Information Technology Capstone Final Paper

ABC Manufacturing Company

Information Technology Review

CIS 691

Report By:

Craig Bernier

Alex Shilgersky

Daena Johnson

Table of Contents

Page 1

Table of Contents

1.0 Executive Summary.................................................................................................................4

2.0 Company Background.............................................................................................................5

3.0 Existing Network Infrastructure Design...................................................................................6

3.1 Current Architecture and Topology Overview......................................................................6

3.2 DMZ.....................................................................................................................................7

3.2.1 DMZ e-Mail Design........................................................................................................8

3.2.2 DMZ IDS Setup.............................................................................................................8

3.2.3 DMZ Systems Design....................................................................................................8

3.2.4 DMZ DNS Design..........................................................................................................9

3.3 Internal Network Overview...................................................................................................9

3.3.1 Server Design..............................................................................................................10

3.3.2 Workstation Design.....................................................................................................11

3.3.3 Backup.........................................................................................................................11

3.4 Wireless Network Overview...............................................................................................11

3.5 Voice over IP......................................................................................................................12

4.0 Identified Deficiencies............................................................................................................14

4.1 Disaster Recovery Plan.....................................................................................................14

4.2 Enterprise Architecture......................................................................................................14

4.3 Change Management........................................................................................................14

4.4 Enterprise Resource Planning...........................................................................................15

4.5 IT Policies and Procedures................................................................................................15

4.6 Project Management..........................................................................................................15

5.0 Proposed Solutions...............................................................................................................17

Table of Contents

Page 2

5.1 Proposed DR Solution.......................................................................................................17

5.1.1 Business Continuity Planning......................................................................................17

5.1.2 Incident Response.......................................................................................................18

5.1.3 BCP & DR Recommendation......................................................................................18

5.2 Proposed EA Framework...................................................................................................19

5.2.1 Recommended Solution..............................................................................................19

5.2.2 Ontology......................................................................................................................20

5.2.3 Implementation............................................................................................................22

5.3 Policies and Procedures....................................................................................................22

5.3.1 Change Management..................................................................................................22

5.3.2 Logging and Monitoring...............................................................................................23

5.3.3 Data Classification.......................................................................................................24

5.3.4 Physical Security.........................................................................................................27

5.4 Virtual Desktop Infrastructure............................................................................................27

6.0 Conclusions...........................................................................................................................30

7.0 Sources Cited........................................................................................................................31

Table of Figures

Page 3

Table of Figures

Figure 1: Basic Network Infrastructure..........................................................................................7

Figure 2: DMZ Topology................................................................................................................7

Figure 3: Internal Network IDS Design..........................................................................................9

Figure 4: Internal Network Topology...........................................................................................10

Figure 5: Wireless Network Topology..........................................................................................12

Figure 6: Zachman Framework Enterprise Ontology - www.zachman.com/...............................21

Figure 7: Data Classification........................................................................................................26

Figure 8: Virtual Desktop Design.................................................................................................29

1.0 Executive Summary

Page 4

1.0 Executive Summary

The purpose of this report is to review the current Information Technology infrastructure design of ABC Manufacturing Company. The company has been in the business of manufacturing non-consumer based products for over thirty years and is looking to expand into new markets and territories. In more recent years, as networking has now become commonplace, the product line has grown to encompass network based products and solutions.

The team has reviewed and documented the technology infrastructure at a high level and noted areas of concern. It is important to note that overall infrastructure and design is solid and has served the company for many years. However, there are areas that can always be improved upon and with the company’s desire to grow into other areas it is important to document and provide possible solutions.

The company currently is operating a data center at its corporate headquarters and wishes to maintain this in-house design, however, given its rural location the company understands that there are drawbacks to doing so. In addition, there is a desire to possibly maintain a 24/7/365 operation to support sales in markets in other markets. The possibility of expanding into the global market will also require this type of support. With the possibility of 24/7/365 operations the company will face new challenges.

A review indicates that a formal Disaster Recovery Plan will need to be designed and implemented as well as more structure within the Information Technology department. The team has reviewed current policies and procedures and has recommended a more formal Enterprise Architecture framework and more formalization of project management. The changes detailed in this report are recommendations that will allow the company to grow and provide a sustainable path for its future.

2.0 Company Background

Page 5

2.0 Company Background

ABC Manufacturing Company is an electronics manufacturer of non-consumer Internet based products. ABC Manufacturing has been in business for over thirty years and currently sells its products nationally and in Canada. ABC Manufacturing Company is interested in the possibility of expanding to a more global market in an effort to expand its business portfolio.

Current markets being explored are Mexico, Central and South America as well as the possibility of European expansion. ABC Manufacturing faces some impediments to growth; some of the issues that have been easily identified are formal Disaster Recovery Plan, lack of an Enterprise Architecture as well as the need for policies and procedures.

In addition to the challenges that revolve around the Information Technology infrastructure, the organization also faces other business challenges with growth in other countries. Some of these challenges apply to the manufacturing processes and the different requirement placed on the use of lead in these processes. These challenges are beyond the scope of this report and will not be addressed here.

In order to sell products in many countries in Europe there is a requirement that there be ISO certified processes in the manufacturing environment. This provides traceability to the individual process and worker. This issue is also beyond the scope of this report, however, the team will recommend an Enterprise Architecture Framework and an Enterprise Resource Plan in order to help strategically place the company in a position that will allow them to implement the ISO requirements for their manufacturing processes.

3.0 Existing Network Infrastructure Design

Page 6


The current company infrastructure has served the company well but with business growth and the decision to expand outside of the United States there will need to be a rework of the infrastructure in some areas. This will allow redundancy and also provide the ability for the continued growth and possible twenty-four hour operations capability if that becomes a need in the future.

3.1 Current Architecture and Topology Overview

The existing network design is the typical segmented network with DMZ, wireless and business zone. While the current architecture has redundancy built-in, there is no true disaster recovery option or co-location facility. The corporate headquarters houses the corporate data center and is located in a somewhat rural area. Due to its location the company has opted for onsite natural gas power generation in the event of a power failure. The onsite generation system monitors the power being delivered from the utility company and will automatically start the generator and transfer the loads in the event of a service interruption; this process takes approximately ten seconds. This combined with the use of uninterruptable power supplies helps to guarantee uptime for the infrastructure; however, the team will recommend changes to this design.

Currently the network utilizes a fiber-loop on an AT&T MPLS network that has the capability to provide the necessary bandwidth for future growth. This circuit is currently monitored 24/7/365 by the Internet provider. The company has a Service Level Agreement in place that provides them with a guaranteed three hour response window in the event of a service interruption. In addition to this, the company has three T-1 circuits that are fed to the building underground from a separate direction. These circuits are bonded to provide a link with approximately 4.5 mbps of bandwidth in the event of a fiber interruption. The current router configuration provides an automatic failover to help reduce any interruption in service.

Current infrastructure utilizes a Cisco 2800 series router that accepts the Ethernet link from the fiber loop and also the three independent T-1 links. The router provides the bonding of the T-1 links for the failover service.

Behind the router the network utilizes a redundant pair of Cisco ASA5510 firewalls; this firewall pair provides stateful failover. These devices are configured to control both ingress and egress in an effort to enhance security. In addition, the firewall provides the link to three security zones of the network, see Figure 1: Basic Network Infrastructure.


Page 7

Figure 1: Basic Network Infrastructure

3.2 DMZ

The DMZ hangs off of one of the four interfaces on the Cisco ASA firewall; we will refer to this interface as Interface1. The DMZ plays host to the e-mail environment, DMZ IDS system, a VMware environment that is utilized to host the corporate Internet presence and a primary and secondary external DNS servers, as shown in Figure 2: DMZ Topology.

Figure 2: DMZ Topology


Page 8

3.2.1 DMZ e-Mail Design

The current email environment is placed behind a Barracuda SPAM firewall that is utilized to not only filter out the myriad of unpleasant items that come from the Internet in the form of attachments to email but also provides additional security to the Microsoft Exchange server located behind the device. The SPAM firewall provides the initial cleaning of mail from viruses and SPAM, a second level is performed at the Exchange mail server. Currently there are firewall rules that allow the Exchange server to connect to the existing Windows Domain Controllers within the internal network segment. Mobile device management is handled using Citrix XenMobile; XenMobile is hosting in a guest system in the VMware environment.

3.2.2 DMZ IDS Setup

The DMZ also has a separate IDS system; this is a Linux based system that provides IDS services using Snort. The Snort system runs the Snort signatures available from Bleeding-Edge-Snort and a large number of custom signatures.

The IDS system is configured for alerting and also passes system-logs to an internal syslog server that resides within the internal network. Firewall rules exist to ensure that only inbound syslog traffic is allowed. The system is configured to allow only console login and login via SSH.

3.2.3 DMZ Systems Design

The VMware environment utilizes VMware ESX hosts and provides the company with the ability to host both Windows and Linux environments within the DMZ. Currently virtualized guests utilize a Storage Area Network. The VMware environment contains a number of guest machines to provide a variety of services. For security purposes the vCenter Management Server is hosting within the main business network and firewall rules exist to allow traffic from the business network to the DMZ for management purposes. The vCenter management console resides in its own VLAN and access control lists are in place to restrict access to a limited number of clients and users.

Web application and database backend guest machines are on separate ESX hosts for security purposes. The current architecture utilizes Microsoft SQL Server to provide RDMS services. In an effort to enhance security, SQL instances in the DMZ do not contain any Personally Identifiable Information (PII) or Payment Card Industry (PCI) relevant data.

In addition to guest systems for web apps and databases a separate a guest system resides in the DMZ to serve as a proxy for inbound and outbound access that may be required for services such as secure shell. The DMZ is designed so all inbound and outbound traffic flows through it with a few exceptions.


Page 9

3.2.4 DMZ DNS Design

External Domain Name Services servers are also hosted with the DMZ. These two BIND servers provide non-recursive DNS lookups and are utilized for the DMZ systems as well as the forwarder from the Internal DNS that runs within the Active Directory environment. To help provide DNS redundancy, there is one physical DNS server and one that is a virtualized guest.

3.3 Internal Network Overview

The Internal network that is used for day to day business needs hangs off of a separate firewall interface; we will refer to this interface as Interface2. The firewall also provides remote access via VPN for any travelling business people. Directly in-line from the firewall is an appliance that provides transparent proxy services. This appliance provides a variety of services including spyware and virus protection, malware removal, application control, content filtering and social media regulation. The appliance also has the ability to perform SSL inspection but this service is not currently being used. All network traffic that is destined for Interface2 passes through this device.

A network tap is mounted inline between the transparent proxy appliance and the switches. Attached to the tap is an IDS system also running Snort atop a Linux operating system. This Linux system is configured with the same basic signature set utilized in the DMZ with additional signatures that are customized for the internal network. Linux was chosen for the IDS system because of the optimized network and lower overheard since XWindows is not loaded. The system only accepts console login and login via SSH. The design is show in Figure3: Internal Network IDS Design.

Figure 3: Internal Network IDS Design


Page 10

The Internal network utilizes Hewlett Packard ProCurve managed switches that support the creation of VLANs. VLANs with Access Control Lists (ACLs) are utilized to separate traffic between departments and ensure that any PCI or PII data is only accessible to areas that have a business need to access the information.

3.3.1 Server Design

The company runs a predominately Microsoft Windows environment as found in most companies. The environment, shown in Figure 4: Internal Network Topology, utilizes primary, secondary and tertiary domain controllers for redundancy purposes. The primary and secondary domain controllers are physical systems while the tertiary controller is a virtualized guest system.

Virtualization within the internal network is a VMware environment utilizing VMware ESX hosts and a vCenter Management host server. As mentioned earlier, the vCenter Management server is separated onto an administrative VLAN with ACLs in place to isolate traffic and restrict access to the systems.

All servers in the network run Windows Server 2008 R2 and the SQL database system of choice is Microsoft SQL Server 2008 R2. Currently there are two database clusters: one for internal systems and one cluster that is utilized for the DMZ systems. The SQL cluster that is utilized for the DMZ resides in its own VLAN that has strict access control lists. In addition to servers for normal business operations, the network hosts servers for ancillary services such as anti-virus management, patch management and others.

Figure 4: Internal Network Topology


Page 11

3.3.2 Workstation Design

Client workstations run Microsoft Windows 7 operating system and a variety of applications required for normal business functions. These applications include an older Enterprise Resource Planning platform that will need to be upgraded to ensure future growth capabilities (the choice of platform is beyond the scope of this report because additional business requirements will need to be considered to select the proper system). In addition to client workstation, traveling sales people utilize laptops for remote access through the VPN being hosted on the Firewall. All workstation hardware is slated to be replaced in near future and this opportunity should be leveraged to help provision for future growth.

Folder redirection is implemented using the Group Policy in Active Directory so that user profiles are not stored on local workstations. User profiles are stored on a high availability network attached storage device that utilizes RAID 5 and with an automatic failover to a redundant device. This design allows each users data to be available when logged on to any workstation.

3.3.3 Backup

The current backup solution is designed for the purposes of data recovery, not really disaster recovery. The current backup solution guarantees the data will be retained in the event of a catastrophic event but recovery time is not addressed with the current solution.

A complete data backup is conducted on a nightly basis to a separate high availability drive array. In addition, once a week this data is copied to LTO drives and then stored offsite. The software solution used allows for user restoration of any file that is stored on the high availability drive array. The files stored on the array are available for a rolling seven day period. The encrypted files stored on LTO tapes are available for the past eight weeks and a grandfather monthly copy is available for a period of once a year.

3.4 Wireless Network Overview

While the company currently does not utilize wireless for normal business operations, it does understand that there is a need to provide wireless access to employees and vendors or other parties who may visit. With this in mind, the company has implemented a wireless network that hangs off of a separate Firewall interface; we will refer to this interface as Interface3. The basic design of the system is depicted in Figure 5: Wireless Network Topology.


Page 12

Figure 5: Wireless Network Topology

This wireless solution currently in use utilizes a Dell SonicWall solution to provide wireless A,B,G and N services for users. The solution utilizes a firewall solution to provide content management and Radius services. Secure wireless is implemented using WPA2 and user name and passwords that differ from the account holder’s Active Directory account. Guest accounts are created as needed for non-employees and terminated at the end of each business day.

As mentioned earlier the wireless network is a separate interface off the firewall and the internal network is not directly accessible from the wireless network. For security purposes the wireless network is treated as a potentially hostile network akin to the Internet. That being said all business users who need access to the internal network and are connected wirelessly must utilize the corporate VPN solution for access.

3.5 Voice over IP

AT&T is currently providing a managed VOIP solution. The VOIP solution utilizes a separate Cisco 2800 series router which is managed and monitored remotely by AT&T. This router maintains two redundant connections to the AT&T MPLS network via a separate fiber strand and a T-1 Circuit provided over a copper medium.

It should be noted that AT&T only provides the service; the company is responsible for the phone system itself. The current hardware solution in place is a NEC phone system that was recently upgraded in the 2012 timeframe. This system allows connections for both conventional digital phones as well as IP based phones.

The VOIP system can easily be expanded to provide desktop phones for remote users that can connect to the corporate environment. In addition to the ability to accept physical


Page 13

desktop phones, there is an option for software based phones that can be added to mobile computing devices. An app is also available for both Android and Apple iOS devices.

4.0 Identified Deficiencies

Page 14


After review of the current technology infrastructure the team feels that the overall network design is solid and has served the company for many years. There are some areas that could use improvement such as a VDI implementation (discussed in Section 5); however, there are other identified deficiencies that should take precedence.

4.1 Disaster Recovery Plan

The lack of a formal disaster recovery plan is something that no business should be without. Currently there is a great plan in place to enable the recovery of data in the event of a catastrophe such as a fire or some type of self-induced catastrophe. However, the data recovery plan does not provide the ability to quickly restore data and have the company back up and running in what could be considered a timely manner.

With advancements in technology and subsequent reduction in costs, it may behoove the company to consider contracting with a colocation facility that would enable them to have a redundant site and provide failover of services.

4.2 Enterprise Architecture

Currently the company has no formalized Enterprise Architecture that is in place. The company has begun to outgrow the current Information Technology infrastructure and will be incurring costs to expand both infrastructure and software solutions to provide the company with the ability to service additional customer bases in other countries.

An Enterprise Architecture will provide the framework that allows the company to provide more efficient IT operations, further reduce risk, increase the flexibility as the company grows, and provide the company with the ability to decrease the time to market for new products to name a few.

An effective EA Framework will become crucial to the company to move into other markets and also provide an effective roadmap to guide them with required implementation of the ISO framework for their manufacturing processes.

4.3 Change Management

The company currently has what could be considered a change management plan in place to track changes to its product line up. This process follows the standard engineering change management process that utilizes an engineering change order. This process works well for hardware based products but there is currently no solution in place for software based products.


Page 15

In addition, a more formal change process for Information Technology will be needed as the company grows and additional resources are added. While the team recommends that the IT solution is tied into the Enterprise Architecture implementation it may beneficial for the company to utilize some of their working sources for the engineering and product design side.

Overall the company needs to streamline the change management solution that is being used for product development to help increase the speed with which product fixes are implemented into their production environment. The current method of playing chase the paper document through the organization for signatures will not work effectively as the company grows.

4.4 Enterprise Resource Planning

The current Enterprise Resource Planning software platform is out of date. The migration to the Windows 7 platform introduced a large number of challenges and required temporary fixes to allow the company to continue to run this legacy application for the short term.

Continuing to run this application is not in the best interest of the company and it has already been slated to be replaced with Microsoft Dynamics GP. This solution is an excellent fit for a manufacturing company and will also allow the company to integrate its sales tracking into the platform to enhance its ability to procure required raw materials at the proper intervals.

4.5 IT Policies and Procedures

The company currently lacks a formal BYOD policy. Instead they are opting to supply devices to users that connect to the corporate infrastructure and are utilizing Citrix XenMobile to control the devices. As mobile devices change and the number of different products continue to increase, moving to a BYOD solution is an excellent option. An effective BYOD solution can also help reduce hardware costs for the company.

In addition, the company currently lacks any formal policies regarding data classification, privacy management, logging and monitoring, and acceptable use. While the company currently has solutions for logging and monitoring in place, solutions such as syslog, anti-virus and content management don’t exist. There is no formal policy spelling out what will be blocked, logged and/or recorded.

4.6 Project Management

The company has a somewhat loose project management process in place. The engineering department will track their project and attempt to plan for the project utilizing a project management software platform. However, a more formal process is in the best interest of the company.


Page 16

A more formal process would allow the company to restructure all projects so that they are handled by a single group. This allows better control of timelines, tracking of expenses and review of proposed projects rather than the current haphazard approach that is currently in place.

5.0 Proposed Solutions

Page 17


Having disaster recovery and business continuity plans are essential to any organization hoping to have their business survive for years to come. Both documents require thorough testing and explicit documentation. Testing determines the effectiveness of the plans and uncovers flaws and/or problems that may occur. Lindstrom, Samuelsson and Hagerfors (2010) states the following about BCP’s and overall success: “Business continuity planning and disaster recovery planning are brought up as core issues. It is also stated that awareness and education are key to the success of a security program’s overall success.”

5.1 Proposed DR Solution

We are recommending the RPMs Recovery Planning and Management System, an integrated platform that addresses all facets of the BCP process. This system by Specialized Data Systems, Inc. is a local organization that has provided services to its consumers for over 25 years. This Business Continuity Planning software will be especially useful for the ABC Manufacturing company because it will provide the organization with the tools necessary for ensuring a complete and sufficient recovery program is implemented. Additionally, it streamlines the process of plan development and maintenance.

5.1.1 Business Continuity Planning

Every company should be equipped with a Business Continuity Plan (BCP) in order to ensure that all assets of the company are protected. Assets include but are not limited to employees, physical property, data, reputation and records relating to the business in general. Not only should each asset be identified and protected but appropriate personnel should be trained and assigned to oversee and implement appropriate procedures for ensuring protection. Penuel (2013) states the following regarding the human component of BCP’s: “Companies spend a great deal of time ensuring that all of their equipment will be able to function following a critical event; however, very little time has been focused on planning for the people who would be managing that equipment – the is the human component of business continuity and is the key to any successful plan.”

The purpose of a Business Continuity Plan is to provide the company with a method and approach for effectively directing the recovery and continuation of business operations following a disaster or unforeseen event that disrupts service. This plan ensures actions are taken in an orderly and timely manner. During the disaster period, the BCP provides explicit procedures for restoring operations for those impacted areas considered critical to keeping the company and clients functioning. In most cases, this includes a disaster recovery site and relocation for personnel and appropriate resources; having a detailed course of action or back up plan such as this helps minimize confusion, errors and expenses to a company.


Page 18

To ensure plans would be successful in the event of a real emergency, a company should test their continuity plan annually to get all the kinks out and revise the plan accordingly. The results of this testing should be properly documented and improvements should be made where necessary. The most current BCP plan should be approved annually by a risk committee who reviews the status of all testing.

5.1.2 Incident Response

An Incident Response Plan, also appropriate within the BCP documentation, is an organized approach for addressing and managing the aftermath of an unforeseen event. “A good incident response plan includes information on communications, tasks, roles/ responsibilities, and hardware and software tools to be used.” (“How to test your incident response plan”, 2002)

The company should be recognizing that all BCP activations first begin as an incident. The incident response team should be composed of available individuals who are experts on subject matter at the time of event. The majority of these incidents may be IT related but it is important to include individuals that also have understanding in the different lines of business as well so that risks can be placed I the proper context.

Most minor incidents should however been handled within normal infrastructure units. These might include such things as a failed HVAC unit, network downtime, short power outages and the likings. A major incident would be one involving large systems and/or multiple departments. Such incidents should be monitored and handled by an executive team.

In the event of a major incident, such as a breach of physical security, local fire/police should be notified. In cases where there are injuries requiring treatment, medical help should be summoned. Federal regulators should be notified in the event that processing is interrupted for extended periods. Regulator phone numbers should also be made available in the plan with appropriate contact information. Proper procedures should be outlined describing appropriate responses to events declared during non-business and business hours. Additionally, building evacuation procedures should be recognized and made readily available.

5.1.3 BCP & DR Recommendation

ABC Manufacturing may consider developing a similar plan for their organization by identifying recovery teams composed of members according to business function (i.e. executive management team, network services recovery team, infrastructure recovery team etc.) Each team would be responsible for assisting in the recovery effort and telephone numbers and names of key team members should be accessible to all employees. Identifying different teams responsible for functions within the organization will expedite the overall process. It would be valuable if these teams were assembled according to area of expertise.

The Business Continuity Plan should include risk assessment reports that effectively evaluate threats. The ABC Manufacturing can evaluate risks by examining proximity; history and


Page 19

mitigating factors that would help reduce each. Such threats may include natural incidents such as storms, malicious incidents like sabotage from an employee or information security breaches where the company risks leaking sensitive data. The mitigation steps section of the assessment should name elements currently in place that may help lessen the likelihood of the threat occurring. We would suggest creating a detailed risk assessment plan evaluating all possible risks and measuring their probability and impact. A scoring system may be appropriate for rating each of these.

Since the company is currently using client workstations for normal business functions, the BCP should also include policies for reducing risks as it relates to critical assets. This will include guidelines for protecting computer data, the operating center and backup of data, hardware, supplies and documentation. A combination of backup and offsite storage procedures can help protect computer data. Backups of data in the form of removable media can help if restoration is necessary. The offsite storage for these magnetic tapes or other similar media can assure a greater chance of recovery in the event the computer itself is destroyed or a disaster occurs in the computer room. All databases, file servers and report servers should be backed up to tape daily and then should be copied to disaster recovery site’s servers. The syncing of data to a disaster recovery site should happen several times per hour.

Access to computers should also be controlled by use of login procedures using passwords and system software for controlling and restricting access to information. Not only should firewalls and intrusion detections systems be maintained, but various levels of password protection should be implemented for all employees. The necessary procedures should be taken when employees are terminated. These include but are not limited to removing user identifications from all systems employee had access to, disabling card access if applicable, notifying appropriate personnel about termination and forcing password changes routinely, at minimum once a month. Supplies deemed critical should also be stored at an offsite storage site. Adequate supplies should be accessible in the case that primary location is destroyed. Copies of critical documentation such as the disaster recovery plan and applications, network, infrastructure and operations documentation should be stored and maintained in offsite storage.

5.2 Proposed EA Framework

ABC Manufacturing can truly benefit from the use of an EA architecture, which will define the structure, and operation of their organization. The intent behind this is to determine how this organization can most effectively achieve its current and future objectives. Having a solid EA solution in place will prove beneficial when considering decision making, improving flexibility, optimization of assets, diminished employee turnover and elimination of redundancy.

5.2.1 Recommended Solution

The Zachman framework has been chosen as the proposed implementation since the company is fairly new. Thus limiting the scope to the traditional approach of enterprise architecture makes Zachman the obvious approach to start since it was one of the first


Page 20

developed framework amongst others. We are proposing an integrated framework that aligns the organization’s business and information technology for an effective enterprise architecture implementation.

As one of the most often used frameworks by organizations worldwide, we thought it necessary to recommend such a framework for ABC Manufacturing who presently has no formalized Enterprise Architecture implementation in place. "... the Zachman Framework has evolved and has become the model around which major organizations worldwide view and communicate their enterprise IT infrastructure." (Minoli, 2008) We realize that choosing just one single EA methodology is difficult and hope to use the Zachman architecture in combination with another framework following successful implementation. The analysis of such an additional framework will not be examined since it is beyond the scope of this paper. Our hope is that after implementation of the Zachman enterprise architecture ontology that the following benefits are achieved:

Greater developments while using Information Technology to drive business flexibility is established

Reduced complexity and reduced failures with existing systems are conventional. Information Technology operations are more efficient A tested, reliable and trustworthy guideline is available for making business

decisions Roadmap is available for meeting compliance, federal regulations and standards An improved focus exists for meeting organizational goals

Such a blueprint for this organization's information environment we hope will offer a holistic, very basic architecture structure that can be used to organize all metadata for the enterprise.

5.2.2 OntologyJohn A. Zachman refers to his architecture as an ontology instead of a methodology.

(Zachman, 2008) CTO of Object Watch, Roger Sessions notes the following during a comparison of Enterprise Architectures regarding the framework: "Zachman does not give us a step-by-step process for creating a new architecture." (Sessions, 2007) Zachman provides the following definition of ontology as it relates: "the Zachman Framework is an ontology - a theory of the existence of a structured set of essential components of an object for which explicit expressions is necessary and perhaps even mandatory for creating, operating and changing the object" (Zachman) This is important since the framework's purpose is simply for describing the enterprise and its structure. We believe this was most appropriate for ABC Manufacturing whose major deficiency lies, right now, with sorting through their existing infrastructure and helping formalize their future infrastructure practices. The framework matrix, often associated with this particular enterprise architecture, includes major principles and a 36 cell matrix for understanding any particular aspect of a system at any point in its development, as shown in Figure 6.


Page 21

Figure 6: Zachman Framework Enterprise Ontology - www.zachman.com/

Each cell within the matrix’s intersecting cells represents a single focus between a

specific stakeholder’s perspective (i.e. an engineer - rows) and a classification (i.e. function or

“how” - columns). While moving horizontally across this grid, one can analyze different

classifications or descriptions from the same user’s perspective. Moving vertically one can use a

single focus or classification to change whose perspective we examine it by.

The top two rows are business oriented while the bottom three are more technical. The

following observation is made about how the rows are arranged: “The perspectives of rows are

abstract and incomplete near the top but become progressively more detailed and specific

moving toward the bottom until an implementation emerges on the last row. This implies that the

perspectives can be mapped to a product development life cycle where the top rows are used

early on whereas the bottom rows become more important during the latter phases” (Minoli,

2008)

Although there is no development process noted in publications, most guidance is made

available to firms through consulting services contracted through ZIFA (Zachman Institute for

Framework Architecture). (Minoli) To continue with an implementation plan for ABC

Manufacturing we will use recommendations as outlined by Minoli in the textbook Enterprise

Architecture A to Z: Frameworks.


Page 22

5.2.3 Implementation

The following are steps which should be taken in order to get the architecture implementation underway for ABC Manufacturing (Minoli, 2008):

1. Make descriptive representations (models) of the enterprise explicit by populating various cells of the framework with instances of models. Examples of cells in which to identify in terms of investments:

a. Resourcesb. Skill/method/tool requirementsc. Repository strategyd. Sources of fundinge. Roles and responsibility

2. Formalize and enhance the enterprise architecture process by defining generic components of each of the cells.

We are also suggesting that ABC Manufacturing use ZIFA contractors to assist in the enterprise architecture process instantiation. Each object outlined in each of the cells should be clear and should only live in one cell. As ABC Manufacturing begins filling in the matrix, it can help clarify where things belong according to perspective. We are recommending that all 36 cells be completed from all important stakeholders in order to fully define the system. Although not a complete solution for this organization, we believe it is a great way to pave the way for improvements and begin addressing some of the deficiencies we find in the current system.

5.3 Policies and Procedures

The general purpose of a policies and procedures is to provide stakeholders with guidelines for how things will function and be administered. Policies and procedures are very important when it come to the ability to monitor and reproduce the same result consistently no matter who performs the action. Covering all necessary policies and procedures is beyond the scope of this report but the team has highlighted a few pertinent ones.

5.3.1 Change Management

As mentioned in Section 4.3 the only change management policy in place applies to the engineering and design of products. In order to stay current and be able to document, review, control and verify any impact of potential changes to the system a more reformed IT change management policy must be used. The change management process should contain multiple steps that will be designed around and fit well into the organizational structure and ultimately make the company more effective. The workflow model, detailed below, is taken from the Augusta, GA Information Technology Change Management Policy & Procedures document. It describes some of the steps necessary to implement a change within the organization.

The first step is to list all the requirements for an upcoming change. Upon completion of the requirements list, the Change Control Manager should provide a detailed overview of the


Page 23

change. The Change Controller Manager’s primary responsibility is to maintain an up to date list of changes as changes occur. After identifying the needs and requirements, the change management process will commence. According to Shannon Buckley “a change management process is a formal set of procedures and steps that are set in place to manage all changes, updates, or modifications to hardware and software across the organization” (Buckely 2011).

Once identified, a change must be formally entered into a department calendar in a form of a notification. This can be done using an email distribution list, commonly referred to as change control notification. The change control notification will often list the subject of the change, the start and end time, the date, which system(s) will be impacted by the change, the severity of the change, users impacted and the primary contact. This should be followed by a brief description of the change explaining the work needed to be done.

Once a change control notification has been sent, the Information Technology department is now aware of the upcoming changes. Next, the change controller must follow basic change management guidelines in order to properly execute the upcoming change. At this stage the test plan, the rollout plan, the confirmation plan and the rollback plan, must all be developed. Once it has been properly developed, the test plan must be tested and guaranteed to be successful within the environment.

There are several key components to the change management process and it is important that they are followed prior, during and after a change has been implemented. The first component is risk assessment which has to be written by the change controller prior to its approval. “This assessment should be done at a minimum of three points throughout the Change Management Process

- By the Change Assignee at the time of creating the request.

- By the Change Approver prior to approving the request to go before the CAB.

- By the Change Advisory Board prior to giving final approval for the execution of the

change.” (Greensboro Information Technology Services 2006)

5.3.2 Logging and Monitoring

Although the company has several solutions in place for logging and monitoring egress and ingress of data, they currently lack data correlation. A correlation engine, such as a SIEM, will help to reduce risk and provide alerting when potentially malicious attacks across multiple systems may be occurring. A formal policy for logging and monitoring can help close these gaps.

There are various policies and procedures that vary from company to company when dealing with logging and monitoring data, it is recommended that ABC Manufacturing embed logging and monitoring policies that serve to complement and augment its existing policies. On the logging side, the company must ensure that they:


Page 24

Keep all documentation of user access to, and use of company system

Ensure that all enterprise applications and systems, including servers, personal computers and mobile devices that contain confidential information are properly logged based on user access as well as encrypted

Ensure audit logs have up-to-date information on user IDs, times and dates of logons and logoffs, records of successful system access, modifications to systems, use of privileges, use of system applications, network addresses of outgoing and incoming traffic

From a monitoring stand point all networks and devices that are on a company enterprise domain should be monitored per usage and all logs must be logged. Logs should be kept in a secure centralized location and are only accessible by authorized company staff. In order to remain current with data logging and monitoring, the company should consider following the Data Protection Act principles.

The 8 principles stated in the Data Protection Act are: (ICO)

- All data will processed fairly and lawfully

- All data obtained for a specific purpose

- All data obtained is relevant

- All data is accurate and up to date

- All data is disposed after a reasonable time

- All data is processed with respect to the data owner’s rights

- All data is kept secured

- All data should not be transferred internationally without protection laws

5.3.3 Data ClassificationData assets are considered the most valuable assets to any company and like many

companies ABC Manufacturing should be able to embed standard data protection and classification policies within its information systems environment. The sole purpose of instituting data classification within the company is to determine the level of protection required and then to develop applicable policies. The classification standard applies to all data stored and processed across company servers, personal computers, and mobile devices. The types of data should include all electronic data such as e-mail, data on paper and any information that is distributed by word of mouth or visual means.

We recommend that ABC Manufacturing use three levels of data classification:


Page 25

5.3.3.1 Restricted DataRestricted data is classified as data that is maintained by the company and has the

highest security level. Unauthorized loss or disclosure of this type of data can cause the company a significant level of risk. Data that is considered restricted will include the following: user passwords, birthdates, social security numbers, credit card numbers, health insurance information, medical records, biometric information (if applicable), private key certificates. Restricted data is recognized when 2 or more of the following criteria apply; the data is “Personally Identifiable Information” (Figure 7) and as previously mentioned if the data is disclosed without proper consent it can cause financial damages to the company. We recommend the highest level of security policies to be applied to all restricted data.

5.3.3.2 Internal DataInternal data is considered less sensitive than restricted data; however, it is not to be

shared with the public community. In general internal data is for internal use only, which means only company employees; with the appropriate security clearance can access such information. There is the potential for internal data to be compromised if permissions are mishandled, which is why it is crucial to ensure that even though the data is for internal use only, a tiered access approach is utilized. This tiered access will help prevent data loss and reduce the level of risk. The data owner should be responsible for assigning appropriate permissions internally, and requesting access should only be discussed with the owner or a department supervisor.

Unauthorized disclosure of internal data, modification or deletion of such data may result in a medium level of risk to the company. This results in all company data to be classified as internal by default regardless of ownership and plan of use. The following items are typically classified as internal data.

- Date of birth

- Employee Information

- Salary

- Home address

- Personal telephone numbers

- Personal Email address

- Employment records

- Marital status

- Race and Ethnicity

- Vulnerability/Security Information

- Location of company assets


Page 26

- Licensed Software

5.3.3.3 Public DataPublic data includes all data that has limited to no security clearance and it can be

publicly disclosed. Within ABC Manufacturing any data disclosed to anyone without any affiliation to the company is considered public data. Public data is not limited to just anyone outside the company, it is classified as data that does not require any level of security from disclosure. Public data can be safely shared with inside or outside community without any concerns for risk. Press releases, directory information, applications and forms will be commonly shared. ABC Manufacturing will be allowed to share public data on their website. Anything information posted on the company website will be considered public data.

Implementing appropriate controls as part of an Information Security policy can be applied once the data has been properly identified and classified into Restricted, Internal and Public categories. It is important to remember that protection of data is important but it is just as important to review the data for proper classification on an annual basis. Each subsection of the policy should be reviewed and updated based on the way the data is being modified and utilized within the organization. If the data has been modified and no longer fits the current classification, a new security classification must be performed to ensure that existing policies are relevant to the new data changes.

Determining whether new and existing data fits the current classification can be achieved following the table in Figure 7; which shows the categorization of data within information systems.

Figure 7: Data Classification

5.3.4 Physical Security

ABC Manufacturing should also develop a policy regarding physical security. Logical access controls for data are extremely important but one must not forget the physical access


Page 27

aspect. After classification of data based on the previously mentioned categories, it is time to physically secure and protect the hardware that the data, especially the restricted data, lives on.

Physical security refers to protecting any hardware or a location of hardware which contains company data. The first step in determining what will be required is to perform a security audit to develop a baseline and note where controls are absent and where there are controls in place but should be augmented. Once an audit and baseline is completed, ABC Manufacturing can begin implementing new security controls to address the areas where physical security is found to be deficient.

Some of the physical security issues that should be taken into account during the auditing process include; unauthorized access may be gained with the sole purpose of theft and/or damage to the property, physical space containing restricted data may be damaged, and power outages may result in data loss. Available IT resources within the company must be protected by facilitating physical security to prevent unauthorized access. All physical access steps should be recorded and access to each area should be controlled. It is also important to review Physical Security policies quarterly to help ensure consistent protection of data and other information technology resources.

Policies may include but are not limited to:

- Door access policy; access to offices, alarm systems control and who has access to which office

- An authorized visitor policy; a policy that will determine which part of the building is only accessible to visitors and which part is accessible to company employees.

- Using access control

- Compliance with fire code

5.4 Virtual Desktop Infrastructure

One area identified that will help to streamline future growth is a VDI roll-out. While VDI can have large upfront costs there are many advantages to it. It was noted in Section 3.3.2 Workstation Design, that the current workstation environment, while running Windows 7, is due to be replaced because of aging hardware for both mobile and desktop workstations.

There is an opportunity to reduce hardware costs and the possibility of data loss by moving to thin clients for both mobile and desktop solutions. A VDI infrastructure can also enhance security by reducing the possibility of data loss either through loss of a laptop or the ability for an insider to copy data to a USB mass storage device. In addition to these features, a VDI solution can help reduce resources that are required to deploy new workstations and even help speed security patching.


Page 28

It should be noted that both VMware and Citrix provide VDI solutions; however, due to the cost of VMware and the fact that the company already utilizes Citrix XenMobile for mobile device management, we would recommend utilizing the Citrix XenDesktop. In addition to advantages already mentioned, the migration to VDI will allow for a roll-out of a strong bring your own device (BYOD) policy which can serve to further reduce hardware and support costs for the company.

The current firewall configuration has an available fourth interface that could be utilized for a VDI infrastructure; we will refer to this interface as Interface4. The project team would recommend utilizing a Citrix Netscaler on this interface. Located behind the Netscaler would be Web Interface, Desktop Delivery Controllers, Citrix XenServers, and the operating system streaming infrastructure (OSSI) as shown in Error: Reference source not found.

As the company grows it will need to be more agile and have a plan in place to handle growth spurts and the ability to bring on outside people and possibly developers that may be located in other countries. The need for a more dynamic network environment is best handled through virtualization. While it is not recommended to virtualize all servers and desktops it is recommended that virtualization be reviewed to determine if capital funds can be allocated for implementation.

VDI combined with implementation of a Microsoft System Center Configuration Manager will allow the company to deliver virtualized applications to the users and further reduce support costs. This type of implementation also gives the company greater control over the applications a user has access allowing for tighter security and again making the company more agile for future growth.


Page 29

Figure 8: Virtual Desktop Design

Another great byproduct of the reference VDI solution is the migration of VPN services from the Cisco ASA firewalls to the Citrix Netscaler. The company can then utilize this as their VPN portal and begin requiring two-factor authentication for remote users. This setup will also segment the network to help increase security and reduce exposure to risk. Firewall rules can be implemented to control traffic between the VDI environment and the server environment.

An additional benefit of moving to a more virtualized infrastructure is the ability to control not just your direct employees but also any services being provided by a contracted employee of company. Through the use of virtual networking you can segment the VDI workstation utilized by these contracted entities and further reduce your exposure to risk. Utilizing VDI, you will also be able to have completely independent virtualized desktops being delivered to the contracted entities to ensure they have only the applications required to perform the job they are tasked with. While VDI is not a panacea for all security issues, it does deliver a more secure footprint.

6.0 Conclusions

Page 30

6.0 Conclusions

The overall network design is sound and does offer opportunity for expansion without re-architecting. As noted in Section 4 and Section 5 there are areas that need improvement. The most pressing issues should be the design and implementation of a formal Disaster Recovery and Business Continuity Plan and then immediate testing of the plan.

There are a number of initiatives that ABC Manufacturing has planned and some underway such as the replacement of the Enterprise Resource Planning tool that will help enhance manufacturing productivity, however the team feels that not enough focus is being applied to other aspects. The key to success is embracing technology and implementation of a framework that can be utilized to help move the company forward.

The team has outlined several areas in both policy and technology that require attention and will help make the company more agile in the future as it grows. Given limited resources, it may behoove ABC Manufacturing to implement a phased approach perhaps beginning with updating of all policies and procedures.

7.0 Sources Cited

Page 31

7.0 Sources Cited

How to test your incident response plan. (2002). Info - Tech Advisor Newsletter, , 1.

Retrieved from http://search.proquest.com/docview/202967507?accountid=13381

John Lindström, Sören Samuelsson, Ann Hägerfors, (2010) "Business continuity

planning methodology", Disaster Prevention and Management, Vol. 19 Iss: 2, pp.243 – 255

Minoli, D. (2008). The Zachman Architectural Framework. Enterprise architectureA to Z: frameworks, business process modeling, SOA, and infrastructuretechnology (). Boca Raton: CRC Press.

Penuel, K. B., Statler, M., & Hagen, R. (2013). Business Continuity Planning. In

Encyclopedia of crisis management: Vol. 1 (p. 76). Los Angeles, Calif: SAGE Reference.

Sessions, R. (2007, May). A Comparison of the Top Four Enterprise-Architecture

Methodologies. A Comparison of the Top Four Enterprise-Architecture Methodologies.

Retrieved August 1, 2014, from http://msdn.microsoft.com/en-us/library/bb466232.aspx

Zachman, J. (2008, January 1). John Zachman's Concise Definition of The Zachman

Framework™. . Retrieved August 1, 2014, from https://www.zachman.com/about-the-zachman-

framework

Boston University Information Services. (2010). Data classification guide. Retrieved, 2014, Retrieved

from http://www.bu.edu/tech/about/policies/info-security/1-2-a-data-classification-guide/

Buckley, S. (2011). IT change management. Internal Auditor, , July30th, 2014.

Longwood University.Handling restricted data. Retrieved, 2014, Retrieved from

http://www.longwood.edu/infosec/restricted.htm

Rodgers, C. (2012). Data classification: Why is it important for information security?. Secure

State, , 2014.

The University of North Carolina Information Technology Services. (2006). Change management

process.1.0, July 29th, 2014.

http://www.longwood.edu/infosec/restricted.htm

http://www.bu.edu/tech/about/policies/info-security/1-2-a-data-classification-guide/

http://msdn.microsoft.com/en-us/library/bb466232.aspx

7.0 Sources Cited

Page 32

University of Georgia, Office of Information Security.Data classification and protection standard.

Retrieved, 2014, Retrieved from

http://eits.uga.edu/access_and_security/infosec/pols_regs/policies/dcps

Weill Cornell Medical College.Data classification. Retrieved, 2014, Retrieved from

http://weill.cornell.edu/its/policy/security/11-3-data-classification.html

http://weill.cornell.edu/its/policy/security/11-3-data-classification.html

http://eits.uga.edu/access_and_security/infosec/pols_regs/policies/dcps

Documents

Information Technology Capstone Final Paper