Benefits_Elections_System

Benefits Elections System CMGT/442 June 28, 2011 Jack Komsa Benefits Elections System The following paper is documentation for Huffman Trucking Company service request number 001. This documentation purpose is to address all the possible security risk and requirements that will be associated with the implantation of Benefits Elections Systems requested by Keneth Colbert, Director of human resources department. The goal is to present an overview of all the risks that will cause the company reliability if something would happen to employees’ information involving this new system. Also it will include some extra requirements to prevent potential treats and risks. Huffman attempt to develop this new Benefits Elections System is to track and report all union and non-union employee Health Insurance Benefits. In the developing part of this system it needs to be first planned out totally. This is a major impact on the company risk factory. That means if the project is not well thought out, risk will fall on these four major components; Operating System, Network, Data Store, and Applications. Concerning the operating systems in a company where there is a new system implanted the risk is high on probability and impact if not well planned. The BES (Benefits Elections System) should be compatible to the company main OS. If otherwise the OS will do one of the following: crash, and open an access point. On the authentication control element side, the identity of all users currently logged onto the system must be internally maintained (GAO, 1998). In the Access Control side, only authorized authenticated users and remote applications may have access (GAO, 1998). In the network authentication, all data passed through the network must identify the originator and recipient (GAO, 1998). Network Access Control must be based on a business requirement (GAO, 1998). Data store needs the identity of all users currently logged onto the system must be internally maintained (GAO, 1998). The last and one of the major elements in a company operating system is the Application components. Applications is a high probability cause a OS system holding employees information’s such as birthday, social security numbers needs certain applications to display that information. The new system is required to know the current operating system. IT staff should review all documentation pertain the current system at Huffman’s. These papers should be read carefully with understanding every word stated in the documents. All errors or unclear statements requiring the system or security needs to be addressed before any implanting of the new system. Huffman’s new Benefit Election System also needs to be tested after the design stage. In doing so these requirements will need to be in the documentation: Specify operational environment This will allow the individual handling the installing of this new system project to understand the all the contexts require to protect from any possible risk doing installation. As with host-related concerns, it is recommended to define not only those things that will or will not be in the environment but also those things that may have an impact (either positive or negative) if present in the environment. For example, many applications assume implicitly that there is no network-attached storage, or if there is, it has its own security measures in place that make it as secure as the local disk (OWASP, 2011). Software Requirements Specification The SRS will give the employee assign to this implantation the understanding for the system requirements in writing. It is a two-way insurance policy that ensures that both the client and the organization understand the other's requirements from that perspective at a given point in time (TECHWHIRL, 2011). This documentation provides any constraints the system must operate by. However, it is important that the employee writing this SRS know that design suggestion, technology, and business issues is not include in the SRS. When concerning information flowing across the Internet and can be intercepting by unwanted guess such as hackers. The company should add an encryption on all data going across the Internet. Not just the outside risk but also the inside risk from employees maintaining access to all the information on the new system. There should be some kind of security that will not just lock that employee out when terminated or lay off from the company. This is a suggesting to the company to install hiding cameras in every access point to this operating system. Huffman company has implanted a system that will allow them to track and report employees benefits. In conclusion to this documentation on the new system that will be implanted in the company. All the requirements and risks stated have to be meant to ensure the company will be secure for an effected program. References GAO. (1998, May). Retrieved from http://www.gao.gov/special.pubs/ai00033.pdf OWASP. (2011). Retrieved from http://www.owasp.org/index.php/Specify_operational_environment TECHWHIRL. (2011). Retrieved from http://www.techwr-l.com/techwhirl/magazine/writing/softwarerequieementspecs.html