University Against Exploits Attempts Malwares

Published Date: 02 Nov 2017

National College of business administration and economics (NCBA&E)

Usman Ali

Gelayol Golkarnarenji

Version 4

12 th April, 2011

BUSINESS REQUIREMENTS DOCUMENT

Project Name:

Deployment of intrusion Detection and Prevention system (IDS/IPS) with enhanced security monitoring, alerting, and logging systems.

Project Identifier:

ITG-11-M00217

Executive Sponsor:

University Project Sponsor and Project Management Board members

(LOB) Project Manager:

DR Ali Farhan (IT coordinator and consultant)

IT Project Manager:

Usman Ali

IT Relationship Manager:

Gelayol Golkarnarenji

Business Requirements QC Manager:

Khawer ch

Date Submitted:

15.01.2011

Date Approved by Executive Sponsor:

21.02.2011

Date Approved by Governance Committee:

01.02.2011

Change History

Version No.

Date

Revised By

Requested By

Change Description

1

2001

PMC

ITC

Installation of 535 firewall and Host-based IDS 4200

2

2001

PMC

ITC

Removal of IDs due to uncontrollable behaviour of IDS

3

2006

PMC

ITC

AAA server installation ,upgrade of

4

2011

PMC

ITC

Deployment of intrusion Detection and Prevention system (IDS/IPS) with enhanced security monitoring, alerting, and logging systems.

1 INTRODUCTION

1.1 Background

As companies keep joining the Internet to accelerate their business processes, the security risks have been increased. Due to the access that partners, customers, suppliers and mobile employees have to the organizations network, the probability for the organizations to be attacked has been raised. Although these organizations may set up perimeter security, it is only a first line of defense and it is not sufficient to mitigate future tragedies that an attack may cause for an organization. As a result, many enterprises are looking for a ways of preventing the incidents that are the result of unauthorized access, worms, viruses, denial of service, IP spoofing, and so forth by deploying Security Event Monitoring and Incident Notifications, alerting and management services. As in the modern IT networks the hacking techniques and tools are enhancing, enterprises need to enhance their networks to fight against them.The project mentioned has been defined due to attacks that the university has been facing .Some exploit attempts have been reported and there are not any security appliances to send an alarm, discard the malicious packets, reset the connections, obstruct the traffic from the felonious IP addresses, log information about the malicious activities and remediation for malwares, worms, botnets, application abuse and vulnerabilities.To acquire security controls that would help in detecting and preventing the security threats in the university and in order to adopt security methods in order to avoid and put an end to attacks and intrusion attempts which threatening the university, the project has been recommended which is the implementation of the IPS/IDS to defend the critical information at the university against exploits attempts, malwares, vulnerabilities, worms, botnets, application abuse and sophisticated attacks.

1.1.1 Current Situation / Business Need

The organization has been studied is a multi-campus university catering a lot of students. Communication & collaboration is a crucial part of enabling students and staff to work together anytime, anywhere. The school has built a reputation for being able to offer a well-off technology environment for students and different departments and faculties. Recently, they have been facing exploits attempts and one of their servers has been compromised. They also use a system that provides TELNET, SSH, POP and IMAP available via the Internet and the dictionary attack is the common threat. There are not any security appliances to send an alarm, discard the malicious packets, reset the, obstruct the traffic from the felonious IP addresses, log information about the malicious activities and remediation for malwares, worms, botnets, application abuse and vulnerabilities. Hence, the university is aiming to adopt security methods in order to avoid and put an end to attacks and intrusion attempts which threatening the university.

1.1.2 Project Objectives

To defend the critical information at the university against exploits attempts malwares, vulnerabilities, worms, botnets, application abuse and sophisticated attacks.

1.2 Scope of work

In this section I(TS)2 proposes solution for Implementation of the IDS/IPS Systems in Al Azizih

, Al Abdih (Rawalpindi) & Al-Zahir (Faisal abad) Sites as well as Support Activation for the exiting Appliances.

The SOW is summarized in the following table:

Task

Deliverables

Project initiation

Conduct project initiation

Develop and finalize project plan

Present project to project team

Information gathering

Project charter

Project plan

Project progress and status report

Project management presentations

Detailed design document which includes

Develope high level design(HLD) document

Develope low-level document

Develope migration plan

Project implementation

Implementation of IPS

A Working Pair of IPS4270 working in a blocking mode

Implemention of redundant IPS

A Working Pair of IPS4270 working in a blocking mode

Activation of Smartnet

Activation of Cisco SMARTnet Support for the IPS in each department

Implementation of log management system

The resource manager 3.5 will be installed on the server to log the events on IPS

Due to the benefits that the Cisco products bring for the enterprises, The Cisco IPS 4260 System (HA Mode) has been implemented at the university to deal with the problems mentioned; moreover, the following devices has also be added.

An extra IPS as redundancy to the implemented one

Log Management Systems which is a flexible and powerful service can play a vital role in providing optimal visibility and monitoring effectiveness by taking advantage of native sources of event data in network hosts such as servers and routers/switches, and correlating them with other security relevant data. The project team members will work with the university to help ensure that the log monitoring technology addresses compliance requirements and is configured properly. The project team member help to identify critical devices and applications; understand the types and methods of log capture; define the types of events to be reported; and implement the filtering rules to capture and report on them. The project team members will help the UNIVERSITY monitor and identify threats at the network and application level; evaluates data collected and promptly reports and responds to any information security threat.

SMART net Activation for IPS/IDS which is necessary to keep the business important functions accessible, secure, and functioning at peak performance.

The scope of work includes only the devices and/or services listed above. Deployment for any other devices and/or services will not be the responsibility of the university .The project scope covers all the buildings at the university.

1.2.1 Out of Scope

This project will not cover

Databases,

Anti viruses,

Linux products,

Unix products,

Integration with other soft wares and hard wares

Trouble shooting of the existing systems

The university has to provide support for integration and the stuff related to VOIP and even support for professionals.

No responsibility for the Novell server exists at the university.

AS 400 which is a midrange server design for small departments in big organizations. It works well with web applications.

1.3 Desired Outcomes

By implementing IDS/IPS the malicious activities will be discovered , information about the activities will be logged , malicious activities will be prevented and even blocked , activities will be reported , losses from theft and disruptions may be avoided, and stop outbreaks at the network level will be stopped.IPS implementation will also increase Performance and enable major traffic Flow enhancement .

1.4 Stakeholders and End Users

Business System Analysis (BSA) – The BSA will guide each step of the analysis and design processes. He/She will set up current state assessments, track business impacts and gaps, schedule design sessions, and obtain sign-offs. The BSA is responsible for ensuring the appropriate parties are included in all meetings.

Subject Matter Expert (SME) – The SME brings expertise to the analysis and design. The expertise may be in the form of business process expertise or system expertise. The BSA may include Technical SMEs where necessary. There may be multiple SMEs and they may come from different parts of the organization (e.g., FSO, Colleges, Units).

Business Process Owner (BPO) – The BPO is the person who has responsibility for the process, many times manages the process, and understands the process in detail. The BPO is not necessarily the person who performs the process. There may be multiple BPOs and they may come from different parts of the organization (e.g., FSO, Colleges, Units). It is important that input and sign-off be obtained from all parties with ownership.

Business Process Advisor – The BPA is the person who is ultimately responsible for the process but is not necessarily familiar with every part of the process. The BPA does not normally attend the analysis and design meetings, however, is required to sign off on the deliverables.

Implementation Director – The Implementation Director will provide guidance regarding the use of KFS. She will review all current and future process documents.

FSO Liaison - The FSO Liaison will provide guidance regarding the business process analysis approach. She will review all current and future process documents.

Project Manager - The Project Manager will provide guidance regarding the storage and maintenance of documents, will develop an approach to monitor business analysis and design process, and will provide guidance on various project standards.

Identify the primary / key stakeholders and users impacted by the project. These can include the actual users of the system, managers of any impacted systems that need to be modified, and the senior executive / sponsor of the project, among others.

The following Stakeholders and End Users have been identified:

Stakeholder

Job Function / Impact

The project management team

Includes project manager or team leader and support staff

Upper management

To people to whom the report is send directly

Support departments

People in other faculties who will be contributing to the project or affecting by it

Project sponsor

The person who is controlling the budget of the project and give directions and approvals

Vendors

Who provide services for the project

Academic staff

Who use the network

university student

Who use the network

Contractors

Who provide services for the project

1.5 Dependencies

List dependencies that have been identified and are being actively managed. These could be dependencies on other projects, resources, people or business areas/functions.

The following dependencies have been identified and are being actively managed:

Dependency

Description

Dependency Type

Coordination Approach

List the dependency name

Add a brief description of the dependency

Are we dependent on the project? Are they dependent on us? Or both ?

What measures are in place to manage the dependency?

System administrators

Physical (area) security

Tagged cables

Integration with the Vlans on the switch

Proper temperature

Power management

Space arrangement

Entrance card or security badges

Sufficient port on the core switch

Ready cables on the patch panel

2 hours network down time for the installation and testing in each site

1.6 Risks / Issues

Project risk management recognizes a formal approach to the process as opposed to an intuitive approach. Risks, once identified, assessed and allocated should be managed in order to minimize or completely mitigate their effect on a project. This may be achieved by developing either immediate or contingency responses to the identified risks. We will employ the following formal process

Issue management: project lead will prepare and maintain an ‗issue log‘ document that will record all issues impacting the project. It will be the responsibility of the project lead to foresee the issues as well as to draw out issues from project team members at early stage. Action plan will be developed for each issue after evaluating its impact and possible course of corrections. All issues will be actively monitored for closure and escalated to project sponsor/ project board as per requirement.

Formal fortnightly internal review with board: project lead will conduct a fortnightly project review meeting with the project board, where any risks to project quality and timeliness will be proactively identified and mitigation measures suggested. The first review will be before the commencement of project and will identify risks related to:

Clarity of scope, deliverables & the university expectation.

Availability of tools, methodology, documentation and skills.

Dependencies on external entities/ tasks for project completion.

Additional controls for mitigating risks of non-completion of project.

Risk / Issue

Likelihood / Impact

Mitigation Approach

List the risk / issue name

What is the likelihood it will occur? If it does occur, how significant is the impact?

What mitigation approach will be used to manage the risk?

Incorrect IPS deployment

if the IPS device is not implemented in the right place for instance on the edge of the network in front of the firewall, the IPS would function on every single scan or attack .This could cause hundreds and even thousands, of alerts that are not serious or actionable. Dealing with these alerts would be a costly and near-impractical procedure.

An IPS device should always be placed behind a perimeter filtering device such as a firewall or an adaptive security appliance (such as a Cisco 5500 Series Adaptive Security Appliance). The perimeter device will filter traffic to match your security policy, allowing only expected acceptable traffic into your network. Correct placement significantly reduces the number of alerts, thereby increasing actionable data that you can use to investigate security violations

Improper IPS tuning

Without tuning, you will potentially have thousands of false positives events, making it hard to perform any security research or forensics on your network.

To tune the IPS to make sure that the alerts produced are genuine and actionable .in order to avoid any false positives events

1.7 Assumptions and Exclusion

The following Assumptions and exclusion have been identified at this time:

It is assumed that the access to the university facility centers will be coordinated and arranged by the university itself.

All passive work is the responsibility of the university.

It is assumed that the university will offer the space, tools and needed access for the security engineers.

It is assumed that the university data center is protected against power failures and spikes through the deployment of UPSs and power generator.

It is assumed that the access to various relevant documentation, such as Security Policy (if any), system reports, architecture design, backup and recovery processes, communication links and interviews with the IT Team and head of departments is provided.

It is assumed that the access to all systems and devices with the required authorization and any other information as per the project schedule, and detailed elsewhere in this project is provided.

It is assumed that the working space and infrastructure including internet or network connectivity for our consultants as detailed elsewhere in this proposal is provided.

. It is assumed that the necessary approvals and sign-offs from the university Project Steering Team on the project reports and other documents as required.

The university will provide sufficient office accommodation, telephones, intranet and Internet connectivity, secretarial support and IT support for the project team when working in the Kingdom.

The university will provide administrative support for the scheduling of site visits and meetings with stakeholders.

The university will ensure that necessary stakeholders make themselves available for interview at times and places that do not unduly impact the timescales of the project.

2 CURRENT STATE

The organization has been studied is a multi-campus university catering a lot of students. Communication & collaboration is a crucial part of enabling students and staff to work together anytime, anywhere. The school has built a reputation for being able to offer a well-off technology environment for students and different departments and faculties. Recently, they have been facing exploits attempts and one of their servers has been compromised. They also use a system that provides TELNET, SSH, POP and IMAP available via the Internet and the dictionary attack is the common threat. There are not any security appliances to send an alarm, discard the malicious packets, reset the, obstruct the traffic from the felonious IP addresses, log information about the malicious activities and remediation for malwares, worms, botnets, application abuse and vulnerabilities. Hence, the university is aiming to adopt security methods in order to avoid and put an end to attacks and intrusion attempts which threatening the university.

2.1 Description

2.1.1 Business Processes

Provide diagrams of the current business processes. Include details such as activities being undertaken, who undertakes the activities and systems and tools used. Swim lane process maps (see below) may be useful. Written explanation may also be required.

2.1.2 Systems

Outline the systems involved in the current business processes. Include system names and the specifics of their involvement with this project. Systems can also be indicated on the process maps. Context Diagrams may be used as well.

2.1.3 People / Organization

Project leader who is responsible for successful project execution including project management activities.Project Manager will be the first contact person with university .He will have sufficient authority to take final decisions on behalf of the company within the contracted terms and agreed scope of the project

project lead who send a report to the project board

Project board offer guidance as well as measurement of the performance of the project.It also acts as final escalation point

project team will comprise technical resources as per the tasks/ activities in each phase .Project team will be committed to the phase throughout its duration, unless otherwise agreed upon in advance with university

project sponser owns the project and has final responsibility for achieving the project deliverables.He should have appropriate authority to resolve issues, provide resources and approve project plan & project changes. He will also provide the overall direction and decision making for the project.

project sponser owns the project and has final responsibility for achieving the project deliverables.He should have appropriate authority to resolve issues, provide resources and approve project plan & project changes. He will also provide the overall direction and decision making for the project.

project coordinator works with the project team to facilitate information collection, interaction within the university organization and coordinating the activities .He will also work together with the project lead to develop the project plan and attend all project meetings

Detail the people involved in the current business process and organizational structure if relevant – include details such as team names and roles, if known, and their involvement within the current processes. This may be covered by the process map(s) in Section 2.1.1 above. For example:

Operators within the Admin Processing Team are required to manually manipulate reports on a daily basis, which takes between 1 and 2 hours.

2.2 Challenges and Opportunities

Your project may be responding to one or more business challenges or opportunities. Enter information into the appropriate section(s). Delete any sections that do not relate to your project.

2.2.1 Challenges

Clearly detail the business challenges with the Current State and their impacts on the business. The requirements detailed in later sections of the BRD will refer back to the challenges you are trying to resolve. Challenges can be related to things that are broken, a need for improvement, a compliance need, etc.

Copy this table for each challenge.

Challenge 1

Exploits attempts

Description

Some exploits has been reported such as unauthorized data access ,illogical code execution,denial of service ,packet spoofing ,man-in-the-middle,DDOS

Business Impacts

The critical university data and the information which are important for daily business has been compromised

Size of Problem

loss of end users confidence ,network and server downtime which cause dissatisfaction ,reputation damage which all cause monetary loss

Cause

lack of security appliance to send an alarm, discard the malicious packets, reset the connections, obstruct the traffic from the felonious IP addresses, log information about the malicious activities and remediation for malwares, worms, botnets, application abuse and vulnerabilities.

Challenge 2

Server compromise

Description

An attacker managed to gain access to one of the servers which holds confidential data regarding students grades.This attacked caused disclosure of some critical information

Business Impacts

Loss of students and faculty members confident and trust

Size of Problem

Monetary loss,reputation damage

Cause

lack of a proper security program such as around-the-clock management and monitoring systems

2.2.2 Opportunities

Clearly detail the business opportunities this project will address. The requirements detailed in later sections of the BRD will refer back to these opportunities.

Copy this table for each opportunity.

Opportunity 1

Prevent and stop malicious activity

Description

By IPS/IDS installation ,the data will be checked thoroughly and as they are signature -based if the data is not in accordance with the signature defined, it will send at alarm which is called detection and afterward the prevention system will start functioning to block the malicious data

Business Benefits

End user satisfaction ,monetary benefit

Size of Opportunity

< Include details such as sales volumes (eg FUA or AP), FTE savings etc to demonstrate the size of the opportunity >

Opportunity 2

Defend critical information

Description

By IPS/IDS implementation ,the illegal activities will be discovered and stopped and thereby the critical information will be protected

Business Benefits

End user satisfaction,monetary benefit

Size of Opportunity

Opportunity 3

Increase in Performance and enable major traffic Flow enhancement

Description

An intrusion prevention system (IPS) can defend a network against unwanted access and malicious traffic.By avoiding malwares, propagation of worms,phishing which have a great negative impact on the network performance and traffic flow ,the network performance will raise .

Business Benefits

End user satisfaction

Size of Opportunity

2.3 Information Transfers

Describe the information needed to support the current business processes. List information exchanged with other business areas and systems, both inside and outside the enterprise.

3 PROPOSED STATE

This section of the BRD provides a description of the proposed business state. In addition to describing the proposed state, you should indicate which aspects represent a change from the current situation.

NOTE: If you do not include this section in the BRD you are required to provide the information in a separate document that is signed off by the business.

3.1 Proposed Vision

By implementing IDS/IPS the malicious activities will be discovered , information about the activities will be logged , malicious activities will be prevented and even blocked , activities will be reported , losses from theft and disruptions may be avoided, and stop outbreaks at the network level will be stopped.IPS implementation will also increase Performance and enable major traffic Flow enhancement .

3.2 Benefits

By IPS/IDS installation, the data will be checked thoroughly and as they are signature -based if the data is not in accordance with the signature defined, it will send at alarm which is called detection and afterward the prevention system will start functioning to block the malicious data. In addition, the illegal activities will be discovered and stopped and thereby the critical information will be protected. The intrusion prevention system (IPS) can also defend a network against unwanted access and malicious traffic. By avoiding malwares, propagation of worms, phishing which have a great negative impact on the network performance and traffic flow, the network performance will raise.

3.3 Proposed Business Processes

Provide diagrams of the proposed business processes. Include details such as activities that will be undertaken, who undertakes the activities and systems and the tools used. Swimlane process maps (see below) may be useful. Written explanation may also be required.

3.4 Business Requirement Descriptions

List the high-level process groups or requirement functions that need to be addressed to deliver the Proposed State. Provide narrative descriptions of the Proposed Business Processes if available. For example, "Obtain Customer Information" could be one process grouping that further analysis will detail in greater depth in Section 4 of this BRD.

NOTE: The process groupings or requirement functions identified in this section will specifically drive the requirements decomposition, with those results being captured in Section 4.

3.5 Systems

Outline the systems involved in the future business processes. Include system names and their particulars involvement with this initiative. Systems employed can also be indicated on the process maps in Section 3.2 above.

NOTE: In this section you are discussing the system requirements from a business perspective, rather than detailing the IS solution.

3.6 Information Transfers

Describe the information needed to support future business processes. Include the need for historical information, data conversions or reformatting, and impacts / dependencies with other business areas and systems (both inside and outside the enterprise).

3.7 Minimum / Recommended Performance Considerations

In reality IPS / IDS decrease the network performance almost up to 30%

IPS is an reactive monitoring system; where it can responds to the suspicious activity by blocking the traffic by reprogramming the firewall or other means.

IPS is not perfect and may block legitimate network traffic.

IPS are generally deployed inline and that can make it bottleneck in your network (depending upon the traffic). IPS is slower and in certain scenarios can cause drop in network performance and latency.

IPS solutions out there in market.

3.8 People / Organization

All the stockholders and the end-users will be affected by implementation of IDS/IPS

- Students and faculty members are affected by the installation of the IDS/IPS.

- Administrators

Identify any people or organizations impacted by the Proposed State. Include details such as team names, roles, and their involvement within the future processes.

NOTE: This may be covered by the Proposed Business Processes map in Section 3.2 above.

3.9 Optional Features

In Cisco IOS Software Release 12.4(11)T and later T-Train releases, IOS IPS signature provisioning is accomplished by selecting one of two signature categories: Basic or Advanced. Starting with IOS 15.0(1)M Release, a new category called "IOS IPS Default" will be also supported and released within IPS signature packages. At that time, IOS Advanced category will be changed to contain exactly the same signatures as in the IOS Default category, allowing both category names to be used interchangeably for backward compatibility. Users may also add or remove individual signatures and/or can tune signature parameters via Cisco Configuration Professional (CCP) or Cisco Security Manager (CSM) management or through the command-line interface (CLI) which allows easy scripting to manage signature configuration for a large number of routers.

IOS Basic and Advanced/Default signature categories are pre-selected signature sets intended to serve as a good starting set for most users of IOS IPS. They contain the latest high-fidelity (low false positives) worm, virus, IM, or peer-to-peer blocking signatures for detecting security threats, allowing easier deployment and signature management. Cisco IOS IPS also allows selection and tuning of signatures outside those two categories.

3.10 Impacts on Other Business Areas

3.11 Future Considerations

As every day a new threat has emerged ,the traditional IPSs cannot control these new threats new requirements will arises based on protection ,control ,performance .As a result one of the future consideration will be the implementation of next-generation IPSs .

Scoping Approvals

Name

Signature

Date

Business Line Sponsor:

IT SIO Sponsor:

Business Requirements QC Manager:

4 BUSINESS REQUIREMENTS

As the university is using firewalls (Firewalls can only detect data and allow them to flow in the network based on ports, ACLs, and circuits maps configured), it is obvious that the firewalls are not efficient against many intrusion attempts. The firewalls are designed to reject some traffic according to the rules configured in the firewall based on the ACLs and ports defined but are also designed to allow some traffic and protocols that could cause man-in-the middle and DDOS attacks. Static packet filtering, network address translation, Stateful inspection, circuit level inspection and so on are the features that firewalls support; however they could not check manipulation with ports and applications and hacking could be done if ports are compromised on applications or transport layer. The firewalls in the university have been also configured with open allow policy and hence not producing the security protection which they are designed for.

For the university to successfully defend the critical information, a full security program such as around-the-clock management and monitoring systems by implementing IPS and IDS (IPSs and IDSs check the data thoroughly and are signature -based .If the data is not in accordance with the signature defined, it will send at alarm which is called detection and afterward the prevention system will start functioning to block the malicious data) which discover malicious activities, log information about the activities, attempt to block/stop activities, and report activity is recommended to keep pace with today‘s increasingly complex network security threats. In addition, the configured security policy should be reviewed and locked down to achieve better security.

In view of university’s security objectives, the immediate requirements are to:

Provide 24x7x365 Security Event Monitoring and Incident Notifications.

Security monitoring and reporting with incidents control dashboards.

Security advisory services as part of the monitoring and alerting services.

Provide the university with the Security Monitoring Services

Use the following outline to provide details of the business requirements for the Proposed State. This section of the BRD should provide the detail on the features of the Proposed State and list the planned outcomes.

Section 2 (Current State) and Section 3 (Proposed State) of this BRD should be completed in sufficient detail to provide the feature groupings that will drive the outline of this business requirements section. Section 3.2 should specifically list these high level requirement or feature categories. In the example below, "2.0 Obtain Customer Information" represents one individual Requirement or feature grouping / family.

Where appropriate include tables, diagrams and screen prints to outline business requirements necessary to deliver proposed state.

Use the following format to detail each requirement – repeat the format for each requirement grouping.

4.1 Requirement Format

· Requirement Number

· Requirement Title

· Process or Context Diagram

· Summary Process Narrative

· Triggering Event(s) and Pre-Conditions

· Outcome(s) and Post-Conditions

· Alternatives Considered

· Design Considerations / Notes

· Issues / Assumptions / Risks

· Requirements List

4.2 Example Requirement

The following sections provide an example of how to structure business requirements in the BRD.

2.0 Obtain Customer Information

Process Diagram

Summary Process Narrative

When the agent has picked up the call, the system will display any information about the customer that has been found as a result of a system search and/or entered by the customer through the IVR. The agent will verify the information. The reason for the call, the solicitation channel and the response channel will be recorded.

Customer information will be verified (or entered if it is a new customer with no Customer ID or if the customer does not know their Customer ID). The agent will record information about all drivers who are to be insured, including the relationship between the drivers.

Triggering Event(s) and Pre-Conditions

§ Agent available and picks up phone

Outcome(s) and/or Post-Conditions

§ Recorded customer information

§ Keycode determined

Alternatives Considered

§ Through IVR/Not through IVR

§ Customer ID available/Not available

§ Resident of more than one state

Design Considerations/Notes

§ Want ability for reps to re-request CBUS with additional information without doing a manual workaround.

§ Score and reason codes cannot be altered (security)

§ Want ability to capture ANI and link to policy/quote without adding as alternate number

§ Ability to capture all phone numbers, but only display the number most commonly used

Issues / Assumptions / Risks

§ When do we order the CBUS?

§ Is extension still used?

§ Determine / design rules to determine head of household – automation exists in OCR project for MQS.

§ Customer database needs to be enhanced to allow capture of customer telephone numbers.

§ Assume that zip will populate city and state.

§ How do we want to deal with referrals?

§ When do we advise the agent that the quote will DNQ?

Requirements List

2.0

Obtain Customer Information

2.1

The system shall be capable of determining a customer exists using on the telephone number that the customer dialed from.

2.2

The system shall be capable of determining if a customer exists based on the customer’s last name and zip code.

2.3

The system shall be capable of allowing the agent to record the reason for a call.

2.4

The system shall be capable of recording the response channel as "phone" when a customer calls in to speak to an agent.

2.5

The system shall be capable of allowing the agent to record the solicitation channel.

2.6

The system shall be capable of allowing the agent to record new customer detail.

2.7

The system shall be capable of allowing the agent to update existing customer information if it has changed.

2.8

The system shall be capable of recording the details of the agent transferring a call and the details of the agent or department to whom the call was transferred.

2.9

The system shall be capable of allowing the agent to record other driver information for as many drivers as the customer wishes to insure in the household.

2.10

The system shall be capable of allowing the agent to record the relationship between the head of the household and other drivers.

2.11

The system shall be capable of recording the customer’s home address as the default risk address for the vehicles.

5 IMPLEMENTATION CONSIDERATIONS

5.1 Critical Dates

5.2 Constraints and Dependencies

There are several challenges with the implementation of IPS.As it is an in-line device it

5.3 Disaster Recovery Considerations

Disaster recovery plan is the action which can be taken before during and after event. The plan should be tested and documented. The following is the plans that has been implemented :

There is a disaster recovery site in the case of a incident and all the devices which will be implemented at te university will also be installed at the site .A documented and tested Disaster Recovery/Business Continuity Plans will also be provided .

The plan is compliant with BS 25999 standard for Business Continuity Management which contains undrestandable requirements based on Business Continuity Management Best Practices. The DR site will fuction if business disruptions happen for different reasons – key hardware components failure, natural disaster, large scale accident, massive data corruption, or a major power failure…etc.

The Disaster Recovery main site is built somewhere outside the university . The main site is using a dedicated power generator to continue the operation for any power outage problems.

In order to recover the IPS sensor after a disaster ,

When the CLI or IDM is used for configuration, the current configuration will be copied from the sensor to an FTP or SCP server any time a change has been made.

A list of user IDs that have been used on that sensor is needed. The list of user IDs and passwords are not kept in the configuration.To recover from the disaster following steps has been taken :

1. Reimaging the sensor.

2. Logging in to the sensor with the default user ID and password

3. Running the setup command.

4. Upgrading the sensor to the IPS software version it had when the configuration was last saved and copied.

5. Copying the last saved configuration to the sensor.

6. Updating clients to utilize the new key and certificate of the sensor.

Reimaging changes the sensor SSH keys and HTTPS certificate.

7. Creating previous users.

Obtain Top Management Commitment

The disaster recovery plan has the support and involvement of the top management. The effectiveness of the disaster recovery plan is supported by the management .Enough time and budget has been dedicated to the disaster recovery plan.

Perform a risk assessment

Define recovery methods

The following method can be ways of recovering from a disaster :

• Hot sites

• Warm sites

• Cold sites

• Two data centers

• Multiple computers

• Service centers

• Consortium arrangement

• Vendor supplied equipment

Data collection

This data has been gathered which are critical to be used during the disaster

• Backup position listing

• Critical telephone numbers

•Communications Inventory

• Distribution register

• Documentation inventory

• Equipment inventory

• Forms inventory

• Insurance Policy inventory

• Main computer hardware inventory

• Master call list

• Master vendor list

• Microcomputer hardware and software inventory

• Notification checklist

• Office supply inventory

• Off-site storage location inventory

• Software and data files backup/retention schedules

• Telephone inventory

• Temporary location specifications

A plan has been written and tested and approved by top managment

The proposed plan has been reviewed and approved and tested .

5.4 Security Requirements

List the security considerations for enabling access to business applications and components for the Proposed State solution.

Using the "Standards for the System Development Life Cycle" form, review the Overview, Requirements, Functional Design and Business Continuity Planning tabs. Each of these sections contains important considerahttp://intranet.axa-financial.com/Teams/RiskMgmt/Info_Security_Library.html#forms

tions for the Business Requirements phase. Ensure that the requirements address the issues listed that are relevant to your project.

The "Standards for the System Development Life Cycle" form is available by navigating to:

Teams => Operational Risk Management => Information Security => Forms => Standards for the System Development Life Cycle

It can also be accessed directly at:

Some of the important issues addressed there include security forum reviews, data transfer in and out of the enterprise, third party contractual relationships, risk assessment, key project roles for security, information classification, disaster recovery, integration with standard access control systems, defining user profiles for role based access control, etc. See the form for further details.

5.5 Statutory and Regulatory Requirements

The equipments that have been implemented are working under following enviormental conditions with respect to EMC which is a regulation that has been adopted by the european union for Information Technology Equipment (ITE), computers, and their peripherialsThe standard includes both voltage and current limits for conducted emissions on telecom ports in the frequency range of 0.15 to 30 MHz. This section applies to products to be installed in the European Economic Union.The following is the enviormental conditions that the equipments work under:

"•A separate, defined location that is under user's control.

•As a minimum, earthing and bonding shall meet the requirements of ETS 300 253:1995 or CCITT K27:1996.

•AC power distribution inside the building shall be, as a minimum, one of the following types (as defined in IEC 60364-3:1993):

–TN-S

–TN-C

–TT

–IT

There should be approval that the IPS can work with out any problems with local laws with in the university

· It is critical that requirements that pertain to regulatory compliance are clearly identified. This will help ensure that future decision-makers do not inappropriately nullify a compliance requirement due to an imperfect understanding of the intent and consequences.

5.6 Training

There are technical seminars with project team members to provide roadmaps, overviews, and feedback for future improvements.

There are also specific network security and infrastructure design classes to promote best practices.

The post-implementation training is another training for the organization's IT staff and business stakeholders that happens after each prosprous project.

There will be training courses and infrastructure to develope the security skills amongst university personnel.A full life cycle training from installation to management to troubleshooting to upgrades has been provided .

Future consideration

As every day a new threat has emarged ,the traditional IPSs cannot control these new threats new requirments will arises based on protection ,control ,performance .As a result one of the future consideration will be the implementation of next-generation IPSs which prevents all types of threats,application-enabled threat and so forth.

6 Additional Information

6.1 Reference Material

Identify any documents that are referenced in the BRD, and where they may be located.

The following documents are referenced in this document:

Document No.

Description

Location

EMC standard

http://www.hottconsultants.com/regulations.html

Regulations and Statutary

http://www.cisco.com/en/US/docs/security/ips/rcsi/19095_01.html#wp68483

Stakeholders

www.newplans.net

6.2 Glossary of Terms

Term

Definition

Enter phrase, acronym, or abbreviation here

Enter the definition here

ITC

information technology group

PMC

project managment committee

Project communication plan

What (The Content of

the Communication)

Target

Description

Purpose

Frequency

Type/Method(s)

Location

Project Launch Meeting

All members involved

To determine the scope of the project and the objectives and deliverables and review the risks of the project

At the beginning of the project

Meeting , discuss and analysis

Main office

Developing Project launch Plan

All members involved

More definition and clarification regarding project scope.

Before opening Meeting

Before the start of the project

meeting ,discussion

Main office

Project commencement

All members involved

The role and responsibility of each member of the group.

Motivate the members for more interaction.

Project Start Date

Meeting, Discussion

Main office

Status Report

All members involved

Allocation of time and resources in order to strengthen control over the project.

Monthly

Distribute electronically and via the project web site

Back office

Risk Assessment Point

All members involved

Identify and manage risk opportunities , threats, responses, and responsibilities for administering them

As early as possible at the beginning of the project

Meeting; Structured Discussion

Main office

Team Meetings

Between all members of team.

1.Review of tasks completed

2.Review of forthcoming tasks

3.Risks and awaiting risks

4.Identification of team members’ accomplishment

5.Review of exceptional issues on the project

6.News about the project

Weekly is recommended for entire team.

Meeting

University library

Project Advisory Group Meetings

Project Advisory Group and Project Manager

Support and advice the team members to develop and facilitate the project’s different aspects

Monthly.

Meeting

Back office

Sponsor Meetings

Sponsor(s) and Project Manager

Review the project plans and risk involved and alteration plans.

Monthly

Meeting, Debate

Main office

Team Status Meetings

Team Members

Helps to associate

multiple data or information and go deep in to details, where needed, to see the real status

On a regular basis, depending on project urgency; weekly or bi-weekly

Meeting with discussion, informal minutes; summarized in Project Log

Branch office

Audit/assess

Project Manager and sponsors ,and some members of the team

1. The project’s management complies with the established project objectives.

2.Tactical project management tools for organizing and check every feature of a project

3.Clear stages and sub-processes throughout a project’s lifecycle

4.Designation of responsibilities to make sure that each of the project stage is in-sync with the vital project goals

Monthly

Meeting/produce a report regarding the issues mention in the meeting

.

Branch office

Post Project Review

Project Manager, main members and sponsors

1. Feedback from the customer

2.Review the achievement of the project

3. Improvement Suggestions.

4.Lessons Learned

5. Writing a report which includes:

Record the identified concerns and action items.

The aspects that should be improved and the changes that should be done. Evaluation the effectiveness of the project Determination of what worked well. Determine of what alterations should be made in the project before it is used again.

End of Project

Meeting/Report

Producing a report based on the information gathered in the meeting

Back office

Periodical Project Review

Project Manager, key members.

Communication between appropriate staff are recognized and understood and the project responsibilities and tasks are allocated, all uncertainties regarding the project are nominated at an early stage so that the work will be performed with smallest amount of delay

After each stage every, two weeks.

Meeting and report

Main office

Project site

All Project Team Members.

A location for all the reports planes, information that should be shared among the members.

Update monthly.

Electronic Communications on the net

Main office

Project Presentations

Costumers and interested parties.

An abstract of the project is presented to keep the customers updated and get feedback regarding the project plans and changes.

As the main stages are completed or when major enrichments has been accomplished.

Presentation and Discussion

Back office