Huffman Trucking Information Systems Security Review and Upgrade

Huffman Trucking Information Systems Security Review and Upgrade

Background and Statement of Need

An increasing growth of the Huffman network infrastructure and architecture requires review of existing network security hardware and software/application resources. This review will help to determine requirements for new systems and possible upgrades to protect Huffman Information Systems from exploitation and ensure security features are in place to combat increasing threats to customer information bases, industry information, technology and assets, and existing and increasing identity theft threats. Negative consequences of neglecting these information security issues can be measured in predictable loss of revenue due to identity theft, network sabotage, legal and liability fees, and commercial espionage.

Without any changes, impact to operations can be catastrophic. Critical customer and business information may be vulnerable to Denial of Service (DoS) and other malicious attacks. In these days of increasing identity theft, the legal consequences if customer information is not effectively protected could be extremely detrimental to Huffman business objectives.

Goal Statement / Project Objectives

The goal of the Huffman Information System Security Upgrade is to successfully implement sufficient and required security applications, processes, and measures identified in the following analysis.

The Information System Security Review will identify existing and required levels of security measures across Huffman's Information Systems and recommend appropriate modifications and upgrades. The security features will eliminate DoS attacks on Huffman Networks and secure Huffman Information Systems and eliminate all identified vulnerabilities.

Existing security functionality will be measured by comparing performance parameters currently available in/on the existing security applications with current global standards. A determination of how much security required for the type of operations and data will help determine the type of security to be implemented.

Mission and Goals & Project Plan

The Plan will start with an examination of current network architecture and components and then identify security features that might be implemented in this network. The project plan will begin with analysis of existing security processes and identify specific vulnerabilities. The vulnerabilities will then be addressed to ascertain the specific level of security and applications required for acceptable protection. Firewalls, cryptographic algorithms, software applications will be implemented on an as-need basis as vulnerabilities are identified.

A schedule will be developed with the evolvement of the Work Breakdown Structure (WBS), but generally the team should try to stay ahead of the draft project schedule.

Opportunity Statement

Delays in network operations, frequent pop-ups, latency across networks, SPAM, and a constant threat of exploitation of business information will be addressed as well as unauthorized use of proprietary and confidential information. Solutions will be designed and implemented as countermeasures. Other operational issues such as the need to block pop-ups with current browsers and firewall features will be addressed and prioritized as budget concerns. Vulnerability management systems, Intrusion Detection Systems (IDS), Identity Management, Authentication (IDA), and web access control are not in place leaving Huffman information systems very vulnerable to malicious attacks and network disruption.

* Primary Measurement

- SMART approach

- Network availability statistics

- Denial of Service Attacks

- Network monitoring capabilities

* Secondary Measurement

- Network availability statistics after

- Denial of Service Attacks after

- Network monitoring capabilities

Project Scope

Authorization to proceed will be granted from the company CIO who will provide an official corporate review of the project's initial analysis and findings. This authorization will approve the Project Scope and budgetary constraints.

The overall scope will encompass Huffman Information Technology and its information systems security capabilities. Specific technologies to be addressed will be: Human Resources Information Processing systems, Data storage networking processes, day - to - day information processing security procedures, logons, security scripts, network access control, and Web access control.

Technologies and processes not within the scope are; the coordination for Type III and above encryption and keying material and coordination for National Security Agency (NSA) communications security (COMSEC) requirements. New networking or information systems technology will not be introduced into the scope of this project unless it provides necessary network security features for the prescribed protection.

Impact to ERP and SAP processes and operations will be kept to a minimum. Downtime may be needed to implement significant network components and software but will be coordinated and scheduled to occur during less than peak business hours to keep operational impact to a minimum.

Task Responsibility Matrix

The following resources are assigned to the Project Team and have associated responsibilities:

Project Manager - Project leader manages teams and provides oversight.

Chief Information Officer - Provides support, funding,

Information Architect - Provides engineering, testing criteria, technical goals, works closely with Programmer, Technical Lead, and Network Admin.

Programmer - Provides software analysis, configuration, testing.

Technical Lead - Provides field installation and maintenance support, provides site support for power, rack space.

Network Admin - Provides office automation and security support in the form of network security statistics, reports, and analysis. Provides user accounts and assesses security requirements for network access control.

Trainer - Acquires documentation, identifies critical tasks, produces training

...