Networking SA Project

Student Consulting Services

E-business Policy and Strategy Plan

Contributors: Johnnie Farmer
Alicia Merkins
Dennis Parker
Jovonda Rodgers
Rashad Tarpley

2 E-business Policy and Strategy Plan

Contents

Contents ................................................................................................................................................. 2

I. Mission Statement ......................................................................................................................... 3

II. Considerations .............................................................................................................................. 4

III. Network Security Strategy............................................................................................................. 7

IV. Disaster Recovery ......................................................................................................................... 8

Disasters likely to occur in the Midwest .................................................................................................. 8

Disaster Recovery Plan .......................................................................................................................... 9

V. Privacy Policy .............................................................................................................................. 10

Privacy Policy ..................................................................................................................................... 10

Email Use Policy................................................................................................................................. 10

Policy ............................................................................................................................................. 10

Enforcement ................................................................................................................................... 11

Definitions ...................................................................................................................................... 11

Transition Plan .................................................................................................................................... 12

Testing ............................................................................................................................................... 13

Communication Plan ........................................................................................................................... 13

VI. Testing and Back-Out Plans ....................................................................................................... 15

Testing Process for Network ................................................................................................................ 15

Test validity ........................................................................................................................................ 16

Back-Out Plan .................................................................................................................................... 16

VII. Monitoring System................................................................................................................... 17

Free Monitoring Software .................................................................................................................... 17

Commercial Monitoring Software ......................................................................................................... 17

The Recommended Choice .................................................................................................................. 19

VIII. The Help Desk......................................................................................................................... 20

ITT Student Consulting Services Confidential 2009


I. Mission Statement
This group consisting of Alicia Merkins, Johnnie Farmer, Dennis Parker, Jovonda Rodgers,

and Rashad Tarpley has been charged with developing network policies and documented

strategies for creating and growing an E-business,

The proposed organization is to be a 24-hour, 7-day a week company that only takes orders

from online access through the company’s website. Our proposed organization has selected

Indianapolis, IN as its location for its easy access to the rest of the country. The proposed

location was also chosen for the significant distribution and warehouse facilities there.



II. Considerations
Certain physical considerations must be made when planning for the network that will

support our organization. The following functions must be taken into consideration for support:

Customer Access (to identify products for purchase)

o Account Registration - username and password

o Account information will include but is not limited to the individuals name,

address, date of birth, email address and security question for password recovery.

o Database to store all above information

o PayPal affiliation for online payment options

o SSL and https for increased security

Customer Support (for customers who are internet phobic)

o Customer service center with 1-800 number

o Online Chat

o Automatically saved and sent to QA department

o Email support

Outlook

Management Reporting

o Managers will be linked to a separate server for enhanced security

o Payroll functions

Report time worked, breaks, scheduled vacations, etc

Monitor employees

o Incident reports

o Call Monitoring at random to ensure employee accuracy



Warehouse & Distribution Functions

o Inventory reporting

o Shipping reporting

o Separate database and server

Marketing Functions

o All marketing is done primarily online

Occasional Newspaper, Television, Radio

o Advertise with several different websites

Website linking and ads

o Marketing employees must ensure accuracy across all advertisements

System Development & Support Functions

o Server based automated updates

o Company proprietary systems that will only be accessible on company

workstations.

o IT helpdesk

The first services we would implement would be:

At the start of the business we will need to have a secure website, have phone support

and employees set up, provide warehouse with inventory and database to monitor it.

We will also need to ensure that we have an IT support team as well as several

servers to support the various functions of the company.

To accommodate for possible explosive growth we purpose:



Depending on demand we may eventually support phone sales.

We will ensure that our warehouse will support extra inventory in case we need to

keep more in stock.

Network will support extra workstations and servers.

We envision the following services to be added in the future as our organization grows:

As the company grows we may decide to expand our inventory to other avenues and

services.

We will eventually be able to add a FAQ page to our website.

Depending on business we may eventually be able to move to store fronts as opposed

to being an internet only company.



III. Network Security Strategy
Different aspects of security affect different constituencies within the organization and

customers outside the organization in various ways. Security within the organization affects the

employees by maintaining integrity from within. Ensuring that the security policies set forth

within the organization promote customer confidentiality as well as securing all company

confidential information. Customers will feel safe with their online orders and supplying

financial information to our company.

Our team will implement security by setting forth policies and procedures that is

understood and followed across the board on all levels. Any new employees will take an online

training course on company proprietary information and systems as well as security measures,

integrity and customer privacy. All existing employees will take bi-quarterly training sessions as

well. After each training session, all employees will be required to sign a form stating that they

read and understood the policies and procedures. Furthermore, the system administrators will

monitor the network from the email and internet usage to any external drives or downloads being

used on workstations.

Any employees that have been terminated or willing leave the company will be stripped

of their network and facility entry abilities. This includes any facility badges, parking passes,

building security or alarm codes and network log-ins. In addition, their employee email accounts

will be frozen from access internally and externally. In cases where the employee is eligible for

rehire, their log-ins will be disabled for 6 months before being completely deleted from the

system. This will save time and money if the employee were to come back to the company

within the allotted timeframe. All of the above procedures would be completed during or before

a mandatory exit interview that is conducted by a member of management.



IV. Disaster Recovery
We will back up all of our information daily to both our local and non local servers. We will

have network redundancy where if the local server were to go down for any reason we would be

able to connect to the backup server. This will ensure that if a disaster were to occur locally we

will have a server that is not local that we can connect to.

We also create circuit redundancy where our network would be connected through a T1 local

network with a DSL backup so that if the internet server were to go down we would have an

alternate method of connecting. Our backup server would be administered by a server backup

company since we are a small scale ecommerce business. As we grow we may begin to take the

matter into our own hands with our backup systems.

As for our inventory, we will only order enough stock to successfully run our business. We

will keep enough of each item in stock and make weekly orders to our external supplier on a

need-be basis. This will ensure that we do not have too much inventory so that if we were to be

face with a disaster we will not lose millions of dollars worth of merchandise. Weekly reports

will be run on both our inventory and sales to provide projected sales and inventory needs.

Disasters likely to occur in the Midwest

Tornados

Blizzards

Lightening

Hail

Floods

Terrorist attack



Jet fuel spillage/ leakage

Earthquakes

Improper local construction (including building structure, electrical, sewage, etc)

Disaster Recovery Plan

Insurance

Generators

Remote access

Local and non local servers



V. Privacy Policy
Privacy Policy

The privacy policy will consist of a document that the employees will sign that states exactly

what the policy consists of. The privacy policy will state that all employees will have a photo ID

badge that will be required to be in their possession at all times. It will also state the email and

network security will be in place to prevent intruders from getting on the network and obtaining

company and client confidential information.

Email Use Policy

To prevent tarnishing the public image of our organization, when email goes out from our

organization the general public will tend to view that message as an official policy statement

from the SA’s of our organization.

This policy covers appropriate use of any email sent from our E-commerce Business email

address and applies to all employees, vendors, and agents operating on behalf of our

organization.

Policy

1 Prohibited Use

Our organization email system shall not to be used for the creation or

distribution of any disruptive or offensive messages, including offensive comments

about race, gender, hair color, disabilities, age, sexual orientation, pornography,

religious beliefs and practice, political beliefs, or national origin. Employees who

receive any emails with this content from any Company employee should report the

matter to their supervisor immediately.



2 Personal Use

Using a reasonable amount of our organization resources for personal emails is

acceptable, but non-work related email shall be saved in a separate folder from

work related email. Sending chain letters or joke emails from an organizational

email account is prohibited. Virus or other malware warnings and mass mailings

from our organization shall be approved by our VP Operations before sending.

These restrictions also apply to the forwarding of mail received by an employee.

3 Monitoring

Our employees shall have no expectation of privacy in anything they store, send

or receive on the company’s email system. Our organization may monitor messages

without prior notice. Our organization is not obliged to monitor email messages.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up

to and including termination of employment.

Definitions

Term Definition

Email The electronic transmission of information through a mail protocol such as

SMTP or IMAP. Typical email clients include Eudora and Microsoft

Outlook.

Forwarded email Email resent from an internal network to an outside point.



Chain email or letter Email sent to successive people. Typically the body of the note

has direction to send out multiple copies of the note and promises good

luck or money if the direction is followed.

Sensitive information Information is considered sensitive if it can be damaging to Our

organization or its customers' reputation or market standing.

Virus warning Email containing warnings about virus or malware. The overwhelming

majority of these emails turn out to be a hoax and contain bogus

information usually intent only on frightening or misleading users.

Unauthorized Disclosure The intentional or unintentional revealing of restricted

information to people, both inside and outside Our organization, who do

not have a need to know that information.

Transition Plan

The transition plan will consist of the implementation strategy set fourth for new

technologies and systems. It will consist of training schedules, upgrade schedules, etc. The

transition plan that we have in place for new technologies and upgrades are:

Develop a service checklist

Verify software packages will work on new system

Develop test for each service to verify its working

Write a back out plan with specific triggers

Select a maintenance window

Announce upgrade

Execute test



Lock out users

Do upgrades while being supervised

Repeat test and do debugging (if necessary)

If test fail or triggers back out, execute back out

Let users back in

Communicate success or back out to customer

Analyze what went right and what didn’t; modify checklist

Testing

We have taken the steps to ensure quality, security and compatibility with our current

systems. The new technology has gone through extensive testing to guarantee the above factors.

Steps taken for the testing process:

Plan a test process

Test on a single system

Test on multiple systems

File a test request

Get the test committee to approve system test

Schedule a test process

Communicate with users and administrators before test

Test systems at scheduled times

Post a test event analysis

Communication Plan

The communication plan will be implemented for any and all changes to our business

strategies and plans. Any communication will be implemented through email, memos, phone,



and voicemail. All emails will have a read / received receipt to the sender to ensure that the

employees have read the email and it will also be communicated that this receipt ensures

understanding of the communication unless the employee were to communicate back to the

sender with any misunderstandings. The way we will implement our communication plan is first

communicate change to all impacted people what changes are being made, which services will

be unavailable, when and how long they will be unavailable, and what action do they need to

take (if any).



VI. Testing and Back-Out Plans
Testing Process for Network

All tests will be done on a redundant server used to do test. As each service is identified, a

test will be developed that will be used to verify that the service is working properly after the

upgrade. The easiest way to do this is to have all test recorded as scripts that can be run

unattended. A master script can be written that outputs an “ok” or “fail” message for each test.

This test can be run individually as problems are debugged. For more complicated services,

customers may write the test or offer to be on call to execute their own set of manual tests.

In the case of our E-business we use software packages that have an installation verification

suite that can be run. This process is called Recession testing; you capture the output of the old

system, make a change, and then capture output of the new system.

What will be the services provided by our server?

The servers will provide email support as well as client database information and support,

billing information and support, backup support, internet support, etc.

Who are the customers for each of our services?

Email support and internet support apply to the employees of the company

Database support, billing support and internet support apply to the customers.

Backup support applies to the system administrators and employees of the company.

Which software package will provide for each of our services

For the internet we will use a L.A.M.P. (Linux, Apache, MySQL, Php) architecture to

host our services

Database support will be provided through MySQL.

Email services will be provided using Microsoft Exchange/Outlook.



Billing support for customers and employees will be provided using software called

Netace.

Verification tests for each service developed

For all of the services we will enable testing within one of our call center facilities. If

everything goes well within that one call center then the software would be administered

throughout the company. In that call center we would have an IT support team that will support

any potential issues that may occur within the new software and services.

Test validity

We would know if the tests are valid because they are being tested in the real world

environment.

Back-Out Plan

Our back out plan will be based on the agreed upon end time minus the back out time, as well

as the time it will take to test that the back out is complete. We will have an outside member to

clock the progress like a manager. The back out plan would be to transfer any customers to

another department if we were to have any issues within the particular department that is testing

the new software and services. This will ensure that the customers or clients do not suffer during

our testing process while also enabling us to test the product in the real time environment.



VII. Monitoring System
Free Monitoring Software

Employees Monitor Free Edition 2.22 would be the real-time monitoring solution best suited

for our environment. It would allow SAs to invisibly monitor the entire network from one

centralized position, such as instant messaging, file operations, websites visited, applications

used, etc. Employees PC Monitor also can log file operations of the employee's computer, such

as copy, delete, print, create, rename, open, copy file to removable disk, etc. It can send alarms to

the console computer when an employee does a file operation on removable disk, add or remove

a removable disk, open an unwanted website, etc. SAs could also see live screenshots of multi

network computers and take a control of a remote computer, this is especially useful when you

need to assist the person who uses the remote computer or immediately stop unwanted actions,

and you can edit, open, download, and upload files remotely. Employees PC Monitor can also

restrict remote computers’ browsing in Internet Explorer, application using, network accessing,

and send instant message and command (e.g. shut down, restart, run program, open website) to

the remote computer. Additionally Employees PC Monitor provides a powerful remote task

manager, which allows the SAs to view all processes on remote computer and end any of them.

Commercial Monitoring Software

SpectorSoft’s Spector Pro is the best selling commercial monitoring software on the market

today. Spector Pro has deservedly earned its reputation as not only the most trusted monitoring

software in the world, but as also the most feature-rich, while being easy and intuitive... even for

beginners. Whether you want to monitor a computer in secret or in the open, Spector Pro can

capture all the action with little effort on your part.



The program will even contact you remotely by email or cell phone when activity on your

computer triggers specific keywords. Spector Pro has an excellent combination of monitoring

features: Screen Snapshots, Chat/IM Activity, Web Sites Visited, Email Activity, Program

Activity and Keywords Detected. You can also monitor MySpace or Facebook activity, and even

specific online searches. The Top 10 Summary Reports allow you to gauge what sites and

activities are taking up the most time. Spector Pro can even monitor and track files downloaded

over the internet (music, pictures, video, software, etc.).

Furthermore, the software can keep track of what files and documents are being accessed,

removed, edited, renamed, and even printed. More than just monitoring online activity, Spector

Pro can monitor ever program or application run on the computer, including games. You can see

what programs were launched, and how long they were actually used. Though you technically

have to let any user know that they are being monitored Spector Pro has “Stealth Mode”, which

hides the program. The program will not appear on the desktop or task manager. It won't even

show up after a program search and it is not listed on the hard drive, so others cannot tamper or

delete it.

You can access the program with a combination of hot keys and a password. Instead of just a

list of email and chat contacts, viewing the content of these messages greatly increases Spector

Pro’s monitoring effectiveness. The ability to visually record and replay the captured activity

can't be overstated. You can see every web site, every email, and every keystroke if you want.

Spector Pro is certainly effective at what it does, recording all sorts of internet activity. But more

importantly, Spector Pro makes this information easy to overview and monitor efficiently.



The Recommended Choice

With the added features of the commercial Spector Pro over the free Employees Monitor

Free Edition 2.22 and the low cost of only $100.00 I would suggest the commercial software for

our organization.

Price, features, and the added benefit of a support contract for the software all factor into this

being the better option for us.



VIII. The Help Desk

The types if people that we would hire for our help desk are people with strong customer

service and sales skills and experience as well as individuals with IT degrees and IT experience

IT Employees and managers- utilized to resolve any internal IT issues with database,

systems, security, etc.

Customer Service – Utilized to resolve customer issues, billing, and product related

issues, etc.

Sales and Shipping employees and managers- utilized to resolve any shipping or sales

issues or requests.

Quality Assurance employees and managers- ensure quality products, services,

continuing improvement, customer surveys, etc.

Escalation policy to help respond quickly and efficiently

The first step to an escalation is for the representative create a trouble ticket and to

attempt by any means possible (according to the policies and procedures set forth) to

resolve the issue in a timely manner. Rep should spend no more than 15 minutes on

an issue.

If the representative is not able to resolve the issue then the trouble ticket should be

forwarded to their direct manager.

The Manager should attempt to resolve the issue within a timely manner, updating

any progress on the trouble ticket and forwarding it to the department that is better

able to solve the issue.



The assigned department should be able to resolve the issue and update the trouble

ticket.

If the issue were to go further than the assigned department then the issue may require

further investigation.


Networking SA Project

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a Networking SA Project

Semelhante a Networking SA Project (20)

Networking SA Project