Network Perimeter Proposal

Executive Summary

Problem/Opportunity

            XYZ Enterprises has a very low and very vulnerable network perimeter. The network has put the company at risks of attack by the unauthorized intruders. The company would like to implement a better firewall system than the previous system that could easily be penetrated. Additionally, the company would like to make the files accessible to everyone within the company but should remain certain levels and within the company’s economic standards. Besides the problem, there is also an opportunity that the company would like to seize. The company would like to expand its operations thereby including manufacturing and distribution of fortune cookies.

Recommended Solution

            XYZ Enterprises is planning to solve the current problem through implementation of an effective network perimeter to enhance the company’s security posture as well as the visibility. The proposed network perimeter is expected to build an accountable and comprehensive picture of communications that allows the company to manage the flow of the traffic easily, effectively, and securely. The proposal is meant to replace the current hodgepodge of the point products that has been keeping essential threat intelligence in silos.

Alternative Solutions

    The alternative solution to the current network problem at XYZ Enterprises is using open source tools such as Palo Alto Networks, which is a next-generation firewall. However, the company will have to strike a balance between blocking all users’ personal applications and allowing the user to use all of them. The alternative solutions will begin with having knowledge of the various applications and respective users. The information will allow the company to create effective policies that will enable to control the firewall. The policies will extend beyond the traditional approach that either allows or denies services and applications. However, the solution will give the company the ability to enable some applications securely without having to degrade the performance of the firewall (Harrison & Lock, 2004).

Feasibility Studies

    Before the implementation of the network perimeter, the company has done a feasibility study to evaluate the viability of the project. The list below provides the principal considerations for the project (Stevens & Sherwood, 1982).

·         Cost Justification: The Company has evaluated the cost advantage in the implementation of the network security

·         Minimize disruptions during implementations: The network implementation will be conducted in bits to avoid disruptions for the daily use of the network.

·         Security: The security considerations have been established based on the security guidelines and requirements of the network.

·         Scalability: The choice of the hardware and design are scalable which will also allow possible future expansion of the network within the company.

Significant Risks

·         There is the likelihood that the implementation of the perimeter will not be completed on time.

·         Weak participation of users in the project team

·         The project might suffer from unclear change management procedures that may delay project completion

·         There is likelihood of lack of definition of change management procedures in the project that may affect the project negatively

·         Availability of the project team where they may go missing thereby affecting the negatively regarding completion

·         The project may go beyond the estimated schedule that would affect the organization negatively regarding inconveniences

Current Environment of the Organization

Mission

            The company’s mission is to enable system and software developers to advance world understanding, peace, and goodwill through the development of systems that support humanity and alleviates poverty.

Vision

            XYZ Enterprises vision is to be the leading company that develops systems and software with the ability to support humanity and alleviating poverty in the United States and the world.

Description of the Current Organization

            XYZ Enterprises is a new company that aims at providing a high quality system and software and IT services to its customers. It has begun operations recently and is scheduled to take off well within the next two months. The company is a partnership that is owned and operated by Norman Smith and Robert Johnson. The company targets small and medium sized companies and government agencies within the northern side of Illinois including Chicago and the surrounding areas. The company will seek major software and system development contracts with medium sized companies. The company sets its sites as the go-to company for the establishment for other software and system development companies that do not have this capability.

Description of the Current Business Environment

            The company has not been in existence for long. Therefore, it is still in the process of familiarizing itself with some business environments. However, the company has gathered enough customers during the time it has been in the existence. Government policies are favorable, and they will enable growth within the next decades. Competition is stiff which requires the company to produce quality products to help add to the current customers. The political atmosphere is also favorable which is expected to spur the growth of the company within the next year. The company supports small and medium businesses through the providence of quality system and software and IT services. The company stands to gain from its location at the heart of Chicago shopping district that provides accessible routes to the city’s business core. 

Descriptions of the Organization Technological Environment

            The company has embraced the recent and modern technology in the process of conducting the business. It has continued to advertise its products and services through the social media such as Facebook and Twitter among others. The company also has the fastest technology in the region with the capability of transmitting at a higher rate compared to others in the same category. It has CCTV surveillance to maintain its security around the premises. The current technological environment in the environment is expected to lead the company into the next phase of growth.

Description of the Problem

Description of the Recommended Solution

            The recommended solution removes the need for physical media of the traditional LAN and replaces it with a modern technology such as radio waves. The freedom of the physical media will also allow any user within the range to pick the signal. It will also allow connections any point within the radius of the network perimeter. It is significant compared to the current network. These features will enable the company users to access files within the range without the need to worry about security. It will also boost the productivity of the employees which will lead to the growth of the business (Lester, 2007).

Scope of the Project   

            The current project is a recommendation to improve the security of XYX Enterprises by implementing a perimeter around the network. The project will solve the problem by implementing various security measures that are identified in the perimeter. The project will entail improvement of the overall status of the network, firewalls, UNIX Security, Intrusion Detection Systems (IDSs), server security, Virtual Private Network (VPN), Intrusion Prevention Systems (IPSs) among others. Additionally, the project will aim at evaluating how the above components relate. The project also aims at assessing the effectiveness of wireless connections, mobile systems, portable storage devices and other links within the network. However, the project is not aiming at improving the speed of the network or adding other components to the network (Moustafaev, 2014).

Assumptions

            XYZ Enterprises has a normal business environment. Therefore, the architecture of its network and security will be developed through several meetings and discussions. The meetings cannot be done actively thereby necessitating for the following assumptions during the proposal of the project (Newel, 2005).

·         Software and systems are the main products of the company and should be protected from exposure

·         The company has not established itself in the best way and therefore, it will not need its security known to every man.

·         All the remote access of the network from the field through the VPN would be possible via HQ VPN

·         The project committee will not discuss the application-level security beyond function provided by such security.

·         All the remote offices within the company will not allow direct connectivity of the employee to the Internet.

·         Conduction of Electronic Data Interchange (EDI) e-commerce over the Internet is prohibited.

Constraints

    There are anticipations of various constraints that may derail the implementation of the project. While some may be beyond the capabilities and solutions of the company, some are not beyond the reach of the company. The project committee has seen the following constraints that may derail project implementation (Doraiswamy & Shiv, 2012).

·         There may be inadequate manpower within the organization to enable timely completion of the project.

·         The users will require training at the end of the project on various security components that will have been added to the network

·         The management may not support the project fully

·         Some of the network security components required in the project may not be available in the local market.

·         The company may not be able to support the demands of the new-look network security.

·         The funds the company is willing to set aside for the completion of the project may not be enough.

Data Collection and Analysis

Methodology One

            The company will employ interviews as the first methodology of data collection and analysis. The project team chose the methodology because of the data collection strategy, the type of variable, the accuracy required, knowledge and skills of the enumerator, and the collection point. Interview comprises of filling with forms that are completed during the interview between the interviewer and the respondent. However, interview as a method of data collection is more expensive than filling questionnaires. They are suitable for complex questions, illiteracy or low levels of literacy of the respondent or inadequate cooperation (Olsen, 2011). 

            The interview was conducted by determining the information the project required. The project team wanted to find out the vulnerabilities of the current network and which improvements were required to better its functionalities. The next step was determining the audience. The step was easy since the team would interview the employees from different departments within the company. Interviews were conducted according to the plan and the wish of the project team. Determining the questions the respondents would answer was the hardest thing.

            The results of the interviews were encouraging. Most of the respondents participated fully. There were no major problems since the level of literacy and cooperation was high and not what normal interviews in other places would have turn out. Most of the respondents were convinced about the implementation of the network perimeter within the company since they had experienced attacks that emanated from unauthorized intrusions (Axinn & Pearce, 2006).

Methodology Two   

            The company employed observations as the second methodology of data collection and analysis. The project team would make direct observations to the company network after which it would assess its security status. The assessment would help the team come up with the most suitable method that they would to implement perimeter which is a component of security. The methodology was selected because it is the most effective and cheap to collect and analyze data.

            The methodology has not a specific process that it should follow. It involves making direct observations to a phenomenon the researcher wants to study. Therefore, it would be the same for the company’s project team. They made direct observations to the company’s network from which they assessed different security requirements of the network. The outcome of the assessment of the network was that the network required the addition of some components that would improve its security and increase its productivity. The outcomes were also impressive and were some of the reasons that would make the management embrace the project (Weller & Romney, 1988).

SWOT Analysis

            The initials SWOT are an acronym for Strengths, Weaknesses, Opportunities, and Threats. They are the basic components of SWOT analysis usually presented as a matrix with four main parts where each part represents each component. XYZ Enterprises has similar to other software development companies in that it has its strengths, weaknesses, opportunities, and threats as presented below (Fine, 2009).

Strengths   

·         Adoption of the most current and strong technology

·         The company offers its products and IT services at competitive prices

·         The company has a implemented an online customer sales service with user-friendly services and an interface

·         Excellent customer relationship management (CRM)

·         The company has a strong base of active and competent system developers

·         The company has a stateside real-time customer service that answers customers’ calls promptly

·         The company has excellent reference customers who are happy without the products and services. 

Weaknesses   

·         The company’s brand of products and the company, in general, is little-known

·         The company has a narrow line of products that go hand in hand with other IT products and services such as data backup and recovery

·         The current website and network traffic is low compared to the expected competition

·         The company lacks organic funding meaning that it has no outside funding other than what it generates from the sales of systems and IT services

·         Weak buying power and insignificant influence over the partners

·         The company develops closed source systems and software

Opportunities

·         The company can displace the high-priced competition in the software development industry with adoption of more new technologies

·         The has a chance to subscribe to services such as Software as a Service (SaaS)

·         OEM opportunities

·         The company has a various opportunity to venture into markets where the established system developers have not ventured such as Latin America and Africa

·         The company has an opportunity to create “Add-on” to the existing software products

·         The company can also leverage from the already available software and system developers

·         There are possible new acquisitions in the system and software development markets

Threats

·         The company will be competing with companies that are large and funded to the tune of million dollars

·         The development of cloud computing could disrupt some activities that the company depends on for revenue

·         Delays in releasing any new product could lead to negative change of commitment by the customer that could be adverse to the company

High Level Project Schedule

Tasks

Project Role	Project Responsibility
Project Sponsor	XYZ Enterprises is the project champion and will therefore provide direction and necessary support to the team. The management will approve the project for funding and the scope. The management will also set the priority of the project relative to other projects in their area of responsibility
Government Monitor	The government monitor will be the bridge between the team and the sponsor. Furthermore, the monitor will be the point of contact for the project manager to manage the CDC’s daily interests.
Project Manager	The project manager will perform daily management of the project. He also has particular accountability for project management with the approved scope, time, cost, and quality to delivered requirements, deliverables and customer needs
Business Steward	A management person within the company who will be responsible for the success of the whole project
Technical Steward	Technical steward will be responsible for the technical daily aspects of the project. His responsibilities include details of network perimeter implementation. He is also responsible for providing technical support and directions to the project
Security Steward	Security steward is responsible for playing the role of maintaining the information security of the project during implementation
Information System Security Officer (ISSO)	Definitions of roles and responsibilities by the company according to the project

High Level Risk Management

Risk	Risk Level (L/M/H)	Likelihood	Mitigate Strategy
Estimated project schedule	H	Certainty	Developed detailed project timeline accompanied by regular baseline reviews
Inadequate knowledge of users	M	Likely	Project manager assigned to evaluate global implications
Creeping of project scope	L	Unlikely	Initial definitions of scope in the plan, reviewed regularly to prevent creeping
Unrealistic cost estimates	L	Unlikely	Costs included in the plan and also subject to amendment due to revelation of new scope details
Unrealistic timeline estimates	M	Somewhat likely	Frequent review of timeline to prevent departures of undetected timeline
Availability of the project team	M	Somewhat likely	Regular reviewing of the project momentum at all levels. Identification of impacts caused by unavailability
Lack of definition of change management procedures	L	Unlikely	N/A
Unclear change management procedures	L	Unlikely	N/A
Weak participation of users in the project team	L	Unlikely	Full time employee will coordinate user group participants

References

Axinn, W. G., & Pearce, L. D. (2006). Mixed methods data collection strategies. Cambridge:         Cambridge University Press.

Doraiswamy, P., & Shiv, P. (2012). 50 top IT project management challenges. Cambridgeshire,     United Kingdom: IT Governance Publishing.

Fine, L. G. (2009). The SWOT analysis: Using your strength to overcome weaknesses, using          opportunities to overcome threats. Berlin: CreateSpace Independent Publishing Platform.

Harrison, F. L., & Lock, D. (2004). Advanced project management: A structured approach.           Aldershot: Gower Publishing.

Lester, A. (2007). Project management, planning, and control. Burlington: Butterworth-   Heinemann.

Moustafaev, J. (2014). Project scope management. Boca Raton: CRC Press.

Newel, M. W. (2005). Preparing for the Project Management Professional (PMP) Certification     Exam. New York: AMACOM/American Management Association.

Olsen, W. (2011). Data collection: Key debates and methods in social research. New York:           SAGE Publications.

Stevens, R. E., & Sherwood, P. K. (1982). How to prepare a feasibility study: a step by step          guide including 3 model studies. Upper Saddle River: Prentice-Hall.

Weller, S. C., & Romney, A. K. (1988). Systematic data collection. New York: SAGE      Publications.

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in Online Writing Services if you need a similar paper you can place your order from free essay writing services.