/en/ssep7j_10.1.1/com.ibm.swg.ba.cognos.crn_arch.10.1.1.doc/c_securing_the_operating_system.html","language":"en-US","issued":{"date-parts":[["2014",10,24]]},"accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [11]
Account policies promote OS security by developing and managing code or password policies, for example, strength and complexity of password rule and routinely password changing practice, at most number of failed log in tries etc. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"QKZHMIpe","properties":{"formattedCitation":"[8]","plainCitation":"[8]","dontUpdate":true,"noteIndex":0},"citationItems":[{"id":"tdevafZ2/vXPC1k8L","uris":["http://zotero.org/users/local/YgsdZK9k/items/S4ZRTQ9D"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/S4ZRTQ9D"],"itemData":{"id":101,"type":"webpage","title":"Computer Security - Policies - Tutorialspoint","URL":"https://www.tutorialspoint.com/computer_security/computer_security_policies.htm","accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [8,7]
METHOD
Security threats
A risk which can possibly harm the data or the computer system is called a security threat to a computer. This harm can be physical like stealing device which has important information or virtual like a virus or hack. Today, there are several serious threats to computers and data due to political, or social reasons.
Level of Security
There are four level of security to determine how safe a computer system is. Following is the classification of these levels.
Type A: It is the highest level and uses proper design instructions and authentication practices.
Type B: It offers compulsory protection system. Its properties are same as that of a C2 system. It assigns a sensitivity label to every object. It is divided further in three types.
B1 –The security label which decides about access control is well-preserved.
B2 – System resource like storage objects receive sensitivity labels, review of events and provisions covert channels.
B3 – permits to generating lists or user groups for giving control or cancel access to a named object.
Type C: it facilitates in protection and user liability using audit aptitudes. Its types are as follows:
C1 −For protecting data from deletion or reading by other users and protecting isolated information, C1 integrates controls.
C2 − It has individual user access control is added to competences of a Cl level system.
Type D: It is the minimum level of security.
Kernel level Security:
Kernel Security level is used for the trusted and lowest level functions of OS. In this mode, the execution of code is completed and it restricts access to embedded hardware. It has control to execute any of CPU instructions and also can refer to any memory address.
Figure SEQ Figure \* ARABIC 2-Protection ring ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"zg9VmxXP","properties":{"formattedCitation":"[12]","plainCitation":"[12]","noteIndex":0},"citationItems":[{"id":8,"uris":["http://zotero.org/users/6144444/items/64DVZX6D"],"uri":["http://zotero.org/users/6144444/items/64DVZX6D"],"itemData":{"id":8,"type":"webpage","title":"CISSP Security Mechanisms","container-title":"ASM , Rockville , Maryland","abstract":"Although a robust architecture is a good start, real security requires that you have security mechanisms in place to control processes and applications. Some good security mechanisms are described in the following sections. Process Isolation Process isolation is required to maintain a high level of system trust. To be certified as a multilevel security... Read more »","URL":"https://asmed.com/cissp-security-mechanisms/","language":"en-US","issued":{"date-parts":[["2016",3,3]]},"accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [12]
The model of protection ring gives an idea of different levels of security for an operating system.
3.4 Ways to avoid security Issues:
To avoid security issues in conventional operating systems, security policies related to who can access the system, must be appropriately implemented. The use of firewall, even with internet connected, the ensures local security and only authorized traffic passes. Another way to keep system and data safe is to utilize encryption technique. It is used when data is sent over Internet with risk of being exposed to others. The message I encoded and the key of encryption is only with authorized receiver. Setting password is another way to keep the log in secure.
FINDINGS
It is clear that the security system for present conventional OS is not sufficient to sustain its integrity and discretion.
4.1 Case Study:
In such conditions, Mandatory Access Control (MAC) is required to meet the needs. However, due to shortcomings including scalability, complexity, cost, maintenance etc., it cannot be applied to conventional OS.
The National Security Agency (NSA) has collaborated with Secure Computing Corporation (SCC) and developed accommodating MAC architecture which is termed as Flask. It will overcome shortcomings of conventional MAC. They implemented it in Linux OS to generate a prototype called Security-Enhanced Linux (SELinux). In addition to this, NAI labs presented a sample policy outline to determine and showcase the advantages of MAC architecture. This will serve as foundation for other to implement ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"dBQcK2Qw","properties":{"formattedCitation":"[6]","plainCitation":"[6]","noteIndex":0},"citationItems":[{"id":6,"uris":["http://zotero.org/users/6144444/items/ZHME7QYM"],"uri":["http://zotero.org/users/6144444/items/ZHME7QYM"],"itemData":{"id":6,"type":"webpage","title":"Integrating Flexible Support for Security Policies into the Linux Operating System - Linux Security Server Security","container-title":"Linux Security","abstract":"integrating flexible support for security policies into the linux operating system 3499 This article discusses implementing Mandatory Access Control in the SE L","URL":"https://linuxsecurity.com/news/server-security/integrating-flexible-support-for-security-policies-into-the-linux-operating-system-3499","language":"en-gb","author":[{"family":"Pell","given":"Anthony"}],"accessed":{"date-parts":[["2019",11,11]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [6].
DISCUSSION
It is observed that steps are taken to makes this innovative technology accessible to a widespread public and to aid more research in safe OS. Threats can enter a computer system through web simply or a peripheral device when connected to it. If hacker accesses the physical access to a server, no matter how secure web is, the system becomes vulnerable to the attacker. OS Security comprehends every precautionary step that will guard the data on computer that can be removed, modified, and stolen in case OS security is in jeopardy. Any system is built on these four levels of security, according to its sensitivity.
FUTURE ASPECTS
Every day, new threats emerge and new ways to combat them are needed. It is a given that the security has to be improved. To keep devices secure, Multi factor Authentication (MFA) has been practiced for quite a while. It requires password, as well as biometric scan and sometime any specific information. However, it is observed that now a days, username or password are not sufficient.
Evidently, a further protected system for verification is required. Intel has begun place new validation solution in sixth-generation Core vPro processor, which has capacity to combine multiple factors of hardware simultaneously to authenticate. Deep learning is an upcoming technology and Deep learning merged with operating systems structure can open up new path to technological advancement.
CONCLUSION
In conclusion, the security of an operating system is an inevitable phenomenon which needs maximum attention. Operating system security guarantees safe environment to run applications and perform tasks. There is no safety parameter that can alone protect the entire operating system. An appropriate mechanism has to be developed in order to achieve system security. ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"RLynvbzP","properties":{"formattedCitation":"[10]","plainCitation":"[10]","noteIndex":0},"citationItems":[{"id":"tdevafZ2/tK7krWjU","uris":["http://zotero.org/users/local/YgsdZK9k/items/3QV8SGLC"],"uri":["http://zotero.org/users/local/YgsdZK9k/items/3QV8SGLC"],"itemData":{"id":93,"type":"book","title":"21st National Information Systems Security Conference: Building the Information Security Bridge to the 21st Century : October 5-8, 1998, Hyatt Regency Crystal City, Arlington, Va","publisher":"National Institute of Standards and Technology","number-of-pages":"854","source":"Google Books","note":"Google-Books-ID: 5g0SAQAAMAAJ","title-short":"21st National Information Systems Security Conference","language":"en","issued":{"date-parts":[["1998"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} [10] It is to be noted that an extremely safe security system will not be enough until it has application dedicated security mechanism.
REFERENCES
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY [1]Michael Burtscher. 2007. System and method for kernel-level pestware management. Retrieved November 11, 2019 from https://patents.google.com/patent/US20070094496A1/en
[2]Per Brinch Hansen. 2013. Classic Operating Systems: From Batch Processing to Distributed Systems. Springer Science & Business Media.
[3]Rohit Khurana. Operating System (WBUT). Vikas Publishing House.
[4]Sakari Kouti and Mika Seitsonen. 2002. Inside Active Directory: A System Administrator’s Guide. Addison-Wesley Professional.
[5]Yukun Liu, Yong Yue, and Liwei Guo. 2011. UNIX Operating System: The Development Tutorial via UNIX Kernel Services. Springer Science & Business Media.
[6]Anthony Pell. Integrating Flexible Support for Security Policies into the Linux Operating System - Linux Security Server Security. Linux Security. Retrieved November 11, 2019 from https://linuxsecurity.com/news/server-security/integrating-flexible-support-for-security-policies-into-the-linux-operating-system-3499
[7]PRADEEP K. SINHA. 1998. DISTRIBUTED OPERATING SYSTEMS: CONCEPTS AND DESIGN. PHI Learning Pvt. Ltd.
[8]Steven Hand. Operating Systems. Retrieved November 11, 2019 from https://www.cl.cam.ac.uk/teaching/1011/OpSystems/os1a-slides.pdf
[9]Yepeng Yao, Liya Su, Chen Zhang, Zhigang Lu, and Baoxu Liu. 2019. Marrying Graph Kernel with Deep Neural Network: A Case Study for Network Anomaly Detection. In Computational Science – ICCS 2019, João M. F. Rodrigues, Pedro J. S. Cardoso, Jânio Monteiro, Roberto Lam, Valeria V. Krzhizhanovskaya, Michael H. Lees, Jack J. Dongarra and Peter M.A. Sloot (eds.). Springer International Publishing, Cham, 102–115. DOI:https://doi.org/10.1007/978-3-030-22741-8_8
[10]1998. 21st National Information Systems Security Conference: Building the Information Security Bridge to the 21st Century : October 5-8, 1998, Hyatt Regency Crystal City, Arlington, Va. National Institute of Standards and Technology.
[11]2014. Techniques for Securing the Operating System. Retrieved November 11, 2019 from www.ibm.com/support/knowledgecenter/en/ssep7j_10.1.1/com.ibm.swg.ba.cognos.crn_arch.10.1.1.doc/c_securing_the_operating_system.html
[12]2016. CISSP Security Mechanisms. ASM , Rockville , Maryland. Retrieved November 11, 2019 from https://asmed.com/cissp-security-mechanisms/
[13]Computer Security - Policies - Tutorialspoint. Retrieved November 11, 2019 from https://www.tutorialspoint.com/computer_security/computer_security_policies.htm
Subject: IT
Pages: 5 Words: 1500
Abstract
The word "quantum" itself is perplexing enough, and it becomes irresistible in unique combination with the promise of computational power that outstrips anything we've seen so far. But what is the term quantum computing exactly? Unlike other computers, quantum computers are not confined to two states; they encode information that may exist in superposition as quantum bits or qubits. Qubits are 1, 0 and all the possible values which can reside between these two. The commonly known type of a quantum computer s D-wave systems which we are going to discuss in this paper. The D - Wave quantum platform of the next generation might include ongoing upgrades through the cloud, a new quantum system.
History
A new state of matter characterized by non - trivial topological properties was predicted by theoretical physicists Vadim Berezinskii, J. Michael Kosterlitz and David Thouless in the early 1970s. later in 2016, this work earned the Nobel Prize in Physics. Researchers from D - Wave demonstrated this phenomenon by programming the D - Wave 2000QTM system to form a frustrated two - dimensional artificial spin lattice. Without quantum effects, the observed topological properties in the simulated system cannot exist and are in close agreement with theoretical predictions.
A practical architecture of a quantum computer requires hundreds to thousands of quantum bits ("qubits"), but up to now realizations of qubits by methodologies such as nuclear magnetic resonance (NMR) seem highly inappropriate for the miniaturization required to support the construction of a multi - qubit machine at minimal cost (Gershenfeld, and Chuang).
Introduction
D - Wave's quantum computer uses the concepts of quantum dynamics to speed up and develop new methods to resolve discrete problems of optimization, sequencing, material science, and machine learning. BURNABY, British Columbia, Sept. 24, 2018 — D - Wave Systems Inc., the developer of Quantum Computing Systems, published a study demonstrating a quantum mechanical phase transition using its 2048-qubit Quantum Computer. This intricate quantum simulation is a major step towards drastically reducing the need for time - consuming and costly physical research and technology development. D wave quantum computers work based on a technique called quantum Annealing.
Quantum annealing
The quantum bits in terms of quantum computing are also referred to as qubits that are the cheapest energy states in the superconducting loops comprising the D-Wave QPU. These states have a disseminated current and a proportional magnetic field. A qubit may be 0 or 1. Like conventional bits. However, since the qubit is a quantum abstraction, it can also be simultaneously in a 0 and 1 state quantum superposition.
It is possible to show (visualize) the physics of this process with an energy diagram as shown in Figure 1. As we can see in (a), (b), and (c), this diagram changes over time. To start with, there's only one (a) valley with one minimum. The mechanism of quantum annealing runs, the barrier is lifted, and as a result transforms the energy diagram into the potential (b) for double-well. And here's the left's lowest point.
Figure SEQ Figure \* ARABIC 1
The qubit’s probability ending in the 0 or 1 state is equal (50 %) to all else being equal. However, by enforcing an external magnetic field to the qubit (c), we can maintain the probability of it falling into the 0 or 1 state. As a result, probability of the qubit for ending up in the lower well is increased due to the tilting of the double well potential. The magnetic field generated here is controlled by the Bias which is a programmable quantity. The energy of the qubit usually gets minimized because of bias. In real bias show their abilities by combining to link and start influencing each other. This process is done with the coupler. Couplers, biases and qubits get entwined. At this point, the system has many possible outcomes in a entwined state. At the ending of the anneal, each qubit is in a typical state representing, or very probably close to, the minimum energy state of the actual problem. All this happens in microseconds in D - Wave systems.
D-Wave Systems announced D-Wave One on 11th of May 2011, described as "the world's first commercially available quantum computer", operating on a 128-qubit chipset (Johnson MW, 2019) using quantum annealing (a general method for finding the global minimum of a function by a process using quantum fluctuations) to solve optimization problems. The D – Wave One fabrication principal was based on D - Wave's early prototypes.
In May 2013, a collaboration between NASA, Google and the Space Research Association of Universities (USRA) successfully launched, among other fields of study, a Quantum Artificial Intelligence Lab premised on the D - Wave Two 512-qubit quantum computer.
In June 2014, D - Wave introduced another quantum implementation ecosystem in collaboration with 1QB Information Technologies (1QBit) computational finance company and DNA - SEQ cancer research group to focus on resolving real - world problems with quantum hardware ("D-Wave Systems Building Quantum Application Ecosystem, Announces Partnerships with DNA-SEQ Alliance and 1QBit | D-Wave Systems", 2019).
The release of the in January D - Wave 2000Q system allows a variety of energy landscape searches by providing unique features that provide users programmable direct control over the annealing training schedule. Understanding the fine details of quantum annealing more deeply and to develop better controls for it kept on increasing continuously. The release of the D - Wave 2000Q system allows a variety of energy landscape searches by providing unique features that give users programmable direct control over the annealing training schedule ("Introduction to Quantum Annealing — D-Wave System Documentation").
How D wave models as a quantum system
The systems of D-Wave can be considered as a large collection of magnets, each of which can flip orientations. These are not qubits in the same way as the quantity processor components of IBM or Intel are, but they rely on quantity behavior to perform calculations. There is nothing on its own that favors one orientation over another. But put a second magnet next to each other and the two influence each other; now, if one flips its orientation, it changes the system's energy content. The current system of D-Wave scales up to 2,048 individual magnets, together with the associated control hardware, which determines which of these magnets are connected and how strong the connection is.
In this case, the modeling system become identical like the D-Wave computer itself, suspiciously. It is a cubic arrangement of magnets that can roll, called a "transverse-field Ising model." If these magnets are instructed to alternate orientations as you migrate in any of the three dimensions, there will be an anti-ferromagnet. But configurations can also be found in which the orientations are deranged, forming what is called a "spin glass" (magnetic properties spring up from particle spin). They have well-defined energies, including a low-energy state, while spin glasses are disordered.
Whereas the individual magnetic bits in a D-wave system are primarily in one plane, the connections between them can be controlled so that the system realistically simulate a three-dimensional lattice's behavior. The largest lattice to fit in the processor on the current system generation is something that is a cube with eight magnets on one side.
Computer system
The conceptual frameworks for the D - Wave approach came from experimental results in condensed matter physics, and in specific from work on quantum annealing in magnets by Dr. Gabriel Aeppli. These ideas were later resurrected in the language of quantum computing by MIT physicists Ed Farhi, Seth Lloyd, Terry Orlando and Bill Kaminsky, both of whom published in 2000 and 2004 (Farhi, E., Goldstone, J., Gutmann, S., & Sipser, M. (2000)).And a specific incentivizing of this kind of idea using superconducting flux qubits, a close cousin of the designs produced by D - Wave. And a specific incentivizing of this kind of idea using superconducting flux qubits, a close cousin of the designs produced by D - Wave.
And a specific incentivizing of this kind of idea using superconducting flux qubits, a close cousin of the designs produced by D - Wave. To understand the roots of much of the controversy around the D-Wave approach, it is important to note that the roots of the D-Wave approach to quantum computing originated not from the conventional field of quantum information, but from the physics of experimental condensed matter.
Support Circuitry: Reading Qubits
A substantial part of the circuitry surrounding the qubits and couplers is a structure of multiple organised switches (also formed from Josephson junctions) that create circuits that both address each qubit (route pulses of magnetic specific information to the correct positions on the chip) and store that information for each device in a local magnetic memory element. Most Josephson junctions are used in a D-Wave Quantic Processing Unit (QPU) to make up this circuit. Readings are also linked to each qubit. During computation, these devices are inactive and do not directly affect the qubits ' behavior. After the calculation is fully operational and the qubits have resolved into their final (classical) 0 or 1 state, the readouts are used to search the value held by each qubit and return the response as a bit string of 0's and 1's to the end user.
This is a very vastly different architecture than conventional computing. The QPU does not have memory buffer areas (cache), but each qubit has its own small chunk of memory. Indeed, the QPU is architecture more like a biological brain than a conventional silicon processor's ' Von Neumann architecture. One can suspect of the qubits as neurons, and the couplers as neurotransmitters that control the information flow between those neurons.
1500928176325400Figure 2 shows a picture of the final QPUs in a superconducting electronics foundry after manufacturing. Using modified techniques from the processes used to make semiconductor integrated circuits, the QPUs are ' stamped ' onto a silicon wafer. This wafer image shows several QPUs. The highest, near the bottom center, has a connection of 128 qubits with 352 connecting elements. On each individual QPU, the qubit or a coupler circuits are the cross - hatched patches that appear in the following image. This is generally known as a Rainier QPU and was the form of QPU found in the quantum computer of D - Wave OneTM.
14674852327275Figure SEQ Figure \* ARABIC 3
Figure SEQ Figure \* ARABIC 3
15347951361511Figure SEQ Figure \* ARABIC 2
Figure SEQ Figure \* ARABIC 2
6534153328035Figure SEQ Figure \* ARABIC 4
Figure SEQ Figure \* ARABIC 4
The methodologies learned from the semiconductor industry resulted in the design and construction of a D-Wave, Large-Scale Integration (LSI) owned manufacturing infrastructure. This manufacturing ability is unique. Figure 3 shows a cross section of one of the QPUs produced at D-Wave's superconducting electronics foundry. The manufacturing process developed can yield superconducting circuits from LSI (128,000 + Josephson junctions in the D-Wave 2000Q system for the 2000-qubit QPU). It is the only superconducting production facility able to produce the superconducting processors of this complexity.
68728111077300
microscopic cross - section of D - Wave QPU, manufactured using a 6-metal layer wiring process. Near the bottom of this sandwich framework is shown the layer used to form the Josephson junctions.
Future of D wave quantum computers
For the past 10 years, the qubits on D-Wave's Quantum computers have nearly doubled steadily each year. This growing trend is expected to keep increasing. Simply scaling the current production process to add more qubits in the same way that they are currently arranged to create QPUs with up to about 10,000 qubit numbers. Going beyond 1000 to hundreds of thousands or millions of qubits will involve major overhaul, but there are certainly ways to do that and operating system improvement is not seen as a intrinsic barrier.
Quantum computers will transform the world, leading to the most challenging problems with better and faster solutions and tremendous applications. D-Wave quantum computers are ideally suited for solving many difficult problems in optimization, machine learning, sampling and cyber security. With 2000 qubits and new control features, the D-Wave 2000Q quantum computer can solve bigger problems than previously possible and with better performance. A growing community of developers is using the unique capabilities of D-Wave systems in a variety of applications to solve challenging problems.
References
Gershenfeld, N. A., and I. L. Chuang. "Bulk Spin-Resonance Quantum Computation". Science, vol 275, no. 5298, 1997, pp. 350-356. American Association For The Advancement Of Science (AAAS), doi:10.1126/science.275.5298.350.
"Introduction To Quantum Annealing — D-Wave System Documentation Documentation". Docs.Dwavesys.Com, 2019, https://docs.dwavesys.com/docs/latest/c_gs_2.html. Accessed 27 Mar 2019.
"D-Wave Systems Building Quantum Application Ecosystem, Announces Partnerships With DNA-SEQ Alliance And 1Qbit | D-Wave Systems". Dwavesys.Com, 2019, https://www.dwavesys.com/press-releases/d-wave-systems-building-quantum-application-ecosystem-announces-partnerships-dna-seq. Accessed 27 Mar 2019.
Johnson MW, et al. "Quantum Annealing With Manufactured Spins. - Pubmed - NCBI". Ncbi.Nlm.Nih.Gov, 2019, https://www.ncbi.nlm.nih.gov/pubmed/21562559. Accessed 27 Mar 2019.
Farhi, E., Goldstone, J., Gutmann, S., & Sipser, M. (2000). Quantum computation by adiabatic evolution. arXiv preprint quant-ph/0001106.
Dwavesys.Com, 2019, http://www.dwavesys.com/sites/default/files/D-Wave%202000Q%20Tech%20Collateral_0117F.pdf.
Subject: IT
Pages: 8 Words: 2400
How information security maturity model helps organizations to improve information assurance.
Kennith Thurman
School or Institution Name (University at Place or Town, State)
Introduction:
Information technology plays the role of utility in modern business. It is hard to imagine any modern business without the implementation of information technology. Exponential penetration of information technology is subject to the reduction in price and size of information and communication technology equipment. Most of the modern business involve processing of personally identifiable information to ensure business continuity. When businesses have to deal with personal information then most critical asset of the organization is the data that the organization use to earn revenues. When data is the critical asset for the business then security of the data is the obligation of the organization as well. As cyber-attacks are increasing both in numbers and complexity as well, it is inevitable to ensure confidentiality, integrity, availability and no-repudiation of the data. Information assurance is the concept that deals with these aspects. The paper describes and evaluates that how information security maturity model helps organizations to ensure confidentiality, integrity availability and non-repudiation of data.
Literature Review:
Miniaturization of microprocessors and price cuts in information and computer technology has enabled organizations to include information technology solutions in their business plans. Modern business relies on information technology equipment. All of the information technologies incorporated into businesses processes deals with the critical information related to the business ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"uiFLuy1t","properties":{"formattedCitation":"(Jacobs, 2015a)","plainCitation":"(Jacobs, 2015a)","noteIndex":0},"citationItems":[{"id":"ewBlZwK5/63ihu9yX","uris":["http://zotero.org/users/local/aGd3npCw/items/3BUKT4S7"],"uri":["http://zotero.org/users/local/aGd3npCw/items/3BUKT4S7"],"itemData":{"id":48,"type":"book","title":"Engineering information security: The application of systems engineering concepts to achieve information assurance","publisher":"John Wiley & Sons","ISBN":"1-119-10479-3","author":[{"family":"Jacobs","given":"Stuart"}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Jacobs, 2015a). The information processed by organizations often contain personally identifiable information. As more businesses have incorporated information and computer technologies into their operations the more the risks are now associated with these technologies.
When customers are trusting the organizations with their information then it is the responsibility of the organization to protect that information from all possible threats. Most valuable asset in any organization is the data they hold in their information systems. Protection of such data involves ensuring the confidentiality of the data. Confidentiality of data means that the data is only accessible by the authorized persons. For example, the data related to finance and accounting must only be accessible by the finance or accounts department of the organization and no one else should ever be able to breach that information ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"1zJMUpVb","properties":{"formattedCitation":"(Duncan & Whittington, 2014)","plainCitation":"(Duncan & Whittington, 2014)","noteIndex":0},"citationItems":[{"id":"ewBlZwK5/Iajm3xBi","uris":["http://zotero.org/users/local/aGd3npCw/items/T9PY8KDJ"],"uri":["http://zotero.org/users/local/aGd3npCw/items/T9PY8KDJ"],"itemData":{"id":49,"type":"paper-conference","title":"Compliance with standards, assurance and audit: does this equal security?","container-title":"Proceedings of the 7th International Conference on Security of Information and Networks","publisher":"ACM","page":"77","ISBN":"1-4503-3033-9","author":[{"family":"Duncan","given":"Bob"},{"family":"Whittington","given":"Mark"}],"issued":{"date-parts":[["2014"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Duncan & Whittington, 2014). Ensuring the integrity of data means that the information has not been forged in any way. For example, the data related to finance has not be modified by an employee from another department. It may be an attacker who can make unwanted changes to the information. Therefore, integrity deals with the modification or forging of available information ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"HZ4gkCvc","properties":{"formattedCitation":"(Bozkus Kahyaoglu & Caliyurt, 2018)","plainCitation":"(Bozkus Kahyaoglu & Caliyurt, 2018)","noteIndex":0},"citationItems":[{"id":126,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/IFH2PXUC"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/IFH2PXUC"],"itemData":{"id":126,"type":"article-journal","title":"Cyber security assurance process from the internal audit perspective","container-title":"Managerial Auditing Journal","page":"360-376","volume":"33","issue":"4","author":[{"family":"Bozkus Kahyaoglu","given":"Sezer"},{"family":"Caliyurt","given":"Kiymet"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Bozkus Kahyaoglu & Caliyurt, 2018). Ensuring availability of data means that the data and information must be available to the authorized persons whenever they need that information. For example, if an accountant has to generate payroll and he is unable to access the data related to accounts. In such conditions the possible cause may be a system downtime or a cyber attack in progress.
Traditionally information security is considered to be the achievement of confidentiality, integrity, availability, and non-repudiation of data. However, in modern businesses when cyber criminals use sophisticated attack methods ensuring the primary goals is not considered to be effective information assurance plan. Effective information assurance plan and implementation is to prevent all types of attacks instead of post attack investigations and restoration(W Krag Brotby & Hinson, 2016) . Organizations all across the world suffered targeted attacks by the criminals due to the weak information assurance strategies implementations. Target corporation is an example of such attack, when they suffered from one of the largest data breach in history. Hackers were able to compromise their point of sale network and captured millions of records of personally identifiable information from their systems. The attack was successful due to the poor segregation of confidential and ordinary data in their local database systems. Most interesting thing that is revealed during the post attack investigations is that the organization has implemented an information security program but the system administrators has turned off the essential features to prevent such type of attack. The situation was considered to be the result of isolation between security officers and other departments for intelligence sharing.
Discussion:
For organizations to ensure security of the most critical asset of the organization to implement security in planning phase of the business as well. Information security maturity model is not linked to responding cyber attacks but to create a security architecture that can prevent the attacks as well. Security related operations of the organization will only be carried out effectively if the processes are built with security infrastructure in mind as well as the future developments in the system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"XL3zUEmL","properties":{"formattedCitation":"(Abraham, Dutta, Mandal, Bhattacharya, & Dutta, 2018)","plainCitation":"(Abraham, Dutta, Mandal, Bhattacharya, & Dutta, 2018)","noteIndex":0},"citationItems":[{"id":125,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/ABBG4L27"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/ABBG4L27"],"itemData":{"id":125,"type":"article-journal","title":"Emerging Technologies in Data Mining and Information Security","container-title":"Proceedings of IEMIS","volume":"2","author":[{"family":"Abraham","given":"Ajith"},{"family":"Dutta","given":"Paramartha"},{"family":"Mandal","given":"Jyotsna Kumar"},{"family":"Bhattacharya","given":"Abhishek"},{"family":"Dutta","given":"Soumi"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Abraham, Dutta, Mandal, Bhattacharya, & Dutta, 2018). Various factors affect the information security efforts at an organization such as governance, system architecture, culture of the organization and delivery of services to the customer. An effective way of assessing the information security maturity of the organization is information security maturity model. Information security maturity model helps the organizations to achieve their goals against digital darks.
A domain-oriented approach is recommended to implement information assurance and security. Any model developed by using the domain-oriented approach will be effective if the culture of the organization allows the system to perform. If the model is developed without understanding the culture of the particular organization, then the model will not be able to achieve intended benefits for the organization. In domain-oriented model development for information assurance, the senior management of the organization must become more literate in information technology to effectively craft business strategy. In information assurance implementation, people, systems, information, and networks affect each other. These are the four factors that are considered to be the dynamic links between all of the interconnections at an organization. All these four domains there are several processes that are used to measure, identify, and control the risks. All these factors must be considered while developing an information assurance plan or strategy for an organization because the success of the plan or strategy at the end will depend on the in-house information technology capability and reliance on the outsourcing.
Information Security Maturity model:
Information security is not about responding to attacks and investigations of security incidents. Instead information assurance is related to prevention of information assets against attacks. Information security is about achieving of organizational goals despite the security accidents if any. Most of the time these security objectives are not achieved because they are viewed in isolation as compared to the other organizational goals. It is due to the financial expenditures that the organization has to made on security equipment and control of the processes. Some efforts of security may not result in intended benefits due to the lack of financial support by senior managers of the organizations ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"VBfxGePe","properties":{"formattedCitation":"(Cambou, Flikkema, Palmer, Telesca, & Philabaum, 2018)","plainCitation":"(Cambou, Flikkema, Palmer, Telesca, & Philabaum, 2018)","noteIndex":0},"citationItems":[{"id":124,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/2B8LEYS9"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/2B8LEYS9"],"itemData":{"id":124,"type":"article-journal","title":"Can Ternary Computing Improve Information Assurance?","container-title":"Cryptography","page":"6","volume":"2","issue":"1","author":[{"family":"Cambou","given":"Bertrand"},{"family":"Flikkema","given":"Paul"},{"family":"Palmer","given":"James"},{"family":"Telesca","given":"Donald"},{"family":"Philabaum","given":"Christopher"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Cambou, Flikkema, Palmer, Telesca, & Philabaum, 2018). It is hard for security managers to convince higher management to make investments on a new system to protect an existing system and the system is not visibly expected to add value to the business products.
Only way of harvesting maximum benefits out of security investments is to build security in business processes. It can be achieved by making security strategies a part of planning and designing phase of business plan. Adding security layers at a later stage may not be fruitful and it would be difficult to convince higher managers for considerable investments on secondary systems. Mangers of the organizations must be literate in security so that they can make an informed decision about the security needs of processes ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"wVw9Kx8i","properties":{"formattedCitation":"(Chapple, Stewart, & Gibson, 2018)","plainCitation":"(Chapple, Stewart, & Gibson, 2018)","noteIndex":0},"citationItems":[{"id":122,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/M97EKK4D"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/M97EKK4D"],"itemData":{"id":122,"type":"book","title":"(ISC) 2 CISSP Certified Information Systems Security Professional Official Study Guide","publisher":"John Wiley & Sons","ISBN":"1-119-47595-3","author":[{"family":"Chapple","given":"Mike"},{"family":"Stewart","given":"James Michael"},{"family":"Gibson","given":"Darril"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Chapple, Stewart, & Gibson, 2018). A domain-based approach will also help in development of effective security strategies. Security processes divided into domains will help organizations achieve goals of confidentiality, integrity, availability, and non-repudiation of data. Concept of information assurance maturity is being applied to the organizational processes to assess the capabilities of existing system as well as to determine the need of new systems. It is based on the levels of compliance for existing systems.
No-Compliance:
Compliance levels are based on the time slots during which a system is exposed to security threats. It is also known as the vulnerability window. A system having vulnerabilities either in hardware infrastructure or software is like a house having a locked door but with a window left opened for attackers. A vulnerability plays the role of that window in the locked home. No compliance state is state of the system during which the system. In this state there eist vulnerabilities in the system that are already exploited by the criminals and the organization has zero days left to fix these vulnerabilities.
Initial level of Compliance:
At initial level of compliance, the vulnerabilities in application or hardware systems are not fully patched. Some of the systems have no security holes at all and some of the systems have no security patch installed. It is also known as the state of partial compliance. In which some of the systems comply with the organizational security policy and some are not compliant at all.
The vulnerability is considered to be an open window for an attacker in a locked room. The lock at the door of the room will be useless if the window is left open. Therefore, it is critical for security operations teams of the organizations to close such windows immediately as soon as the vulnerability is discovered. Security operations team may need to install security patches for software products or harden the security policies according to the latest signature of the discovered vulnerability in the system. Information assurance and security maturity model deals with minimization of the vulnerability window. Vulnerability window is the time frame during which the vulnerability exists in the system to be attacked by the criminals. Minimizing this window to the possible limit is the actual practice of securing any information system.
Basic Compliance:
Basic level of compliance corresponds to a state of the system in which all of the machines are patched with available patches from vendors but there are some known issues with the operation of the system. These operational errors make the system to qualify for the basic level of compliance, but it cannot be designated as fully compliant with the organizational security policy. During the state organization may have little implementation of security procedures, policies, and systems. Information technology departments may have assigned duties, but the implementation is poor regarding the use of services.
Some organizations do not consider the interaction between the users and systems as risks. It may be due to the fact that a user may not pose any risk to the system in isolation mode. But in enterprise environments there is no or little-known isolation of systems and their corresponding users. In networked environments a large number of risks are initiated by the actions of the users. Thus, user actions are considered to be the initiation of a large-scale attack on the system. Therefore, interaction between the users and systems must be included in cyber security strategic plan of the organizations. Users of the systems are prone to social engineering attacks. Such as any employee may find a data traveler at a public place and may connect it to the system out of curiosity. That action may lead to severe consequences in case of infected device. A major cyber-attack campaign known as Stuxnet was successful due to social engineering tactics employed by the attackers.
Acceptable Compliance:
Acceptable compliance is the state of the system when all of the connected devices are patched by the central security officers and managed by the information technology departments security team. They will make sure that system have the patches installed. It is acceptable state of the system because apparently there are no threats to the system. On the other hand, there may be several vulnerabilities that are not known to local staff. Such vulnerabilities can be exploited by the criminals.
As in many studies and investigations it has been revealed that user interaction with system can pose a serious risk to overall information technology infrastructure of the organization. In many cases the user of the system goes for the easiest option to perform a complex task. In doing so the user may trigger an attack as well because going for plaintext data storage may be vulnerable to eavesdropping. There is a mindset of organizations that consider it a fault of the system designer instead of the user. They claim that it is the fault of the designer to create an easy option for performing the same job. To eradicate such problems in organizational networks there must be a culture of security among people working in organization.
It has been observed in many organizations that information technology support executives configure different passwords for different applications. They consider the move as application hardening which is not true in reality because in this way the user has to remember multiple passwords. Such passwords are changed regularly reducing the capability of user to memorize the passwords. The result is that a user may write down passwords to avoid any confusion. It is a practice that must be discouraged in anyway. Passwords must never be stored in plaintext format. To promote culture of security in organization there must be appropriate meetings between security teams and users to educate them about possible threats to information systems being used.
Full Compliance:
In this state the system is in full compliance with the information assurance strategic plan of the organization and equipped with the capabilities of halting down nay future threats to the system. The system is capable of halting down targeted attacks or at-least an early warning system to make the response effective. To make an organization fully compliant to information security policies and procedures security is managed by identifying security concerns. Security incidents are tracked in a systematic way ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"A96EorCf","properties":{"formattedCitation":"(Wahlgren, Fedotova, Musaeva, & Kowalski, 2016)","plainCitation":"(Wahlgren, Fedotova, Musaeva, & Kowalski, 2016)","noteIndex":0},"citationItems":[{"id":133,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/SBT5MJ6M"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/SBT5MJ6M"],"itemData":{"id":133,"type":"paper-conference","title":"IT Security Incidents Escalation in the Swedish Financial Sector: A Maturity Model Study.","container-title":"HAISA","page":"45-55","author":[{"family":"Wahlgren","given":"Gunnar"},{"family":"Fedotova","given":"Anna"},{"family":"Musaeva","given":"Alexandra"},{"family":"Kowalski","given":"Stewart"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Wahlgren, Fedotova, Musaeva, & Kowalski, 2016). A full compliance organization must have formal security policies and information assurance items as part of the business plan. A full compliance investigation also considers the security architecture of the organization. As the business architecture of an organization considers all external factors, a security architecture considers the interaction between the systems and their users before implementation of any new policy or procedure.
Measurements:
In information assurance and security policies metrics are used to measure and predict future trends based on the analysis of historical data collected over the years in an organization. Security metrics are designed to monitor and as a tool to get insight about the performance of security controls implemented previously. Metrics are required to be designed carefully if they are required to locate failure points and anomalies in security architecture of the organization. Metrics are collected across many different organizations because these are operational metrics without complete information of security processes ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"705mw6jV","properties":{"formattedCitation":"(Le & Hoang, 2017)","plainCitation":"(Le & Hoang, 2017)","noteIndex":0},"citationItems":[{"id":130,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/2BJMY8SY"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/2BJMY8SY"],"itemData":{"id":130,"type":"article-journal","title":"Capability Maturity Model and Metrics Framework for Cyber Cloud Security","container-title":"Scalable Computing: Practice and Experience","page":"277-290","volume":"18","issue":"4","author":[{"family":"Le","given":"Ngoc T."},{"family":"Hoang","given":"Doan B."}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Le & Hoang, 2017). It is crucial to maintain redundancy in collecting the operational metrics as an organization may not want to disclose internal information assurance and security infrastructure. On the other hand, collection of operational metrics across organization presents with a more complex and challenging problem of security risks ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"BH2t1UEt","properties":{"formattedCitation":"(Ormrod & Turnbull, 2016)","plainCitation":"(Ormrod & Turnbull, 2016)","noteIndex":0},"citationItems":[{"id":131,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/R8T4CR7L"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/R8T4CR7L"],"itemData":{"id":131,"type":"paper-conference","title":"The Military Cyber-Maturity Model: Preparing Modern Cyber-Enabled Military Forces for Future Conflicts","container-title":"11th International Conference on Cyber Warfare and Security: ICCWS2016","page":"261","author":[{"family":"Ormrod","given":"David"},{"family":"Turnbull","given":"Benjamin"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Ormrod & Turnbull, 2016). The details and properties of different operational security systems may vary during the lifecycle of the system. So, data collected for analysis at one point in time may not be appropriate for an analysis at a later point in time. Any appropriate metrics or measurement framework must be designed in a way to accept the possible changes in target as well as changes in the existing measurement security infrastructure of the organization ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"4NIA02WB","properties":{"formattedCitation":"(Savola, Savolainen, & Salonen, 2016)","plainCitation":"(Savola, Savolainen, & Salonen, 2016)","noteIndex":0},"citationItems":[{"id":132,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/ISU7TMMU"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/ISU7TMMU"],"itemData":{"id":132,"type":"paper-conference","title":"Towards security metrics-supported IP traceback","container-title":"Proccedings of the 10th European Conference on Software Architecture Workshops","publisher":"ACM","page":"32","ISBN":"1-4503-4781-9","author":[{"family":"Savola","given":"Reijo M."},{"family":"Savolainen","given":"Pekka"},{"family":"Salonen","given":"Jarno"}],"issued":{"date-parts":[["2016"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Savola, Savolainen, & Salonen, 2016).
While designing metrics for security assessment of any information technology system the researchers and security engineers must have to choose between the usability of the system and security. For example, a most secure system will be one disconnected from everything even from the power source and buried down the earth in a concrete block. That system will be incredible secure as no one can access the system and breach the information stored in the system ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"XQSVhBux","properties":{"formattedCitation":"(Jacobs, 2015b)","plainCitation":"(Jacobs, 2015b)","noteIndex":0},"citationItems":[{"id":129,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/M84WQIDA"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/M84WQIDA"],"itemData":{"id":129,"type":"book","title":"Engineering information security: The application of systems engineering concepts to achieve information assurance","publisher":"John Wiley & Sons","ISBN":"1-119-10479-3","author":[{"family":"Jacobs","given":"Stuart"}],"issued":{"date-parts":[["2015"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Jacobs, 2015b). On the other hand, the system will be the most useless system on earth because it will not be usable. If a system is so secure that it cannot be used, then there is no point in designing such a system in first place. Information assurance and capability maturity model is about finding the best suitable framework of usability and security for organizations. It helps organizations to minimize the tradeoff between security and usability of any information system. Security assurance measurements often require data aggregation from various sources. It is practical to manage or assess a complex system architecture independently. It is also not feasible because the properties of security infrastructure and implementation goals may change over time in an organization or will drastically change from one organization to the other.
Metrics in ISA-CMM:
Metrics used in capability maturity model for information security assurance are based on the principle that the thing that cannot be measured will not be managed. The principle reflects the fact that an organization must be able to measure the risks and define appropriate strategies based on the chosen metrics. Therefore, there are four stages of compliance are defined in the paper to help organizations assess their present security posture and plan improvements for future endeavors ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"l68dBCxw","properties":{"formattedCitation":"(Englbrecht, Meier, & Pernul, 2019)","plainCitation":"(Englbrecht, Meier, & Pernul, 2019)","noteIndex":0},"citationItems":[{"id":128,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/5BSJUZBS"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/5BSJUZBS"],"itemData":{"id":128,"type":"chapter","title":"Toward a Capability Maturity Model for Digital Forensic Readiness","container-title":"Innovative Computing Trends and Applications","publisher":"Springer","page":"87-97","author":[{"family":"Englbrecht","given":"Ludwig"},{"family":"Meier","given":"Stefan"},{"family":"Pernul","given":"Günther"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Englbrecht, Meier, & Pernul, 2019). These indicators of security assurance are based on the domain specific goals rather than focused on processes. They measure the aspects of structure, practices, management, and performance of the organization in terms of the security of the information being processed by the organization for business continuity. The practices involved in the paper are for the persons responsible for management of the organizational processes to draw their attention to good processes for information security.
Limitation of the Study:
It is evident by the research study that the capability maturity stages and metrics can help organizations to assess their information assurance architecture and formulate future strategies. However, the metrics may not be applicable to every possible business or process in information technology. Particular compliance stages will help organizations to formulate processes at domain level, but the qualitative approach of the model implementation may result in subjective details that may not be appropriate for a particular business. Future research may focus on quantitative metrics for information assurance of an organization based on capability maturity model.
Conclusion
Effective information assurance cannot be achieved without incorporating information assurance in the business plan and implementation phase. It must be applied to the process level to ensure the continuity of the business. Factors must be considered such as people, networks, culture, and system architecture while devising policies to protect information assets. All these factors certainly influence the effectiveness of the strategies for information assurance ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"lJyuKc8V","properties":{"formattedCitation":"(Sabillon, Serra-Ruiz, Cavaller, & Cano, 2017)","plainCitation":"(Sabillon, Serra-Ruiz, Cavaller, & Cano, 2017)","noteIndex":0},"citationItems":[{"id":"ewBlZwK5/HCYyQt1d","uris":["http://zotero.org/users/local/aGd3npCw/items/XI7YJULF"],"uri":["http://zotero.org/users/local/aGd3npCw/items/XI7YJULF"],"itemData":{"id":60,"type":"paper-conference","title":"A Comprehensive Cybersecurity Audit Model to Improve Cybersecurity Assurance: The CyberSecurity Audit Model (CSAM)","container-title":"2017 International Conference on Information Systems and Computer Science (INCISCOS)","publisher":"IEEE","page":"253-259","ISBN":"1-5386-2644-6","author":[{"family":"Sabillon","given":"Regner"},{"family":"Serra-Ruiz","given":"Jordi"},{"family":"Cavaller","given":"Victor"},{"family":"Cano","given":"Jeimy"}],"issued":{"date-parts":[["2017"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Sabillon, Serra-Ruiz, Cavaller, & Cano, 2017). Later investments in the information security model may not yield the expected benefits. As legacy systems may not accept the latest technologies and limitations associated with human factor must also be considered. All these obstacles and vulnerability windows can be minimized by following the information assurance maturity model by the organizations ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"ABL9Yqce","properties":{"formattedCitation":"(Kisekka & Giboney, 2018)","plainCitation":"(Kisekka & Giboney, 2018)","noteIndex":0},"citationItems":[{"id":123,"uris":["http://zotero.org/users/local/Ugrd7iAF/items/CDCBYK5G"],"uri":["http://zotero.org/users/local/Ugrd7iAF/items/CDCBYK5G"],"itemData":{"id":123,"type":"article-journal","title":"The effectiveness of health care information technologies: evaluation of trust, security beliefs, and privacy as determinants of health care outcomes","container-title":"Journal of medical Internet research","volume":"20","issue":"4","author":[{"family":"Kisekka","given":"Victoria"},{"family":"Giboney","given":"Justin Scott"}],"issued":{"date-parts":[["2018"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Kisekka & Giboney, 2018). Depending on the complexity and level of sophistication associated with modern cyber-attacks such as code obfuscation there is no silver bullet to rule all the attacks out of the organization. Therefore, information assurance must be a part of the business plan and exactly coherent to the business goals of the organization.
References
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Abraham, A., Dutta, P., Mandal, J. K., Bhattacharya, A., & Dutta, S. (2018). Emerging Technologies in Data Mining and Information Security. Proceedings of IEMIS, 2.
Bozkus Kahyaoglu, S., & Caliyurt, K. (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal, 33(4), 360–376.
Cambou, B., Flikkema, P., Palmer, J., Telesca, D., & Philabaum, C. (2018). Can Ternary Computing Improve Information Assurance? Cryptography, 2(1), 6.
Chapple, M., Stewart, J. M., & Gibson, D. (2018). (ISC) 2 CISSP Certified Information Systems Security Professional Official Study Guide. John Wiley & Sons.
Duncan, B., & Whittington, M. (2014). Compliance with standards, assurance and audit: does this equal security? Proceedings of the 7th International Conference on Security of Information and Networks, 77. ACM.
Englbrecht, L., Meier, S., & Pernul, G. (2019). Toward a Capability Maturity Model for Digital Forensic Readiness. In Innovative Computing Trends and Applications (pp. 87–97). Springer.
Jacobs, S. (2015a). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons.
Jacobs, S. (2015b). Engineering information security: The application of systems engineering concepts to achieve information assurance. John Wiley & Sons.
Kisekka, V., & Giboney, J. S. (2018). The effectiveness of health care information technologies: evaluation of trust, security beliefs, and privacy as determinants of health care outcomes. Journal of Medical Internet Research, 20(4).
Le, N. T., & Hoang, D. B. (2017). Capability Maturity Model and Metrics Framework for Cyber Cloud Security. Scalable Computing: Practice and Experience, 18(4), 277–290.
Ormrod, D., & Turnbull, B. (2016). The Military Cyber-Maturity Model: Preparing Modern Cyber-Enabled Military Forces for Future Conflicts. 11th International Conference on Cyber Warfare and Security: ICCWS2016, 261.
Sabillon, R., Serra-Ruiz, J., Cavaller, V., & Cano, J. (2017). A Comprehensive Cybersecurity Audit Model to Improve Cybersecurity Assurance: The CyberSecurity Audit Model (CSAM). 2017 International Conference on Information Systems and Computer Science (INCISCOS), 253–259. IEEE.
Savola, R. M., Savolainen, P., & Salonen, J. (2016). Towards security metrics-supported IP traceback. Proccedings of the 10th European Conference on Software Architecture Workshops, 32. ACM.
Wahlgren, G., Fedotova, A., Musaeva, A., & Kowalski, S. (2016). IT Security Incidents Escalation in the Swedish Financial Sector: A Maturity Model Study. HAISA, 45–55.
Subject: IT
Pages: 21 Words: 6300
Research Proposal
Your Name
Institution
Wi-Fi Network Proposal
This document is in response to the winning a bid for installing a new wireless network for AROD (not an actual company). In this project, we would like to provide an ideal solution for our new partner as per their requirements. Our main task is to install a wireless network throughout the town in the offices of AROD and also in the public areas. The company will sell the internet to its customers through a wireless network.
The wireless system would be installed through the small town of ABC and it will almost cover the residential and commercial area of the town. The Wi-Fi will provide a high-speed connection to the consumers at the cost suggested by the company. To make this project possible, Cisco Meraki hardware will be used. In addition, analytic wireless software will be used. Company is planning to get a good return on its investment in a period of two years.
Requirements
Requirements for the installing wireless network throughout the town are given below.
The access points should comply with network security standards.
Access points should be able to provide at least 100Mb/s speed.
Client (AROD) should be able to manage bandwidth on each access point.
Only authorized personnel should be able to configure access points.
Diverse data routing shall be achieved by each access points
The wireless network should be able to access within 500m meter at each access point without dropping signal.
The network should have the ability to blacklist devices.
Access points should be suitable for outdoor conditions
Equipment should have the capability to operate 24/ 7
The company should also provide after-sales services which include maintenance and fixing faults, within 24 hours prior to complain.
Secure Network
Secure Metropolitan Area Network (MAN) will be used for this project. MAN can interconnect many servers and network equipment. Different Local Area Networks (LANs) are interconnected to form a web of a network CITATION RLG02 \l 1033 (RL Geiger, 2002). Various firewalls are also installed for securing the network from an external breach. Example of secure LAN, which will be a part of a bigger MAN is shown in the picture below CITATION MSm02 \l 1033 (Smith, 2002).
035052000
These requirements can help in understanding the size and scope of the project. Company has asked for 40 access points within the town, Access points are responsible for access between users. Secured high ranged LAN and WLAN routers will be used for this project. Company will decide their location, as they have to get the permit form the government
Additional security measures
Security risks associated with the network are shutting down of a system, and loss of sensitive data. These losses can be caused by computer viruses, rogue security software, Trojan horse, adware or spyware, network worm, DDoS attack, Rootkit, and SQL Injection attack CITATION ASK06 \l 1033 (ASK Pathan, 2006).
To address all security threats and concerns, we have to search for weak spots within the network. Our skilled workforce has experience in searching the weak spots within the network, they also have technical skills and expertise over network security tools. We will take the following key actions to prevent any internal or external cyber-attacks.
We understand common attacks. And we have good knowledge of cyber-attacks which targets weak network.
We will establish a list of potential vulnerabilities, and look for anything suspicious or unknown to the network (after sales services)
Use vulnerability and network scanning tool (after sales)
In case of an attack, we have the ability to access the risk and we will be able to take reliable actions in such events.
Cost
The cost of the project, including network equipment and installation, is given in the below table. Servers are not included in the cost, the company already have old servers from its old cite. These old servers are moved to this town by the company, and they will be used in our project.
SR. No.
Product
Description
Qty
Unit Cost
Total Cost
1.
MR72-HW
Meraki MR72 Cloud Managed AP
144
$ 1,021.24
$ 147,058.93
2.
MA-ANT-20
Meraki Dual-band Omni Antennae
288
$ 127.10
$ 36,603.71
3.
MS220-8P-HW
Meraki MS220-8P L2 Cloud Managed 8 Port GigE 124W PoE Switch
40
$ 801.36
$ 32,054.40
4.
MA-PWR-CORD-USA
Meraki AC Power Cord for MX and
40
$ 17.64
$ 705.60
5.
LIC-MS420-48-3YR
Meraki MS420-48 Enterprise License and Support, 3 Year
1
$ 1,697.22
$ 1,697.22
6.
MS420-48-HW
Meraki MS420-48 L3 Cloud Managed 48 port SFP+ Aggregation Switch
1
$ 25,288.20
$ 25,288.20
7.
LIC-MS220-8P-3YR
Meraki MS220-8P Enterprise License and Support, 3 Year
1
$ 52.92
$ 52.92
8.
LIC-ENT-3YR
Meraki MR Enterprise License, 3 Years
144
$ 191.52
$ 27,578.88
9.
M500XTM3
WatchGuard Firewall M500 XTM 3 Year Bundle
1
$ 12,594.96
$ 12,594.96
10.
PM
Project Management Services
12
$ 1,008.00
$ 12,096.00
11.
PS
Professional Services - Configuration / Install
16
$ 945.00
$ 15,120.00
12.
Miscellaneous
$ 39,149.18
13.
Total
$ 350,000.00
The total cost of the project will be 350,000 USD. Company will have to spend extra for the marketing of its internet services and establishing their offices within the town. Although marketing and construction of its offices is not our field, we have to provide the company with a secure Wi-Fi network which has the ability to support at least 5000 customers. If the company spend additional 100,000 dollars for its marketing and building offices, the total cost of the project would become 450,000 dollars. The payback period of this project will be 2.1 years if the company is able to get 700 customers after the completion of this project. We have done an economic and financial analysis of the project to get this result as a goodwill gesture.
References
BIBLIOGRAPHY ASK Pathan, H. L. (2006). Security in wireless sensor networks: issues and challenges. IEEE.
RL Geiger, J. L. (2002). Secure wireless electronic-commerce system with wireless network domain. Google Patents.
Smith, M. (2002). Multilevel secure network access system. Google Patents.
Subject: IT
Pages: 3 Words: 900
More Subjects
