Beta Sonic Information System Security Plan Information Technology Essay

BETA SONIC information system security plan consists of a full risk analysis of the Information Systems and upgrade of its current Information Systems. Security policy is written for the organization for its maximum security which identifies security goals and responsibilities of organization employees. There are two major security goal areas which got most attention, Access Management and Asset Security Management.

In description of current security status, asset, threat, vulnerability and controls are discussed and in recommendation section the upgrade for each asset area planned. Risk analysis component based on seven threat and control groups, power supply, natural disaster, equipment failure, data attacks on hardware, network attacks, malicious software attacks and wireless communication attacks.

Implementation, responsibility and review are also discussed to make sure the continuity of the secure information system. Cost benefit analysis are also done in spreadsheets which are included in this report to show the increase security trends.

Table of contents

1.Introduction iv

2.Organization Description v

2.1 General Description v

2.2 Organization Chart 6

2.3 Network and System setup 8

3.Security Policy 9

3.1 Security Goals 9

3.2Responsibilities for Goals 12

3.3Commitment to Security 13

4.Current Security Status 14

5. Conclusion 20

6.Recommendations 21

7.Implementation of Recommended Controls 32

7.1Timetable 32

7.2Responsibility 32

7.3Schedule for Review of Security and Control Items 34

8.References 35

9.Appendix 36

9.1Network and System Diagram 36

9.2Cost Benefit Analysis 39

9.3Gantt chart 41

9.4 Vulnerability Maps 41

Introduction

BETA SONIC Company was established in 2005 in a small factory in Lidcombe by Stuart Low. Last five years, BETA SONIC expanding its business all over Australia and all around the world. A new office in the Sydney city is becomes a necessity for the company. So BETA SONIC opened a branch office in the Sydney city location for doing most of its paper work.

The current Information System of BETA SONIC Company is quite old as last upgrade was in 2007. Technology is moving so fast that 2007 Information System security policy is not enough for the current security status. At this stage, the company needs a new information security policy where three major threat areas approached,

Man-made (intentional),

Natural disaster,

Accidental (unintentional) disruptions.

Risk/vulnerability analysis, cost benefit analysis, Risk Management tools, several tools are used to make an effective information security plan for BETA SONIC Company to ensure the integrity, availability and confidentiality of data in the system

Organization Description

General Description

BETA SONIC is the leading company in the field of solar charged and Rechargeable lights. BETA SONIC produces wide ranges of products, which incorporate plastics, stainless steel, electronics and OEM products in various markets. BETA SONIC solar charged accent lighting eliminates the problems with solar lighting available today. BETA SONIC makes solar charged lights that are brighter and last up to 3 nights with a one-day charge. The unique designs available, light output and installation options are second to none worldwide.

BETA SONIC was established in 2005 as a manufacturing and marketing company of emergency lights and other electronic products. Since year 2008 BETA SONIC has focused on the solar lighting market and has developed more than 38 innovative products. The unique designs available, light output and installation options are second to none worldwide.

BETA SONIC Inc., manage the marketing and distribution of products in Australia. BETA SONIC also offers innovative multi-purpose rechargeable products that range from party lights to emergency lighting products.

BETA SONIC has proven commitment to high quality standards, time schedules, and to product designs that meet consumer needs. The company takes pride in its ability to transform an idea into a complete product and success in promoting the products worldwide. Several products are patent protected.

BETA SONIC distributes its products in 21 countries including: south and Central America (Mexico, Argentina, Brazil etc) Europe (Italy, Greece, UK, Turkey etc).

2.2 Organization Chart

General Manager

(Elton John)

Marketing Manager

(Chin Ming Ket)

Technical Manager

(Amit Jain)

Administrator

(Mike Henson)

Account Executive

(Chris Tucker)

Marketing Executive

(Liam Nelson)

IT Manager

(Ahmed Rusel)

Network Administrator

(John Feng)

Operation Supervisor

(Robbie Bangue)

Production Manager

(Andrew Symonds)

Director

(Stuart Low)

Material Procurement

(George Roig)

Manufacturing

(Lisa Anderson)

Quality control

(Bruce Owen)

Figure: BETA SONIC Organization Chart

2.3 Network and System setup

Current networks are divided into two general groups called Local Area Networks (LAN) and Wide Area Networks (WAN). LANs are networks within a building and typically are high speed networks that connect computers, printers and other network devices together. Ethernet network is the implemented LAN and typically has a speed of either 10Mbps or 100Mbps. Ethernet networks are constructed of Category 5 UTP cables and Cisco switches. The devices connected to the Ethernet network are attached to one end of the UTP cable and the other is attached to the switch. It is the task of the switch to transmit the packets of information sent by all devices to some or all of the other devices connected to the Ethernet LAN. Switches are connected to routers and routers connect to internet.

WAN is used to span the distance between main office and branch office. WAN is LANs connected together using wide area network services from telecommunications carriers and used technology, PSTN (Public Switched Telephone Network). WAN is connected using routers which connect the LAN to the internet. It is the job of the router to forward data from the LAN to the WAN and vice versa.

Security Policy

Security Goals

2.1.1 Access Management

Assure the security of all computing assets whether all users of the company's information technology resources must be authorized to access the appropriate systems and their resources. Access is controlled and monitored in accordance with company policy. The elements involved in controlling and monitoring access include identification, authorization and authentication.

2.1.1.1 Identification

All system users are assigned a unique ID to use in accessing the systems and applications. User IDs are not to be shared. Users are responsible for maintaining the security of their IDs and all activity occurring under those IDs.

2.1.1.2 Authorization

Only those users who have valid reasons for accessing the systems and information are granted access privileges appropriate to their business requirements. Access is granted by means of a computer account, which also serves as identification.

2.1.1.3 Authentication

Authentication ensures an identity. Each ID requires a technique, usually a password, for validating identity.

2.1.1.4 Account Management

Ensure review schedule of delegated authority, to determine who is authorized to use the system and their level of authorization and also determine who should be able to get network access from remote locations.

Ensure any non-compliance as a result of this activity is addressed as a matter of priority. All records of non-compliance must be kept until all matters arising from non-compliance have been resolved.

2.1.1.5 Privileged Users Access

Certain system users have high-level access rights, enabling them to access any data stored on the company's information technology systems. These staff members can be generically termed System Administrators. Staff with high-level access rights should abide by the Code of Ethics promulgated by the System Administrators Guild of Australia.

2.1.2 Asset Security Management

2.1.2.1 Server & System Backup

All critical information must be backed up on a regular basis.

2.1.2.2 Personal Computer and Mobile Device Backup

All critical company information should be stored on centrally maintained corporate networked disc storage. Any other data stored on desktops, laptops and other mobile devices becomes the responsibility of the user to ensure it is backed up on a regular basis.

2.1.2.3 Recovery

All backups of critical data must be tested periodically to ensure that they support full system recovery.

2.1.2.4 Off-Site Storage

The off-site storage location must provide evidence of adequate fire and theft protection and environmental controls. A formal Service Level Agreement (SLA) must exist with the off-site storage provider.

2.1.2.5 Data Retention

The retention period, legal requirements, responsible parties, and source of legal requirement should be specified.

2.1.2.6 Business Continuity

Business Continuity and Disaster Recovery Plans should be prepared and tested for all of the major systems. The testing strategy to be implemented will be influenced by the importance of the system to the company's business operations and the ability to recover the system within agreed timeframes.

A copy of each plan should be stored offsite in a secure manner to ensure that the plan can be implemented in the case of a disaster. A review of any major disruption to information services should be undertaken to identify the cause of the disruption and where appropriate adjust the plan and/or procedures to minimize the risk of the event occurring again.

2.1.2.7 Security

All major information assets must be accounted for and have a nominated custodian.

2.1.2.7.1 Physical Security

Access to secure areas, including computer rooms, the PABX room, network equipment rooms and any associated service facilities, is restricted to authorized company staff, through the use of passwords, locks or access-control devices. All wiring closets must be secured to prevent any damage and to stop unauthorized attempts to connect to data outlets and to prevent snooping.

2.1.2.7.2 Data Security

Staff should be aware of their legal and corporate responsibilities concerning inappropriate use, sharing or releasing of information to another party. Any third party receiving proprietary or restricted information must be authorized to do so and that individual or their organization should have adopted information security measures, which guarantee confidentiality and integrity of that data.

2.1.2.7.3 Software Security

To comply with legislation and to ensure ongoing vendor support, the terms and conditions of all licensing agreements must be adhered to. All software and other applicable materials must be licensed (as required) in an appropriate manner.

In order to comply with licensing regulations and to prevent software piracy, details of the purchaser, approver and installer must be logged, traceable and auditable.

In particular, attention should be paid to ensure that the security controls of audit trails and activity logs are built into applications for the validation of data and internal processing.

2.1.2.7.4 Internet Security

A number of measures should be taken to mitigate the risk from internet use.

2.1.2.7.5 Email Security

All email users should be aware of their responsibilities. To reduce the level of unsolicited messages, email that meet one or more of the following criteria will be blocked or rejected:

· Malformed email

· Email with an attachment identified as a significant risk

· Email that exhibit a significant level of unsolicited email characteristics.

2.1.2.7.6 Instant Messaging (IM) Security

All instant messaging users should be aware of their responsibilities.

In addition, IM applications can expose security vulnerabilities that can become channels for malware distribution. Users should be cautious when sending and/or receiving instant messages with attachments.

2.1.2.7.7 Mobile Equipment/Wireless Devices Security

Special usage policies and procedures are used to ensure the safe use and access of such devices (e.g. PDA, mobile phones, Laptops). Device timeouts should be implemented to lockdown devises and minimize the risk of unauthorized access to the device.

Responsibilities for Goals

Position

Incumbent

Goals

Director

Stuart Low

2.1.1

2.1.2

General Manager

Elton John

2.1.2.6

2.1.2.7

Technical Manager

Amit Jain

2.1.2.4

2.1.2.5

2.1.2.7.2

IT Manager

Ahmed Rusel

2.1.1.2

2.1.1.3

2.1.1.4

2.1.2.1

2.1.2.7.3

Network Administrator

John Feng

2.1.1.5

2.1.2.7.4

2.1.2.7.5

2.1.2.7.6

2.1.2.7.7

Operator Supervisor

2.1.1.1

2.1.2.7.1

2.1.2.7.2

2.1.2.7.3

Commitment to Security

BETA SONIC is devoted to provide pioneer solar power solutions while maintaining world class standards. Security is always a big priority for both internal information and client information. BETA SONIC is always evaluating its data security, physical security architecture to provide privacy and safety for their employees. Strict internal actions are in place within immediate, controlling online services for remote access. The switch over of information over the network is encrypted. The information of BETA SONIC Server is very strictly restricted. To protect anonymous access on the network they use security aspect.

BETA SONIC is very sincere and aware about their network security and they use latest technology for that. Their IT manager is always aware and looks after their network security and if there is any vulnerability in network security. The security is very protected and maintained by qualified network administrator. Licking internal information is totally illegal.

As far security concern BETA SONIC give their top priority and maintain very well.

Current Security Status

4.1 Power Supply

Power supply is supply of electrical power and to run an organization it is mandatory to get constant supply of power. To run a 24/7 information system you need a continuous power supply. It is very important for the organization to have a secure power supply .So in order to confirm the flow less power, it is very important to analyze its vulnerability of the power supply.

Power loss

Power loss is massive interruption for a running information system. Sometime it may cause for electrical equipment damage. It may cost a lot for a running business when they are disconnected from the world because of power outage.

Power Fluctuation

Power fluctuation is one of the biggest threats for electronic machines specially computer network. Computer and other related equipment is very sophisticated and they need a certain amount of voltage. So power fluctuation is a big problem for a computer based business.

To clarify this vulnerability of power supply the controls are below,

Company has installed power filter for the power fluctuation.

4.2 Natural Disaster

Natural disaster is always a threat for all kind of organization. A flood or volcanic activity may destroy all running system. Water is always dangerous for electric equipment and fire can burn everything. So make a safe environment you have to take some alternative steps for these natural disasters.

Flooding

Water is always dangerous for the electronic equipment. It may make short circuit and can make the black out for the whole system. Sometime water leakage from the air condition make the server room overflow and it can problem for the electric equipment.

Volcanic Activity

A network server room is always become hot because of running server and it creates a massive heat. In case of any reason if the cooling system stops or broke it could create fire inside the server room.

To clarify the vulnerability of natural disaster the controls are below,

Overflowing water is not allowed to the server room in any reason. Company makes a good drainage system if there is any water flow also there is a water pump to suck the water out.

Server room has to be cool and the temperature should be in a standard cool temperature. Company installed a second Air condition if any how one air condition doesn't work.

4.3 Equipment Failure

You never know when electronic equipment fail or suddenly broke. It interrupts the running system and can stop the whole network. Sometimes it makes a big loss of production of the company and also causes big amounts of money lose. So it is very important to analyze the vulnerability of the Equipment failure.

CPU Failure

CPU is the Central Processing Unit of computer. Sometime it may crash while it's working very normal. If the CPU fails the computer is totally dead.

Server Failure

Server is the main frame of the network and it should run 24/7 to make a frequent network connection. The network system and domain is everything running by the server so all the data and the application is in the server. A server breakdown is totally outage of the network and it may cause a big damage for the organization. Sometime electronic parts failure can make problem for the server failure. So it's very important to clarify the vulnerability of the Server failure.

To clarify this vulnerability of equipment failure the controls are below

There is no guaranty for the electronic equipment and that's why warranty is very important. Most of the computer manufacture company provides warranty for the computer and server. If any problem happens they replace the product immediately after.

4.4 Data Attacks on Hardware

In the internet world, it is very easy to communicate from one organization to other organization. They transfer data through internet. But it's not secured to pass the data over the internet without knowing the risk. It may cause a data loss of an organization. Sometime attack from the outside/inside world or hacking cause lost of data. So it's a big threat for the organization for lost their confidential data. It is very important to analyze the vulnerability of this threat.

Data Inference

In the organization you need to provide information to client, and on that reason company loss very important dada. Some time data can hand over by internal source and it's very bad for the organization.

Data Leakage

Data leakage is one of the biggest problems for an organization. The other competitor company is always looking for your organization coming project. Most of the data leakage happens from the internal source.

Data Corruption

Data corruption is a threat for the organization because when you transmitting any data by any how it may corrupt.

To clarify these vulnerabilities, controls are below,

Data should be lock very secure place in the network and also the access of the drive is restricted.

User should follow the company data distribution policy and user must have authenticated permission.

Secure data storage and the internet access is required for data transmit. A key security policy made by the company to protect the data.

4.5 Network Attack

Network security is one of the first priorities of an organization. A big network has various types of security vulnerabilities. To make a secure network, the first priority of any organization is to secure the internal and external area of network.

Denial service of Network

Denial of Service attacks in network is common in any company who are maintaining a large and public access networks. An attacker subverts a large number of machines over a period of time, and installs custom attack software in them. At a predetermined time, or on a given signal, these machines all start to bombard the target site with messages.

Stack over flow

Stack overflow attacks is one of big example, where you pass an over-long parameter to a program that carelessly executes part of it. Most of the exploits make use of program bugs, of which the majority is stack overflow vulnerabilities. The exploitation of protocol vulnerabilities (such as NFS) vies with weak passwords for second place.

In effect, there is a race between the attackers, who try to find loopholes, and the vendors, who develop patches for them. Capable motivated attackers may find exploits for themselves and keep quiet about them, but most reported attacks involve exploits that are not only well known but for which tools are available on the Net.

Spoofing Attack

Spoofing is a technique used to exploit Ethernet networks. This type of spoofing can be used in different ways-

sending fake, or spoofed, ARP messages to an Ethernet local area network,

As part of a "man-in-the-middle attack."

Routing Attack

Source level routing was originally introduced into TCP to help get around bad routers. The underlying assumptions-that "hosts are honest" and that the best return path is the best source route-no longer hold, and the only short-term solution is to block source routing. However, it continues to be used for network diagnosis.

Another approach involves redirect messages, which are based on the same false assumption. They can be used to do the same subversion as source-level routing.

Packet Filtering

Packet filtering is a kind of firewall simply filters packet addresses and port numbers. This can be uses inside the router. It can block the kind of IP Spoofing attack discussed earlier by ensuring that no packet that appears to come from a host on the local network is allowed to enter from outside. It can also stop denial-of service attacks in which deformed packets are sent to a host.

Circuit Gateway

Circuit gateway is a complex firewall. It examines all the packets through in the TCP circuit. This firewall can screen and filtering black listed web server.

Application Gateway

This type of firewall works like a proxy server. It filters all incoming mail, data and protect against the outside range threats.

4.6 Malicious Software Attack

This is one of the lethal enemies of internet security for a network. Whenever your network connects to the internet, always there is threat for virus, spam and various kind internet threats.

Website Defacement

Website defacement is an attack on website that changes the visual appearance of the website. These are typically the work of system crackers, who break in to a web server and replace the hosted website with one of their own.

Virus, Trojan

Virus and Trojan is a common threat for computer and network. There are also viruses and worms, which are self-propagating malicious programs, and to which I have referred repeatedly in earlier chapters. There is debate about the precise definitions of these three terms: the common usage is that a Trojan horse is a program that does something malicious.

Spam, E-mail bomb

Spam and e-mail bomb are one of the internet inflected problem which we face every day. It becomes very serious day by day because computer get affected their program by the spam.

Some controls used for these vulnerabilities

Antivirus

To protect computer for facing this kind of problem we need antivirus. A good antivirus can protect computer from virus, malicious and various threat

4.7 Wireless Communication Attack

Wireless access is become more popular day by day. But it's not safe for transferring data. Out anonymous person can access very easily and use the network without any permission.

Data loss

Data loss is one of a big vulnerability and outsider people can access the network and bypass the data.

No Controls was in position to reduce the threat.

Conclusion

BETA SONIC existing Information System Security is based on six vulnerability maps. Almost all the threats cause a huge amount of money loss while the effectiveness of controls is not capable to reduce the loss over 50%. A company like BETA SONIC obviously needs a better security plan where Control Cost Effectiveness (CCE) should be above 80% on average. The threat areas analyzed and a very good overview is given in current security status. However controls used to neutralize the threats was not enough; in recommendation on current security new cost effective controls are suggested with cost benefit analysis which definitely able to solve a way out for the business runs smoothly.

Recommendations

After reviewing the current security status we find some serious security vulnerability. We recommend some upgrade for the network security and fix the vulnerability. As we explain in previous current security report, we focus some major security issue. Now we going to explain and focus on the recommended upgrade of the network security.

6.1 Power Supply

In the previous security report we already explain about the vulnerability of the power supply. So we are going to explain here how we going to upgrade the security status. The vulnerability of the power supply is power loss and power fluctuation.

UPS

UPS (Uninterrupted power supply) is one of the best solutions for the power supply against the power outage. If there is how the power supply go off ups will continue the flow of electricity without any pulse.

Generator

Generator is also another a backup plan for the power supply. It is run by fuel and its produce electricity which is sufficient for the run a business.

In the beta sonic company when we analyze the current security status we recommend and create a chart for its cost and loss efficiency. For the power outage and the power fluctuate beta sonic face a big amount of loss for their production stop. Every year they face a big amount of loss for this power outage. After reviewing the annual report we found for power problem they can face $25000.00 of their asset loss. Their expected loss of .7% and for this they can loss every year $5275.00.

Figure: Power Supply (Current Security)

Figure: Power Supply (New Security)

This is the very first step will be implemented in the implementation as for any electrical equipment power supply is most important thing.

6.2 Natural Disaster

Natural disaster is always an unpredictable matter for everything. It can destroy everything in a matter of time. So we find out some more natural disaster which needs to have a backup solution plan.

Earthquake

Earthquake is always a big natural disaster. It can destroy all cities and kill so many people within few seconds. So we have to think about this natural disaster before we build a big organization.

Static Electricity

A network room has surrounding with electric cable and equipment. So if any case of the electric cable leaks, it can make a big electric short circuit.

Recommended controls for these vulnerabilities are,

Site relocation

It is very important to locate the area location before build any organization. Semiotic survey can show which area are earthquake possible area. Because you can't stop the earthquake so you can avoid the area.

Anti-static carpet

In the server room it is very important to cover the floor by anti-electric carpet. So any how cable is broke or leak it will protect the wall from electric wave.

In the BETA SONIC Corporation after analyze the threat of their network we assume that if the natural disaster happen it could make a damage of $100,000.00. The possible damage 0.1 and the loss could be $11000.00.

Figure: Natural Disaster (Current Security)

Figure: Natural Disaster (New Security)

Once the main location is established for the information system, the natural disaster countermeasure will take place in implementation.

6.3 Equipment Failure

We already discuss about the threat of the equipment failure in the security status which is CPU failure and Server failure. After reviewing the security status we recommend some more security solutions for that.

Testing policy

We review the hardware condition of the network and need to test the condition of the CPU and the server machine. Before breakdown any computer it needs to maintain and replace. Same maintain policy for the server machine.

Raid Arrays

We need to use the RAID Arrays if there is any failure in the hard disk or any power supply of the server machine it will work by the other raid hardware.

After reviewing the annual report we assumed that if the equipment failure happens in beta sonic their possible loss is $1350, 00.00. If any how the equipment fail they might loss .7% which means every year their expense will be $ 31000.00.

Figure: Equipment Failure (Current Security)

Figure: Equipment Failure (New security)

Testing Policy is first step going to be implemented in the implementation process, after establish site relocation and physical security we going to implement RAID arrays.

6.4 Data Attack on Hardware

In the Previous security report we already explain about the Data attack on hardware which is data leak and data corruption. Now here we are going to focus on the recommended upgrade of the data security.

Data off side backup

To stop loosing data we recommend to have a of side data backup facilities. If any how the hardware loss it is could be possible to loss data. So we recommend data backup facility.

Data Encryption

Data encryption is also very secure for the data loss and network failure.

Figure: Data Attacks on Hardware (Current Security)

Figure: Data Attacks on Hardware (New security)

After setting up the backup server and firewall, Off-site backup and data encryption implementation will be implemented in the process so that mobile data secured.

6.5 Network Attacks

Network attacks are critical for any business. The modern world, internet is almost everything which is interconnected network. A dysfunctional network means nothing but waste of time and loss of asset. Denial of service, Stack of Overflow, Spoofing attack and Routing attacks threats causes break the three rules of information, integrity, confidentiality and availability. In current security there are three generation firewalls used, there combined control effectiveness is 30%.

Figure: Network Attack (Current Security)

Figure: Network Attack (New Security)

The Annual Loss expectancy is over fifty thousand dollars while in five years time, the saving is $38,842.50. The new Combined Control Effectiveness (CCE) is 85% and in five years time, the saving will be $139,053.75 which is almost 100k more, very cost effective.

In the implementation process, once the backup and physical security is established, the network will be upgraded and new security will be installed to care of the network vulnerability.

6.6 Malicious Software Attacks

Different types of malicious software attacks are available in IT world. In Current Security Status there are three types of threats discussed website defacement, VIRUS/Trojan, Spam/Email bomb. E-mail Malware Scanning, Blocked Attachment and Anti-spam Filtering are recommended for new security plan as in business world employees need download lots of information and data carried way in mobile hard disk while they got corrupted on way of work.

In three of this threat areas Website defacement happens most, but VIRUS/Trojan causes the most damage as they work as a self executive program and take control over information system. The figures are calculated from the BETA Sonics' annual loss report.

Figure: Malicious Software Attack (Current Security)

Figure: Malicious Software Attack (New Security)

The Malicious Software Attack (current security) graph shows the current saving is $38,500 while the new recommended security for malicious software attack suggests that the saving will be $197,500.00. So the recommended security plan is very cost effective.

Once the user account setup is done then these controls are going to be implemented to secure the user access in the network and information.

6.7 Wireless Communication Attacks

Wireless network is very popular for its mobility and also very vulnerable as well. Data Loss is quite a problem in any wireless network. BETA SONIC statistics show that their loss estimation in this sector is more than fifty thousand dollars where annual loss expectancy is $21,450.00 as likelihood of exposure is 0.6 and level of exposure is 65% which is quite high.

Access controls, WPA/WEP and strong authentication combined controls can be effective as much as 80% to reduce loss in wireless communication attacks.

Figure: Wireless Communication Attacks (Current Security)

Figure: Wireless Communication Attacks (New Security)

From above two graph figures, it is clear that there was no control used for loss prevention in current security. The new security plan suggests three controls whose combined effectiveness is 80% and in five years time they are to going save more than $60,000.

In the implementation process, these controls are going to be implemented in the last as others areas like hardware, software and network setup have to be done before user account setup.

Implementation of Recommended Controls

Timetable

Please see Appendix 9.3

Responsibility

Control

Task Description

Task Responsibility

Supervision

Uninterruptible power supply (UPS)

Acquisition & Purchase

Operation Supervisor

IT Manager

Installation & Testing

Operation Supervisor

Generator

Acquisition & Purchase

Operation Supervisor

IT Manager

Installation & Testing

Operation Supervisor

Site Relocation

Acquisition and lease agreement

Network Administrator

General manager

Anti-static carpet

Acquisition and purchase

Operation Supervisor

IT Manager

Installation and Testing

Operation Supervisor

Testing Policy

Write and Implementation

IT Manager

Technical Manager

RAID Arrays

Acquisition and purchase

IT Manager

Technical Manager

Installation and Testing

IT Manager

Off-site backup

Acquisition and purchase

Network Administrator

Technical Manager

Installation and testing

IT Manager

Data Encryption

Acquisition and purchase

IT Manager

Technical Manager

Installation and testing

IT Manager

Proxy Firewall

Acquisition and purchase

IT Manager

Technical Manager

Installation and testing

IT Manager

Network Scanner Software

Acquisition and Purchase

Network Administrator

Technical Manager

Installation and Testing

Network Administrator

Vulnerability and Patch management Software

Acquisition and Purchase

IT Manager

Technical Manager

Installation and Testing

IT Manager

Virtual Private Network

Acquisition and Purchase

Network Administrator

Technical manager

Installation and Testing

Network Administrator

E-mail Malware Scanning