Free Essay

Enterprise Security Plan

In: Computers and Technology

Submitted By tmgreyn
Words 1749
Pages 7
Enterprise Security Plan

Enterprise Security Plan
Smith Systems Consulting (SSC) is a major regional consulting company. Headquartered in Houston, Texas, the firm’s 350 employees provide information technology and business systems consulting to its clients in a wide variety of industries including manufacturing, transportation, retail, financial services and education. Smith Systems Consulting (SSC) is a service provider. It provides IT services for other companies. Security is essential for SSC because it not only requires security for itself, but SSC also has many customers depending on it to provide top level IT services, which also includes security.
Enterprise risks are a part of all business and how we address these risks determines how successful we are in the business world. Risks can be defined by “any exposure to the chance of injury or loss.” (Cheryl l. Dunn, 2005) Risks can be internal or they can come to us from outside sources in the form of external risks. Both types of risks pose a threat to the overall security of the enterprise. An Enterprise Security Plan (ESP) outlines possible risks by identifying the vulnerabilities within the business process and ranks the vulnerabilities for ease in developing a mitigation plan. The ESP also identifies technologies and policies that will help in the development of an operational plan that protects the business process and intellectual property of your corporation.
Within this ESP we have developed 3 different appendixes for the ease of review and to facilitate the corporate review. First Appendix will focus on the identifying vulnerabilities. The second appendix will indentify the vulnerabilities that will have posed the greatest threat and will also provide the logical justification matrix. The third appendix will address Enterprise Vulnerabilities. Within this appendix Smith Systems Consulting will discuss and make recommendations that will provide enterprise protection by identifying and by making recommendation to mitigate vulnerabilities that affect the following areas: Physical, System and Logical. This in-depth analysis will help provide recommendations for the necessary resources to protect your enterprise.
Appendix 1 The team will be looking at many security issues addressed at the company. There were many ideas for topics to address when it comes to risks that are possible for an Enterprise environment. Some of the ideas included data loss, insider threat, outsider threat, and un-patched or updated vulnerabilities that might hinder SSC. It is understood by the team that all of the identified risks are significant. Insider threat is when internal users of the system cause damage to the system. It is more likely the damage is inadvertently caused. The probability of malicious insider threat is not as great, but it is definitely a possible threat. Certain steps must be taken to help prevent the malicious insider threat and inadvertent insider threat. The specific steps can be focused on in the project.
Another threat discussed by the team is the threat of un-patched systems. Research must be conducted to see if there is a vulnerability management process in place for SSC or any of the companies it provides IT services to. If there are no vulnerability management plans or processes, SSC must create one. Vulnerabilities left unchecked can cause system issues, including intrusions by unauthorized persons.
SSC will need to create a strong security policy plan and will need to hire some internal security professionals to help them setup roles and create security profile to resolve some of the issues discussed.
Appendix 2
Risk and vulnerabilities matrix Risk and vulnerability strategies are important to a growing business. In order to evaluate the infrastructure of organizations you would want to do a good threat assessment and other to determine if the outcome is in the best interest of the company. Threats to an organization can include natural, criminal, terrorist, and accidental to name a few. A good threat assessment determines that likelihood of a threat occurring.
In this assignment Team A determined the risks and vulnerabilities of our virtual organization – Smith Consulting. We then designed a matrix and ranked the risks and vulnerabilities. We then added a comments field to the matrix so that we could describe the possible outcomes for each of the vulnerabilities.
We categorized our rankings as: * High probability/high impact * High probability/medium impact * High probability/low impact * Medium probability/high impact * Medium probability/medium impact * Medium probability/low impact * Low probability/high impact * Low probability/medium impact

Appendix 3
Enterprise vulnerabilities Smith Systems Consulting (SSC) recommends and installs premium support services such as network installs, email server installs and upgrades, and database design and development. Though not on their website, SSC is security conscious with the technologies that are available for businesses, and the technologies that they recommend to their customers. One area of security that SSC thrives in is that of vulnerability assessments. This involves evaluating a customer’s current vulnerabilities, as well as vulnerabilities that may arise from the installation of new technologies, if not installed correctly. The vulnerability areas focused on are: physical, system, and logical.
Physical
Vulnerabilities in the physical sense are not so much referring to things such as access to a building or server room or damage to networking equipment (though these things should be considered by IT staff). A DoS (Denial of Service) or DDoS (Distributed Denial of Service) attack would be considered a physical attack because it causes physical problems with a server, i.e. over working a server to the point of extreme slowness or failure. DoS and DDoS attacks occur when an attacker (hackers) sends a large amount of packets to a particular server (often web servers), causing all of the bandwidth to be taken up and all of the server’s resources to handle and process the packets. The end result for valid visitors of the site is slowness bringing up the site, or the website not coming up at all. Though DoS attacks can be very service affecting, there are ways to combat against them. Having a good quality firewall in place that scans packets as they come in, and denies DoS attacks is a start. Having an IPS (intrusion prevention system) is an even better way to prevent these types of attacks, because an IPS device is usually much smarter than a firewall and also has the ability to scan incoming packets for a multitude of other problems. Dos and DDoS can also occur on client machines as well. To protect against this, it is important to have high quality and updated antivirus / spyware removal software on the machines, as well as all current updates for the operating system. All of these steps does not guarantee that DoS attacks won’t occur (hackers are always coming up with new ways to lead these attacks), but it greatly reduces the chances that it will happen.
System vulnerabilities System vulnerabilities are another area where many businesses suffer. In particular, email servers can cause a lot of issues for companies if not setup correctly. If an email server is setup by someone that does not know best practices for installing email servers, often the server is abused by hackers, who use the server as an SMTP relay server. Basically, your organization’s email server is now used to relay emails from someone outside your organization to hundreds, maybe even thousands of people, commonly referred to as SPAM. This problem could be prevented by turning off the relay option on a server. An email server can be the lifeblood of a company, due to the important nature of email and the constant use during the day. If proper backup and restore procedures are not in place, an organization could be crippled if their email server goes down. Again, having someone that knows the proper procedures can save a lot of time and lost productivity for a company. With an example of using Microsoft Exchange as an email server, the organization using it most likely will not be using the IMAP and POP3 protocols that are running by default. By disabling these protocols, the server becomes less penetrable from outside hackers. If the protocols are left running, it creates unnecessary open doors for hackers to access. Insider threats can also be an issue when it comes to email. Employees could be sending out insider secrets through the email server, and the organization may never know it. Installing a security appliance that monitors outgoing email will help in removing this risk. Last, email servers can emails from all sorts of sources, including many that are unwanted. Virus, malware, and spyware can be contained in emails on the server. Configuring antivirus software to know what files to scan to prevent viruses from spreading, while not scanning other areas that could potentially corrupt the email server database is also a crucial step when configuring Exchange. Bottom line, setting up an email server should be done by someone that knows the intricacies of the software.
Logical vulnerabilities Logical vulnerabilities point in the direction of things like installed software, operating systems, etc. Problems like virus protection on client and server computers can be included in this. Not configuring the antivirus software correctly or worse not having antivirus software installed at all can cause major problems on a network. Network slowness, erratic behavior on servers or clients, and pop-ups are some of the signs that one or more systems may be infected with a virus. Another common area that gets overlooked is that of keeping up on software and operating system updates and patches. Though it is an easy and quick procedure to run updates for a system, often the steps are overlooked due to bigger IT problems that need to be taken care of. Holding off on updating software may not cause problems initially, but in the long run can cripple organizational functionality. Some companies will hold off on running updates and patches because of fear that it will take down systems due to a bad patch. This can be mitigated in several ways. First would be to have client machines with similar hardware and software configurations, so that tests can be run on a similar system first, before applying changes to production computers. Second would be to install something like a Windows Systems Update Server. This server downloads all Microsoft Updates to itself, and then pushes the updates out only when an administrator gives the go ahead. This allows administrators to keep the updates for a week or so to make sure that no complaints arise on the Internet, regarding those updates.

Similar Documents

Premium Essay

Enterprise Security Plan Cmgt/430

...Enterprise Security Plan CMGT/430 Enterprise Security Plan This Enterprise Security Plan (ESP) for Riordan Manufacturing employees the levels of security required to protect the network and resources utilized to communicate. It is intended purpose is to formulate a means to counterattack against security risk from potential threat. The ESP servers as a way to identify risks and to ensure a contingency plan is in place to protect the availability, integrity, and confidentiality of the Riordan organization's information technology (IT) system. The ESP benefits all employees however it is most beneficial to information resource managers, computer security officials, and administrators as it is a good tool to use for establishing computer security policies. The ESP in its basic form is a systematic approach to addressing the company’s network, its capability, the threats it is susceptible to and a mitigation strategy that addresses those threats if and should they occur. In addition to addressing the threats the ESP will also make provisions for establishing contingency plans in case of a disaster. The information covered by this plan includes all information systems, IT resources, and networks throughout the Riordan global organization owned or operated by employees in the performance of their job duties, whether written, oral, or electronic. Further it establishes an effective set of security policies and controls required to identify and mitigate vulnerabilities that...

Words: 2085 - Pages: 9

Premium Essay

Emergency Planning and Business Continuity Management and How It May Be Integrated with Security Risk Management.

...threats and risks they could face seriously. Security Risk Management (SRM), Business Continuity Management (BCM) and Emergency Planning (EP) assist in achieving this by putting in place effective risk identification and management measures. Effective management of risk can make the difference between success or failure of business operations during and after difficult events. Threats can include man made threats, such as terrorist attacks, or naturally occurring threats such as earthquakes. Effective risk identification and management is essential to any business, especially with the current uncertainty in the world’s economic climate. In order for businesses to survive, during times of increased strain on business operations, it is essential that an alignment between security and business operations can be achieved. This can be achieved by the security department not only widening the remit to cover more risks, but changing how the department works and relates to the rest of the business; including shared responsibility for things such as Corporate Governance, Information Assurance, Business Continuity, Reputation Management and Crisis Management. The problem is security departments now have more responsibilities in an increasingly complex and fast moving world. Security Risk management is no longer an activity just for companies who work in high-risk areas or with exposure to significant security threats. Therefore, security is no longer viewed as a stand-alone activity...

Words: 5764 - Pages: 24

Free Essay

Proj Mgmt

...GIAC Enterprises Security Controls Implementation Plan Group Discussion and Written Project John Hally, Erik Couture 08/07/2011 GIAC Enterprises – Security Controls Implementation Plan Table of Contents Executive Summary Introduction Security Controls Implementation Plan Incident Response Weekend Plan Conclusions References 3 3 4 6 9 9 2 GIAC Enterprises – Security Controls Implementation Plan Executive Summary The cyber-threat landscape has evolved significantly in recent years. From primarily a threat of denial of service and website vandalism in years past, to the currently advanced and well resourced adversaries employing complex technologies to achieve financial and political benefit. At GIAC Enterprises, we have observed huge increases in suspicious network activity directed at our corporate networks, sometimes even targeting key individuals. Due to the huge global increase in demand for fortune cookie messages, it is reasonable to expect that this undesired attention will only increase in the coming months and years as cyber-criminals and possibly corporate spies attempt to closely monitor our business activities and steal vital business information. This paper presents the recommendations of the tiger team, which was recently formed, with the goals of: 1. Developing a strategy for the implementation of the SANS Top 20 Security Controls, and in particular the creation of an incident response capability; and 2. Identifying and eradicating any possible...

Words: 3167 - Pages: 13

Premium Essay

Information Assurance

...Framework Computer Security Division Information Technology Laboratory NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Managing Enterprise Risk Key activities in managing enterprise-level risk—risk resulting from the operation of an information system: Categorize the information system Select set of minimum (baseline) security controls Refine the security control set based on risk assessment Document security controls in system security plan Implement the security controls in the information system Assess the security controls Determine agency-level risk and risk acceptability Authorize information system operation Monitor security controls on a continuous basis NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 2 Risk Management Framework Starting Point CATEGORIZE Information System Define criticality/sensitivity of information system according to potential worst-case, adverse impact to mission/business. MONITOR Security State Continuously track changes to the information system that may affect security controls and reassess control effectiveness. SELECT Security Controls Select baseline security controls; apply tailoring guidance and supplement controls as needed based on risk assessment. Security Life Cycle AUTHORIZE Information System Determine risk to organizational operations and assets, individuals, other organizations, and the Nation; if acceptable, authorize operation. IMPLEMENT Security Controls Implement security controls within...

Words: 723 - Pages: 3

Premium Essay

Team E Final Unix-Linux Paper

...Enterprise Security Plan University Of Phoenix CMGT 430 Carol Eichling March 26, 2014 Enterprise Security Plan Huffman trucking company is a national transportation company. The company’s 1,400 employee’s work in its logical hubs located in Los Angeles, California, St. Louis, Missouri, and Bayonne, New Jersey; its central maintenance facility is in Cleveland, Ohio; and as drivers of its 800 road tractors. (University of Phoenix, 2005) Team A has been consulted to create an enterprise security plan that will identify the information security challenges within Huffman trucking company network and establish mitigation plans to offset those challenges. The enterprise security plan will address some of the top vulnerabilities and risks that Huffman trucking company has the potential of experiencing. The plan will also include a list of physical and logical vulnerabilities within the company, and a specific list of remediation or mitigation steps for those vulnerabilities or threat pairs. “Enterprise security planning (ESP) is the aligning of information security policies and practices and applicable security technologies with the business rules and the evolving information models and technical architectures being used by a government or business”. (Erutal, L., Braithwaite, T., Bellman, B., 2012 pg. 144) As we started our examination of Huffman trucking vulnerabilities and risk, we took a strategic look at their assets and the possible vulnerabilities that could have an...

Words: 1665 - Pages: 7

Premium Essay

Emerging Cybersecurity Policies in the Federal Government

...Emerging Cybersecurity Policies in the Federal Government 3 Emerging Policies and Practices 4 Defense in Depth (DID) 5 Security Risk Frameworks 6 Test Driven Development 8 Business Service Frameworks 9 Acceptance and Preparation for Failure 11 The Federal Government and these Emerging Policies and Practices 13 The Feds and Defense in Depth 14 The Feds and Security Risk Frameworks 14 The Feds and Test Driven Development 16 The Feds and Business Service Frameworks 17 The Feds and Acceptance and Preparation for Failure 19 How could the Feds continue to improve 20 References 22 Emerging Cybersecurity Policies in the Federal Government One of the largest and most important enterprises there is to protect in the cyber security realm are the various networks that make up the federal government. This massive undertaking to secure the systems, networks, and data of the various governmental agencies is a never ending uphill battle. The requirements of the federal government enterprise to be globally far reaching, as well as user friendly, scalable, and multi-functional lie in direct contrast with the additional requirements for the data the federal government enterprise harbors to be secure with extremely high availability, integrity and confidentiality. This balancing act of usability versus security is common among all enterprises, but it is radically highlighted within the federal government sector due to...

Words: 6354 - Pages: 26

Premium Essay

Security Plan

...Your Company Security Plan for Unclassified Data Version 1.3 March 20, 2012 Developed By: Your Committee Committee Your Company Important Disclaimer: The Aerospace Industries Association of America, Inc. (“AIA”) has no intellectual property or other interest in this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data. By developing this Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data Plan and making it freely available to anyone, AIA assumes no responsibility for this Guideline’s content or use, and disclaims any potential liability associated therewith. Executive Overview From time to time an AIA member company may be requested to provide the DOD, a prime contractor or an industry partner an Information Technology Security Plan for unclassified data. This security plan could be required at the enterprise, program or application level depending on the unique requirements of the request. This request might be challenging for those members that have never been required to provide such a document. This “Aerospace Industry Guideline for Developing a Security Plan for Unclassified Data” provides a template and guidance to assist member companies in the development of a security plan to meet their customers or partners needs. Please keep in mind that this document is provided as a guideline and not a mandatory standard. AII member companies are encouraged to use this guideline. Use...

Words: 2097 - Pages: 9

Premium Essay

Test

...SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING Securing Wi-Fi Rogue Access within an Enterprise Setting Daniel Joel Clark A Capstone Presented to the Information Technology College Faculty of Western Governors University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Security Assurance January 9, 2014 1 SECURING WI-FI ROGUE ACESS WITHIN AN ENTERPRISE SETTING 2 A1 - Abstract Since 1999 wireless devices have become a necessity in enterprises. While increasing convenience, connectivity, and productivity, they also pose an unprecedented threat to network security guarding, which has literally taken to the airwaves. This paper will deal with vulnerabilities and risks regarding access points (APs) in a wireless network (WLAN) connecting to a wired local area network (LAN) in enterprises. Data for this paper will come from published academic papers, industry publications including white papers and surveys, and industry specialists. It will also include definitions of terms, policy and procedures that affect access points, and current practices regarding rogue APs. A case study will be presented for a fictional enterprise with multiple locations that has standard procedures, policies, and protocols in place, but recent events have questioned their ability to control access points with the discovery of rogue devices hidden in several office locations. Industry warnings about access points span the...

Words: 18577 - Pages: 75

Premium Essay

Cmgt 442 Entire Course

...SUPPORT@ACTIVITYMODE.COM CMGT 442 ENTIRE COURSE Information Systems Risk Management Week 2 Individual Assignment Service Request SR-HT-001 (Huffman Trucking Benefits Election System) Prepare a 3- to 5-page paper describing the considerations necessary to address the possible security requirements and the possible risks associated with the Benefits Elections Systems being requested by the Service Request, SR-HT-001 for Huffman Trucking Company. Week 3 Individual Assignment Security Monitoring Prepare a 3- to 5-page paper describing the security monitoring activities that should be conducted in an organization with both internal IT (payroll, human resources, inventory, general ledger, and so on) and e-commerce (Internet sales and marketing) applications. The paper will include the rationale supporting each monitoring activity you propose and any recommended course of action to be taken when a significant risk is identified. Week 4 Individual Assignment Outsourcing Risks Prepare a 3- to 5-page paper that identifies the possible risks to an organization in each of the following outsourcing situations: a) the use of an external service provider for your data storage; b) the use of an enterprise service provider for processing information systems applications such as a payroll, human resources, or sales order taking; c) the use of a vendor to support your desktop computers; and d) the use of a vendor to provide network support. The paper will include a risk mitigation strategy...

Words: 2578 - Pages: 11

Premium Essay

Cmgt 430 Week 4 Learning Team Presentation

...Week 4 Learning Team Presentation To Buy This material Click below link http://www.uoptutors.com/CMGT-430/CMGT-430-Week-4-Learning-Team-Presentation An enterprise security plan is more than just a list of vulnerabilities and risks. It must present them in a meaningful way along with suggestions for specific steps to mitigate each of the most important vulnerabilities or risk pairs it finds. Your task this week is to produce the basics of that full presentation. Part 1 Compile a full draft of the final Enterprise Security Plan document. This will not be complete, but will have at least a short paragraph about each major section of the paper, including the suggested controls. Use the introduction and conclusion as an executive summary of the entire paper’s content. Research at least eight sources that validate the choices made in the paper. This must go beyond basic definitions. The sources can be changed in the final week, if needed. Format your paper consistent with APA guidelines. Part 2 Create a Microsoft® PowerPoint® presentation on the findings in the Enterprise Security Plan to present to senior management at your chosen organization. Keep the slides uncluttered and concise. Include well-formatted speaker notes for the presentation. Finalize your presentation for the Enterprise Security Plan. The presentation should target senior leadership at the organization and should effectively cover the material in the paper. ·         No specific number...

Words: 330 - Pages: 2

Premium Essay

Cobit 4

...4.1 Excerpt Executive Summary Framework COBIT 4.1 The IT Governance Institute® The IT Governance Institute (ITGITM) (www.itgi.org) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s information technology. Effective IT governance helps ensure that IT supports business goals, optimises business investment in IT, and appropriately manages IT-related risks and opportunities. ITGI offers original research, electronic resources and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Disclaimer ITGI (the “Owner”) has designed and created this publication, titled COBIT® 4.1 (the “Work”), primarily as an educational resource for chief information officers (CIOs), senior management, IT management and control professionals. The Owner makes no claim that use of any of the Work will assure a successful outcome. The Work should not be considered inclusive of any proper information, procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific information, procedure or test, CIOs, senior management, IT management and control professionals should apply their own professional judgement to the specific circumstances presented by the particular systems or IT environment. Disclosure © 1996-2007 IT Governance Institute. All rights reserved. No part of...

Words: 14485 - Pages: 58

Premium Essay

Dbm 502 Expert Tutor/ Indigohelp

...DBM 502 Entire Course For more classes visit www.indigohelp.com DBM 502 Individual Assignment: Implementing an Enterprise DBMS DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 DBM 502 Individual Assignment: Data Dictionary DBM 502 Individual Assignment: Database Security DBM 502 Learning Team Assignment: DBMS Implementation Plan ………………………………………………… DBM 502 Individual Assignment Comparing Database Software PART 1 OF 2 For more classes visit www.indigohelp.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses Refer to “Standards for Written Work” and “Standards•your results. for Presentations” in your Program Handbook, which can be accessed through the student Web site. ………………………………………………… DBM 502 Individual Assignment Comparing Database Software PART 2 OF 2 For more classes visit www.indigohelp.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses your results. Refer to “Standards for Written Work...

Words: 537 - Pages: 3

Premium Essay

Incident Response Plan

...Information security is always at risk from both external and internal sources attacks, both malicious and naïve. Any information located on a computer, especially one that is utilized by a human being is not one hundred percent secure from malicious activity. A person occupying a computer is more likely to be at risk to be infected with viruses, Trojans, and malicious software. This is because an employee may unaware that his poker playing website contains malicious software that is currently being downloaded onto his work computer. This is where an incident response plan comes into play in case of something like this may come along. The intentions of an incident response plan are to mitigate the damage caused by misappropriation or mistreatment of a corporation's workstations or system assets and to thwart the forfeiture of or impairment to electronic communication assets (UC-Davis, 2001). There are many reasons for using an incident response plan such as how attacks can be handled more efficiently, therefore the loss or damage is reduced. This builds confidence with shareholders and cuts losses to the company’s bottom line, or profit. Information on current standards, hardware, software, and procedures, is enhanced. Since there is a current plan in place the only thing that can happen is that improvements are made to the flow of the steps taken to the incident response team. This will reduce the chaos of responding and everything will run more smoothly boosting...

Words: 1935 - Pages: 8

Premium Essay

Dbm 502 Learning Consultant / Tutorialrank.Com

...DBM 502 Entire Course (UOP) For more course tutorials visit www.tutorialrank.com DBM 502 Individual Assignment: Implementing an Enterprise DBMS DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 DBM 502 Individual Assignment: Data Dictionary DBM 502 Individual Assignment: Database Security DBM 502 Learning Team Assignment: DBMS Implementation Plan ---------------------------------------------------------------------------- DBM 502 Individual Assignment: Comparing Database Software PART 1 OF 2 (UOP) For more course tutorials visit www.tutorialrank.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare and contrast Microsoft® Access, SQL, DB2, and Oracle®. Write a 2- to 3-page paper that discusses Refer to “Standards for Written Work” and “Standards•your results. for Presentations” in your Program Handbook, which can be accessed through the student Web site. ------------------------------------------------------------------- DBM 502 Individual Assignment: Comparing Database Software PART 2 OF 2 (UOP) For more course tutorials visit www.tutorialrank.com Individual Assignment: Comparing Database Software Create a list of criteria that can be used to compare database software. Create a table that uses the list of criteria to compare...

Words: 548 - Pages: 3

Premium Essay

Sample Business Information Systems Business Plan

...Sample Business Information Systems Business Plan Your Name(s) Go Here University of Phoenix BIS 220 June 15, 2014   Table of Contents 1.0 Executive Summary 4 1.1 Mission Statement 4 1.2 The Market 4 1.3 The Offering 5 1.4 Competition 5 1.5 Business Information Systems Resource Requirements 5 1.6 Business Information Systems Key Issues 5 2.0 The Business Information Systems Enterprise 5 2.2 Organization 5 3.0 Business Information Systems Selection 5 3.1 (What are the BIS you selected for your business? Why did you select these BIS systems? (Please provide 5 BIS systems. I.e. Point of Sales, Online ordering, Enterprise Resource Planning (ERP) etc…)) 6 4.0 Networking Technology Selection 6 4.1 (What is/are the networking technology system? Why did you select this/these networking technology systems? (Please provide at least 1 Networking Technology. I.e. Website Hosting (who will host your site), Internet Service Provider (identify bandwidth speed), Wireless capabilities, etc…)) 6 5.0 Business Information Systems and Networking Security Risk and Mitigation 6 5.1 (What are the security risks for the BIS selection?) 7 5.2 (What are the security risks for the Networking Technology selection?) 7 6.0 Business Cost Analysis (OPTIONAL) (BONUS POINTS) 7 6.1 (How much does it cost for the BIS and Networking Technologies you selected for your business?) 7 6.2 (How would you go about in obtaining funding for your business?) 7 6.3 (Provide a One-Year, Two-Year, and...

Words: 832 - Pages: 4