{ EduSolutions Auditoria. EduSolutions background EduSolutions Description EduSolutions...
-
Upload
leonard-nelson -
Category
Documents
-
view
214 -
download
0
Transcript of { EduSolutions Auditoria. EduSolutions background EduSolutions Description EduSolutions...
{EduSolutions
Auditoria
EduSolutions background EduSolutions Description EduSolutions Organizational Structure EduSolutions System
Critical Asset Worksheet for people Critical Asset Worksheet for Information
AGENDA
EduSolutions is a specialized company in the adaptation and implementation of tools, focused in the development of e-learning environments (EVA from its notation in Spanish).
The end scope of its solutions, it's to promote a continuous and significative learning from distance.
EduSolutions Description
The company has 4 main areas: The production area, which consists of
four departments: Analysis, Adaptation and Development, Testing and Implementation and Support, the latter having a sub-department on behalf of Maintenance.
The Commercial Division area which has 2 departments: Marketing and Sales.
The Finance area with 2 Accounting and Administration departments.
The Human Resources area.
EduSolutions
The production area has 32 employees in the departments are divided as follows :
Department of Analysis: 5 Employees. Adaptation and Development
Department : 8 employees . Testing and Implementation Department :
8 employees . Support Department : 5 employees . Maintenance Department : 6 employees .
EduSolutions Organizational Structure
By the Commercial Division area has 10 employees divided into departments as follows:
Department of Marketing: 4 employees . Sales Department : 5 employees . They have a Sales Manager .
EduSolutions Organizational Structure
The Finance area is comprised of a total of 7 employees , which are distributed as follows in the departments :
Accounting Department : 3 employees . Department of Administration : 3
employees . They have a financial manager .
EduSolutions Organizational Structure
In the area of human resources , which has five employees:
3 secretaries. A human resources manager .
Finally , the department is comprised of Management
General Manager . Executive Assistant .
EduSolutions Organizational Structure
So, What did i find about People at EduSolutions?
They’ve got 55 employees, distributed in 5 main areas, including the CEO.
A total of 15 different jobs.
People Assets
Listed below, are the 5 key areas and the most critical person i found there:
Production: NA Commercial Division: Sales Manager Finance: financial chief HR: HR chief Management: CEO
Critical Persons
What are the security requirements for these persons?
The set of skills provided by each one of these persons must be available when needed
These persons should cover the needs of people below them.
They have expertise in the areas they are managing, therefore absence will have repercussions in this area.
Security Requirements
Key people taking a temporary absence
Key people leaving the organization permantly
Threats affecting a third-party or service provider
Other problems
EduSolutions has a good organizational structure.
EduSolutions has the OHSAS norm which makes employees more confident and productive.
Positive points
Do not have a contingency plan in case of an employee does not attend to work
They have a sanctions system for absence at work, instead of a prevention plan.
Working 6 days a week seems a little to excessive, considering they got to work full hours on Saturday.
No mention on the Capability level of the norm ISO/IEC-15504, if your madurity level is not high enough, key people leaving the organization permantly may have a high impact.
There is no Production manager. Production area has no defined teams.
Negative points
Define a Production manager Define a level 3 capability level in your
norm ISO/IEC 15504. Consider a prevention plan for people
absence. It’s a good idea to define teams, it will
help you achive the level 3. More rest days for you employees will
make them more productive.
Recommendations
Critical asset for Information
Information that belongs to the Institution using your EVA service such as: Students information, Teachers Information,etc.
Personal Computers in the working area. EVA system Sensible information that your company
needs for you to provide a service to and institution(Institutions religion, bank accounts, etc.)
Critical Information
Servers that provide your service and host your data.
Critical system
Information: Intitutions data( metioned in the critical
information, both the one you host and the one you need to provide a service)
Services Database
Others Personal computers EVA system Internet connectivity
Related Assets to this system
Contingency plan for natural disasters. Hired an external company for data
backups. Good recommendations to keep servers
and computers in good shape.
Positive points
No responsible for the intitutions information allocated in your servers.
No responsible for your EVA system uptime.
Data regulation not specified.
Negative points
Continue improving your positive points Specify who is resposible for all the
information your servers handle.
Recommendations
Network Access Information
Your website has a privacy policy
Positive points
You have vital intern information unrestricted, which may lead to information disclosure
Competitors may steal information You dont specified if you have a firewall
or not or what kind of security are you using to protect your serversNegative points
Specify a security protocol for your server-client conecctions
Get a firewall Implement user privileges to access your
website information
Recommendations
Human actors using physical access
Your LAN is not well specified Employees might use a different
computer and cause trouble(loss of information, disclosure,etc)
No security guards.
Negative points
Specify your access to the LAN(static, dinamic, number of nodes, etc.)
Hire a security company. Personal passwords. Avoid employees
from sharing them.
Recommendations
System Problems
The company has a contingecy plan The company has backup plan
Positive points
No backup server in case of main server failure.
No antivirus. No specifications on how to handle
version changes.
Negative points
Hire or buy a backup server, since your company totally relies on an online server to provide the service.
Buy an Antivirus. Specify how to handle version changes.
Recommendations
Natural disasters contingency plan.
Positive points
The company doesnt have a plan in case of infrastructure problems
The company doesnt have a secundary ISP in case of unavailability of main ISP.
Backup power supply is not specified or is inexistent.
Negative points
Hire a secondary ISP Specify if a backup power supply exist, if
not you should get one Elaborate a plan in case of
infrastructures failure
Recommendations