Assignment on Network Management
In world, technology is changing the lives of people who are directly involved in the business. The business structure, unlike the previous era, keeps on changing because of more number of people are communicating with each with the help of technology and number of the resource are available. The information can be accessed from any part of the world so this is one of the important factors that changes business. When new technology is implied in the place customer are moving towards the change whereas it is not so easy for the business to move towards the change as quickly as the customer. This is because the business should have a future prediction of how loyal the customer will be to a single particular. It is very difficult to predict these changes. Now the business is stuck with the environment so that they could not move towards the change so they don’t have the capital to make the changes for the business and some of the top companies afraid of the investment so that it could end up in loss. Now, in 2019 companies are getting the market pressure and moving to the compromise state with the customer.
In the case study, we can see that the business of Fencing limited wants to move towards business change their requirements that are mentioned in the case study. It is to help their business by moving to online so that the company can make it in a more structured way and they can easily prepare for any oncoming demand and they can maintain the supply and they don’t require the stock to be piled in the warehouse. Fencing limited wants to sell things where customer is ready to pay for what they want to adapt to change.
1.1 PROJECT BACKGROUND OF THE COMPANY
Fencing limited is multi-site business with 250 people so they are focusing on fencing supplies for mining and other construction companies as they serve companies mostly in Australia. The products are imported from China. They are like to move from the off-line place to online company where they can support the people through a structured manner. They have 100 people who are working as customer care people and 50 people who are ready to close the sales after the customer has agreed from outbound calls from the call centre. The companies see the organization standard like structuring and making the information available to all the people who are working the companies is taking time. For example, the sales team is going to the place of the customer to finish the deal. They feel that companies must move from offline sales to online sales. They are seeking help to find a solution to make the sales happen online, instead of having the sales offline. If all the stock can be monitored online then the company can predict when to spend money on the inventory. This information will be needed for the other department which depends on these numbers like the accounts department and business analyst.
1.2 PROJECT SCOPE
The scope of the project is making a network and security plan for Fencing limited and securing the data where nobody from the outside can view the company’s assets.
1.3 PROJECT GOAL
The network and security plan is needed for the people to make changes to the existing working environment. Not only to achieve this network infrastructure the companies depends on the security of the network and as well the giving the people insights about the business sales and the system should improve the standards and support to the customers.
1.4 STRATEGIC ALIGNMENT OF PROJECT
The project for Fencing limited is organized by forming a network plan for the existing infrastructure of the company. Then the company needs to move the data in the cloud or the server in the company. After the data is moved the company needs to bring the sales and support online by developing a website application and secure it with an SSL. The web application must support the vendors and another employee in the company by giving correct information about the sales and the inventory details by parallel maintaining security.
2. NETWORK SECURITY
The company assets are employees and data. If the company gives the position of whoever can access these resources then the company will lose the competition in the market so our networking plan must cover all the possible ways that can keep the data more secured. There has been the huge number of the case from top companies like sony, goldmansachman data have been stolen in the recent times so saving the data is much needed nowadays because data security has not become a profession. Employee data should be used properly and should not go too wrong hands. Keeping all these in mind we are here to set up the network with proper firewall for the website server so that we can stop from any attacks happening to the company. Then not only the company have to be protected by the employees who are outside the network. There are employees in the company who may try to expose the data knowing or unknowingly. We are supposed to places ACL (Access control list) to the network so that people will have the correct permission access to the theses data. For example, HR Department should not have access to the accounts department details in the company. After deploying the ACL in the company we also to check for the people who are coming in the office who bring their own laptop that system should not be allowed easily in the network because they might have Trojan horse or any other malware that might be infected in the Laptop with the help of the Security check in the network through network scanner and proper antivirus that should be deployed over the network in the each server. Through this way, the system and data can be protected. It is always better to have a backup server. The server technologies are used in the backup of data like mirroring the disk in the remote region for securing the data. For example, if the data from one place is lost then it can be recovered easily by the data backup (Marquardt, Desai, Joyce and Whiteman 2019).
3. ACCESS CONTROL AND AUTHENTICATION
Access control is a technique that is used for securing sensitive information and gives permission based on the type of users. It is generally used in all the type of organization in order to reduce the possibility of risk and to improve security. Access control can be classified into two types namely physical Access Control and logical Access Control. Physical Access Control is implemented in certain campus, rooms and buildings. Logical Access Control is implemented in the overall network, large system files and huge data. In order to secure the organizations information, employee details, audit and other information should be secured using an access control system. With these restrictions, the sensitive data will be secured and alarms will be used to prevent unauthorized access (Gardiner and Canzi 2019).
Access Control performs both the operation such as authentication and authorization users by evaluating the login credentials such as Personal Identification Numbers(PINs), strong passwords and biometric authentication. Many factors are used for authenticating the system for Multifactor authentication.
When the user tries to gain access to the system, they should be an authorized system. with the user's credentials, the user will try to log in the system so access control list will verify whether the user is the authorized or unauthorized user. For securing the directory services and security protocols, Local Directory Access protocol and Security Assertion Markup language are used for authenticating and authorizing the user for connecting to the web servers. For Fencing limited, logical access control should be used for authorizing the employee data and customers sensitive information.
Authentication and authorization will be similar in terms of computer system and network system. Suppose if the customer signs in to the online website, they will use their ID and password. The login credentials will be authenticated using the software. The authentication process will be different and they depend on the organization requirements. Some of the organization will have two-way authentication and biometric authentication. After authentication, the user will have access to view the information. For example, customers can view only the ifnoramtion related to the product but employee can view the sales and order details. The information access will be given based on the users.
4. BUSINESS CONTINUITY
A business continuity plan is the process of creating the prevention and recovery system from potential threats. This plan will help to protect the assets and to recover from any threats very quickly. It will define all the possible risk that will affect the process of the organization. Risk such as cyber-attacks or any natural disasters will be included in the business continuity plan. When any risk is identified then the business continuity plan should be implemented. Business Continuity Plan includes the following steps (Pavlov, Ivanov, Pavlov and Slinko 2019):
- Determine the risk effects in the organization
- Implement risk mitigation procedures
- Test the mitigation procedures whether the operation is executed or not.
- Review the process, whether is updated or not.
BCP is very important for all type of business. With some threats there will be a huge loss to the organization and the company could not claim any insurance because all the cost will not be included. BCP is used to help the organization to prevent it from disasters. It is different from the disaster recovery plan because BCP will focus on recovering the IT system of an organization.
Fencing company is new to upgrade their organization into online business so they need to have some business continuity plan in order to recovery from the potential threats. Also, this will be applicable only small to medium-size enterprises (Pavlov, Ivanov, Pavlov and Slinko 2019).
The following steps should be followed to develop a BCP for fencing limited.
Step 1: identify the functions and resources that are sensitive.
Step 2: identify the steps to recover the functionality of the business.
Step 3: A team should be created in order to develop the BCP to recover the business functionality.
Step 4: Training should be given to the team and they should be tested whether they are capable to be in the continuity team.
The checklist should be prepared whether the BCP is useful for the companies where it should contain emergency information, resources needed by the continuity team also backup data should be stored. Not only the continuity team should be tested but BCP should be tested. Continuity plan should be tested many times for ensuring whether it can be suitable for all type of risk scenarios. This will show whether there is any weakness or it could not be applied to any risk scenarios so that it will be changed according to it (Pavlov, Ivanov, Pavlov and Slinko 2019).
5. RISK MANAGEMENT
Risk management is used to identify, assess and control the threats that occur in the organization which will affect the profit. The threat may be from internal intruders or external intruders. Internal intruders are those who are within the organization and steal sensitive information and send it to the competitive organization. External intruders are those who are hacking the information outside the organization. For mitigating these risk, risk management strategy should be used. As an outcome, a risk management plan should be created for identifying and mitigating it (Adafin, Rotimi & Wilkinson 2019).
The risk management plan includes the following procedures (McMurray, Cross and Caponecchia 2019):
- Identifying the risk
- Analyzing the risk
- Evaluating the risk
- Mitigating the risk and
- Monitoring the risk
Identifying the risk
Using this method, the possible risk that will be influenced by the organization will be identified.
Analyzing the risk
After identifying the risk, it will be analyzed based on their harmful towards the organization. The aim of the risk analysis is to understand the risk information and how they will influence the goal of the organisation.
Evaluating the risk
After analyzing the risk it will be evaluated for knowing the likelihood of the risk. Likelihood can be categorized under low, medium and high. if the risk does not affect the organization more then it will be a low likelihood. If the risk will affect the organization then it can be mitigated is said to be a medium likelihood. If the risk will affect the organization that results in the drastic change in the organization then it will be considered as high likelihood. Based on the likelihood the decision will be made for accepting or avoiding the risk.
Mitigating the risk
Based on the evaluation of risk, mitigation will be carried out. The likelihood will be listed in the evaluation step based on that the risk should be mitigated Risk mitigation plan includes contingency plans and risk prevention methods.
Monitoring the risk
Monitoring the risk includes the mitigation plan. When the risk is identified by monitoring the process then it will be easy for mitigating it.
Fencing limited wants to move their business online where the customers, employees can access based on their role. They have some requirements while migrating their business i.e owner do not have much knowledge on it so he should know whether this type of migration will be secure over the internet and what are the steps that should be taken during the implementation. As an information system manager, I have given the detailed information about the strategic alignment, network security, access control mechanism, authentication mechanism, Business continuity plan and risk management plan. They want to move their business in a structured way so that they will maintain and manage the process online not a manual method. All the solutions are given based on the requirements of the company. it should be followed to maintain the organization without loss and risk.
It is recommended to use access control and authentication mechanism for securing the information in the organization. When the access is controlled then the information will be secured so that it will be very easy to identify when any risk occurs. Suppose if any risk is identified it should be recovered so that there should be an initial plan to recover the risk. For that business continuity plan should be conducted. When BCP is created then it will provide the way to recover the risk. It is created by the separate team in the organization where they should know all the risk should be rectified using this plan so BCP should be tested in all risk aspects. The risk management plan should be created when there is an uncertain risk. Steps such as risk identification, analysis, evaluation, mitigation and monitoring should be performed for identifying and recovering the risk. Before implemented any new system in the organization, they should be evaluated for its risk and security. Since all the information is related to the customers and the employee they should be secured in a perfect way. Some protocols are recommended to secure the information that is transferred in the network. In order to secure the network and security of the organization access control and authentication, Business continuity plan and Risk management plan should be managed and created perfectly.
Adafin, J., Rotimi, J.O. and Wilkinson, S., 2019. Risk impact assessments in project budget development: quantity surveyors' perspectives. International Journal of Construction Management, pp.1-16.
Gardiner, M. and Canzi, A., Tactilis Pte Ltd, 2019. System and method for selectively initiating biometric authentication for enhanced security of access control transactions. U.S. Patent Application 10/229,408.
Marquardt, E., Desai, V.K., Joyce, P.J. and Whiteman, B., Accenture Global Solutions Ltd, 2019. Network security analysis system. U.S. Patent Application 10/305,924.
McMurray, A., Cross, J. and Caponecchia, C., 2019. The Risk Management Profession in Australia: Business Continuity Plan Practices. In Emergency and Disaster Management: Concepts, Methodologies, Tools, and Applications (pp. 486-499). IGI Global.
Pavlov, A., Ivanov, D., Pavlov, D. and Slinko, A., 2019. Optimization of network redundancy and contingency planning in sustainable and resilient supply chain resource management under conditions of structural dynamics. Annals of Operations Research, pp.1-30.