Upload
tomlirvine478380424
View
601
Download
0
Tags:
Embed Size (px)
Citation preview
TASK MGT 1 A-G 1
Header: GenRays HUMAN RESOUCE INFORMATION SYSTEM
GenRays HUMAN RESOUCE INFORMATION SYSTEM(GenRays HRIS)
PROJECT TITLE: GenRays HRIS
Systems Inc.
Tom Irvine: Plant Manager
MBA Student
Term Start 8/1/2014 Task MGT2
Western Governors University
Project Date February 1, 2014
SMALL BUSINESS SECURITY AND POLICY 2
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Abstract
Risks associated with the major constraint, Lack of Information, such
as type of manufacturing, number of employees, technology requirements,
which would normally be included in any Project Management scenario, will
affect every aspect of project initiation, planning, execution, and controlling,
including, but not limited to, project deliverables, project development,
project description, objectives, budgets, costs technology, scope, SOW,
quality, and quantity and will restrict actual discovery of a purposeful
Project Management Plan. The Task information given underminds what
can be expected to give a worthy and viable view of a project with its lack of
detail and direction.
For any project, small, midsize or a large enterprise, if problems exits or
just an expansion or upgrade of the infrastructure is the endeavor, and no matter
how small or large that endeavor, it is imperative that every project consider a
complete security-based application, anti-virus and malware implementation, and
a volume of policies, guidelines, standards, and procedures should be an
additional consideration, considering employees are the worst enemy against
security and the manipulation of data for any Information System. Inasmuch as,
the GenRays project does not touch on the subject, I included it with very little
emphasis, and I will reflect, basically on FRS, HRIS, and Payroll, Integration.
SMALL BUSINESS SECURITY AND POLICY 3
Ninety percent (90%) of systems going to the junk pile are caused by age (#1) with
employee indifference and internal theft (#2) closely behind.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
PROJECT CHARTER
Table of Contents
HRIS Project Cover Sheet______________________________________ 1
Abstract ____________________________________________2
Table of Contents Project Charter _______________________________3
Project Charter Report Summary_____ __________________________5
Review of Current System_____________________________________6
System Rationale____________________________________________7
System Analysis____________________________________________ 8
Preliminary Investigation_____________________________________9
Post-Preliminary Investigation________________________________ 12
Project Acceptance______________________________________ 13
Project Title___________________________________________ 13
Purpose______________________________________________ 13
Project Description (14-23)________________________________ 14
Objective and Goals____________ _________________________ 22
Success Criteria or Expected Benefits_________________________23
Funding______________________________________________25
Acceptance Criteria_____________________________________ 26
Project Development Summary_____________________________26
Major Deliverables______________________________________28
Milestone Schedule _____________________________________28
Approval Requirements__________________________________28
Project Manager _______________________________________29
Authorized by_________________________________________29
SMALL BUSINESS SECURITY AND POLICY 4
LegendBlack type indicates Project Manager inferencesBlue type indicates Project Charter inferences Green type indicates Project Scope inferencesSome inferences are marked by redundancy and repetition GenRays HUMAN RESOUCE INFORMATION SYSTEM
PROJECT SCOPE
Table of Contents
Project Scope Description_______________________________________22
Customer Requirements________________________________________23
Statement of Work (SOW)_______________________________________24
Project Deliverables___________________________________________25
Acceptance Criteria____________________________________________26
Work Breakdown Structure (WBS)_________________________________27
Project Boundaries____________________________________________28
Project Assumptions___________________________________________29
Initial Defined Risks and Constraints_______________________________30
Project Approval_____________________________________________31
Stake Holders Work Resources and Costs (Fig 1.1)______________________
Project Timeline and Scheduling (Fig 1.2)___________________________ 20
Project Development Fig 1.3)______________________________________23
Project Deliverables and Costs Fig 1.4) ______________________________ 24
GenRAYS Matrix template (Fig 1.5)
Project Planning Checklist (Fig 1.6x)________________________________ 27
References_________________________________________________28
Glossary__________________________________________________29
Appendix 2: ALTIUS Policy Collection Security & Privacy_________________31
Table of Contents Scope_______________________________________34
SMALL BUSINESS SECURITY AND POLICY 5
GenRays HUMAN RESOUCE INFORMATION SYSTEM
PROJECT CHARTER REPORT SUMMARY
The significance in understanding the importance of a newly
upgraded and integrated Information Technology (IT) System when
considering the GenRays project, is by 1) implementing and integrating a
new HRIS system, 2) adding new Payroll functions to HRIS, 3) integrating
HRIS with the recently developed Financial Record System (FRS)
infrastructure, 4) implementing a complete anti-virus and malware
application with an Intrusion Detection System to combat external and
internal threats to help minimize or eliminate the risks associated with an
insecure system, and 5) devising and incorporating mandatory policies,
guidelines, procedures, and standards, for each activity in a documented,
on-line, format to facilitate the correct and only procedural course of action
when entertaining and completing a required task. The former three (3) are
the major initiatives and ultimate objectives of GenRays HRIS Management
Project. Inasmuch as, strategies, planning, and implementation of updates
and upgrades, sometimes falls to the inattention of minor details, and the
major employee routine of doing it their way leads to the deterioration of
the system, eventually making it inoperability. The controllable events
result in uncontrollable consequences at the weakest link in the system,
SMALL BUSINESS SECURITY AND POLICY 6
giving credence to the fact that when an upgrade or activity is initiated,
especially when the system is integrated with other components, it is
imperative that all system features and functions be analyzed and
subsequently maintained and adhered by factory recommendations and
company policy that will support the new components and activities of the
IT system without deviation. It is the opinion of this Project Manager,
there is no policy and no security initiatives, but only employee discretion
for innovations.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
REVIEW of CURRENT SYSTEM
GenRays, a mid-size business and manufacturing facility, fits into the
category of one system not knowing what its compatriot and essential
counter parts are doing. When the old HRIS system [will not talk to] the old
Payroll System and communications have stopped between the two, giving
erroneous information or no information at all, no viable means of reliable
communication results. Equally, when there is no anti-virus or malware
application of authority, to speak of, risks became imminent, and indeed,
when no policy, guidelines, procedures, or standards to effect excellent
contributions in maintaining the consistent and overall welfare of the HRIS
Information System, errors are even more likely to occur. The new HRIS
system will be fitted with the latest and most efficient hardware and
software available and will be current with updates for its applications.
Anti-virus solutions and security will be advanced as what they can do, and
SMALL BUSINESS SECURITY AND POLICY 7
procedural guidelines, standards, and policy will be implemented to dictate
where, how, when and why solutions should be incorporated and integrated
into the new HRIS system. In contrast to the new HRIS system, Payroll is
years older and needs to be brought up-to-speed in hardware and software
compliance to complement the newer technology that has been afforded to
FRS and the new HRIS. Computing the risk assessment formula Single
Loss Expectancy (SLE) times the Annual Rate Occurrence (ARO) is equal to
the Annual Loss Expectancy (ALE), the result indicated that the Payroll
system should have stopped responding long before they contacted anyone
for support and reconciliation of the overall infrastructure. In the old HRIS
system a viable security policy was never formulated to
GenRays HUMAN RESOUCE INFORMATION SYSTEM
complement the strategies needed in exposing known and unknown threats
and risks, that would be detrimental to the assets of the company and
security in the old is non-existent. The CEO’s decision to call a consulting
firm, Systems, Inc., prevented the firm from closing, as profits plummeted,
before the new FRS system was implemented, inasmuch as, the entire
infrastructure, including Payroll, should have been analyzed and brought
into the realm of total HRIS and Payroll integration compliance from the
beginning.
SYSTEMS RATIONALE
SMALL BUSINESS SECURITY AND POLICY 8
The rationale behind the question, “Why this immense project, when
the problem is only payroll related?” The evidence of the preliminary
investigation supports wide spread problems and failures throughout the
existing system infrastructure, and only an extensive upgrade will eliminate
those deficiencies. Inasmuch as, the problems will be eradicated with the
proper implementation and policy management of a new system, the
benefits far outweigh any other option that may have been considered,
inasmuch as, the costs are relatively low in contrasts to a company without
OEM powers in purchasing. One should investigate the advantages,
benefits, and costs to reaffirm the rationale behind, why the thesis
statement in the summary is valid and deserves accreditation?
The explanation of reasoning, justification, and rationale to arrive at
the recommended changes also answers:
Why the proposal for this project was made and what does it involve?
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Major: New HRIS system.
Major: Payroll functions integrated into the
new HRIS
Major: Integration of the new FRS and
newer HRIS infrastructure
o Minor: Advance Security
o Minor: Policy, guidelines, standards and procedures
SMALL BUSINESS SECURITY AND POLICY 9
o Minor: Anti-Malware and Anti-virus upgrade
How was the selection of criteria developed?
o Preliminary investigation
o Systems Analysis
o Expert judgment from executive sponsors and Stakeholders.
How was the information verified and affirmed?
o Interviews
o Data Gathering
o System Review
Why were the consequences realistic and credible?
o Feasibility testing and study
GenRays HUMAN RESOUCE INFORMATION SYSTEM
SYSTEM ANALYSIS
A system analysis of GenRays, launched to devise improvements to their
existing system, predicated on incidences of continuous payroll downtime
and the inefficiencies
SMALL BUSINESS SECURITY AND POLICY 10
of corruption of company asset files, resulted in a preliminary investigation.
The analysis, conveyed through the investigation, determined extensive
problems in
hardware and software, and communicated that a commercially purchased
virus protection program was a temporary expedient to virus-related
problems and would not solve the problems in the infrastructure of the
system. Inadequate, existing hardware and software technology could not
produce strategies to reduce or eliminate the threats and vulnerabilities to
the company’s assets. In addition to hardware and software problems, the
company is without policies, procedures, guidelines and standards to
effectively combat all system issues, not only the ones concerning virus
protection. Therefore, by proposing new technologies in hardware and
software to ensure integrity for the existing problems, by implementing and
integrating a new HRIS system integrated with FRS ensures a smooth
transition of successful event conformity. As indicated heretofore, the
system analysis included summary and background information, and the
preliminary investigation, hereafter, of the current system, was cause for
the development of a radical upgrade.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
SMALL BUSINESS SECURITY AND POLICY 11
PRELIMINARY INVESTIGATION
Clarify & understand the major objectives
o Major - New HRIS system
o Major - Implement and integrate new Payroll functions with
HRIS
o Major – New Infrastructure Integration of FRS & HRIS with
connectivity
o Major - Server-based network with data base integration
Determine the size of Project – Mid-Size
Costs
o Market Value or retail = $ 300,000.00 – $ 400,000.00
o Customer Budget = $103,000.00 and Reserves
o Fixed (sunk), tangible, nonrecurring
o Current intangible – Loss of Customers (Not to be considered in
project)
Other Minor Benefits and Objectives
o Advanced security and assurance
o Risk assessment and control
o Security administration
o Policies, Guidelines , Standards, and Procedures
o New infrastructure and connectivity
o Administrative and security-related policies and procedures
SMALL BUSINESS SECURITY AND POLICY 12
o Disaster recovery and incidence response
Alternate approaches – None, customer buys at OEM
Data gathering
GenRays HUMAN RESOUCE INFORMATION SYSTEM
o Review of organizational documents
o Conduct employee interviews
o Logical inspection of system configuration
o Physical inspection of system hardware & software
Identify design requirements; strategies – See Project Description
Feasibility testing
o Operational – Acceptable to users, company compliant
o Technical – Technology exists, available, and current
o Financial – Low to moderate cost; funding available
Acceptance of Project recommended
Findings reported to Executive sponsors and stakeholders
Initiating the Project
Source of Project initial request
GenRays - Customer
Reason for Project initiation
New HRIS system with Payroll functions integrated with new FRS
system
SMALL BUSINESS SECURITY AND POLICY 13
Managing review and selection of Project
Executive Sponsors and stakeholders
Five (5) objectives to the project initiation - 3 Major, 2 minor
Appraise the Firm’s security policy and procedures
o Non-existent
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Determine the extent of the likely incidents
o Extensive and critical
Evaluate the causes of the security incident
o Lack of a security policy or procedure
o Lack of security training and education
o Lack of incidence response
Recommended are changes to reduce threats, risks, and
vulnerabilities
POST-PRELIMINARY INVESTIGATION
After a thorough preliminary investigation and IT inventory by
Systems, Inc., of the physical and logical aspects of the information
system, the project Manager, Tom Irvine, formulated a proposal, which
included a complete upgrade of the infrastructure, inclusive of a new
HRIS system with payroll functions integrated with FRS, integration of
an SQL R2 database, standards, guidelines, policy and procedure,
SMALL BUSINESS SECURITY AND POLICY 14
software, PC upgrade, and integrated virus and malware protection. The
vastness suggested serious problems and the immediate implementation
is necessary to bring the GenRays system current and avoid any further
downtime of the payroll system. Deciding to balance the equation of
threats, vulnerabilities and downtime, to a new carefree uneventful
environment, implementation of the project would be decidedly the
better choice. Fulfillment of the integrated information system is
dependent on the executive sponsors, composed of unbiased
stakeholders, who would demonstrate enough knowledge to understand,
carry forward, and administer
GenRays HUMAN RESOUCE INFORMATION SYSTEM
the policies, guidelines, standards, procedures, upgrades, and
implementation proposed.
PROJECT ACCEPTANCE
On February 3, 2014, the Planning Committee and Executive
sponsors meeting unanimously approved in whole the proposal to initiate
the HRIS project and additional upgrades to HRIS under the terms and
conditions that implementation would take no more than 130 working days
beginning February 1, 2014, to complete, or penalties in the amount of
$5000.00 per day would be imposed beginning the first day after the 140th
day of non-compliance. Additional funding (Budget) over the $103,000.00,
announced earlier will come from reserve accounts already in place, but the
cost shall not exceed $400,000.00. Training and education will be provided
SMALL BUSINESS SECURITY AND POLICY 15
during the interim to familiarize the employees with the new environment
and will be ongoing. Initiation SMART begins.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Project Charter
February 1, 2014
Project Title
GenRays HRIS
Purpose
The purpose and reasoning for a new HRIS integrated system with
payroll functions is to promote and complement growth and expansion
through updated and
SMALL BUSINESS SECURITY AND POLICY 16
advanced technology in an automated environment integrated with the
current Financial Record System (FRS). The ease of work-related tasks
attributed to the
automation will propagate new system initiatives and incentives for all
employees, their workplace and the enterprise, GenRays, and will ensure a
positive atmosphere, with an easier and gentler work environment for FRS,
HRIS, purchasing, human resources with payroll functions, and other
related systems and applications, while making the data transparent, secure
and the exchange of information immediately available by means of email
communications.
Project Description (pgs. 14-22)
A major upgrade to GenRays’ very successful and recently developed
Financial Record System (FRS) that will complement and integrate a
proposed new Human Resource Information System (HRIS) with the FRS
system, creating one functioning whole automated unit and give accurate
and immediate access to all records in seconds.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
The committee and executive sponsors rely on the SMART technique
(Specific, Measurable, Attainable/Achievable, Realistic, and Time-bound to
describe and evaluate the goals and objectives the project is trying to
achieve. They help identify the overall scope of the project, define the risks,
support the validity of the problems and provide insight into the endeavor,
SMALL BUSINESS SECURITY AND POLICY 17
duration, and project cost. Understanding the objectives, first, determines
the deliverables to attain the objectives.
Computers, Printers
GenRays has twenty-six outdated, mixed-manufacturer PC desktop
computers with various operating systems from Windows XP to Windows 7.
Most in good to excellent condition, and six (6) laptops of early vintage with
Windows XP to Windows 7
operating systems. When a computer fails, which is regularly, the firm has
two spares of the same variety and quality and a replacement is always
available, if repairs were made to the spares. Smart Accomplished.
The Firm’s important applications reside on different desktops and
testament reveals data loss and redundancy from a failing operating system
occasionally. External drives provide backups on each desktop, if the user
remembers. Each desktop is fitted with a bulky 14” CRT monitor, which
takes up valuable physical space, requires more power, and emits more heat
than the newer LCD flat-screen displays. Each workstation contains dot-
matrix impact printer, which are the oldest printer technology, and is used
primarily for industrial and point-of-sales applications. Smart
Accomplished.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
SMALL BUSINESS SECURITY AND POLICY 18
Computer Goals and Objectives
Purchase at the Firm’s OEM, twenty-six (26) new HP PC6 desktop
PCs with Windows 8 Ultimate operating system and twenty-six (26) 20” LCD
monitors, and distribute to planning committee, project team stakeholder
and labor resource members. Duplicate the PCs and distribute one (1) each
to the CEO, one (1) each to the Project Manager, and two (2) each to be
used as spares and backup computers. The replaced PCs will be
distributed to subordinates of GenRays on an oldest PC basis.
Purchase six (6) HP dv7 laptops and distribute to outside sales and other
traveling members of GenRays. Purchase six (6) HP Color LaserJet 5550n
all-in-one printers distributed at various and strategic points throughout the
Firm replacing all other printers. Total thirty (30) PCs, six (6) laptops, and
six (6) printers. SMART accomplished.
Network
If risks, threats, and downtime are eliminated and assets protected,
the Firm expects to expand operations, but the peer-to-peer networking
configured at each site offers performance issues, management problems,
little security, or any way to control who shares what. Specifically, designed
for home use or very small businesses with fewer than ten users, peer-to-
peer networks may operate with current desktops and the outdated
operating systems, but upgrading to new computers with current versions
of the operating system would eliminate the P2P environment.
SMALL BUSINESS SECURITY AND POLICY 19
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Network Goals and Objectives
Consideration of Windows mid-size Business Server (SBS) 2008,
offers the features needed for a growing business including backup, restore,
Internet connectivity, mobile device support, consolidated e-mail services
(each user now has his/her own version of email), print sharing, file
management, mobility for smart phones and Wi-Fi laptops and notebooks.
In addition, anti-virus and anti-spam protection (each user now has none, it
is outdated, or updates are not current), and firewall protection to guard
against intrusions and attacks, access control features for confidential and
private files. Also, Microsoft Office 2013, including Excel, Access,
PowerPoint, Publishing, Outlook,
and Word (some users now have WordPerfect). Ref Windows Server
Essentials (2013). SMART accomplished.
Database
GenRays Inc. does not have a relational database, but an insecure,
third-party application inconsistent with any form of organization,
structured programming methods, or access control, which propagates
redundancy, duplication, or removal of assets. Distribution of significant
applications are divided among several workstations preventing consistent
SMALL BUSINESS SECURITY AND POLICY 20
updating and inviting security risks, loss of data, risks, vulnerabilities, and
threats.
Database Goals and Objectives
Purchase Microsoft SQL Server 2013 R2 for secure employee files,
customer files, accounting, service contracts, policies and procedures are
supported by SBS, the primary server configured as PC database systems,
since it supports distributed
GenRays HUMAN RESOUCE INFORMATION SYSTEM
databases, enables more than one user to access the same database, at the
same time for individual application access and processing. Ref MSDN
(2013). SMART accomplished.
Policies, Standards, Guidelines, and Procedures
Accepting the new Project requires the task of creating a framework
of policies, standards, guidelines, and procedures, for the Firm, especially
relating to security, giving the current outbreak of viruses, which plague
the Company. Usually, formulated
GenRays HUMAN RESOUCE INFORMATION SYSTEM
by top management, a volume set of all policies is included in the Project,
and then the Firm can decide the appropriate policy to incorporate.
SMALL BUSINESS SECURITY AND POLICY 21
implement, but be assured, security policies are critical to eliminate the
scourge of any system risk, threat, and vulnerabilities in protecting
company assets. The following
represents a few of the most important policies with a complete summary in
Appendix 2. Smart Accomplished.
Policies
Policies provide employees, in a company, guidelines about their
expected behavior, but individual policies go much further in detail. For
example, security policy dictates responsibility and roles, defines the range
of information to be secured, and provides a description of the controls that
are used to protect the asset information. Standards and guidelines support
policy. Legally, security policy, invokes a commitment from senior
leadership to protect information. A documented security
GenRays HUMAN RESOUCE INFORMATION SYSTEM
policy is a business mandate to comply with laws and regulation relating to
finance and privacy.
Standards
Standards consist of specific mandatory controls, which enforce,
support and ensure consistency of security policy across company assets,
and relate to specific software and hardware technology and the security
thereof.
Guidelines
SMALL BUSINESS SECURITY AND POLICY 22
Guidelines consist of non-mandatory controls and best practice scenarios,
which support standards or serve as a substitute when no standard is in
place.
Procedures
Procedures consist of systematic instructions to assist users in
implementing the various guidelines, standards, and policies.
Policies ( Most important )
Backup Policy
According to Instant Security Policy (2013), “The Backup Policy presents
the company's backup strategy, including identification of critical systems
and data, frequency of incremental and full backups, responsibilities of
backup administrator, storage of backups, offsite rotation, restoration
procedures, and more”.
Acceptable Use Policies
Explains how an employee in a company can use resources, hardware and
software, and the company conveys the consequence of misuse.
Accountability Policies (Design)
If errors occur, make clear who is responsible for the accuracy in the
manipulation, which is usually done by logging.
Availability Policies (Design)
SMALL BUSINESS SECURITY AND POLICY 23
Availability is the practice of protecting data to prevent its loss and to
maintain accessibility to the correct data or information.
Confidentiality Policies (Design)
Confidentiality minimizes or prevents unauthorized access to and disclosure
of information or data.
Disposal and Destruction Policies
Disposal defines how assets that are no longer needed insure proper
disposal techniques.
Due Care Policies
Due Care identifies the level of security used to establish confidentiality of
private assets and information.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
E-mail Policy
According to Instant Security Policy (2013), “The purpose of the Email
Policy is to detail the company's usage guidelines for its email system. This
policy aims to reduce risk of an email-related security incident, foster good
business communications both internal and external to the company, and
provide for consistent and professional application of the company's email
principles”.
SMALL BUSINESS SECURITY AND POLICY 24
Integrity Policies (Design)
Integrity dictates that data being manipulated must be the correct data, not
data that is insignificant to the work being done.
Incident Response Policy
According to Instant Security Policy (2013), “The Incident Response Policy
specifies exactly how the organization will respond in the event of suspected
security incident. This policy defines security incidents, both physical (such
as the loss of a laptop) and electronic (a suspected attack or malware
infection). This policy includes preparation plans, response activities for
different scenarios, and forensics/recovery based on your stated goals.
Incident Response Policies are required by a number of regulations and
security standards”.
Job Rotation Policies
Job rotation describes the interval rotation of a company position that puts
another employee in that position.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Least Privilege
Least privilege assigns minimum permissions to employees that they need
to accomplish their job duties
Mandatory Vacations
SMALL BUSINESS SECURITY AND POLICY 25
Mandatory Vacations provide an opportunity to discover fraud or
mischievous activities in a system.
Password Usage Policy
According to Instant Security Policy (2013), “A solid Password Policy is
perhaps the most important security control an organization can employ.
Since the responsibility for choosing good passwords often falls to the end
users, a detailed and easy-to-understand policy is essential”.
Privacy Policies
Privacy identifies what controls need to be in place to maintain the security
of private information in the work place.
Physical Access Control Policies
Physical access requires authorization of employees to access applications,
or systems that contain information.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Physical Security Policy
The Physical Security Policy sets guidelines and standards for physical
security including, access control, assets, security zones, physical data,
system security, and the minimizing of risk of entry to the physical building.
SMALL BUSINESS SECURITY AND POLICY 26
Security Policies
Security identifies what controls are needed to maintain or implement the
system, network, and users.
Separation of Duties Policies
Separation of Duties reduces the risk of fraud and embezzlement by
requiring more than one employee to process separate tasks.
Objectives and Goals
To maintain a successful, newly developed Financial Record System
(FRS) and develop, integrate, implement and maintain a proposed Human
Resource Information System (HRIS), giving one automated system where
activities are transparent to the user, and the flow of information is
regulated by control features of the system, producing accurate, reliable
output, by one single data entry, updated in real time, creating
confidentiality, integrity, availability and accountability.
To develop, implement, and maintain, network security, compliance
and operational security, application, data and host security, access control
and identity management, and cryptography, for corporate, organizational,
departmental, personal,
GenRays HUMAN RESOUCE INFORMATION SYSTEM
business, and cloud computing (the Internet) from attacks, risks, threats
and vulnerabilities using policies, which are the major consequences on
SMALL BUSINESS SECURITY AND POLICY 27
issues, standards which tell people what is expected, and guidelines which
provide specific advice on how to accomplish a given task or activity.
Success CriteriaExpected Benefits
Savings from the newly implemented Financial Record System (FRS)
with its automatic calculations will provide:
An integrated FRS and HRIS system with payroll functions.
Allows for easier detection and transparency in hiring.
Assures applicants for new jobs will be well qualified.
Positive impact for employee career tracking & goals.
Auto disbursements of paychecks & expense reports.
Reimbursements made faster & easier.
Auto-pay options availability.
Every employee can apply for open positions.
Recruiting capabilities.
Succession planning.
Employee database & e-forms.
Payroll to reduce mistakes and avoid redundant data entries.
Capacity for employee and management self-service.
Performance review and compensation competencies.
Position control.
Paying consistently for same level of work.
SMALL BUSINESS SECURITY AND POLICY 28
Recruiting abilities.
Managing training records.
Vacation time linked to attendance than years of service.
Open enrollment employee self-service.
Performance review
Education and certification tracking requirements.
Links to compensation by performance review management.
Government compliance.
E-mail communications.
Integration of database to all-in-one system.
Migration of employee data.
FUNDING
One-hundred and three thousand dollars ($103,000.00) available
funding with additional revenues accessible for unforeseen constraints,
risks, and obstacles not identified during the initiation, planning and
execution phases of the system project are available, but subject to the
approval of the executive sponsors.
Update! After the Preliminary and Post-Preliminary meeting and
during a special meeting it came to the attention of all executive sponsors
and the CEO that the allocated funding of $103,000 did not meet the
requirements for the new HRIS integrated project and either the products
and services must be cut back, giving an incomplete and
SMALL BUSINESS SECURITY AND POLICY 29
GenRays HUMAN RESOUCE INFORMATION SYSTEM
undeserving consequence of the project, and personal would be cutback
drastically. Recall, during our first meeting, we discussed the need to bring
the project in compliance and integration with FRS and HRIS.
Notwithstanding, the hard work and helpful information provided by
GenRays, it has decided that an additional $300,000,00 to $400,000.00 is
required to complete the project, as it was intended, but you can be assured
the project will proceed on schedule with a 130 day as a drop dead
completion date, but more that that, after reviewing pertinent documents,
we, at Systems Inc., foresee reducing the deadline to less than 130 days,
nevertheless, the
GenRays HUMAN RESOUCE INFORMATION SYSTEM
reduction in personal will not affect the overall project and it can be
assumed all concerned rally the to make that possible.
The latest forecast in additional budgeting will figure significantly in
the welfare at GenRays and that limit will come down as personnel cuts are
made. GenRays, now has the option to get a second opinion, but ensure they
will receive the entire integration package, or they may opt to stay with
Systems Inc. who will promote the best interest and welfare of the Company.
ACCEPTANCE CRITERIA
SMALL BUSINESS SECURITY AND POLICY 30
In addition to the review of organizational documents, the logical
inspection of Project system configuration, and the physical inspection of
system hardware & software , Project Manager, Tom Irvine, interviewed with
intensity, employees, vendors and management to identify important aspects
of the new HRIS system to meet the goals
necessary for the new initiative to start after W2s are issued and completed
before year-end closing.
PROJECT DEVELOPMENT SUMMARY
A summary analysis and background preliminary investigation of the
Company’s information system uncovered widespread irregularities in the
operating system of each computer, thought at first to be virus related, the
entire system appeared to be dysfunctional and the systems infrastructure
void of any current configuration of hardware and software. A rationale and
systems analysis performed indicated positive for forming the conclusion
and a project initiation was granted to upgrade the system to
a HP MBS 2008, server-based, enterprise environment, including SQL R2
data base integration. In addition, PC replacement, integrated printing,
policy software, access control capabilities, virus and malware control,
application integration configuration, proposed in the implementation would
promote a healthy environment.
With the aid of MSDN (2013), Windows Server Essential (2013), and
Microsoft Mid-Size and Small Business Center (2012), installation and
SMALL BUSINESS SECURITY AND POLICY 31
implementation of the information system went according to plan with no
deviations in systems analysis, design, description, or implementation of the
project. All goals and objectives were accomplished, as noted in
Description of the Project, which resulted in a refined software and
hardware infrastructure, producing faster and errorless processing.
Timelines and scheduling beat the fourteen-day deadline by three days, and
except for two HP Notebooks being added to the project deliverables for
outside sales, no other changes, problems or unanticipated requirements or
components were needed or
GenRays HUMAN RESOUCE INFORMATION SYSTEM
encountered. Project development ensured the newest technology, the best
infrastructure, and integration of all components and applications of the
information system, producing effective results and a successful conclusion.
Inasmuch as new funding in excess of the original $103,000, has been
allocated through reserves for expansion and growth, to complement and
show good will, Systems, Inc., has revised the deliverable project date,
based on preliminary findings, from 140 days to 120 days or less. This will
bring the new system online earlier than expected and enhance the
credibility of both parties to one of greater trust and understanding based
on their mutual consent of loyalty in the relationship.
New Project Development Summary
Item Proposed Dates Days
SMALL BUSINESS SECURITY AND POLICY 32
1.0 Genrays HRIS System Project 02/01/14 - 04/22/14 571.1 Initiation 02/01/14 - 02/12/14 9 1.1.1 Evaluation & Recommendations 02/01/14 - 02/04/14 3 1.1.2 Develop Project Charter 02/05/14 - 02/07/14 3 1.1.3 Deliverable Submit Charter 02/10/14 - 02/10/14 1 1.1.4 Project Sponsor Reviews 02/11/14 - 02/11/14 1 1.1.5 Charter Signed and Approved 02/12/14 - 02/12/14 11.2 Planning 02/13/14 - 02/27/14 11 1.2.1 Create preliminary Scope 02/13/14 - 02/17/14 3 1.2.2 Determine Project Team 02/18/14 - 02/20/14 3 1.2.3 Project Team Kickoff Meeting 02/21/14 - 02/21/14 1 1.2.4 Develop Project Plan 02/24/14 - 02/25/14 2 1.2.5 Submit Project Plan 02/26/14 - 02/26/14 1 1,2,6 Milestone Project Plan Approval 02/27/14 - 02/27/14 11.3 Execution 02/28/14 - 04/08/14 28 1.3.1 Project Kickoff Meeting 02/28/14 - 02/28/14 1 1.3.2 Verify User Requirements 03/03/14 - 03/03/14 1 1.3.3 Design & Implement HRIS System 03/04/14 - 03/11/14 6 1.3.4 Design & Implement Payroll Funct 03/12/14 - 03/19/14 6 1.3.5 Procure Hardware / Software 03/20/14 - 03/24/14 3 1.3.6 Integrate FRS, HRIS & Payroll 03/25/14 - 03/28/14 4 1.3.7 Install Integration 03/31/14 - 04/01/14 2GenRays HUMAN RESOUCE INFORMATION SYSTEM
SMALL BUSINESS SECURITY AND POLICY 33
1.3.8 Testing Phase 04/02/14 - 04/03/14 2 1.3.9 Install Live System 04/04/14 - 04/07/14 2 1.3.10 Go Live 04/08/14 - 04/08/14 1 1.4 Control 04/09/14 - 04/14/14 4 1.4.1 Project Management 04/09/14 - 04/09/14 1 1.4.2 Project Status Meetings 04/10/14 - 04/10/14 1 1.4.3 Risk Management 04/11/14 - 04/11/14 1 1.4.4 Update Project Mgmt. Plan 04/14/14 - 04/14/14 11.6 Closeout 04/15/14 - 04/21/14 5 1.5.1 Audit Procurement 04/16/14 - 04/16/14 1 1.5.2 Doc Lessons Learned 04/17/14 - 04/17/14 1 1.5.3 Testing Phase 04/18/14 - 04/18/14 1 1.5.4 Install Live System 04/21/14 - 04/21/14 1 1.5.5 Archive Files / Documents 04/22/14 - 04/22/14 1
Note: Proposed Dates are in “Working Calendar Days”, and “Days” are in actual days worked.
HRIS MAJOR DELIVERABLES
Project Charter.
New HRIS System
HRSIS System with Payroll functions integrated
New FRS and newer HRIS infrastructure Integrate
Human Resources (Fig 1.1)
SMALL BUSINESS SECURITY AND POLICY 34
Hardware, Printers, peripherals, Software (Fig 1.4)
HRIS Milestone Schedule
Project Plan Approval
Project Closure
Major: Project Charter
Approval Requirements
Executive Sponsors and CEO indicate project must be complete with all
system components functional after W2s for 2013 are issued and before
year end closing in the year 2014.
Project manager
Tom Irvine, Project Manager
Authorized by
Rory Genhardt, CEO
___________________________________________________
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Project Scope Statement
Project Objective
To implement and integrate, Genray’s FRS system and the HRIS system
with payroll functions giving one all-in-one infrastructure that will be
SMALL BUSINESS SECURITY AND POLICY 35
conducive with all applications and subsystems and allow a smooth
transition and flow of information to the appropriate related systems with
ease and trouble-free environment in a timely manner.
HRIS Major Deliverables (Redundant)
Project Charter.
New HRIS System
HRSIS System with Payroll functions
integrated
New FRS and newer HRIS infrastructure Integrated
Human Resources (Fig 1.1)
Hardware, Printers, peripherals, Software (Fig 1.4)
Milestones
Technical Requirements
Implement, upgrade, integrate and provide connectivity to a new Network.
Implement, upgrade, integrate and provide connectivity to all PCs on the
Network.
Implement, upgrade, integrate and provide connectivity to all Printers on
the Network.
SMALL BUSINESS SECURITY AND POLICY 36
Implement, upgrade, integrate and provide connectivity to all Laptops on
the Network.
Implement, upgrade, integrate and provide connectivity to SQL R2 database on the Network.
Implement, upgrade, integrate and provide connectivity to Server 2013 Essential on the Network.
Implement, upgrade, integrate and provide connectivity to all peripherals on the Network.Implement, upgrade, integrate and provide connectivity to Server 2013 Essential on the Network.
Implement, upgrade, integrate and provide connectivity to all peripherals on the Network.
Limits, Exclusions, and Constraints
Meet the goals necessary for the new initiative to start after W2s are issued and completed before year-end closing in the year 2014.
Confirm regularly with intermediate payments to assure a budget of between $300,00 and $400,00 is a realistic figure that GenRays can absorb without difficulty and in a timely manner, since the original budget was $103,000.
Project must adhere to PMBOK Guide, fifth edition, 2013 and ANSI 2012.
Customer Review Rory Genhardt, CEO
Customer Requirements (Redundant) See
SMALL BUSINESS SECURITY AND POLICY 37
Statement of Work
Project Deliverables
Human Resources (Fig 1.4)
Hardware, Printers, Peripherals, Software (Fig 1.4)
Acceptance Criteria
Work Breakdown Structure
___________________________________________________WBS DESCRIPTION RESPOSIBLE DELIVERABLESItem___________________________________________________Title of Project: GenRays HRIS ___________________________________________________1.0 HRS Implement Package #1 Resource Project HRIS1.1 Plan, Design, Develop1.2 Implement2.0 Payroll Functions Package #2 Resource Project Payroll2.1 Plan, Design Develop2.2 Implement2.0 Integration Package #3 Resource Project Integration2.1 Plan, Design, Develop 2.2 Integrate HRIS & Payroll2.3 Integrate FRS & HRIS___________________________________________________
SMALL BUSINESS SECURITY AND POLICY 38
1. GenRays HRIS System Project 1.1 Initiation 1.1.1 Evaluation & Recommendations 1.1.2 Develop Project Charter 1.1.3 Deliverable: Submit Project Charter 1.1.4 Project Sponsor Reviews Project Charter 1.1.5 Project Charter Signed/Approved 1.2 Planning 1.2.1 Create Preliminary Scope Statement 1.2.2 Determine Project Team 1.2.3 Project Team Kickoff Meeting 1.2.4 Develop Project Plan 1.2.5 Submit Project Plan 1.2.6 Milestone: Project Plan Approval1.3 Execution 1.3.1 Project Kickoff Meeting 1.3.2 Verify & Validate User Requirements 1.3.3 Design HRIS System 1.3.4 Design Payroll Functions 1.3.5 Procure Hardware/Software 1.3.6 Integrate HRIS & Payroll Functions 1.3.7 Install Integrated HRIS & Payroll System 1.3.8 Testing Phase 1.3.9 Install Live System 1.3.10 User Training 1.3.11 Go Live1.4 Control 1.4.1 Project Management 1.4.2 Project Status Meetings 1.4.3 Risk Management 1.4.4 Update Project HRIS Plan1.5 Closeout 1.5.1 Audit Procurement 1.5.2 Document Lessons Learned 1.5.3 Update Files/Records 1.5.4 Gain Formal Acceptance 1.5.5 Archive Files/Documents
SMALL BUSINESS SECURITY AND POLICY 39
Project Boundaries
The point in time between initiating the Project on February 1,
2014 and closing the Project 140 days later on June 20, 2014 .
Project Assumptions
Elements of the project, including resource availability,
funding, weather, timing of related events, and availability of
vendors are believed to be accurate and true with emphasis on
the events, actions, concepts, and ideas, which have been
accessed in a positive light.
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Initial defined risks and Constraints
___________________________________________________ Likelihood Degree of Occurrence Impact Action Risk Impact (L,M,H) (L,M,H) Trigger Responsibility Response Plan___________________________________________________High Unknown H Unknown Planning Undiscoverable
SMALL BUSINESS SECURITY AND POLICY 40
___________________________________________________Key L Low, M = Medium, H = High
Money contingences L
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Project Approval
SMALL BUSINESS SECURITY AND POLICY 41
Approved by the Project Sponsor
_Rory Genhardt, CEO____ Date__February 3, 2014__
The project sponsor signs the project charter. This sign-off provides the Project Manager with the authority to move forward and serves as the official notification of the start of the project.
Stake Holders Work Resources and Costs (Fig
1.1)
CEO & Committee Chair - Rory 20 Hrs Ea Wk x
12
@ 75.00 $18,000.00
Director of Operations (PM) - Tom 40 Hrs Ea Wk x
12
@ 150.00 $72,000.00
Director HR - Ashley 20 Hrs Ea Wk x
12
@ 40.00 $9,600.00
Audits - Cameron 5 Hrs Ea Wk x
12
@ 40.00 $2,400.00
SMALL BUSINESS SECURITY AND POLICY 42
Human Resources - Madison 10 Hrs Ea Wk x
12
@ 45.00 $5,400.00
Sales - Ryan 10 Hrs Ea Wk x
12
@ 75.00 $9,000.00
Human Resources - Alex 1o Hrs Ea Wk x
12
@ 75.00 $9,000.00
Production & Planning - Jesse 10 Hrs Ea Wk x
12
@ 70.00 $8,400.00
Production & Purchasing - Shea 10 Hrs Ea Wk x
12
@ 65.00 $7,800.00
Ashton – Design & Technical
Support
30 hrs Per Wk x
12
@ 75.00 $27,000.00
Works - Carson 5 Hrs Ea Wk x 12 @ 55.00 $3,300.00
Rylee – Plant Manager Site 1 35 Hrs Per Wk x
12
@ 120.00 $50,400.00
Tyler – Plant Manager Site 2 35 Hrs Per Wk x
12
@ 120.00 $50,400.00
Microsoft Sales Rep 10 Hrs Per Wk x
12
Included _
Microsoft - Technical 20 Hrs Per Wk x
12
Included _
SMALL BUSINESS SECURITY AND POLICY 43
Hewlett Packard - Sales Rep 10 Hrs Per Wk x
12
Included _
Hewlett Packard - Technical 20 Hrs Per Wk x
12
Included _
Total Projected Human Resource
Cost
240 Hrs x 12 @ 1005.00 $272,700.00
Project Timeline and Scheduling_(Fig 1.2)
Project Task
Duration
Outcome Start Date End Date
Preliminary Investigation 2 Days Met
Goal
2/3/2014 2/4/2014
System Analysis / Rationale 2 Days Met
Goal
2/3/2014 2/4/2014
Committee / Share Holders
Meeting
1 Day Met
Goal
2/5/2014 2/5/2014
Project Initiation / Planning 1 Day Met
Goal
2/2/2014 2/2/2014
Procure HW & SW 2 Days Met
Goal
2/5/2014 2/7/2014
SMALL BUSINESS SECURITY AND POLICY 44
Project Task
Duration
Outcome Start Date End Date
Create project schedule 1 Day Met
Goal
2/7/2014 2/7/2014
Define General Requirements 1 Day Met
Goal
2/7/2014 2/7/2014
Define Security Requirements 1 Day Met
Goal
2/7/2014 2/7/2014
Configure HP SBS Server 2008 1 Day Met
Goal
2/8/2014 2/8/2014
Configure SQL Data Base
Integration
1 Day Met
Goal
2/9/2014 2/9/2014
Configure Backup Recovery
Integration
1 Day Met
Goal
2/9/2014 2/9/2014
Configure Volume Policy
Integration
1 Day Met
Goal
2/9/2014 2/9/2014
Configure Application Integration 1 Day Met
Goal
2/9/2014 2/9/2014
SMALL BUSINESS SECURITY AND POLICY 45
Project Task
Duration
Outcome Start Date End Date
Malware / Anti-Virus Integration 1 Day Met
Goal
2/10/2014 2/10/2014
Windows 7 Profession Integration 1 Day Met
Goal
2/10/2014 2/10/2014
External Storage integration 1 Day Met
Goal
2/10/2014 2/10/2014
Configure Net Work
Infrastructure
1 Day Met
Goal
2/11/2014 2/11/2014
Set PC Permissions 1 Day Met
Goal
2/11/2014 2/11/2014
Test and Validate System 1 Day Met
Goal
2/12/2014 2/12/2014
Change, Control &
Communications
1 Day Met
Goal
2/12/2014 2/12/2014
Deliver the Project 1 Day Met
Goal
4/01/2014 4/01/2014
Close the Project 1 Day Met
Goal
2/13/2014 2/13/2014
SMALL BUSINESS SECURITY AND POLICY 46
Project Task
Duration
Outcome Start Date End Date
Web Design Training & Education 30 days On Going
System Training & Education 30 Days On Going
Quality Assurance & Control 6 Months On Going
Monitor Change, Risk,
Performance
6 Months On Going
PROJECT DEVELOPMENT (Fig 3)
Project Development
Task
Changes? Reason Explanation
Project Report Summary No Initial Response System Background
Review of Other Work Yes Not Same Configuration of Systems Generalized
Preliminary Investigation No Initial Response Assessment
Systems Rationale No Justified
Systems Analysis No Design Proficient & Detailed
Project Initiation No Approved Planning
Committee/Stakeholders
SMALL BUSINESS SECURITY AND POLICY 47
Project Development
Task
Changes? Reason Explanation
Project Description No Clarify & Validate Preliminary
Investigation
Goals and Objectives No Accomplished
Timeline & Scheduling Yes Beat 14 day Deadline by 3 days
Project Deliverables Yes Add Two HP DV7-3288 Laptops @ $600.00
Each
Project Planning
Checklist
Yes Subtract Beat Initial Time by 30 days
SMALL BUSINESS SECURITY AND POLICY 48
PROJECT DELIVERABLES AND COSTS (Fig 1.4)
Hardware, Software, Applications, Subscription, White Papers
Item Quantity
GenRays HRIS. Project Deliverables
Systems, Inc. Project Deliverables
Project Costs Retail
Project Costs OEM
Project Costs Total
30 Each HP PC6, Wind 8 Ultimate Desk Top Computer
30 @ $1300 30 @ $900 $ 27,000.00
30 Each HP 20” 2371d LED Monitors
30 @ $300 30 @ $200 $ 6,000.00
6 Each HP Color 555on LaserJet Printer
6 @ $2,400 6 @ $3,500 $ 14,400.00
1 Each HP DL380P Gen8SBS Server HW &SW
$14,000 $10,000 $ 10,000.00
1 Each Microsoft 2008 SQL R2 Data BaseIntegratedUltimate SW
$5,000 $ 3,500 $ 3,500.00
1 Lot Miscellaneous Peripherals; Malware, AntivirusSubscriptions
$2,000 $2,000 $ 2,000.00
1 lot Miscellaneous Wiring, Adapters
$1,000 $1,000 $ 1,000.00
SMALL BUSINESS SECURITY AND POLICY 49
Item Quantity
GenRays HRIS. Project Deliverables
Systems, Inc. Project Deliverables
Project Costs Retail
Project Costs OEM
Project Costs Total
Connectors
1 Set Volume
Security Policy,Standards, Guidelines, Procedures Subscription
$2000 $2000 $ 2000.00
PROJECT DELIVERABLES and COSTS (Fig 1.4)
Hardware, Software, Applications, Subscription, White Papers
Item Quantity
Systems Inc. Project Deliverables
Systems Inc. Project Deliverables
Project Costs Retail
Project Costs OEM
Project Costs Total
1 Month
Training, Education:Networking,Operating Sys,Security,SW, HW
$5000 $5000 $ 5,000 .00
1 Month
Training: Web Site Design & Development
$3000 $3000 $ 3,000 .00
6 Months
Quality Assurance Action on Quality Control
Included
6 Months
Monitoring:Change, Risks, Performance, Evaluation
Included
SMALL BUSINESS SECURITY AND POLICY 50
Item Quantity
Systems Inc. Project Deliverables
Systems Inc. Project Deliverables
Project Costs Retail
Project Costs OEM
Project Costs Total
2 Days Implement Project Charter
Included
1 Day Provide Manuals Hard Ware, Software, Operating System Networking
Included
PROJECT DELIVERABLES and COSTS (Fig 1.4)
Item Quantity
GenRays HRIS Project Deliverables
Systems Inc. Project Deliverables
Project Costs Retail
Project Costs OEM
Project Costs Total
1 Day Provide Manuals Data Base Server 2008
Included
1 Day Provide Manuals SBS Sever 2008
Included
7 Days
Labor Resource Members
$272,700.00
7 Days
Provide Additional Expertise and Man Power as Needed
Included
7 Provide Building Included
SMALL BUSINESS SECURITY AND POLICY 51
Item Quantity
GenRays HRIS Project Deliverables
Systems Inc. Project Deliverables
Project Costs Retail
Project Costs OEM
Project Costs Total
Days Access After Hours
7 Days
Install, Implement, Integrate, Execute Project
$ 30,000 $30,000 $ 30,000.000
Totals Total OEM Costs
Total Retail Costs
Total HRIS Project Costs
GenRays HUMAN RESOUCE INFORMATION SYSTEM
GenRYAYS MATRIX TEMPLETE (Fig 1.5)
Project Management Knowledge Areas
Recommended Tool(s)
Justification for Tool
Project Integration Management
Expert JudgmentFacilitation Technique
Produce Project Management Plan
Project Scope Management
Expert JudgmentMeetings
Scope Management PlanRequirements Management Plan
SMALL BUSINESS SECURITY AND POLICY 52
Project Time Management
Expert JudgmentDecompositionRolling Wave Planning
Activity List. Activity Attributes, Milestone List
Project Quality Management
Cost Benefit AnalysisCost of quality7 Basic Quality toolsBenchmarkingDesign of ExperimentsStatistical Sampling Additional quality Planning ToolsMeetings
Quality Management Plan,Process Improvement PlaaaanQuality MetricsQuality ChecklistsProject Documents Updates
Project Cost Management
Expert Judgment,Analytical Techniques Meetings
Provides clarity as to how project teams will determine which type of requirements need to be collected for the project
Project Communications Management
Communication analysis, technology, Models & MethodsMeetings
Communication Management Plan, Project Documents Update
Project Human Resource Management
Organization Charts and Position DescriptionsNetworkingOrganizational Theory Expert JudgmentMeetings
Human Resource ManagementbPlan
Project Risk Management
Analytical Techniques Expert Judgment,Meetings
Risk Management Plan
Project Procurement Management
Make or Buy analysisExpert JudgmentMarketing ResearchMeetings
Procurement Management Plan, SOW, documents, Selection Criteria, Make-one-Buy, Change Requests, Project Documents Update
Communications Issue Log, Change Requests, PM Plan,
SMALL BUSINESS SECURITY AND POLICY 53
Project Stakeholder ManagementMethods. Interpersonal SkillManagement Skills
Project Doc Updates, Organizational Process Assets Updates
PROJECT PLANNING CHECKLIST (Fig 1.6x)
To access the GenRays Project Schedule Planning Checklist, and
Critical Path.
Click on the Excel Icon
GenRays HUMAN RESOUCE INFORMATION SYSTEM
SMALL BUSINESS SECURITY AND POLICY 54
REFERENCES
Altus IT. (2013). Altius IT Policy Collection. Retrieved February 28, 2014 from http://www.altiusit.com/policies.htm
http://www.pcm.com/n/Microsoft-Midsize-Business/manufacturers-293
Microsoft Small and Mid-Size Business Center. (2012). Microsoft’s Security Guide for a Midsize Business. Retrieved February 28, 2014 from
http://www.google.com/search?sourceid=navclient&aq=&oq=security+guide+for+a+small+business&ie=UTF-8&rlz=1T4ADRA_enUS490US490&q=security+guide+for+small+business+microsoft+&gs_l=hp..2.0i22i30j0i22i10i30j0i22i30l3.0.0.0.26931...........0.JjDptd_RjoU
Purdue owl: APA formatting and style guide. (2012). Purdue online writing lab. Citation style chart. Retrieved February 28, 2014 from http://owl.english.purdue.edu/owl/resource/949/01/
Instant Security Policy. (2013). Custom Security Policy. Retrieved February 28, 2014 from http://www.instantsecuritypolicy.com/defs-
physical_security_policy.html
Mindful Security. (2013). Policies, Standards, Guidelines and Procedures. Retrieved February 28, 2014 from
http://mindfulsecurity.com/2009/02/03/policies-standards-and-guidelines/
MSDN. (2013). HW and SW Requirements for Installing SQL Server 2008 Retrieved February 28, 2014 from http://msdn.microsoft.com/en-us/library/ms143506(v=SQL.100).aspx
SMALL BUSINESS SECURITY AND POLICY 55
TechRepublic. (2013). Project Objectives. Retrieved February 28, 2014 from
http://www.techrepublic.com/article/use-project-objectives-to-structure-the- project-and-validate-success/5839938
Windows Server Essential. (2013). System Requirements for Installing Windows
2008. Retrieved February 28, 2014 from http://technet.microsoft.com/en-us/library/cc527594(v=ws.10).aspx
SMALL BUSINESS SECURITY AND POLICY 56
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Glossary
Annualized Loss Expectancy (ALE) - The expected monetary loss that can be expected for an asset due to a risk over a one year period. It is defined as: ALE = SLE * ARO: Where SLE is the Single Loss Expectancy and ARO is the Annualized Rate of Occurrence.
Doing it their way – Haphazardly, without thought or condition.
Enterprise - A project or undertaking, one that is difficult or requires
effort.
FRS - Financial Record System.
Guidelines – Determines a course of action.
HRIS – Human Recourse Information System.
Intrusion Detection System (IDS) – A software application or device that monitors system or network for policy violations or malicious activities and produces reports to a management. IT – Information Technology.
Policy - Principle or protocol to guide decision & achieve rational outcomes.
Standard - Any norm, convention or requirement.
Up-to-speed – Current.
SMALL BUSINESS SECURITY AND POLICY 57
GenRays HUMAN RESOUCE INFORMATION SYSTEM
Appendix 1: According to Altius IT (2013), Policy Collection Security is
“Network Security Policies
Account Management Policy Acquisition and Procurement Policy Admin Special Access Policy Anti-Malware Policy Asset Management Policy Audit Trails Policy Backup Policy Bluetooth Policy Certification and Accreditation Policy Change Management Policy Data Integrity Policy Data Marking Policy Data Privacy Policy Data Retention Policy Disposal Policy Domain Controller Policy Domain Name System Policy E-commerce Policy Encryption Policy Firewall Policy Guess Access Policy Hardware and Software Maintenance Identification and Authentication Logical Access Controls Policy Network Access Policy Network Address Policy Network Configuration Policy Network Documentation Policy Internet Connection Policy Logging Policy Password Usage Policy Patch Management Policy
Incident Response Security Policies and Plans
Incident Response Plan Incident Response Policy Intrusion Detection Policy
Security Governance Policies
Acceptable Use Policy Audit Policy Documentation Policy E-mail Policy Green Computing Policy HIPAA and HITECH Policy IT Governance Policy IT Management Policy Mass Communication Policy Mergers and Acquisitions
Policy Outsourcing Policy Portable Computing Policy Privacy Policy Production Input Output
Controls Policy Reporting Violations Policy Securing Information
Systems Policy Security Controls Review
Policy Security Awareness and
Training Policy Security Awareness and
SMALL BUSINESS SECURITY AND POLICY 58
Personnel Security Policy Physical Access Security Policy Physical Security Policy Removable Media Policy Remote Access Policy Router Security Policy Securing Information Systems Policy Securing Sensitive Information Policy Security Monitoring Policy Security Policy Server Certificates Policy Server Hardening Policy Software Licensing Policy System Security Plan System Update Policy User Privilege Policy Vendor Access Policy Wireless Access Policy Workstation Security Policy
Training Plan Smartphone and Mobile
Device Policy Social Networking Security
Policy Staffing Policy Terms and Definitions Policy Third Party Providers Policy
Risk Management Policies
Business Impact Policy Compliance Policy Data Classification Policy Quality Assurance Policy Risk Assessment Policy Risk Management Policy
Business Continuity Policies and Plans
Business Continuity Resumption Plan Business Continuity Communications Plan Business Continuity Disaster Recovery Plan Business Continuity Department Plan Business Continuity Plan Business Continuity Policy
Application Security Policies
Application Implementation Policy Approved Application Policy Secure Software Development Lifecycle Software Development Policy
System Development Policy
Using HP infrastructure Management with HP ProLiant servers increases efficiency and control
of your entire server management infrastructure.
SQL Server 2012 HP Proliant DL380 Generation G6 Server Microsoft