SlideShare uma empresa Scribd logo

Final Presentation

Transferir como PPTX, PDF
C
chris odle
1 de 28
COMPUTER NETWORK UPGRADE PROJECT PLAN PROPOSED BY: NETWORK SOLUTIONS INC. CHRIS ODLE SEPTEMBER 2015 INFORMATION TECHNOLOGY CAPSTONE PROFESSOR KAREN QUAGLIATA
Who is Healthmark Medical? • Medical supply company founded in 1969 • Huge range of products and services from endoscopic rentals to instrument trays and sterilization equipment • Thriving business, opening larger 3 story facility to handle their 200+ employees and various departments Founder Ralph Basile
Defining the Problem: • Huge portion of business relies on internet and phone sales • Current hardware and software having issues supporting the demanding workload • Software errors, connectivity issues, dropped calls, PC crashing and data loss • Hardware and software issues are extreme detriment to company financially, as well as reputation
Scope Statement and Analysis • Project Manager-Chris Odle of Network Solutions • Create network & communications layout that will solidify Healthmark’s technology needs for years to come • Time is of the essence and this project will need to be completed in 6 months Scope Statement Layout Milestones/Deliverables Project Success Criteria Limits and Exclusions Signatures of Approval
Project Requirements: (2 Subsections) BUSINESS REQUIREMENTS TECHNICAL REQUIREMENTS
Stakeholders and Communication Plan • Identify key stakeholders in the project and their level of involvement • Rating system for stakeholders is a power mapping strategy on the metrics of power & interest • Assess individuals importance and needs to become most efficient relaying information throughout the life cycle of the project
Stakeholders and Communication Plan Examples
Stakeholders and Communication Plan Examples
File Management System (WBS) Work Breakdown Structure Devise Work Packages Assign Resources Associate Time Tables Recognize WP Predecessors Create Intuitive Timeline
WBS - Tabular Form 172 Estimate Work Days 186 Constraint 3 Levels Duration, Predecessors
Cost Analysis & Summary • Create detailed and accurate cost estimates to work in conjunction with WBS • Assists the project team in the areas of: decision making, effectively schedule work packages, develop cash flow for different phases, and will keep the project on course and within scope • Cost breakdown of software, hardware, labor and professional fees
Technical Implementation Approach • This section covers in detail how the project team plans to implement the network upgrade • For the purpose of clarity, this section is broken down into multiple subsections • Custom built network diagram will also be included via the project team
Demarcation Point (DEMARC) Demarcation Point: A demarcation point, or demarc, is the point of division between the internet service provider’s (ISP) network, and Healthmark Medical’s computer and communication network. Fiber-optic cable is being provided and installed by the local ISP and will be installed externally completing the connection to the secure data center. Some of the reasons network solution chose fiber optic cabling for the demarcation connection is: Faster Digital Signals Larger Carrying Capacity Less Signal Degradation Low Power Utilizes Light Signals
Network Topology and Backbone This is the part of the installed network which segments and interconnects significant shared devices, while taking on the majority of the network traffic. Network Solutions plans to install and utilize a hybrid star-wired bus topology stacking 48 port switches from floor to floor, resulting in a simple distributed backbone. This setup is ideal for its ease of use, as well as the network’s scalability.
IP Addressing IP addressing will effectively ensure proper communication between devices, as well as assist in the proper transportation of important data packets throughout the network. Network designers and architects will map out and analyze the best solution for the proposed network architecture. ◦ Gateway: 10.12.1.1/24 ◦ Subnet Mask: 255.255.255.0 ◦ Range was chosen due to size needs ◦ Static IP's delegated to server, switches, firewall, and printers to make them easily accessible, all other workstations will be DHCP for ease of use
Hardware & Software • Servers • Routers • Switches • Firewalls • PCs • Monitors • VOIP Headsets • Printers/Fax Machines • Speakers • Office 365 • Microsoft Server Licensing • VOIP Software In-depth analysis of each component provided within project plan
Custom Network Diagram (VISIO) 1st Floor
Custom Network Diagram (VISIO) 2nd Floor
Custom Network Diagram (VISIO) 3rd Floor
Risks & Concerns • A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on project objectives • The risk management strategy will identify as many project orientated risks as possible, while minimizing their impact and also detailing responses that may happen to materialize Risk Event Identified Likelihood Impact Mitigation Strategy
Risks & Concerns Snapshot of Risk Assessment
Security Physical security • 24-hour monitoring of data centers. • Multi-factor authentication, including biometric scanning for data center access. • Internal data center network is segregated from the external network. • Role separation renders location of specific customer data unintelligible to the personnel that have physical access. • Faulty drives and hardware are demagnetized and destroyed.
Logical Security Logical security • Lock box processes for strictly supervised escalation process greatly limits human access to your data. • Servers run only processes on whitelist, minimizing risk from malicious code. • Dedicated threat management teams proactively anticipate, prevent, and mitigate malicious access. • Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious activity
Data Security Data security • Encryption at rest protects your data on our servers. • Encryption in transit with SSL/TLS protects your data transmitted between you and Microsoft. • Threat management, security monitoring, and file/data integrity prevents or detects any tampering of data.
Admin & User Controls Admin and user controls • Rights Management Services prevents file-level access without the right user credentials. • Multi-factor authentication protects access to the service with a second factor such as phone. • S/MIME provides secure certificate-based email access. • Office 365 Message Encryption allows you to send encrypted email to anyone. • Data loss prevention prevents sensitive data from leaking either inside or outside the organization. • Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.
Privacy – HIPAA/Title II Compliance As with any company operating within the strict guidelines of the medical field, a major area of focus for Healthmark has always remained to be the privacy of all of their clients’ and customers’ sensitive information. The data in question has to be stored to a strict set of guidelines in accordance with the HIPAAAct/Title II (Become HIPAA Compliant). This act created strict and transparent guidelines on how organizations should store and interact with sensitive patient/client information. This act was created to ensure privacy and security for patients in the United States, while also providing opportunities for medical organizations to acquire more technologically savvy means of assisting their patients/clients (Become HIPAA Compliant). To become compliant an entity must meet certain criteria with regards to a few specific points of interest: privacy, security, enforcement, and breach notification
Privacy – HIPAA/Title II Compliance Guidelines HIPAA II Compliance Guidelines Specific Technical Requirements and Implentation Strategies Access Control - Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity. Access Control - Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency. Access Control - Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Access Control - Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI. Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI. Integrity - Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed. Transmission Security - Integrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of. Transmission Security - Encryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate. Facility Access Controls - Contingency Operations (addressable): Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. Facility Access Controls - Facility Security Plan (addressable): Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft. Facility Access Controls - Access Control and Validation Procedures (addressable): Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision. Facility Access Controls - Maintenance Records (addressable): Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (e.g. hardware, walls, doors, and locks). Workstation Use (required): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI. Workstation Security (required): Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users. Device and Media Controls - Disposal (required): Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored. Device and Media Controls - Media Re-Use (required): Implement procedures for removal of ePHI from electronic media before the media are made available for re-use. Device and Media Controls - Accountability (addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore. Device and Media Controls - Data Backup and Storage (addressable): Create a retrievable, exact copy of ePHI, when needed, before movement of equipment. Security Management Process - Risk Analysis (required): Perform and document a risk analysis to see where PHI is being used and stored in order to determine all the ways that HIPAA could be violated. Security Management Process - Risk Management (required): Implement sufficient measures to reduce these risks to an appropriate level. Security Management Process - Sanction Policy (required): Implement sanction policies for employees who fail to comply. Security Management Process - Information Systems Activity Reviews (required): Regularly review system activity, logs, audit trails, etc. Assigned Security Responsibility - Officers (required): Designate HIPAA Security and Privacy Officers. Workforce Security - Employee Oversight (addressable): Implement procedures to authorize and supervise employees who work with PHI, and for granting and removing PHI access to employees. Ensure that an employee’s access to PHI ends with termination of employment. Information Access Management - Multiple Organizations (required): Ensure that PHI is not accessed by parent or partner organizations or subcontractors that are not authorized for access. Information Access Management - ePHI Access (addressable): Implement procedures for granting access to ePHI that document access to ePHI or to services and systems that grant access to ePHI.
Thank You For Your Attention!

Recomendados

Andrew Schafer, Managing Director, EMEA - Verisae Inc
Andrew Schafer, Managing Director, EMEA - Verisae IncAndrew Schafer, Managing Director, EMEA - Verisae Inc
Andrew Schafer, Managing Director, EMEA - Verisae IncGlobal Business Intelligence
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
soc
socsoc
socDhirendra Thapa
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Network Audit
Network AuditNetwork Audit
Network AuditMichael Cohen
 
It Capabilities.2009
It Capabilities.2009It Capabilities.2009
It Capabilities.2009Diontealley
 

Recomendados

Andrew Schafer, Managing Director, EMEA - Verisae Inc
Andrew Schafer, Managing Director, EMEA - Verisae IncAndrew Schafer, Managing Director, EMEA - Verisae Inc
Andrew Schafer, Managing Director, EMEA - Verisae IncGlobal Business Intelligence
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibilityedwardstudyemai
 
soc
socsoc
socDhirendra Thapa
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentAdetula Bunmi
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
Network Audit
Network AuditNetwork Audit
Network AuditMichael Cohen
 
It Capabilities.2009
It Capabilities.2009It Capabilities.2009
It Capabilities.2009Diontealley
 
It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesCMDLMS
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Network Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping QuarterNetwork Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping Quarterrichlan421
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations centerSatish Chavan
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
AccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceAccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceStephen Tsuchiyama
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsCreekside Marketing Group, LLC
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
386sum08ch8 (1)
386sum08ch8 (1)386sum08ch8 (1)
386sum08ch8 (1)Syeda Quratul-ain
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 
Working Outline wHRS
Working Outline wHRSWorking Outline wHRS
Working Outline wHRSFederico Schiavio
 
Planificador terminado
Planificador terminadoPlanificador terminado
Planificador terminadoangelita856
 

Mais conteúdo relacionado

Mais procurados

It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologiesSalih Islam
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Schneider Electric
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesCMDLMS
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Network Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping QuarterNetwork Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping Quarterrichlan421
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations centerSatish Chavan
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
AccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceAccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceStephen Tsuchiyama
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionJim Gilsinn
 
Company Profile
Company ProfileCompany Profile
Company Profile3SC World
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014KBIZEAU
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureYokogawa1
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Securitymanoharparakh
 

Mais procurados (20)

It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power point
 
Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls Are your industrial networks protected...Ethernet Security Firewalls
Are your industrial networks protected...Ethernet Security Firewalls
 
Comp8 unit6b lecture_slides
Comp8 unit6b lecture_slidesComp8 unit6b lecture_slides
Comp8 unit6b lecture_slides
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Network Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping QuarterNetwork Developement Capstone Project 2009 Sping Quarter
Network Developement Capstone Project 2009 Sping Quarter
 
Best practices for building network operations center
Best practices for building network operations centerBest practices for building network operations center
Best practices for building network operations center
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
AccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC ConvergenceAccelOps & SOC-NOC Convergence
AccelOps & SOC-NOC Convergence
 
Practical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and ProductionPractical Approaches to Securely Integrating Business and Production
Practical Approaches to Securely Integrating Business and Production
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Company Profile
Company ProfileCompany Profile
Company Profile
 
AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014AFAC session 2 - September 8, 2014
AFAC session 2 - September 8, 2014
 
386sum08ch8 (1)
386sum08ch8 (1)386sum08ch8 (1)
386sum08ch8 (1)
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 
Cybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, SecureCybersecurity - Simple, Sustainable, Secure
Cybersecurity - Simple, Sustainable, Secure
 
Advanced Data Center Security
Advanced Data Center SecurityAdvanced Data Center Security
Advanced Data Center Security
 

Destaque

Planificador terminado
Planificador terminadoPlanificador terminado
Planificador terminadoangelita856
 
Traducir clase 141016 nuevo
Traducir clase 141016 nuevoTraducir clase 141016 nuevo
Traducir clase 141016 nuevoedwinmales5
 
Chris Odle Transcript
Chris Odle TranscriptChris Odle Transcript
Chris Odle Transcriptchris odle
 
Letter of Recommendation Phil McNeill Loblaws
Letter of Recommendation Phil McNeill LoblawsLetter of Recommendation Phil McNeill Loblaws
Letter of Recommendation Phil McNeill LoblawsPatricia Boutilier
 
SAP Batch data communication
SAP Batch data communicationSAP Batch data communication
SAP Batch data communicationJugul Crasta
 
Busıness Model Innovation Business Model Canvas Toolbox 2016
Busıness Model Innovation Business Model Canvas Toolbox 2016Busıness Model Innovation Business Model Canvas Toolbox 2016
Busıness Model Innovation Business Model Canvas Toolbox 2016Serdar Temiz
 
Progetto Olona entra_in_citta_realizzazione
Progetto Olona entra_in_citta_realizzazioneProgetto Olona entra_in_citta_realizzazione
Progetto Olona entra_in_citta_realizzazioneIniziativa 21058
 
PPP-Revolution Soft Tech PVT LTD
PPP-Revolution Soft Tech PVT LTDPPP-Revolution Soft Tech PVT LTD
PPP-Revolution Soft Tech PVT LTDUdit (Nick) Shukla
 

Destaque (13)

Working Outline wHRS
Working Outline wHRSWorking Outline wHRS
Working Outline wHRS
 
Planificador terminado
Planificador terminadoPlanificador terminado
Planificador terminado
 
Presentacion de p
Presentacion de pPresentacion de p
Presentacion de p
 
Traducir clase 141016 nuevo
Traducir clase 141016 nuevoTraducir clase 141016 nuevo
Traducir clase 141016 nuevo
 
Chris Odle Transcript
Chris Odle TranscriptChris Odle Transcript
Chris Odle Transcript
 
Letter of Recommendation Phil McNeill Loblaws
Letter of Recommendation Phil McNeill LoblawsLetter of Recommendation Phil McNeill Loblaws
Letter of Recommendation Phil McNeill Loblaws
 
Combinaciones
CombinacionesCombinaciones
Combinaciones
 
SAP Batch data communication
SAP Batch data communicationSAP Batch data communication
SAP Batch data communication
 
фразеологізми
фразеологізмифразеологізми
фразеологізми
 
Busıness Model Innovation Business Model Canvas Toolbox 2016
Busıness Model Innovation Business Model Canvas Toolbox 2016Busıness Model Innovation Business Model Canvas Toolbox 2016
Busıness Model Innovation Business Model Canvas Toolbox 2016
 
Progetto Olona entra_in_citta_realizzazione
Progetto Olona entra_in_citta_realizzazioneProgetto Olona entra_in_citta_realizzazione
Progetto Olona entra_in_citta_realizzazione
 
PPP-Revolution Soft Tech PVT LTD
PPP-Revolution Soft Tech PVT LTDPPP-Revolution Soft Tech PVT LTD
PPP-Revolution Soft Tech PVT LTD
 
Devakumar resume
Devakumar resumeDevakumar resume
Devakumar resume
 

Semelhante a Final Presentation

Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxikirkton
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxericbrooks84875
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Projectchris odle
 
The Role of IT Infrastructure Services in Enabling Remote Work Success
The Role of IT Infrastructure Services in Enabling Remote Work SuccessThe Role of IT Infrastructure Services in Enabling Remote Work Success
The Role of IT Infrastructure Services in Enabling Remote Work SuccessDevLabs Global
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_SolutionSteve Lim
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxrock73
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxkkhhusshi
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Innovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. StatementInnovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. StatementDiontealley
 
UnitOnePresentationSlides.pptx
UnitOnePresentationSlides.pptxUnitOnePresentationSlides.pptx
UnitOnePresentationSlides.pptxBLACKSPAROW
 
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation SecurityOpen Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Securityagoldsmith1
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAlgoSec
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdfdhanywahyudi17
 

Semelhante a Final Presentation (20)

Background Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docxBackground Information for World-Wide Trading CompanyWorld-Wide .docx
Background Information for World-Wide Trading CompanyWorld-Wide .docx
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docxWWTC Office Layout Diagram.htmlBackground Information for Wo.docx
WWTC Office Layout Diagram.htmlBackground Information for Wo.docx
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Project
 
The Role of IT Infrastructure Services in Enabling Remote Work Success
The Role of IT Infrastructure Services in Enabling Remote Work SuccessThe Role of IT Infrastructure Services in Enabling Remote Work Success
The Role of IT Infrastructure Services in Enabling Remote Work Success
 
6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution6. Kepware_IIoT_Solution
6. Kepware_IIoT_Solution
 
SAND SKILLS
SAND SKILLSSAND SKILLS
SAND SKILLS
 
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docxAuthentic Assessment Project (AAP) Jan 2017Background Informat.docx
Authentic Assessment Project (AAP) Jan 2017Background Informat.docx
 
Zero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptxZero trust model for cloud computing.pptx
Zero trust model for cloud computing.pptx
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Innovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. StatementInnovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. Statement
 
UnitOnePresentationSlides.pptx
UnitOnePresentationSlides.pptxUnitOnePresentationSlides.pptx
UnitOnePresentationSlides.pptx
 
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation SecurityOpen Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Security
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
Avoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slidesAvoid outages-from-misconfigured-devices-webinar-slides
Avoid outages-from-misconfigured-devices-webinar-slides
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 

Final Presentation

  • 1. COMPUTER NETWORK UPGRADE PROJECT PLAN PROPOSED BY: NETWORK SOLUTIONS INC. CHRIS ODLE SEPTEMBER 2015 INFORMATION TECHNOLOGY CAPSTONE PROFESSOR KAREN QUAGLIATA
  • 2. Who is Healthmark Medical? • Medical supply company founded in 1969 • Huge range of products and services from endoscopic rentals to instrument trays and sterilization equipment • Thriving business, opening larger 3 story facility to handle their 200+ employees and various departments Founder Ralph Basile
  • 3. Defining the Problem: • Huge portion of business relies on internet and phone sales • Current hardware and software having issues supporting the demanding workload • Software errors, connectivity issues, dropped calls, PC crashing and data loss • Hardware and software issues are extreme detriment to company financially, as well as reputation
  • 4. Scope Statement and Analysis • Project Manager-Chris Odle of Network Solutions • Create network & communications layout that will solidify Healthmark’s technology needs for years to come • Time is of the essence and this project will need to be completed in 6 months Scope Statement Layout Milestones/Deliverables Project Success Criteria Limits and Exclusions Signatures of Approval
  • 5. Project Requirements: (2 Subsections) BUSINESS REQUIREMENTS TECHNICAL REQUIREMENTS
  • 6. Stakeholders and Communication Plan • Identify key stakeholders in the project and their level of involvement • Rating system for stakeholders is a power mapping strategy on the metrics of power & interest • Assess individuals importance and needs to become most efficient relaying information throughout the life cycle of the project
  • 9. File Management System (WBS) Work Breakdown Structure Devise Work Packages Assign Resources Associate Time Tables Recognize WP Predecessors Create Intuitive Timeline
  • 10. WBS - Tabular Form 172 Estimate Work Days 186 Constraint 3 Levels Duration, Predecessors
  • 11. Cost Analysis & Summary • Create detailed and accurate cost estimates to work in conjunction with WBS • Assists the project team in the areas of: decision making, effectively schedule work packages, develop cash flow for different phases, and will keep the project on course and within scope • Cost breakdown of software, hardware, labor and professional fees
  • 12. Technical Implementation Approach • This section covers in detail how the project team plans to implement the network upgrade • For the purpose of clarity, this section is broken down into multiple subsections • Custom built network diagram will also be included via the project team
  • 13. Demarcation Point (DEMARC) Demarcation Point: A demarcation point, or demarc, is the point of division between the internet service provider’s (ISP) network, and Healthmark Medical’s computer and communication network. Fiber-optic cable is being provided and installed by the local ISP and will be installed externally completing the connection to the secure data center. Some of the reasons network solution chose fiber optic cabling for the demarcation connection is: Faster Digital Signals Larger Carrying Capacity Less Signal Degradation Low Power Utilizes Light Signals
  • 14. Network Topology and Backbone This is the part of the installed network which segments and interconnects significant shared devices, while taking on the majority of the network traffic. Network Solutions plans to install and utilize a hybrid star-wired bus topology stacking 48 port switches from floor to floor, resulting in a simple distributed backbone. This setup is ideal for its ease of use, as well as the network’s scalability.
  • 15. IP Addressing IP addressing will effectively ensure proper communication between devices, as well as assist in the proper transportation of important data packets throughout the network. Network designers and architects will map out and analyze the best solution for the proposed network architecture. ◦ Gateway: 10.12.1.1/24 ◦ Subnet Mask: 255.255.255.0 ◦ Range was chosen due to size needs ◦ Static IP's delegated to server, switches, firewall, and printers to make them easily accessible, all other workstations will be DHCP for ease of use
  • 16. Hardware & Software • Servers • Routers • Switches • Firewalls • PCs • Monitors • VOIP Headsets • Printers/Fax Machines • Speakers • Office 365 • Microsoft Server Licensing • VOIP Software In-depth analysis of each component provided within project plan
  • 17. Custom Network Diagram (VISIO) 1st Floor
  • 18. Custom Network Diagram (VISIO) 2nd Floor
  • 19. Custom Network Diagram (VISIO) 3rd Floor
  • 20. Risks & Concerns • A risk is an uncertain event or condition that, if it occurs, has a positive or negative effect on project objectives • The risk management strategy will identify as many project orientated risks as possible, while minimizing their impact and also detailing responses that may happen to materialize Risk Event Identified Likelihood Impact Mitigation Strategy
  • 21. Risks & Concerns Snapshot of Risk Assessment
  • 22. Security Physical security • 24-hour monitoring of data centers. • Multi-factor authentication, including biometric scanning for data center access. • Internal data center network is segregated from the external network. • Role separation renders location of specific customer data unintelligible to the personnel that have physical access. • Faulty drives and hardware are demagnetized and destroyed.
  • 23. Logical Security Logical security • Lock box processes for strictly supervised escalation process greatly limits human access to your data. • Servers run only processes on whitelist, minimizing risk from malicious code. • Dedicated threat management teams proactively anticipate, prevent, and mitigate malicious access. • Port scanning, perimeter vulnerability scanning, and intrusion detection prevent or detect any malicious activity
  • 24. Data Security Data security • Encryption at rest protects your data on our servers. • Encryption in transit with SSL/TLS protects your data transmitted between you and Microsoft. • Threat management, security monitoring, and file/data integrity prevents or detects any tampering of data.
  • 25. Admin & User Controls Admin and user controls • Rights Management Services prevents file-level access without the right user credentials. • Multi-factor authentication protects access to the service with a second factor such as phone. • S/MIME provides secure certificate-based email access. • Office 365 Message Encryption allows you to send encrypted email to anyone. • Data loss prevention prevents sensitive data from leaking either inside or outside the organization. • Data loss prevention can be combined with Rights Management and Office 365 Message Encryption to give greater controls to your admins to apply appropriate policies to protect sensitive data.
  • 26. Privacy – HIPAA/Title II Compliance As with any company operating within the strict guidelines of the medical field, a major area of focus for Healthmark has always remained to be the privacy of all of their clients’ and customers’ sensitive information. The data in question has to be stored to a strict set of guidelines in accordance with the HIPAAAct/Title II (Become HIPAA Compliant). This act created strict and transparent guidelines on how organizations should store and interact with sensitive patient/client information. This act was created to ensure privacy and security for patients in the United States, while also providing opportunities for medical organizations to acquire more technologically savvy means of assisting their patients/clients (Become HIPAA Compliant). To become compliant an entity must meet certain criteria with regards to a few specific points of interest: privacy, security, enforcement, and breach notification
  • 27. Privacy – HIPAA/Title II Compliance Guidelines HIPAA II Compliance Guidelines Specific Technical Requirements and Implentation Strategies Access Control - Unique User Identification (required): Assign a unique name and/or number for identifying and tracking user identity. Access Control - Emergency Access Procedure (required): Establish (and implement as needed) procedures for obtaining necessary ePHI during an emergency. Access Control - Automatic Logoff (addressable): Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity. Access Control - Encryption and Decryption (addressable): Implement a mechanism to encrypt and decrypt ePHI. Audit Controls (required): Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI. Integrity - Mechanism to Authenticate ePHI (addressable): Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner. Authentication (required): Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed. Transmission Security - Integrity Controls (addressable): Implement security measures to ensure that electronically transmitted ePHI is not improperly modified without detection until disposed of. Transmission Security - Encryption (addressable): Implement a mechanism to encrypt ePHI whenever deemed appropriate. Facility Access Controls - Contingency Operations (addressable): Establish (and implement as needed) procedures that allow facility access in support of restoration of lost data under the disaster recovery plan and emergency mode operations plan in the event of an emergency. Facility Access Controls - Facility Security Plan (addressable): Implement policies and procedures to safeguard the facility and the equipment therein from unauthorized physical access, tampering, and theft. Facility Access Controls - Access Control and Validation Procedures (addressable): Implement procedures to control and validate a person’s access to facilities based on their role or function, including visitor control, and control of access to software programs for testing and revision. Facility Access Controls - Maintenance Records (addressable): Implement policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (e.g. hardware, walls, doors, and locks). Workstation Use (required): Implement policies and procedures that specify the proper functions to be performed, the manner in which those functions are to be performed, and the physical attributes of the surroundings of a specific workstation or class of workstation that can access ePHI. Workstation Security (required): Implement physical safeguards for all workstations that access ePHI, to restrict access to authorized users. Device and Media Controls - Disposal (required): Implement policies and procedures to address the final disposition of ePHI, and/or the hardware or electronic media on which it is stored. Device and Media Controls - Media Re-Use (required): Implement procedures for removal of ePHI from electronic media before the media are made available for re-use. Device and Media Controls - Accountability (addressable): Maintain a record of the movements of hardware and electronic media and any person responsible therefore. Device and Media Controls - Data Backup and Storage (addressable): Create a retrievable, exact copy of ePHI, when needed, before movement of equipment. Security Management Process - Risk Analysis (required): Perform and document a risk analysis to see where PHI is being used and stored in order to determine all the ways that HIPAA could be violated. Security Management Process - Risk Management (required): Implement sufficient measures to reduce these risks to an appropriate level. Security Management Process - Sanction Policy (required): Implement sanction policies for employees who fail to comply. Security Management Process - Information Systems Activity Reviews (required): Regularly review system activity, logs, audit trails, etc. Assigned Security Responsibility - Officers (required): Designate HIPAA Security and Privacy Officers. Workforce Security - Employee Oversight (addressable): Implement procedures to authorize and supervise employees who work with PHI, and for granting and removing PHI access to employees. Ensure that an employee’s access to PHI ends with termination of employment. Information Access Management - Multiple Organizations (required): Ensure that PHI is not accessed by parent or partner organizations or subcontractors that are not authorized for access. Information Access Management - ePHI Access (addressable): Implement procedures for granting access to ePHI that document access to ePHI or to services and systems that grant access to ePHI.
  • 28. Thank You For Your Attention!