Goals and objectives Our goals subject themselves to technology that are very direct when considering information security, showcasing specific objectives that conforms to a more secure platform that is different, yet similar to what Judder Fine Foods development team is milliamp with; exercising an advanced and cost effective methodology that is needed to efficiently secure data during and after the implementation of its new customer loyalty program. We aim to intelligently convey the vast significance of properly securing sensitive data, the importance of following policies and procedures that conform to security risk and mitigation methods.
Our ultimate objective is to put in place a thorough information security system, which substantially and effectively reduces threats and vulnerabilities to all Kidder’s electronic information. Platform change An analysis of the current network infrastructure and software installations indicates that Judder Fine Foods is in need of an information system remediation. Client workstations and point of sale terminals are either running Windows XP or the NCR point of sale operating system.
The information security task assigned to us requires that any change that is considered by the development team must begin with the SO platform, which must subject itself to very real and tangible guidelines that are dependent on information security standards, policies and procedures that reinforce he new platform on which Judder will construct it’s customer loyalty program. With the proliferation of malicious software, viruses, worms and other intrusive brute force application, Tanat are specifically launched gallant ten wallows oases platform quite frequently, it has become more obvious and evident that change is mandatory.
Judder Fine Food must acknowledge the high risk dangers associated with windows based platforms, then take immediate steps to change to a platform that is less risky, having far less threats and vulnerabilities, yet more efficient and less costly to maintain. The simple truth is that Microsoft driven SO platforms, are designed with root access openings that cannot be plugged. As such, information security on any windows driven platform is never secure, and offers little or no significant information security.
We are proposing an immediate change from all windows based operating systems to the much safer Linux based operating systems, which reflects a higher level of overall protection, data integrity assurance, and protection of both company and customer information. It is essential for the development team to create a network that is safer, and objects itself to greater security compliance for present and future upgrades. Although there is never a 100% secure solution to network security, we are very confident that Linux is a more stable, efficient and cost effective solution.
Linux is more secure because it has fewer known vulnerabilities. A recent report states that there are over 60,000 known viruses for Windows. There are about 40 known viruses for Macintosh and five viruses for Linux. The current hardware within the organization will support the Linux platform and architecture. This makes a Linux implementation more cost efficient, because the Linux operating system is open resource, allowing licensing for the operating system to be almost free, and maintenance quite minimal in cost, when compared to its Widows competitor.
The implementation of Linux within the organization can also accommodate the use of several of their Windows based applications. WINNER – A unique Linux interface that gives Windows applications, permission. The Wine application is a Windows emulator that will also allow the organization to install and run most Windows designed applications. This will allow the organization to slowly transition any Windows based programs into the Linux environment. Portability of the customer rewards program is also critical to the evolution of Judder Fine Foods.
The group recommends that Judder use a web-based Point of Sale system that will use the web browser to access and update data. This will also give the organization some disaster recovery and contingency options in the future. The use of many portable devices including tablets, laptops, and semaphore’s will give the organization portability and contingency with little to no application configuration. Cost Benefit Analysis The Cost Benefit Analysis (CAB) was conducted so that the stakeholders could make n informed decision on converting the current windows based infrastructure to a Linux/Unix based infrastructure.
Items to be covered in the analysis include current equipment cost, initial cost to convert the entire system, additional cost (if necessary, I. E. , additional hardware/software), employee training costs, site preparation costs, software maintenance, support costs, licensing fees and miscellaneous costs. Our CAB is based on the current configuration for Judder Fine Foods. The goal is to inform ten stakeholders on ten Detentes AT converting Trot a Wallows operating system o a Linux/Unix SO. The CAB will demonstrate that a Linux/Unix system could fully utilize the current infrastructure at minimal costs to the organization.
All equipment on hand can support all aspects of a Linux/Unix SO. Any and all concerns for converting Windows to Linux/Unix should be minimal. The conversion cost for this would only incur the amount of time required to install the program, licensing fees, patches, certifications and possibly some minor adjustments for any reconfiguration. Most operations that are to be upgraded to Linux/Unix should prove transparent to the operator/employee. Site preparation will include all servers and desktops that are currently configured for windows.
Installing and testing the system to insure maximum capability will be nominal compared to remaining on the current infrastructure. Software maintenance and support contracts will be based on the need for any additional software; this will be based on an initial assessment. One of the main advantages of this conversion will be in the licensing cost. The current fees for an initial Windows license, depending on the number of machines involved, will be costly. Maintaining the license for Linux/Unix system is for the most part without hare.
The greatest difference between the two operating systems is that windows require a larger system, even at minimum requirements, while Linux/Unix can be supported on an older or smaller system. This can result in considerable cost savings for the company. In addition, requirements for windows based SO are nearly double compared to the proposed SO. Cost Benefits Analysis Windows -vs….. – Linux/Unix Windows Linux/Unix Current Infrastructure Costs $75,000 Conversion Cost 1 oho Employee Training 2500 Site Preparation Software Maintenance & Support Contract 2,500 Licensing Fee’s 250 Other 84,500 3,250
The cost benefit analysis will illustrate that making the conversion; will be both cost effective, and highly beneficial for Judder Fine Foods security. Current Systems Currently Judders infrastructure has little need for the addition of new hardware. The hardware that is available is fully capable of handling the conversion from a Windows operating system to a Linux/Unix operating system. Information that is to be gathered by vetted analyst and engineers should be documented, understandable, clear, concise and prioritize. As it stands, there are numerous amounts of vulnerabilities to the current infrastructure in all Judder locations.
The new Customer Loyalty Program raises the need to analyze the security needs of the hardware and software that are used during operations. Based on our security risk analysis there is an evident need for the proper securing of sensitive data, which if procured by unauthorized persons or machines could lead to the harm of brand recognition and in worst cases personal harm. Security As Judder Fine Foods initiates the development of a customer loyalty program, it becomes noticeably important that such a development must conform to strict security protocols and mechanisms that will protect both company and customer data all times.
Of paramount importance is the security mechanisms applied to the infrastructure of the OSDL, while strategically applying the principles of the Enterprise Resource Planning (ERP) system. Judder Fine Foods should be aware of the potential engineering challenges caused by obligatory security controls, and initiate the identification of level based security protocols, that rely on policies and standards that are built within both the system platform, and the application phases of the systems development process.
To reduce cost, Judder Fine Foods must give consideration to the reuse of security strategies and tools at each location. This must be done to reduce development cost and schedule, while improving security posture through proven methods and techniques; and will contribute to the facilitation of informed management’s decision making through comprehensive risk analysis, in a prompt and timely manner.
Information security standard plays an important role in protecting the data and information assets of Judder Fine Foods. It must be highlighted that no single algorithm can guarantee 100% security, though benchmarks embedded within the system development process will ensure an adequate level of security, if removed from service this will leave the entire information assets of both the company and customers open to intrusion and data injection.
The table below identifies the top threats to the new customer rewards program, and is intended to showcase what considerations must be exercised during the systems development process. Component Threat Potential Vulnerability SO Platform Depends on o End users Excessive privilege abuse Access and privileges that exceed Job requirements End User Legitimate privilege abuse Abuse of Legitimate access for unauthorized purposes Programmer Database protocols Data corruption and denial of service Hacker SQL injection
The insertion of unauthorized database statements in SQL data channel Network & Security Engineer Network user Authentication Brute force processes, Social engineering, Credential theft IT & MIS Department Database Exposure & intrusion Worms, viruses, data corruption IT Department Operating System dysfunctions Root access Kidder’s ERP is a cross-functional enterprise system driven by an integrated suite of Database Management System (DB’S) modules that supports the basic internal business processes of the company.
This ERP will give Judder an integrated real-time reflection of its core business processes during the development of the customer loyalty program, focusing on processing, and the security mechanisms applied to the data prior to input, during processing, and after the backup has been done. The inclusion of the threat table must coincide with the ERP systems, and will initiate security mechanisms every step of the way as the OSDL steps are executed.
It must be noted that the first and most important step in ensuring information security is the platform on which the applications will be hosted. Much emphasis must be directed at using a Linux Mint 15 Platform as the foundation on which all application oodles will be developed, allowing the physical network to be designed and implemented based on the security policies and standards of the Bunt Core. All resources will be subjected to a risk management framework, which will detail how the organization’s information security mechanisms and policies will unfold.
This is Important Decease AT ten dependence on ten analytical lealer AT security infrastructure that monitors both hardware and software, regardless of the department (manufacturing, purchasing, sales, accounting, and so on) that is either entering or using the customer loyalty program. The ERP facilitates information flow between all business functions inside the organization, and manages connections to outside stakeholders. Authentication processes will mandate that all employees and end users agree to all the rules, terms, conditions and security policies to qualify for access to the computers or network.
Diagram analyzing the ERP and how integration affects security across the WAN Implementation, Training and Testing The process of implementation starts with upgrading existing software to meet the needs of the new customer loyalty program. The IT department will be upgrading the yester to Linux Mint 15 platform; they will begin initial installation at the main store La Jolly. The upgrade will be done over the weekend for minimal impact to day-to-day operations. Once the implementation, training and testing is complete the systems will be updated at the second and third stores.
Before users are able to utilize the new system they must first complete the appropriate training. The training will be a Train-the-Trainer endeavor that will call for the assistant manager and two customer service representatives (CARS) from each location to attend the web-based and hands- on two week curriculum. These associates will be issued specific rights and privileges, in order to properly return to their respective location and train fellow subordinate associates as well as ensuring that the appropriate security procedures are followed.
The trainees will go over the Frequent Shopper program goals, security considerations, objectives and the proper use of the updated user interface at each work station. The information that will be discussed during the program should not exceed the rights and or permissions that they have been granted. Assistant Managers and Cars are required to effectively familiarize themselves with the upgraded user interface, inputs and outputs that are to be used on their respective work stations.
The training will take place at the main store; the first week of training will consist of web-based learning modules stressing the importance of securing customer and company data. The next week of training the Assistant Managers and Cars will work assisting customers with the new system, in order, to familiarize themselves and the customers with the new program. This is a two week training initiative; once the training is completed the Assistant Managers and Cars will return to their stores and train the remaining employees on the new system.
The employees will show their subordinate associates how to use the system as well as inform on how to complete both old and new tasks. They are to assist the employee’s side-by- side the first week and the second week the employees will be on their own. The Assistant Manager will be around to answer any questions during the second week. Also, all trainees and new hires are to conduct the web-based program and security training. There will be ongoing training throughout the implementation of the new system in case of any needed changes.
The employees will be given a nearness of enervating feedback to the IT department with any concerns or questions. First, there well De an automated tracking system setup Tort Ana users AT ten system . Nils would be used to weed out the important and necessary changes and the secondary requests. This will also give us an idea on how the system is working and what can be changed if needed, in order to meet the needs of the system, the consumer and the organization. It will be web-based to provide a systematic way to log, track, and assign system bugs and change requests to developers.
Second, we will have an IT helpless to handle the users request and log information. This will only be used if the automated tracking is not functional or is requested by the manager of the department. These will help the IT department provide the best changes and provide the time and money within the budget to the most important changes (Avalanche, George and Hoofer 2012, p. 338). Constant testing of the new system will take place throughout the process of installation and training.
The test conducted throughout each phase will test the validity and stability of the system. There will also be random security checks and audits on all employees in order to ensure everyone is following many policy and procedures set forth by the Judder Fine Food Inc. IT will also create a user guide online during the testing phase for future employees and other sites. The online database and user guide will be maintained by the IT department, this will be a helpful guide when transitioning the other locations.
Strict access control requirements are needed so that only certain personnel are able to change data in the system, like the Manager and Assistant manager. Employees will only have access to change certain information such as customer address, phone number and email addresses. Employee encryption and authentication is a must to ensure only authorized personnel are able to access critical data. Disaster recovery and Contingency Judder Fine Foods must also protect their customer data and overall integrity of their operations with disaster recovery contingency processes.
A good contingency plan will encompass a failover system in the event that one of their facilities loses power, communication, or is affected by a natural disaster. Equipment and systems will be evaluated to determine the best location to stockpile spare equipment or flow data in a backup situation. Judder Fine Foods will use a train-the-trainer program to educate their employees on the best practices for an outage or disaster situation. Contingency plans will include a list of contacts and procedures in the event of outages and a primary, secondary, and tertiary backup sites in the event of a failure.
Conclusion It is unfortunate to acknowledge that a major threat concern could come from within the organization, but nonetheless this is a true and literal reality. Threats to the security of an organization’s sensitive data can come from many sources both physical and virtual. For these reasons, the development team should exercise much inconsideration in the importance of policies and procedures. They represent the fundamental premise on which all security foundations are created, hence leading to the design and implementation of a successful information security infrastructure.
When creating policies they should be easily understood, current, clear, concise, and relevant. Well-constructed information security policies, will direct Judder Fine Food along a pathway of robust information security mechanisms; allowing the successful educating of current employees and new hires, regarding company procedures Tanat Is Introduced Vela a policy AT accept name use document. I Nils document will outline the expectations of Judder Fine Foods and its security, policies, and will emphasize on the need for employee trustworthiness.
It must be mandated by Kidder’s human resource department that a legally binding contract be signed by all parties that are allowed to handle sensitive information. By doing so, employees will agree to understand the terms of the contract, and also understand that they will be held accountable, and legally liable for participating in any malicious activities. Conclusively, our team was assigned the tasked to present a more secure environment for Judder Fine Foods digital information.
We have recommended and elaborated on the best platform or operating system to use, why this platform is a precursor procedure that must be considered and used, the security levels that best provide the secure environment needed by Judder, the standards, policies, and authentications that must be mandated. We would also like to suggest that all uploading or downloading capabilities of any data, be deactivated within the hardware BIOS, and made physically dysfunctional in all systems containing company data. Employees having the appropriate rights and permissions should be permitted o update, manipulate, store and access company data.