Task 1.0: Policy Critique

I’m sure you’ve heard about the server outages this past month, with customers reporting problems accessing the site and listing their properties, even a case of identity theft…. Not to mention the loss in revenue - we lost thousands of dollars just paying overtime to our customer service representatives. If that’s not enough, investors are talking about pulling out of the company, which would be a real disaster after our recent expansion.

I think we have a handle on the outages for the time being. In the meantime, we need to formalize a policy to help prevent further problems and to guide us in handling them as they arise. We have some policies in place, but they’re more or less a set of bandage solutions we’ve implemented as we’ve grown. I need your help and expertise to ensure we have an appropriately comprehensive policy.

The first task for your team is to review the sections of the policy that exist now (see attached Security Policy). Please note any omissions, contradictions, or places where the policy doesn’t seem legal, tenable, or suited to C-Bay’s needs. You don’t have to redraft anything, just identify the problem areas and make some recommendations.

Check out our Executive Summary as you consider our issues and needs. I’m also attaching notes from a discussion I had with department heads about security -- they should provide some useful info for your review.

I’ll be presenting the first draft of the policy to the executive team in three weeks, so I’ll need your input by the end of next week. I’ll be in Dallas then, so it’s best if you generate a PowerPoint to walk us through your comments. Your audience will include Directors from Dallas and New York). Flag any areas in the policy where you anticipate we’ll get push-back from execs in sales and legal, and consider how we might justify keeping those policies - this will really help me when I present the policy to the execs.

I know this is a lot to start off with, but I’m confident that you can manage it.

I forgot to attach these to the previous e-mail, and they might be helpful for your work on the current draft of the policy:

* Network specs (details about our network infrastructure, software, and hardware)

* Network topology (a schematic lay-out of the hardware and connections that comprise our network)

In case you're wondering about the router that is leading to the Dev/QA subnet, let me explain. The Development and Quality Assurance employees, when they test, generate broadcasts or multicasts. We certainly don’t want those to interfere with the rest of the network, so the small router creates a sandbox for Dev/QA to play in. The core router only has three ports, which were already being used, so the IT department bought a router to isolate that subnet.

Hope that helps.

Take care,

Director, IT & Operations