Presentation is loading. Please wait.

Presentation is loading. Please wait.

{ EduSolutions Auditoria.  EduSolutions background  EduSolutions Description  EduSolutions Organizational Structure  EduSolutions System   Critical.

Published byLeonard Nelson Modified over 8 years ago

Similar presentations

Presentation on theme: "{ EduSolutions Auditoria.  EduSolutions background  EduSolutions Description  EduSolutions Organizational Structure  EduSolutions System   Critical."— Presentation transcript:

1 { EduSolutions Auditoria

2  EduSolutions background  EduSolutions Description  EduSolutions Organizational Structure  EduSolutions System   Critical Asset Worksheet for people   Critical Asset Worksheet for Information AGENDA

3  EduSolutions is a specialized company in the adaptation and implementation of tools, focused in the development of e-learning environments (EVA from its notation in Spanish).  The end scope of its solutions, it's to promote a continuous and significative learning from distance. EduSolutions Description

4  The company has 4 main areas:  The production area, which consists of four departments: Analysis, Adaptation and Development, Testing and Implementation and Support, the latter having a sub-department on behalf of Maintenance.  The Commercial Division area which has 2 departments: Marketing and Sales.  The Finance area with 2 Accounting and Administration departments.  The Human Resources area. EduSolutions

5  The production area has 32 employees in the departments are divided as follows :  Department of Analysis: 5 Employees.  Adaptation and Development Department : 8 employees.  Testing and Implementation Department : 8 employees.  Support Department : 5 employees.  Maintenance Department : 6 employees. EduSolutions Organizational Structure

6  By the Commercial Division area has 10 employees divided into departments as follows:  Department of Marketing: 4 employees.  Sales Department : 5 employees.  They have a Sales Manager. EduSolutions Organizational Structure

7  The Finance area is comprised of a total of 7 employees, which are distributed as follows in the departments :  Accounting Department : 3 employees.  Department of Administration : 3 employees.  They have a financial manager. EduSolutions Organizational Structure

8  In the area of human resources, which has five employees:  3 secretaries.  A human resources manager.  Finally, the department is comprised of Management  General Manager.  Executive Assistant. EduSolutions Organizational Structure

9

10 So, What did i find about People at EduSolutions?

11  They’ve got 55 employees, distributed in 5 main areas, including the CEO.  A total of 15 different jobs. People Assets

12  Listed below, are the 5 key areas and the most critical person i found there:  Production: NA  Commercial Division: Sales Manager  Finance: financial chief  HR: HR chief  Management: CEO Critical Persons

13  What are the security requirements for these persons?  The set of skills provided by each one of these persons must be available when needed  These persons should cover the needs of people below them.  They have expertise in the areas they are managing, therefore absence will have repercussions in this area. Security Requirements

14  Key people taking a temporary absence  Key people leaving the organization permantly  Threats affecting a third-party or service provider Other problems

15  EduSolutions has a good organizational structure.  EduSolutions has the OHSAS norm which makes employees more confident and productive. Positive points

16  Do not have a contingency plan in case of an employee does not attend to work  They have a sanctions system for absence at work, instead of a prevention plan.  Working 6 days a week seems a little to excessive, considering they got to work full hours on Saturday.  No mention on the Capability level of the norm ISO/IEC-15504, if your madurity level is not high enough, key people leaving the organization permantly may have a high impact.  There is no Production manager.  Production area has no defined teams. Negative points

17  Define a Production manager  Define a level 3 capability level in your norm ISO/IEC 15504.  Consider a prevention plan for people absence.  It’s a good idea to define teams, it will help you achive the level 3.  More rest days for you employees will make them more productive. Recommendations

18 Critical asset for Information

19  Information that belongs to the Institution using your EVA service such as: Students information, Teachers Information,etc.  Personal Computers in the working area.  EVA system  Sensible information that your company needs for you to provide a service to and institution(Institutions religion, bank accounts, etc.) Critical Information

20  Servers that provide your service and host your data. Critical system

21  Information:  Intitutions data( metioned in the critical information, both the one you host and the one you need to provide a service)  Services  Database  Others  Personal computers  EVA system  Internet connectivity Related Assets to this system

22  Contingency plan for natural disasters.  Hired an external company for data backups.  Good recommendations to keep servers and computers in good shape. Positive points

23  No responsible for the intitutions information allocated in your servers.  No responsible for your EVA system uptime.  Data regulation not specified. Negative points

24  Continue improving your positive points  Specify who is resposible for all the information your servers handle. Recommendations

25 Network Access Information

26  Your website has a privacy policy Positive points  You have vital intern information unrestricted, which may lead to information disclosure  Competitors may steal information  You dont specified if you have a firewall or not or what kind of security are you using to protect your servers Negative points

27  Specify a security protocol for your server- client conecctions  Get a firewall  Implement user privileges to access your website information Recommendations

28 Human actors using physical access

29  Your LAN is not well specified  Employees might use a different computer and cause trouble(loss of information, disclosure,etc)  No security guards. Negative points

30  Specify your access to the LAN(static, dinamic, number of nodes, etc.)  Hire a security company.  Personal passwords. Avoid employees from sharing them. Recommendations

31 System Problems

32  The company has a contingecy plan  The company has backup plan Positive points

33  No backup server in case of main server failure.  No antivirus.  No specifications on how to handle version changes. Negative points

34  Hire or buy a backup server, since your company totally relies on an online server to provide the service.  Buy an Antivirus.  Specify how to handle version changes. Recommendations

35  Natural disasters contingency plan. Positive points

36  The company doesnt have a plan in case of infrastructure problems  The company doesnt have a secundary ISP in case of unavailability of main ISP.  Backup power supply is not specified or is inexistent. Negative points

37  Hire a secondary ISP  Specify if a backup power supply exist, if not you should get one  Elaborate a plan in case of infrastructures failure Recommendations

Download ppt "{ EduSolutions Auditoria.  EduSolutions background  EduSolutions Description  EduSolutions Organizational Structure  EduSolutions System   Critical."

Similar presentations

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.

First create and sign up for a blue host account Through the help of Blue Host create a WordPress website for the business After you created WordPress.
Information Resources Management January 16, 2001.

Information Resources Management January 16, 2001.
DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.

DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.
Multi-layer ICT Management Presented by Andy Park.

Multi-layer ICT Management Presented by Andy Park.
PFIZER BT DIVISION. Pfizer Ltd. Şti. - Pharmaceuticals Company History –1849 Charles Pfizer & Charles Erhart –1942 Penisilin Production –1957 Pfizer Turkey.

PFIZER BT DIVISION. Pfizer Ltd. Şti. - Pharmaceuticals Company History –1849 Charles Pfizer & Charles Erhart –1942 Penisilin Production –1957 Pfizer Turkey.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Security Controls – What Works

Security Controls – What Works
Discovering Computers Fundamentals, 2011 Edition Living in a Digital World.

Discovering Computers Fundamentals, 2011 Edition Living in a Digital World.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Selecting and Implementing an LMS for your Company Session Code #2411.

Selecting and Implementing an LMS for your Company Session Code #2411.
YNG Solutions Website Usability Review Prepared by Josepha Rood December 19, 2008.

YNG Solutions Website Usability Review Prepared by Josepha Rood December 19, 2008.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.

Crisis Management Planning Employee Health Safety and Security Expertise Panel · Presenter Name · 2008.
Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.

Your technology solution partner.™ Security Enterprise Protection Gener C. Tongco Product Manager CT Link Systems Inc.
Slide 2-1.

Slide 2-1.
Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Teaching Security via Problem- based Learning Scenarios Chris Beaumont Senior Lecturer Learning Technology Research Group Liverpool Hope University College.

Similar presentations

Ads by Google