Written project plan
CIS 499: IS Capstone
September 5, 2018
ABC Corporation is a multi-million-dollar company, which is in the business of data collection and analytics. This company have been operating since past two years and looking at their current workflow and is expected to grow by 60% over the period of next year and a half. Since the company is collecting data from their users to facilitate their workflow it is their greatest assets, which in accordance to the regulatory requirements, are being secured with the various technology and protocols in place.
The scope of this project would be to successfully completion of the identified and assigned tasks by the leadership and project managers while taking deadlines, goals and costs into he count. The objective of this project is to create an information system which is user friendly and can be used by the clients. Since this company is into the collection and analytics of the data, the systems created will able to gather requirements, design the system and deliver to the clients in the timely manner.
Controlling the organizational scope.
Scope creep is something every project manager should be aware of and always be ready to mitigate it because when the project goes away from its bottom line it not only takes more time than allocated but also tends to use all the resources available which in turn will be short for the rest of the project. It also cost more money to the stakeholders and it could be hard to gain that financial loss back when project is in operations. There are many ways to control project from moving away from its scope. Project manager can create a Gantt chart which will record all activities that needs to be completed with the time each activity will take. This can identify when a project is moving away from its scope and project managers will be able to mitigate such tasks.
Risks, constraints, and assumptions.
When determining the scope of the project, project managers make a note of all activities which are needed to successful completion of the project. But all these plans are made on the assumptions of certain things such as weather. Weather is the biggest constraint for the project managers of any project because there are certain project which should not be conducted in certain kinds of whether such as drawing electrical lines from the building to the pole should be avoided when working during raining days. This type of task can set back the project for hours, days or weeks depending on the weather. The potential risk of this project is unable to implement good antivirus software to protect data. Another potential risk is not implementing adequate access control to access data on the data servers. This can result in unwanted breach whether it is intentionally or unintentionally. Another risk is that project mangers will be unable to meet the project deadline on time which may cost stakeholders more money. The more time it takes for a project to finish it may also compromise the quality of the project due to engagement of their employees.
XYZ Corporation have integrated new technologies such as cloud computing and hosted solutions within their IT infrastructure. They purchase their software from the vendors and installs it at the data center where virtual servers are being setup by the database administrators. The data which is being stored within that database are being secured through backups and RAID 5 redundancy. They also have implemented cloud computing within their infrastructure which enables more security.
As the company have their own analytics services which helps them to grow their business, they are outsourcing certain services which can be affordable and cost effective. Some services in the department of the pharmacy are being outsourced such as repackaging fast movers bulk medications and the oral unit dose liquids. These medications are being outsourced through Safeco & Company. They also outsource legal services through certain legal firms so that they can utilize their resources towards more technologically capable individuals who can help mitigate issues which may cause legal action such as protecting their IT network, strict access control to the systems being used within the facility, maintaining confidentiality and integrity of the information which is being stored on company’s cloud servers. While company outsource activities which can be cost effective to the organization they also off shore certain things. As it is known that many eastern countries are the major importers of the technology as far as developing and building is concerns as it is cheaper to get those kinds of services on the other side of the globe. This company is offshoring equipment’s used in imaging department from China and the software which is being used in it is being imported from India. The services for these machines such as upgrading, updating and patching are also being off shore through India as well.
Resources are the key assets which are required for successful completion of the project. Such resources can include money, materials, staff, and other assets which can be identified by the project managers for effective function throughout the project. Out of all the resources identified money, staffing and materials are the essential parts of the project because without money there will be staffing and without staffing and resources the project will not come to an end. Staffing should also consist of the essential personnel who can help project mangers bring this project a success. Such staff could be engineers, software developers, project managers and coordinators, etc.
Data is the building block of any organization who deals with customers and collets their personal and financial information data and process it. Organization adopt this method because they want to serve their customer a better quality of customer service and retain their business for the long term. By processing collected information, organizations extract useful information from every customer data such as what type of product they purchase on the regular basis, which product sells the most from the shelves, number of specific products sold to the customers in certain period of time. All this data information gives organization a valuable information about the trend of specifics about their merchandise. This type of information also allows organization to predict future of the organization as data warehouse can generate report of products kept on hand and products being sold. This is sometimes also referred to as a “Big Data”. This is a fancy term given to the collection of the data stored in the database.
Big data allows leadership to examine collected data from the customers and reveal patterns and correlations and other insights of the data. Building data warehouse for a large-scale company is the challenging task but with the proper planning and experienced team it can be done successfully. There are four best practices which leadership can adapt to successfully implement data warehouse in their company. These four practices are top-down approach, bottom-up approach, hybrid approach and federated approach. There are advantages and disadvantages of adapting either of the approaches. It is dependable on the organization and their workflow which is the suitable solution for their problem. Top down approach allows to visualize the data which are collected from multiple sources and able to deploy to the systems below such as data mart, which is more normalized system. The main benefit of using top down approach is that it provides an integrated, flexible architecture which is capable of supporting a downstream data structure. It also allows to focus on the big picture and how the economic factors can affect market price. As there are advantages there are also disadvantages of adapting this approach for developing data warehouse. Top down approach discourages leadership in many areas due to the involved high cost with long term implementations. They have to analyze all resources and bring them in the together to work as one unit. It may be very likely that many of the resources may not be available at the time of the meetings which keeps all team members on different pages of the cycle. When working with different sub departments it may be less likely to foresee their specific requests which can bring the project to the temporary halt or it may be the possibility that the project may be experiencing any scope creep. Another disadvantage is that since the project managers could not be able to visualize the final product of the project it may be hard for the users to validate the projects workability and may lose their trust in the management. The bottom-up approach is just the opposite of top-down approach in which data warehouses are built incrementally and many data marts are created, iteratively. This approach is almost the same as the waterfall methodology where the previous process needs to be completed before moving forward which also gives a clear perspective of the future needs as well.
Schema defines the data structure of the database of the company. It will include the tables and the relationships between each table. For this company such schema includes supplier, product, client, shop, delivery, brand, client group, sales, time, country, region and city. Each of the entities or tables will include attributes which can further define the purpose of the entity in the ERD relationships. Also, each table will be uniquely defining its purpose such as:
Supplier – it will identify all suppliers to the company and its information
Product – this will identify the types of product being kept at the location.
Client – this will identify all the clientele which uses this company as their shopping resource.
Delivery – this will identify whether or not this company delivers to the customers based on their location
Brand – this entity identifies all the branded items this company stores for their customers.
Client group – this will identify and group similar clients together so that it is easier to store their information and extract it when needed.
Sales – This is an entity which keeps the record of the sales conducted at this location.
Country, region and city – these field identify the location of the clients.
Business is way of life now a days for many industries across the globe and it is seen in almost every profession, organization, companies out there whether it is owned by government or privately. Every industry collects some kind of data from their customers, patients or clients which they use to predict the future of the business and improve their services, which is also called data analysis. By processing collected information, organizations extract useful information from every customer data such as what type of product they purchase on the regular basis, which product sells the most from the shelves, number of specific products sold to the customers in certain period of time. All this data information gives organization a valuable information about the trend of specifics about their merchandise. This type of information also allows organization to predict future of the organization as data warehouse can generate report of products kept on hand and products being sold. This is sometimes also referred to as a “Big Data”. This is a fancy term given to the collection of the data stored in the database.
Data analysis allows leadership to examine collected data from the customers and reveal patterns and correlations and other insights of the data. Since there are many competitors for the same products it is challenging and very crucial for the manufacturers and wholesalers to identify what the customers are purchasing online the most? By what quantity they are purchasing? Analytics is the most important aspect of conducting business now a days because it is essential for the leadership to understand what their customers prefers to purchase or what kind of services they like to receive, if in the hospital or hospitality settings. These helps them make financial and operational decisions. Financial is because they have to evaluate how much they have to invest into the new endeavor to gain more customers and whether or not it will be feasible for their investment to return with profits. If they lack on implementing this service then they will have to understanding on what their customers needs are, what their competitors are up to and what kind of services they are providing to their customers. In short, businesses without analytics services are prone to losing business. It is kind of like running business in dark without any proper way to follow to the destination.
As much as data analytics is necessary in today’s businesses it also requires given organization to invest in the physical storage system such as physical servers, cabling such as cat 5 or cat 6 wires which will require to have a specific location to store these devices. Organizations also have to think about the disaster they experience where they are located such as Florida is prone to experience hurricanes every year, mid-west can experience tornadoes, etc. Due to this organizations have to think about the secondary location for the backup servers so that when there is a downtime secondary location is readily available to take over without customers experiencing delays in services. This can be a huge risk for some organizations because when customers do not have service it can discourage them which may result in losing customers. The better solution to this problem Infrastructure as a Service (IaaS). This helps support virtual servers which helps organizations store their customers information instead of investing in the physical location. Many cloud providers also provide redundancy so that customers do not experience any delays in the connection which gives organizations some time to fix the issue.
Use of analytics and cloud technology has also led to better upgradeability. Maintaining a
single PC with all constant security patches and updates is a time-consuming task, hence keeping thousands of current users is also a tedious job. The larger the business company, the more money, and time spent. With the cloud computing, the business organization no longer has to spend a lot of time to update servers and can now use that time concentrating on achieving the business goals and moving the business forward. There is also increased safety. One of the major obstacles to the cloud is the security issue. Business organizations require their data and operations to be secure which involves concern for data of the customer complying with various regulatory regimes. Cloud providers have specialization and large economies of scale that guarantee a very high level of security. Providers can also build clouds with security best practices provided to the system from the beginning that includes core cloud platform to processes that are put in place, and their monitoring systems.
There is always a security concern when dealing with data. Because there are many governing industries which overlook at the customer data and have ramifications for organization who fail to follow the guidelines. These consequences can be devastating for their reputation in the community and within the social group. It can also create trust issue which may take a very long time to gain the faithful trust back from the clients, and business partners. Implementing cloud services within the organization they immediately mitigate such issue because in the traditional business environment data gathered from customers are stored in the physical layer of the OSI model which is hard drive or physical servers. When these devices are stolen or are not properly encrypted companies can face legal consequences just like when Blue Cross Blue Shield of Tennessee had to pay more $ 1.5 million dollars to depart of Health and Human Services because they failed to encrypt their hard drives in which all their patient’s information were stored which was stolen from their warehouse. CITATION Mon12 l 1033 (Monegain, 2012) With the cloud services where the servers are located in the remote location, if self-owned by the organization, or in the different geographical location, if owned by the third party. This mitigate the risk of losing data or even getting onto hands of someone who can exploit the information.
From the evolution of internet every major and smaller organization have been utilizing it to introduce their business to the world. As many organizations are adapting to these new technologies it is imperative for them to recognize the bad side of it. They have to evaluate how they will be accessing controls to their employees and assign proper rights to them so that they will have adequate access to perform daily tasks as assigned. For any growing organization information security infrastructure becomes tedious task and should be their top most priority. As ABC technologies will be expanding their business in next couple of years, reorganizing their network topology and security considerations should also be top priority. It is feasible to implement, for organization this big, a ring topology as this provides redundancy of storing data which allows organization and end users to experience less downtime. As this company is expecting to grow in next few years it is also feasible to design network which also allows them to be scalable in near future when the business picks up. This will also allow them to implement additional hardware without any difficulties.
Network architecture is the high-level, end-to-end structure for the network. This includes the relationships within and between major architectural components of the network, such as addressing and routing, network management, performance, and security. Determining the network architecture is the next part of the process of developing our network, and is, as we will see, key in integrating requirements and flows into the structure of a network. ABC technologies currently employs 20 personnel with four of us performing as the dedicated IT staff. The 20 users have terminals with Windows 10 professional and are set up in a workgroup all on the same subnet. This was manageable for a small group, but revamp needed with an expansion. When any organizations expand their business to grow it is also recommended that they upgrade their current technologies to support growing business. They will need more hard drive space since they will also be collecting more customers data on daily basis. They will also need to implement extra servers to support their need. For being cost effective it is better to adapt cloud based server services.
Current infrastructure based on a hybrid topology with a server-based network will have three server racks in the server room on the first floor each with 10 TB of storage. Since this business is anticipated to increase nearly 20% per year, and for them to maintain their business for next 10 years they will need to upgrade their storage devices to 100 TB. At the main site, we currently have one physical Hyper-V hosts that can host approximately one hundred twenty virtual machines. Hyper-V is a type of hypervisor, which is able to create virtual machines on certain systems running Windows. The servers needed to host email, various databases, file services, print services, and our business intelligence application. The virtual machines are stored in the server room and use a redundant array of independent disks (RAID).We utilize remote desktop to configure and maintain them from our Corporate office. To avoid slowdowns or loss of systems resources we can use a failover cluster with Network Load Balancing to implement a high availability technology on a managed budget. The Windows Server 2012 failover clustering feature designed to minimize the amount of downtime of critical backend services and applications. We can take the virtual machines, or VMs, themselves and put them into a failover cluster. It is called guest clustering which makes the VM services even more available. Since speed and reliability are important considerations, we will stack the clusters in layers so we can create a level of high-availability and resilience. Each essential application can clustered into four nodes adding better performance along with fault tolerance to our infrastructure. A failover cluster requires at least two networked physical servers, or one physical server for each node you want in the cluster up to a maximum of 64. For clustering, hardware needs to certify to work with Windows Server and recommends that hardware for each one of the servers is identical.
Security is one of the top concern for this organization because they are collecting information from their customer to provide better customer service to them. Customer’s information must be treated as a confidential information and therefore, they should invest in better technologies/equipment to do the job. Therefore, implementing new systems based on Confidentiality, Integrity and Accountability is inevitable. When such information not handled in proper manner company can involve themselves in some legal turmoil. Depending on the organization, there are different governing bodies who are responsible to layout rules and regulations that are to follow by the end users without legal ramifications. For example, HIPAA governs organizations such as hospitals and if the hospital is a teaching hospital then they are also legally bind to FERPA laws as well since they also store student’s information on site or on their cloud services. Security administrator can implement certain safeguards to mitigate issues regarding to breach. They can properly implement physical, technical and administrative safeguard. Physical safeguard is where employees have to use some kind of identification to scan themselves into the secured areas. This can be the badge, their fingerprints or even retina scans. For physical safeguard, they can also implement CCTV camera, which can capture every move around the parameter. For technical safeguard, administrators can allow access to the systems to certain people who can be trusted using it and have formal and prior knowledge handing the information within it.
At the current facility, there are three computers, one data server, one server printer, two access points, one firewall and one router that connects to the firewall to the internet. Since the company will be experiencing growth in the near future, it is necessary to update the current systems to support the new workflow and necessities. The update system will have two firewalls. One router is connected to the router supporting third parties and another will be supporting WAN network. The same firewall will also be connected to the IPS/IDS system following to the server room.
When handling customers confidential data ethics play keen role among all employees working with their data. It is the responsibility of employee not to exploit customer’s confidential information for their personal gain, which can result into legal action from the management and possibly from the customers. Therefore, management should also restrict to certain employees who can have access to customer’s confidential information. Management team should also evaluate how they should grant access to their employee who are accessing customer’s data. There are many ways this is accomplished such as DAC – Discretionary Access Control, MAC – Mandatory Access Control and rBAC – role Based Access Control. It is just matter of which should management choose to provide access to their employee. Often times when contractors are hired they are assigned under role based access control because it is very specific type where employee would have access to information which they should have access to do their job. But when it comes to their full time or permanent employees they may categorized under MAC because there are certain access they will need to do their job as manager can ask their employees to go above and beyond to do the job which may also require to have additional access to it.
Planned Physical diagram
Source: Microsoft Power BI.
Cloud services are on rise for many advantages they provide against the traditional storage systems like physical servers. Although both systems provide same output to the end users but increases maintenance aspect for the technical team. When implementing cloud technology it is imperative to consider the security aspect of it because unlike physical servers it is impossible to track who accessed the data from the server because there are surveillance camera around the physical server sites but its not the same with the cloud technology since it is located virtually. The only way to protect the data within the cloud servers is to grant access to the people who is really intended to use the information stored within it properly. This way it can be tracked who have logged into the system and at what time.