Security Business Requirements, Research Paper Example

CMMI Summary

CMMI or the Capability Maturity Model Integration is an integral technology-defined business process that organizations at present benefit so much from. The system implicates an effective use of different procedures that will improve company performance through the aid of modern technology. In line with the development of these procedures for development, CMMI tries to create a basic guideline that would define the strengths and weaknesses of the organization as a whole. Basing from the operations it undergoes with everyday and the management of the people involved in each operation, the CMMI approach that is taken into consideration by an organization creates a more responsive indication of progress based from adjustments and changes that would establish good foundation for the business.

In the case of Em’s Bakery LTD, it could be realized that synchronizing data between outlets of the business, which are scattered in different distant areas, is necessary. Relatively, the capacity of the central management to oversee the situations on each outlet in a real-time basis of report ought to create a more dependable and reliable system that would make it easier for the administrators to monitor progress and watch out for possible uncanny conditions that need immediate addressing. This however can only be accomplished through the reflective adjustment of the organizational set up and the responsive cooperation from the people involved in the process. Along with this, it is expected that an improved IT system could create an easier path for all the individuals involved to follow through.

Understanding the Basics of Project Monitoring and Control (PMC) Process Area

Given that the condition of the organization being attended to includes several issues of security breach and organizational arrangement dilemma, the process area of CMMI that was chosen for implementation in accordance with Em’s bakery Ltd’s case is that of the Project Monitoring and Control. Notably, such approach is expected to create a definite condition on how the current IT system application and operation of the organization could be redesigned and refurnished to meet with the current requirements of the organization itself.

As mentioned in the previous documentation, the current status of Em’s Bakery Ltd is currently dependent on an IT system that is able to record and store data that is encoded in different workstations sent and stored within the main servers of each outlet which are later on passed on to the main office for real-time evaluation and reporting. Notably, the system is expected to operate in line with the desire to keep a real-time data that would help the administrators see the progress of the business as well as monitor the condition of each outlet as they contribute to the increase of sales of the organization as whole. Relatively, these digits or data are expected to provide better understanding on the part of the administrators as the create future-directed decisions that are designed to improve the operational system of the business based on each outlet’s performance.

One problem about this particular matter though is that the current IT system operating in the organization is not completely secured, nor is it specifically mandated to be used solely by authorized personnel in the business only. As a matter of fact, the hierarchy of operators in the data storage system has not been clearly defined yet making it harder to pin point who has the actual authority to access specific areas of the data storage. This fact jeopardizes the expected performance that the IT operation is supposed to handle for the sake of the development of the organization.

Since the data stored in the system is more related to sales reports, returns and revenues, it is very crucial that everything is secured especially when it comes to the confidentiality of the record kept in storage. Another matter of concern is the fact that since the data is shared through the internet, there is a possibility that malicious hackers from outside the hierarchy of organizational command would be able to access the data stored due to wifi connections that the outlets offer to customers. This danger presents a specific identification of the weakness of the current IT system and even furthers the need for implementing effective security-directed operations that would improve the current IT systems used by the organization.

The process area concentrated on Project Monitoring and Control or PMC helps a lot in this matter. Notably, PMC intends to make a distinctive approach in creating a specific pattern for the organization to follow especially when it comes to hierarchical monitoring in relation to who is supposed to be authorized to access specific data in the system. This approach to improving business operations in relation to the utilization of the IT data control storage hopes to make a distinction on who and how the system is supposed to be used based on the daily activities that the organization is engaging with.

In relation to this, the objectives of the PMC [PA] application for the business operation of Ems Bakery Ltd could be noted as follows:

1. To improve hierarchical arrangement of the personnel working in the organization as a whole and the individuals working within the outlets of the business
2. To make a distinctive policy on who is supposed to be authorized to access particular data from the IT system records
3. To establish a form of firewall that would secure data from foreign intruders
4. To make it easier for real-time and accurate data-sharing to occur between outlets and the main office of the business for administrational purposes

These objectives ought to define the backbone of the operation as it tries to make a distinctive change in the manner by which each outlet is managed and directed towards coming up with a good goal of higher sales report. Along with this, it also hopes to make a reliable source of information that the entire organization could use to be able to establish relative improvements for the future.

Security Policy and Application Discussion

As mentioned earlier, the first step to consider is to arrange the hierarchical arrangement of the personnel running the organization as well as each of the outlets of the business. From the Chief Operating Officer to the store managers, to department supervisors and the staff members who are directly working on the workstations, each of these individuals should have a well-defined and outlined role in accessing the data of the IT system. Having such an outline provides each individual involved with the right capacity to know how and what they are supposed to do with the data that they are allowed to manipulate.

Some of the policies that could be implemented in line with this consideration are as follows:

1. Administrational personnel (including store managers as well as department supervisors) are to be given specific bar-coded cards that are to serve as pass to the sales revenue report that are kept in the IT system’s data storage.
2. Staff members working on the working stations or the POS [Point of Sale] machines are to be given passwords that would allow them to enter data in the system during their designated shifts. In case changes or cancellations on orders from customers should be made, the supervisors are the only ones who are allowed to void the encoded data to refresh the display and the storage from the errors.
3. When it comes to the overall report, only the ones in the administration offices are allowed to see and evaluate the data. To access such information, each of the administrators are to be provided with a unique password and username for data access privileges.

When it comes to the issue of handling foreign breach possibilities, establishing a firewall from outside networks should be pursued. This could only be done through creating an encrypted network wall for the data system hence protecting it from any possible intruders from other networks in the internet. Permission passes should be imposed in the system prompting new comers to the system to provide necessary data that would prove that they are not intruders into the system. Nevertheless, the stage-by-stage security encryption of each of the levels of information stored in the system would strengthen the privacy capacities of the system directly.

Finalization

True, when it comes to real-time updates on business improvement, technology does help so much. This is especially true when an organization like Em’s Bakery Ltd operates in different distant areas. The need to know how each outlet is doing is a crucial situation for administrators as they keep track of both the strengths and the weaknesses of their organization in the field of actual operation [in sales and customer service industry]. Relatively, a well-secured IT system is expected to make a distinctive identification on how the entire system should be used and who are supposed to be given the authorization to access such information from the system. Hierarchical arrangement among authorities in the organization has been presented in this discussion to be a vital condition to follow through. In line with the desire of implementing an effective system of information storage and sharing among its employees and personnel staff, the need to secure files from possible intruders or malicious users is a must. Hence, through Project Monitoring and Control system, it is expected that the condition of the organization in line with its expectations of handling business operations more carefully through secured connections would be better improved for further organizational progress in the future. From this point, instances of development are expected to happen hence creating a more visible function and more meaningful worth for the organization as a whole. Project monitoring and control system does create a more responsive environment between personnel as they operate the IT system that protects the company’s capacity to improve further.

References:

CMMI Overview. http://www.sei.cmu.edu/cmmi/. (Retrieved on September 10, 2012).

Project Management Knowledge. Monitoring and Controlling Processes. http://project-management-knowledge.com/definitions/m/monitoring-and-controlling-processes/. (Retrieved on September 10, 2012).

CMMi – Project Monitoring and Control (PMC). Project Monitoring and Control (PMC). http://www.software-quality-assurance.org/cmmi-project-monitoring-and-control.html. (Retrieved on September 10, 2012).