You are on page 1of 3

IT 3358

The company that I have chosen is Science Applications International Corporation (SAIC). This
is a company that I am familiar with, but I have not worked at this company and I would like to
learn more about this company. SAIC is an international company that performs a lot of work
with the US government. The company also performs civilian work as well. A large majority of
their work is with information technology and security. SAIC has a home office in McLean, VA
but many other offices throughout the United States and in several other countries. The company
has about 13,000 full time employees.
The main business problem is the increase of phishing attacks and denial of service attacks on
the company. With the increasing sophistication of technology, attackers are now able to
circumvent many of the security systems that are in place for SAIC and as a result more phishing
emails and denial of services are entering the network. The goal for this project is to update the
systems at SAIC to reduce the amount of these attacks.
The key stakeholders in this project will primarily be drawn from the IT department at SAIC.
The project sponsor will be CIO Bob Fecteau. The project manager will be Barbara Shrutleff,
the head of networks and security. Other members of the project team will come from the IT
department and from human resources. The IT department personnel will work to develop the
technical requirements and design. The human resources representatives will work on
developing user training to improve security.
The project timeline is expected to take place over the next 8 months. The first month will be
dedicated to analysis of the current network security to determine where the vulnerabilities
currently are. The next design phase is expected to last for four months. During this phase the
new hardware, security policies, and new security software technologies will be determined. The
third phase is for prototyping the changes and this is expected to take two months to complete.
The implementation phase will be expected to take one month for the installation and
configuration of new hardware and the push of any software updates to all employee devices.
In identifying the security solution to be implemented, the CIA triad of confidentiality, integrity,
and availability must be considered. In addition to those considerations, authentication must also
be a part of the security solution. Protecting the companys data from people who should not
have access to it is the role of confidentiality. Authentication helps to ensure the confidentiality
of our data by making sure that the person attempting to access the data is authorized. A twofactor form of authentication is reliable way to help ensure our data remains confidential.
Integrity is involved with our security solution to give the users peace of mind that the data that
they see is the same data that was sent to them or initially stored. The security solution will
detect any changes to the data and will create backup copies of the data so that it can be restored
to its original state if there is a compromise. Availability of the companys data is ensured by
maintaining the hardware and software required on the network. It also provides enough
bandwidth for proper levels of communication and reducing bottlenecks. Availability also

includes emergency backup power systems and protection from malicious attacks, such as Denial
of Service attacks.

You might also like