{Author Name [first-name middle-name-initials last-name]}
{Institution Affiliation [name of Author’s institute]}
Introduction
Integrated Distributors Incorporated (IDI) is a public trading company with office locations in Montana, Brazil, Poland, Australia, Africa, China, Japan and Hong Kong. IDI has accounts of federal governments, state governments, and major market retailers. IDI operates a fleet of trucks and has a network of sub-contractors of freight, storage and delivery. IDI has been under severe pressure because of the competitive market to improve upon its delivery, route and vehicle fleet to reduce cost and increase profit. A high-level introspection and analysis revealed with the flaws in the information technology infrastructure. Based on the requirements by CIO this is an architecture and solution design document developed in the capacity of IT architect and IT security specialist. The infrastructure assessment is complete, and the major flaws at all locations have also been identified.
Risk and Vulnerability Analysis of IDI Locations
The review reveals that at almost all locations infrastructure has been found to be out-of-date with regards to upgrades and patches. The lack of patches and necessary security upgrades has increased the risk and security threats thereby making IDI vulnerable to network attacks. It is noted that there is no standard vendor for all hardware devices, making it difficult to streamline security policies. It is also observed that many executives have clients installed on their non-standard personal devices that access the IDI network and are also connected to an unsecured Internet. The original WAN designed in 2000 has not been upgraded. All of these issues have made IDI to severe threats of network attacks, hacking and DoS (Denial of Service) attacks.
Strengths and Weakness of Current IDI Systems
IDI has a huge network of servers which is routers and firewalls. All of these network and hardware equipment, although not updated, have been maintained by internal IT infrastructure team of IDI. There are 600 workstations at the headquarters of IDI and a wide area network that covers all the office locations of IDI. The biggest strength of IDI regarding technology is the presence of an existing infrastructure which is vast and completely functional, with recommended upgrade and policy recommendations. The existing infrastructure could become robust and provide a highly competitive edge to IDI in a very short duration.
The biggest weakness of the IDI system is a nonstandard hardware and software processors. At each of the locations analyzed it has been common that different vendors are being used for procuring various workstations, network equipment and software processes, and packages. Non-upgrade of hardware and software processes, obsolete WAN and telecommunications and use of personal devices on company network are some grave issues that make the IDI system weak.
Corporate Wide Acceptable Use Policy
An acceptable use policy (AUP) is in an important part of the security, integrity, confidentiality and availability of the enterprise system. Implementing AUP provides immense protection to the critical and private information of an organization from the users of the system. The AUP policy for IDI would cover all the aspects of confidentiality, integrity, and availability of the system (Doherty, Anastasakis, & Fulford, 2011). The scope of AUP would apply to all the users of IDI system, IDI network, and resources. The individuals covered by the policy would include employees, executives, third-party vendors and any other entity or individual interacting with the IDI network. The policy would ensure that only authorized users will access to IDI network either from office or remote locations. It will be prohibited for individuals to share their passwords and account details with other users. All the agreements with third party resources that are applicable on IDI will also apply to users of those resources. Users will not be accessing restricted areas of the network and must not install any software that is beyond the prescribed list of IDI administrator team. Any tools and software that could harm the network must be strictly prohibited. To ensure high availability of IDI network resources and IDI system in general, the policy would adhere to a fair share of resources by the users of the system. The law of the land as applicable to IDI for all locations will also apply to Individuals attached with IDI. All the users, employees, executives must abide by local, federal, state and country laws including copyright, fair use and infringement policies. Under the AUP policy users will be advised and updated about their privacy and personal rights and those of others. To ensure user compliance, it would be mandatory for all the users to accept the policy with their personal signatures either in written or digital.
Remote and Website User’s Secure Access
Users accessing IDI network through remote locations or on the website must adhere to the same policies as defined under AUP. To provide secure access to remote users and authenticated implementation of virtual private network (VPN) must be used. Only those users should be allowed remote access that has authorized and approved VPN software installed ion their devices. Their website users must be secured at the SSL layer by use of HTTPS secured service layer protocol. The users must also use a combination of their provided unique user ID and password to access the IDI website and resources.
Solution to IDI Location Issues
Sao Paulo, Brazil
The Sao Paulo office is very different from other locations and has a standard set of operations, appropriate storage networks, standard portable computers and up to date information security policies. However, a major issue observed at this location is that vendors were unwilling to sign SLAs (Service Level Agreements). It was also observed that supervisors were eager to have more control over the sales and expected privileges equivalent to those of the general manager. The Sau Paulo location has no anti-virus or malware installed. The standard solution for all the problems at the Sau Paulo location would be the introduction of policies along with AUP policy as discussed above. Vendors must be asked to sign the SLA, and appropriate penalties must be levied. The powers of the general managers should be increased so that he can manage all supervisors. Finally, an appropriate Malware Antivirus must be installed.
Warsaw, Poland
The Warsaw, Poland office had insufficient computing power including hardware, software and other networking equipment. It was observed that on the premises of IDI the public wireless network without security and authorization was sponsored. Much of the telecommunication infrastructure was obsolete. The Information Technology security and network operations are managed by a person having a degree in horticulture while the accounts department is managed by his wife. There are serious allegations of misappropriations of assets on these persons.
It is recommended to immediately remove from the respective duties both the IT security officer and accounts’ department head who have been levied with allegations. Upgrade of telecommunication infrastructure and an addition of hardware and networking equipment is recommended along with securing the public wireless network running on IDI premises.
Budget Proposal
The hardware and software estimated cost comes to around $600,000. Adding to that 15% of unforeseen expenses and another 25% of contingency plan, the total estimated budget proposal will be $850,000
Hardware
Software
(All prices have been estimated based on information available at http://Amazon.com)
References
Doherty, N. F., Anastasakis, L., & Fulford, H. (2011). Reinforcing the security of corporate
information resources: A critical review of the role of the acceptable use
policy. International journal of information management,31(3), 201-209.