Network security management report

Abstract

The report focuses on the analysis of STP limited after it underwent a significant up-scale. The focus, in particular, is maintained on the upgraded information system, its integration, data security and maintenance of security guidelines. In addition to that, business continuity and risk management for the current model have also been discussed. The paper concludes that there are various administrative, as well as technical changes that need to be implemented for the security and success of the business. The report has been written with the assumption that the owner plans to expand the business further into a different domain Network security management report .

Take help for your assignment

Whenever you are in a need of help for your assignment, essay or report, we are here to assist you

Introduction

1.1 Authorization

The report has been prepared upon the request of the owner of STP Ltd. who has purchased a new software and equipment due to the dire needs of his expanding business. The report aims to provide a simplified analysis of the system as per its functionality, collaboration over the span of various outlets, and privacy.

1.2 Limitations

The report is limited in terms of technicality due to information acquired via nontechnical staff. The recipient of the report (the owner) also possesses limited technical skills.

1.3 Scope of report

The report aims to convey the networking project that will comply with privacy regulations while bearing the weight of the up-scaling business steadily, and communicating reliably within all the locations, which include Wollongong, Bathurst, Lithgow, and Sydney. It is related to the security of a host that can be a server or a client. The report will highlight the loopholes in the current model of STP Ltd. that is causing a hindrance in the up scaling of the business and the extension into installations of their product. Moreover, comprehensive options will be explored for the business to achieve its strategic goals.

2.0 Project background

The step by step depiction of the circumstances that set the precedent for this report is rudimentary to the accurate description and depiction of the project. The owner has invested a great deal of capital in the new machinery and the software, but due to lack of proper implementation the expansion of the business and increase in production cannot be carried out. Hence, a technician is needed to be involved for implementation of a proper network that can support the achievement of the strategic goals of the company.

2.1 Network project background

The information system has been recently upgraded after quite a few mishaps that occurred after the increase in sales and production power. The purchase of new equipment has allowed the company’s production capacity to increase which led to larger orders placed by corporate clients, and thus, causing an increase in the manufacturing rate. The old system, however, was collapsing under the pressure and was incapable of tracking inventory. Therefore, an upgrade was necessary, but the new systems have not been utilized to their full potential due to absence of technical staff and limited man power. Recruiting new staff is a crucial part of the project along with organized and integrated utilization of the new system.

2.2 Network project scope

The project includes integrating the upgraded system for the business to function in a higher capacity. The project should be in Open system interconnection (OSI) Model layers because it is used to classify network devices based on their functions. The Stock control system will be integrated with the website which can also be turned into an e-commerce platform allowing the customer to place orders. The customer management system and the accounting system will also be integrated to provide a comprehensive record of customer accounts. To manage all these physical functionalities, at least one technician needs to be hired at all the locations and a minimum of two in Sydney due to increased sales and a greater clientele. This project would then aid in the future goals of the company that involve branching out into customer services from retail.

2.3 Network project goal

The project goal was to utilize the upgraded information systems to establish a strong system that could handle the growth and expansion of the business, and also involved hiring new technical staff that could maintain the system and the training of existing staff to ensure security standards. The training was not only focused on the handling of data, it also involved customer care and professional behavior as the company was venturing out from its small business state.

2.4 Strategic alignment of network project

The decision to upgrade the information system and hire a technician for its integration and security analysis can be evaluated via a SWOT analysis which will clearly depict that were actions were a dire need of the hour. Adapting to the circumstances and evolving accordingly is a crucial aspect of survival in the business industry. Such steps might create a momentary dent in the finances of a company but are highly fruitful on the long term.

SWOT ANALYSIS OF NETWORK PROJECT

Table 1

Internal Favourable Unfavourable
Strengths Weaknesses
  • One of the basic strengths is the globalization of this firm.
  • A large number of customers and vast product supply.
  • Latest Technology is used which makes it more advanced and efficient.
  • Highly qualified, experienced and well-trained staff is hired.
  • Change is always welcome. Innovative ideas and Creativity is always highly supported.
  • Software is well-designed and integrated. An efficient software which lessens the risk of mistakes.
  • Cloud based software that allows growth and easy access.
  • Sales target is being improved day by day.
  • No proper hierarchy which makes it difficult to follow policies.
  • Expenses are increased due to the hiring of technical and well qualified staff.
  • Difficulty in handling such a large platform.
  • Lack of planning.
  • Need loyal workers.
  • Increased internal threat due to the expansion of team.
  • Proper teamwork.
External Opportunities

  • Great opportunity to develop Online in the context of E-Commerce.
  • Real time customer’s access to inventory.
Threats

  • One of the biggest threat to our business can be un-loyal workers.
  • Competitors Eye-view can also be a great threat.
  • Can grow through market share.
  • Online and offline marketing.
  • Sales department can be increased eventually.
  • Diversified Systems.
  • Training sessions to empower staff.
  • Due to Globalization factor, Business can definitely expand all over the world.
  • Internal leaks can lead to great loss.
  • Economic factors can also be a threat sometimes.

3.0 Network Security

The network security issues at STP limited may be a cause for concern to the owner as the company has started to develop a broader client base and increased the number of customer accounts that they run, however, a security threat is not as pertinent due to the upgrade of information systems. Therefore, Intrusion detection system (IDS) is used which is a device that can detect an attack as it occurs. The Trade Gecko, Salesforce and MYOB implements their own security features that include password protected limited access and encryption. Hence, this paper will focus on the part of the network that has the highest risk of security breach that is the connection via ADSL and BYOD policy of the company.

3.1 Securing data

Data security is of the utmost importance to production companies, such as STP Ltd. The entire client base, supplier details, and account information forms the basis for the business. With an increment in sensitive data, data protection policies need to be suited for the upgrade. In such cases, External Perimeter Defenses are designed to restrict access to areas where equipment is located, for example, Barriers, Guardsm and Motion detection devices. Management of the information security can be applied through various arrangements that can be either internal or external (Ciampa, 2015).

Focusing on the internal security includes development of policies, staff training policies, and personal device security. Policies assist technicians by providing them with rules on how the network should be configured (Ciampa, 2015). Security Policies are the Document(s) that clearly define organization’s defense mechanisms. Rules relating to device security can be established, such as, those relating to the router, which is considered the most important networking device in the network (Ciampa, 2015). In addition to that staff training, policies relating to data access can be established, which will decide the extent of access to data for each employee according to their rank.

3.1.1 ISP security and protection

The function of the business is almost entirely dependent on internet, hence, it is vital to have a trusted internet service provider that ensures data security through end-to-end encryption. Special services in relation to the requirement of the business can be negotiated with the ISP to certify data security. Intelligent security protection can block spam, viruses, and other malware sent over email. Data Loss Prevention is also used as these sensors basically secure different networks. The ISP does not protect customers, rather it protects itself. ISP engages resources for the protection of the customer mostly because it wants to prevent the customer from becoming an active enemy.

3.1.2 Staff Awareness

Most of the employees at STP Ltd. have come from small businesses that followed a closely knit model of personal interactions. The customers were familiar and every one was well known. In addition to that, little or no data complexity was involved, hence, all the staff members need training and educating regarding the sensitivity of data security. They also need to be made aware regarding the introduction of a foreign data storage device to the company system, such as, USBs, portable hard drives, etc.

3.3 Mobile device security

Mobile device security is crucial for STP Ltd. due to the implementation of a BYOD policy. In addition to that the plan of providing services regarding installations, the customers would require an increase in the number of mobile devices that are a part of the company network. The subsequent increase will result in higher risks of foreign infestation through a corrupt application or irresponsible usage of the device which could create Rogue Access points that allow attackers to bypass network security configurations. The personal mobile devices could also contain sensitive company data that might be under threat due to sharing of the device. However, such risks can be easily mitigated by exercising caution on which networks to connect to, and by disabling auto-connect features (Kraus et al., 2015).

4.0 Plan for hardware purchases

Procurement planning is one of the primary functions of hardware procurement with the potential to contribute to the success of an institution’s operations and improved service delivery (Basheka, 2009). A well thought out procurement plan is extremely rudimentary to the stability and success of a growing business, like STP Ltd. The problem that has been discussed in this report has occurred due to inadequate planning as the equipment was purchased and the software was upgraded after encountering the problems related to higher production. Research suggests that businesses which align strategic and purchasing orientation have demonstrated increased performance financially and operationally. Although considering a plan for future expenditures where the current payments have been not cleared can be disconcerting for owners but the life of the equipment has to be taken into account, and it must be realized that replacements will be needed in the near future. To assist with purchase orders and order placement Lad Balancer can be used, which is a dedicated hardware device used to distribute different requests securely.

4.1 Acquisition of new hardware

A hardware purchase is inevitable due to natural wear and tear according to the life of the hardware. The purchase might be required early due to loss, damage, or failure of the hardware. An impending failure will cause less damage if it is planned for in advance by training staff, having a mechanism in place, and allocating assets to emergency damage control. It is especially important for the Lithgow location as the counter machines at that location are 5 years old and are past their documented life. Thus, a prior protocol and funds for such situations can ensure productivity and prevent losses.

4.2 Technical Support and Regular Maintenance:

The company has had little to no technical support in the past due to the close knit informal nature of its business, however, the expansion has made fill-time technical support for equipment and software inevitable. Regular maintenance and technical support in case of any emergency will increase the life span of the hardware and will not trigger unnecessary purchases that could have been easily prevented.

4.3 Purchasing strategies

Procurement strategies in terms of forward planning and ensuring the presence of assets for carrying out the plan are vital for the success of fast growing businesses. Such strategies need to be carefully mapped out so that they could play a role in the development of the business. Proper analysis of the life of equipment and the market trends may allow the company to make purchases at a discounted rate. Keeping up with the ever-developing technologies will ensure that the software is of the highest efficiency and that the hardware has the required specifications for its support. Establishment of a strategy for all these variables will decrease the risk factor and ensure the safe achievement of long-term goals.

4.4 Asset register

A properly documented approach towards the maintenance of the hardware and the software will work towards the goal of risk minimization and would assist the staff to perform at their best capability. A written document detailing process for restoring IT resources following a disruptive event, called Disaster Recovery Plan (DRP), is used in such situations. An asset register that documents the installation dates, the life span and the upgrades or the maintenance issues will prove vital in the management of the company assets. Additionally, in case a new employee is using the system, a documented register would be efficient and require little or no training for the person in command.

Table 2 Identification of IT assets
Office Branch Asset Life(YEARS) Effective life Replacement due
Wollongong 2 Warehouse Machines 1 years 4 years 3 years
2 Warehouse Machines 2 years 4 years 2 years
2 Laptops 3 years 2 years Yes
Accounts machine 1 years 4 years 3 years
Sydney 4 Warehouse desktops 6 months 4 years 3.5 years
1 Management desktop 6 months 4 years 3.5 years
Machinery New
Bathurst 2 Warehouse Machines 3 years 4 years 1 year
1 office Machine 6 months 4 years 3.5 years
Lithgow 2 Counter desktops 5 years 4 years Yes
1 office desktop 6 months 4 years 3.5 years

Adapted from: (Australian Taxation Office, 2017)

5.0 Business Continuity

The information systems TradeGecko, SalesForce, MYOB, and even Microsoft Office implement cloud computations which means that the data is backed up to a server. Such functionality is provided by the applications and just require an internet connection. The applications can be integrated with one another so that the stock control system will forward data to the accounting software requiring no manual interference, which provides a structured mechanism for running the business and ensuring development and continuity. Moreover, business continuity is also discussed which is based on succession planning, However, a few concerns in light of the present upgrade are the usage of personal devices and POS software (not integrated with the new information system).

5.1 Data Backup

STP Ltd. has upgraded their information systems to utilize applications that are based on cloud computing, which means that the data does not require any additional back up, however, the systems that perform other functionalities, such as, regular POS and have no data backups will need to be backed up to ensure the safety and continuity of the business. Back up can be done via integration of another cloud computing applications which allows data back-ups from various sources. MYOB and BYOD are the best way to secure accounting web based data. BYOD policy is still a relatively new trend, but the adoption rates are quickly increasing. On the other hand, MYOB is the fast and easy way to manage cash flow and ATO compliance requirements (MYOB, n.d.). Payments directly online to MYOB essentials and the customer can even pay straight from an emailed invoice. Through this, every outstanding payment is tracked which allows a safety net in case of any unanticipated drastic failure and can be a life line for the continuity of the business (MYOB, n.d.)

5.2 Physical security

Physical security can entail the security of the equipment and the software or the security of the staff. Thus, measures and proper protocols must be in place to tackle the threat to physical security. In case of a natural disaster, power failure or a fire, disaster control protocol and security measures will ensure the safety of the company and the employees. Employees need to be well versed in the protocols and at least 2 employees must be trained to tackle such disastrous situations. The presence of proper precautionary items, such as, cooling agent and fire extinguishers can prove to be the difference between success or all out failure.

5.3 Succession planning

Researchers have long stressed the importance of succession planning in ensuring the continuity and growth of a business (Brockhouse, 2004). Some have even gone to the extent of stating that dealing effectively with the issue of succession planning is the single most lasting gift that one generation can bestow upon the next (Ayres, 1990). To deal appropriately with such circumstances, a proper succession policy needs to be in place that identifies the individual duty of each employee and states the substitute for that particular person. In order to do that, a succession model can provide a very clear depiction of each employee’s capabilities, qualification, and role. All employee must be aware of their duties, substitutes, and the policy of the firm. The owner needs to appoint a capable individual as an interim supervisor for the days he is absent and for the day he will not be able to continue his role as a supervisor. Having the policy in place and available to all will result in smooth execution of work related duties.

5.3.1 Succession Planning Model

Succession planning model can be utilized for the formation of a valid plan according to the company’s needs. Plan involves an in depth knowledge of the employees strength and weaknesses and requirements of the business model. The diagram represents a viable model for the plan.

master.img-001.jpgFigure 1

Adapted from Barry and Gabriel (2006)

6.0 Risk Management

Risk impacts everyone. It is not limited to any one industry or size company. Enterprise risk management (ERM) in business includes the methods and processes used by an organization to manage risks and seize opportunities related to the achievement of their objectives (Dafikpaku et al., 2011). ERM is designed to identify potential events that, in the event of their occurrence, will affect the entity and manage the risk within its risk appetite (Dafikpaku et al., 2011). ERM is general toward the achievement of objectives in one or more separate but overlapping categories [10], and the value that ERM can provide to large and small organizations alike should not be overlooked. In an environment of unprecedented risk, ERM is imperative (Dafikpaku et al., 2011). STP Ltd. has recently experienced significant changes and is planning to further branch out into customer services, which entails that proper risk assessment and management is necessary for the survival and growth of the business. The following table states a categorical analysis of the risks that a small business may encounter.

Table 3 Risk Categories and Description (Adapted from Spacey, 2017)
Risk category Description Examples
Competitive The risk that your competition will gain advantages over you that prevent you from reaching your goal.
  • Price War
  • Risk Management
  • Marketing Economics
  • Economic Moat
  • Innovation by the Competitor
  • Competitor’s Promotion
Economic The possibility that conditions in the economy will increase your costs or reduce your sales.
  • Foreign Exchange Rates
  • Vendor liquidity/viability
Operational Potential of failures related to the day-to-day operations of an organization such as a customer service process.
  • ID Theft and Fraud
  • Security & Privacy
  • Business Continuity
  • Physical Security
  • Vendors
  • Financial Reporting
Legal The chances that new regulations will disrupt your business.
  • Employment Law
  • Contracts
  • Litigation
  • Intellectual Property
Compliance The chance that you will break laws or regulations due to errors and oversights.
  • Consumer
  • Member Business
  • Fiduciary
  • Money Laundering
Technical Events that affect information technology systems
  • Architecture Risk
  • Data Loss
  • Dark Data
  • Budget Risks
  • Legacy Technology
  • Information Security
Program The risks associated with a particular business program or portfolio of projects.
Strategy The risk associated with a particular strategy.
  • Product Offering
  • Merger &Acquisition
  • Competition
  • Capital
  • Revenue Growth
Political The potential for political events and outcomes to impede your business.
  • Trade Barriers
  • Taxes
  • Legislation
  • Administration
Seasonal A business with revenue that is concentrated in a single season such as a ski resort.
  • Ski Resorts
  • Ice cream Manufacturer
  • Retailers

6.1 Training and awareness

Staff training and awareness is the most important aspect of security and risk management as the probability of external attacks is significantly lower than problems created due to employee errors. Hence the first step involving risk management would entail employee training regarding data security, technical systems, and disaster relief. Developing and maintaining a successful training program is a difficult thing to do in a world of variables. The people who get the relevant training often get changed, technology evolves, and earning styles also change. Time and resources are limited; after initial formal training, there is no time for structured learning. Failure is viewed as a negative too often. The organization’s training is not engaging or effective for the learners (Peters, 2015). NFC stands for Near Field Communication, and can be used to help employees communicate, which can prove as a viable training tool.

An organization can overcome various challenges by providing proper training and performance support throughout the career of their employees. The learners should have easy and immediate access to their training content whenever they need it. The organization should give them a schedule that fits their learning style. The organization’s objective should be “Treat every single mistake as an opportunity to grow, learn and evolve” (Peters, 2015).

7.0 Conclusion

The report has been written with respect to the most recent upgrade of technology and the swift up-scale of STP Ltd. The system had to be utilized in the most efficient manner so that it could support the business continuity and branching out of the company. Other areas of concern, that were administrative in nature, have also been highlighted and discussed. All the issues have been critically analyzed, discussed and suggested upon. The recommendations include additional suggestions rather than just targeting data security, software integration or security guidelines. The need for policy upgrade and employee training is as crucial as data security. In addition to that development of plans focusing the future aspects of the business, such as, succession plan and asset register are vital to its success.

Learn how can Essay Assignment Writing assist you

We are a team of professional assignment writers, essay experts, editors, proofreaders and tutors. We
can help you with all your projects, dissertations and reports. We guarantee a service that satisfies you
100%.

8.0 Recommendations

  • Define and implement core values, such as, teamwork and passion within your organization.
  • Give your employees incentives and motivate them to achieve optimization.
  • The organization hierarchy should be transformed into a learning organization so that authority is not accumulated in the hands of a few people.
  • Give your employees empowerment so that they feel the sense of their importance in an organization.
  • Make your website attractive and up-to-date for gaining new customers.
  • Maintain a proper CRM (Customer Relationship Management) section to deal with any inquiries and treat the customer with proper care
  • Strengthen your customer service skills.
  • The customer service should have empathy, patience, adaptability, clear communication, work ethic, knowledge, and consistency.
  • Hire technical staff for the management of software at every location.
  • Enhance your customer service strategy
  • Give your customers a way to provide feedback.
  • Equip two employees in every location with natural disaster relief training.
    Network Security Management

9.0 Bibliography

Australian Taxation Office., (n.d.). Australian Taxation Office [Online]. Retrieved from https://www.ato.gov.au/law/view/document?LocID=%22TXR%2FTR20172%2FNAT%2FATO%22&PiT=99991231235958. (Accessed 10. 10.2017)

Ayres, C., (1990). Rough Family Justice: Equity in Family Business Succession Planning, Family Business Review, 31 (1), pp. 3-22.

Barry, L. P. and Gabriel. J., (2006). Business succession Planning: review of the evidence, Journal of Small Business and Enterprise Development,13 (3), pp. 326-350.

Basheka, B., (2009). Procurement and Local Government in Uganda: a factor analysis approach, International Journal of Procurement Management, 2 (2), pp. 191-209.

Brockhouse, R., (2004). Family Business Succession: Suggestion for Future Research, Family Business Review,19 (2), pp. 165-177.

Ciampa., (2012). Security+Guide to Network Security Fundamentals, 5th ed., Boston: Cengage.

Dafikpaku, E., Eng, M., Mcmi, M., 2011. The strategic implications of enterprise risk management: a framework, in: Trabajo Presentado En El ERM Symposium, Washington, DC.

Lydia,K. Tobias, F. Viktor, M. Sebastian, M. and Asaf S., (2015). Analyzing End-Users’ Knowledge and Feelings Surrounding Smartphone Security and Privacy. Mobile Security Technologies (MoST), California.

Mikalef, P. Pateli, A. Batenburg, R. S. and De Wetering, R., (2015). Purachasing alighnment under multiple contingencies: A configuration theory approach, Industrial Management Data Systems,115 (4), pp. 625-45.

MYOB (n.d.). You don’t need to be an accountact to use MYOB online accounting software [Online]. MYOB. Retrieved from https://www.myob.com/au/accounting-software/essentials (Accessed 15.10.2017)

Peters, C., (2015). The Challenges of Your Training Program and How to Overcome the Hurdle [Online]. Retrieved from http://blog.xanedu.com/blog/the-challenges-of-your-training-program-and-how-to-overcome-the-hurdles (Accessed 17.10.2017)

Spacey, J., (2017). 20 types of business risk [Online]. Retrieved from https://simplicable.com/new/business-risk. (Accessed 17.10.2017)

Like this article?

Share on facebook
Share on Facebook
Share on twitter
Share on Twitter
Share on linkedin
Share on Linkdin
Share on pinterest
Share on Pinterest