Delivery in day(s): 3
Network Redesign and Development Assignment Help
This COIT20265 network redesign and development assignment is based on capstone project case study. It involves lots of conceptual and practical knowledge of IT infrastructure redesign and development.
“Tivoli Central University (TCU) is a public higher education institution founded in Northampton in late 1960. By 1970, it was the first Institute in Tivoli to launch distance education programs. During the 1980s, the university expanded its operations to other regional areas outside Northampton including Carlsberg, Radcliff, Bluestone and Quay West. Likewise, TCU also expanded its presence throughout Tivoli with campuses in metropolitan areas including Armadale, Bass Strait, Coors, St Marie, and Golden Goose. At present TCU provides diverse range of trade qualifications, undergraduate and postgraduate programs as well as short professional or occupational courses. More than 30,000 students are currently studying various levels of programs at TCU as on-campus students. Additionally, more than 10,000 students are currently studying at TCU under the online and distance education programs.
TCU offers 3 main centers or sites to support its IT services:- Headquarters (HQ), Operations (Data Centre) and Backup facility. HQ is based out of Northampton main campus, Data Center (DC) some 50 Km off the HQ at Northampton outskirts and this is where all the back office operations function, housing all the DC & IT staff. Aside from the HQ in Northampton, all territorial and metropolitan offices are fundamentally the same as far as size, staff, and innovations are concerned. Their IT foundation is spread around Tivoli in structures and utilizes generally old and complex technology. TCU still uses SNA (Systems Network Architecture) conventions to empower campus correspondence to the centralized server PC situated at Operations. As of now, File servers still require IPX/SPX correspondence and a few offices (not all) utilization TCP/IP to associate with the Internet.
Also, all campuses are associated with the Operations through an old Multiservice Platform Router for adaptable LAN and WAN designs, simple updates, and the treatment of different protocol at the web and transport layers. The switch empowers the campuses to correspond with various TCU campuses situated in various destinations. To bolster the everyday learning and showing exercises of student, academic and admin staffs TCU additionally manages twelve (12) of outside partner including hospital facilities and research centers focusing in a wide range of ways.
Existing Set-up at TCU
Figure 1 below traces the intricate WAN framework which TCU as of now uses to bolster its operations. A cross section of 3 T3 rented lines associates the HQ, DC and Backup locales. The lines work at 44.7 Mbps, giving redundancy amongst main offices. All campuses interface with main offices thru Frame Relays: one 56kbps PVC2 prompting the DC and 56 kbps PVC3 is prompting the Backup office, frequently. ISDN Backup line exist in the event that Frame Relay fails (PCV1 provides 2 PVCs of 56 kbps each. PVC2 & PVC3 are also 56kbp). With same token, the 12 education partners associate with TCU by means of an frame relay network of 56kbp. As appears in the below diagram, TCU utilizes two separate ISPs for Internet association by means of T1 rented lines.
Each TCU regional and metro campus is supported by 10Base-T Ethernet LANs, and TCU is expecting to upgrade to more modern Ethernets soon. Each of these campuses has an average of (a) 200 employees including academic, administrative and management staff and (2) about 2,000 on-campus students. The main campus at Northampton houses around 2,000 academic, administrative and management staff. Nearly 10,000 on-campus students are studying at the Northampton main campus.
Unlike regional and metro campuses,North ampton staff sare supported by 100 Base-TE thernet LANs. In the Operations facility, there are 100 engineers in charge of technicall support of the data centre, networking, maintenance, and application development. The organizational and operational structure of the Back up facility is smlar to the structure of the Operations facility. All operational servers including FTP, HTTP/HTTPS, SMTP/SMTPS, DHCP, DNS, Authentication, Telepresence, Domain Controllers, Database, SAN, Load Balancing and video are concentrated in this facility. The Operations facility also contains the infra structure suppor toTCU’ sent erprisere sources and services (described below):
CT infrastructure at Metro and Regional campuses
Computer Lab Core Software
Staff equipped with Desktop PCs running Windows 7 (dual monitors)
Microsoft outlook installed in all is taff work stations to access emails
Staff PCs equipped with first generation headsets and webcams
Mcrosoft Office suite
Adobe DesgnPremium Suite including:
12 networked Laser Printers
Google Chrome and Firefox
Adobe Acrobat Pro
20 computer labs, each with 24 Desktop Pcs running Windows 7 (single monitor)
One Network Attachment Storage for local storage in each lab
Moodle Learning Management System (LMS)
Adobe Flash Pro
One Multiservice Platform Router
People Soft Enterprise systems
Life ray Information systems portals
Staff equipped with plain old telephone systems (POTS)
Mahara E-Port folio system
Adobe Photoshop Extended
ICT infrastructure at Headquarters (Northampton)
Adobe Flash Player
Microsoft outlook installed in all staff workstations to access emails
Adobe Shockwave Player
Staff equipped with Desktop PCs running Windows 7 (dual monitors)
Microsoft Office suite
Staff PCs equipped with latest generation headsets and webcams
Google Chrome and Firefox
100 networked Laser Printers (also capable of scanning and photocopying)
BM SPSS Statistics
100 computer labs, each with 24 Desktop Pcs running Windows 7 (single monitor)
BM SPSS AMOS
One Network Attachment Storage for local storage in each lab
One Multiservice Platform Router
Java Development Kit
Staff equipped with VoIP video phones
Enterprise resources and Services
VLC Media Player
Telepresence: VoIP, Video Conferencing, Interactive Systems
ICT infrastructure at Operations site
One Multiservice Platform router
Operating system: Combination of Windows and Linux OSs servers
Derby Network Database Server
Staff equipped with Desktop PCs running Windows 8
LMS - Blackboard
MySQL Database Server
Microsoft Office suite including:
Student Information Systems
SAP Enterprise Resource Planning
Microsoft Project Professional
Problems faced and need to redesign network
TCU process depends on a blend of frameworks including Internet, IPX/SPX, SNA and ICT-related administrations with an extremely complex ICT foundation. TCU academics recognize this as real issue as it will be a bottleneck for future TCU development and maintainability. The senior official of TCU contends that at present the college is spending tremendously to keep up and incorporate different and variety frameworks; with little space to grow and enhance administrations. The TCU board asserts that TCU needs to change and re-procure the ICT infra to give great learning and educating in the most financially feasible way.
For the change, the move to interoperability ought to be accomplished in a smooth way while utilizing the most recent headways in system and data security base keeping in mind the end goal to ensure ‘zero’ issues in the TCU forms. TCU additionally wants to put resources into a multimillion dollar project to modernize the college's ICT foundation. This will conceivably include:
 immersive telepresence framework for supporting distance education (anticipating it will grow fifty per cent),
 staff and student’s remote access and mobile connectivity (with BYOD and / or Work-at-home (WAT) strategies) that TCU as of now does not have,
 movement of various services to the Cloud including the Learning Management System, File, Web and Mail Servers. As far as system and data security, TCU ICT framework ought to defend authorized access and utilization of ICT assets; guarantee unapproved and malignant system assaults are appropriately blocked. Redundancy is right now accomplished with the cross section of 3 T3 rented lines associating the HQ, DC and Backup structures; in any case, nothing has been done so far as far as a security arrangement including Disaster-Recover-Plan (DRP) and business continuity process (BCP) for the college.
Scope of Work (SoW)
The entire work is done into 2 sections Part A & B. Both the Parts are secured hereunder, according to the necessities.
For this part it is required to plan and actualize a protected data and system framework that guarantees high accessibility, unwavering quality, adaptability, execution and security to bolster TCU admin. This requires:
1. The update of the system
2. The conveyance of a thorough system security arrangement and
3. Security innovation execution - evidence of idea.
The overhaul of the system
Design of a system can be a testing task. To outline solid, versatile systems, system creators must understand that each of the three noteworthy segments of a system has unmistakable configuration necessities. A system that comprises of just 50 mesh routing node can pose complex issues that prompt capricious results. Endeavoring to optimize systems that have great many nodes can pose significantly more intricate issues. In spite of changes in hardware execution and media capacities, system outline is turning out to be more troublesome. The pattern is toward progressively complex situations including numerous media, various protocol, and interconnection outside any single association's territory of control. Deliberately planning systems can decrease the hardships connected with development as a systems administration environment advances.
Re-Designing TCU Network
A campus system is a building or gathering of structures all associated into one venture organize that comprises of numerous neighborhood (LANs). A campus network is by and large a part of an organization (or the entire organization) that is obliged to a settled geographic territory, as appeared in beneath Figure.
The normal campus network situation is that the organization (TCU) possesses the physical wires, network equipment as well as all the related devices. The re-designed topology is essentially LAN innovation associating all the end frameworks inside of the building. Campus by and large utilizes the LAN topologies and protocols, for example, Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), Fast Ethernet, Gigabit Ethernet, and Asynchronous Transfer Mode (ATM). A substantial part of the network also utilizes WAN innovation to associate the structures. Despite the fact that the wiring and conventions of a campus may be founded on WAN innovation, the design does not offer the WAN with high bandwidth as it is imperative of the high cost of transfer speed. After the wire is introduced, data transfer capacity is modest in light of the fact that the TCU also owns and should re-utilize wires and there is no repeating expense to an administration supplier. Updating the physical wiring can be costly.
Overhaul of wiring to meet the prerequisites of updates in applications is required. For instance, higher-speed advancements, for example, Fast Ethernet, Gigabit Ethernet, and ATM as a spine design—and Layer 2 exchanging give devoted transfer speed to the desktop.
Patterns in TCU network re- Design
Previously, planners had just predetermined number of equipment choices—switches or center points—when acquiring an innovation for their grounds systems. Thus, it was uncommon to commit an equipment plan error. Center points were for wiring storage rooms, and switches were for the server farm or fundamental information transfers operations.
Currently, LAN switches give execution advantage by expanding transmission capacity and throughput for workgroups and nearby servers. As Figure demonstrates, these switches are normally introduced to supplant shared hubs and give higher-data transfer capacity associations with the end client.
Table 1-1 Summary of LAN Technologies
Routing is a key technology for connecting LANs in a campus network. It can be either Layer 3 switching or more traditional routing with Layer 3 switching and additional router features.
Gigabit Ethernet builds on top of the Ethernet protocol but increases speed tenfold over Fast Ethernet to 1000 Mbps, or 1 Gbps. Gigabit Ethernet provides high-bandwidth capacity for backbone designs while providing backward compatibility for installed media.
LAN switching technologes—Ethernet switching
Ethernet switching provides Layer 2 switching and offers dedicated Ethernet segments for each connection. This is the base fabric of the network.
LAN switching technologies—Token Ring switching
Token Ring switching offers the same functionality as Ethernet switching but uses Token Ring technology. You can use a Token Ring switch as either a transparent bridge or as a source-route bridge.
ATM switching technologies
ATM switching offers high-speed switching technology for voice, video, and data. Its operation is similar to LAN switching technologies for data operations. ATM, however, offers high-bandwidth capacity.
Network Designers are currently purchasing separate network devices and sorts (for instance, switches, Ethernet switches, and ATM switches) and after that connecting them. Albeit singular buy choices may appear to be safe, system planners must not overlook this different hardware still cooperates to frame a system. It is conceivable to purchase separate advancements and fabricate mindful outlines utilizing each new innovation. However, the designers have considered the general integration of the system. In this scenario, the outcome is that the systems have a low downtime, and never clog the network any time. This design therefore provides, flexibility, scalability and good performance.
Comprehensive Network Security Plan
The TCU needs to execute a security strategy on a suitable area in the system.
- Ensure that only users from its main 3 offices can attach to the corporate data centre at 18.104.22.168.
- Only main 3 offices users are able to access the Servers hosted at an ASP at address 22.214.171.124, utilizing an application on Port 1234 using TCP. (Put these behind firewall)
- Only main 3 offices users are able to access an University database using http, https and ftp (remember ftp uses two ports) on address 126.96.36.199
- All users need to access an off-site email server running both IMAP/POP3/SMTP in the appropriate directions on address 188.8.131.52.
- Block access to a suspected Botnet control and command using networks 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124 & 126.96.36.199.
- Only internal initiated connections are permitted to access the Internet.
- All security violations must be logged in an appropriate syslog server or snmp trap service.
Additional considerations which will need to be addressed include:
- Design, justify and implement a classless based addressing scheme which will implement a VLSM to save spare addresses to encompass the WAN, local office based LAN’s and future expansion capacity.
- Setup appropriate links to the Internet and ensure anywhere on the network can access the University’s data centre at 188.8.131.52.
- Ensure appropriate secure routing and data-link connectivity between sites is used at all times
- Implement appropriate scaling techniques to allow the organization to connect to the Internet whilst maintaining their internal addressing strategy.
- Implement the appropriate ACLs or firewall functionality in line with the organizations security policy at the most appropriate place
- Basic Router Security should be applied to all console and virtual connections. Consider the use of appropriate technologies to help prevent unauthorized eavesdropping.
- Configure all network equipment to be queried via SNMP for basic location, contact details and utilization for appropriate WAN links. Use only RO communities and test utilizing a SNMP tool of choice.
- Set up a syslog server or trap receiver and configure the equipment chosen to host the security policy to log all security violations.
Security Information and Event Management (SIEM) solutions are a necessary part of the organization's security infrastructure, playing an important role in early threat detection, incident response, forensic analysis, and improving overall security infrastructure.
According to Gartner, a set of common core capabilities provides a foundation for SIEM ss and solutions specifically supports threat management or auditing use cases. Gartner reports that there are five essential capabilities provided by SIEM technologies.
To effectively evaluate a SIEM solution, the complete artefact must cover the core SIEM functions. Your role is to investigate and demonstrate using one or more tools, from the open source (including GPL) portfolio to provide a minimum of 3 of the main criteria areas in SIEM.
Core Capabilities of SIEM Technology (Aanval, 2014))
The following are Gartner's five most basic center abilities of SIEM innovation.
- Event and Data Collectors: SIEM items gather system movement occasion information through receipt of a syslog information stream from the checked occasion source.
- Correlation: This sets up connections among messages or occasions that are created by gadgets, frameworks, or applications, taking into account qualities, for example, the source, target, convention, or occasion sort. Connection is critical for risk administration (to track and investigate the movement of an assault crosswise over parts and frameworks) and for client action observing (to track and dissect the action of a client crosswise over applications, or to track and examine a progression of related exchanges or information access occasions).
- Event Normalization and Taxonomy:This is a mapping of data from heterogeneous sources to a typical grouping. A scientific categorization helps in example acknowledgment furthermore enhances the degree and security of connection standards. At the point when occasions from heterogeneous sources are standardized they can be examined by a littler number of connection guidelines, which lessens organization and bolster work.
- Scalable Architecture and Deployment Flexibility: These are gotten from merchant plan choices in the ranges of item engineering, information accumulation systems, specialists outlines, and coding rehearses. Amid the arranging stage, numerous associations think little of the volume of occasion information that will be gathered, and also the extent of examination reporting that will be required. An engineering that backings adaptability and sending adaptability will empower an association to adjust its arrangement notwithstanding surprising occasion volume and investigation.
- Deployment and Support Simplicity: For littler security staffs and more restricted framework bolster capacities, predefined capacities and simplicity of arrangement and bolster straightforwardness are esteemed over cutting edge usefulness and broad customization.
Get more information Network Redesign and Development Assignment
Security technology implementation - proof of concept (PoC)
The leading SIEM product LogRhythm incorporates some of the following functionality:
Integration of traditional logs with other event sources, such as Threat Intelligence, Identity and Access Management systems (IAM) Database Activity Monitoring (DAM), NetFlow/DPI, File Integrity Monitoring and Application logging
Capabilities to support a Security Operations Center
Ability to create custom log source feeds
Selection of critical fields and scheduled summarization of events
Health status monitoring
Free space, event rates/device, CPU and memory utilization
Scalability – at the correlation engine level
Source: Kent Saunders, Senior Consultant, Accuvant 2015
A trial version of the software is installed and we found that before the University used to record and analyze the University’s log data manually but this took up a huge proportion of the IT resources. It was recognized that the log management, analysis and event management solution would automate and significantly streamline this process and bring greater efficiencies to the IT department. After installation of the trial version, an exhaustive evaluation in a very complex educational environment was conducted and it soon became evident that LogRhythm lived up to the expectations for the solution and vendor service. For example, not only was LogRhythm best placed to operate across the University’s many IT platforms such as Unix and Microsoft, but it also offered a comprehensive and easy to use solution for IT forensics and reporting. LogRhythm vendor support provide support for a specific business requirements and provide the help accordingly. The software also helped in the case of a virus attack and the University used LogRhythm to view its entire network to see if the virus had infiltrated it and quickly established that there were no irregularities. Before LogRhythm, carrying out an investigation such as this would have been time consuming and labor intensive – regardless of a virus being present or not.”
1. An appropriate immersive telepresence system to support distance education students. As mentioned above, TCU is expected to grow 50% in distance education in the next 3 years.TCU is expected to grow by 50 per cent in distance education itself in next three years. So a right immersive telepresence system needs to be proposed, not only to support distance education students in the current year, but also have to be ready for the growth in the coming next three years.
Hence following solution is proposed:
Mainly the TCU needs to buy a third party immersive telepresence solution which can support the distance education course students. Here, the students would require online lectures, schedule meetings, interactive sessions with the professor, assignment allocation and submission and even the online quiz, tests and exams. So lot of interactive activities will take place and so the system must be robust enough to support the multiple parallel sessions. The system also assumes that there would be crisp images, good quality sound and unbreakable session. A session once connected and joined by the participants should be able to continue till the end and should not get interrupted in between, and this audio/video session can be a 2 way interactive session.
A representative third party solution, for instance Telstra Telepresence solutions can make virtual meetings effortless to schedule and use. There are other third party solutions as well, which can be equally good, but one good thing about Telstra is its ease of use and configure. This helps the staff to schedule many unbreakable sessions in parallel effortlessly. As the number of students will grow by fifty per cent in three years so the pressure on the staff to schedule and maintain the telepresence will be higher. A solution like Telstra will help to maintain a number of interactive sessions in parallel. (Telstra, nd).
Quality of virtual meetings and video / sound standards are important, which will make Telstra solution immediately adaptable and the cost of the solution can be easily met, as revealed from the research. (Telstra, nd). Thus, it will be a very suitable solution for TCU and as the technology uses CISCO based equipment so they qualify as per the international standards and benchmarking in this area. The interfaces offered by Telstra are easily integrated with other CISCO equipments like routers and switches / hubs already present with TCU. So there is no issue with the compatibility of the solution with the standard interfaces in TCU’s LAN / WAN network as proposed. A support system provided by the company helps to troubleshoot any performance or outage which may occur during normal course of operations.
2. Recommend the strategy for staff and student remote access and mobile services (staff BYOD and Work-at-home (WAT); and student BYOD and study-at-home policies).
The Immersive telepresence solution enables one person to control / communicate with nearly 50 locations. Since the distance education will permit the students to connect from their homes (WAT) or from their own devices (BYOD) so the control can be taken either the person who delivers the lecture or presentation of a moderator who coordinates the session (Telstra, nd).
Since many different students may connect from several different locations, it is necessary to have a big and high definition display to monitor and track a session with multiple locations, and many people connected to the session. As the session can be a presentation or a lecture delivery, there may be a question answer hour where the students could be allowed to post or ask their questions. A big and high definition display can lead to a better management where the moderator and presenter will allow the students to ask their questions by giving the, the rights to speak, draw on a virtual board or write something. The Cisco TelePresence 1100® and 1300® provide a very high definition 65 ” plasma display unit to enable one-to-one meeting with students in nearly fifty locations.
TCU may form the student BYOD and study-at-home policies for staff and student remote access and mobile services (staff BYOD and Work-at-home (WAT). To give a shape to these policies and practice, TCU would need a Large, immersive meeting room where the presenter / moderator or the professor would be seated. The meeting room would have all the equipments and a echo free and quiet place so that there is no background noise. The Cisco TelePresence ® technology offers an ultra high definition video (density : 1080 pixels) on 3 sixty five inch plasma monitors. Big room is provided that the University can also organize a panel or group discussion with 6 - 18 people can be seated together and holds the meeting with the remote participants. Max 18 people can be easily seated together and so even a regular class can be held in this facility where a flexibility is given to some students to connect from Home. Other can use BYOD devices as the Telestra’s open interface networking facilities enable the users to connect a host of devices to the Telestra network.
Thus, Telestra provides solution that is simple to implement and convenience. The company also provides consultancy and support on the issues related to design, installations, room fitness, onsite equipments, authorization and network optimization.
3. A comprehensive technical report on the migration of the LMS, File, Web and Mail Servers to the Cloud is provided herewith. A requirement analysis, cost benefit analysis (CBA), risk analyses and final recommendations are presented by considering at least 3 different cloud service providers (CSPs) - - Linode, Rackspace and Amazon’s AWS.
Today computing usually requires cloud computing. Computing for business means using computers and related information technology for business operations. Many enterprises / universities are thinking to move their IT Services in to the cloud. Many companies / educational business organizations are of the view that, "We need rapid access to different and potentially changing, models of computing and new technologies. Without this, we could be left in the dust by competition." As TCU has started considering the adoption of the technologies like immersive telepresence, so it policies are quite state-of-art and forward looking. On the same line, the University now wishes to move its LMS, File, Web and Mail Servers to the Cloud (Harding, 2011)
The TCU should gain rich dividends by migrating to cloud environment. As more and more business processes will be optimized with the use of cloud computing technology, the University can look for better and superior software to support its students. As TCU foresees the use of distance education Cloud computing will be the ideal solution and it will provide good returns to the investment. Software and IT systems in the cloud act as "Enablers" to improve the business processes. Students can easily access the cloud server, and even store their files. University staff can store their complete education solution over the cloud without having to worry about purchasing the costly servers, and the technologies to support and maintain the. This is so as the cloud service provider like Linode, Rackspace and Amazon’s AWS will provide the complete infrastructure and maintenance to TCU.
Rackspace Cloud Servers
CPU: 1 iCore
CPU: i8 Cores
CPU: i1 Core
Storage: EBS storage only ($0.10/GB), say we use 20GB
Storage: 40GB allocated
Transfer: In (Free), Out (First 1GB is free, subsequent GB up to 10TB is $0.12/GB)
Transfer: In (Free), Out (2048GB/2TB)
Transfer: In (Free), Out ($0.12/GB)
Depending on the vendor the university chooses and the service it avails, the need to maintain the software could even be completely avoided. As TCU will have more budget, so it can avail a high end cloud service to provide an unbreakable virtual class room to the students. The maintenance of performance, hardware and software maintenance can be done more professionally by the cloud providers as usually these companies hire highly skilled engineers and administrators to support their multiple systems and instances. As far as TCU is concerned and considering the nature of its business it is not completely feasible for the university to hire highly skilled technical resources. So technical service if outsourced to cloud service providers not only ensures the quality of service but also the performance.
Thus, TCU would add value to its operations by moving to the cloud computing. Its operations, data and transactions can be performed from anywhere. So they are no more limited to premises. In this manner they extend their operations to global operations by merely moving to the cloud. So definitely the benefits outweigh the costs involved in migrating to the cloud.
Risks in cloud and mobile technology
There are certain downsides of moving the business to computer technology. As the computer systems can be hacked so there is a risk of security. Some intruder can hack into the system and make the system unavailable or steal the data or other such destructive activities. Companies are switching to mobile and cloud technology to improve flexibility, high availability and lower the cost of operations. However, there are several risks as follows:
1. Hackers can sabotage the systems as the systems are virtually available at the websites or on public servers
2. Hackers can steal the sensitive data causing severe loss to the company
3. Intruder can break in to the system security and make it unavailable causing huge loss to the company's business.
However, some of these risks are also involved in the on-premise computing as even the hacker can easily break-in to the current TCU resources.
Risk Mitigation Plan: TCU can minimize the risks by using security best practices. The computing environment can be secured by putting the data under firewall and securing their passwords.
Aanval (2014). The Essential Features and Capabilities of a SIEM Technology.
Forouzan, B. (2010). TCP/IP Protocol Suite, 4th Edition, Boston, MA. McGraw-Hill Higher Education.
Harding, C. (2011). Cloud computing for Business. The Open Group Guide. Available from http://www.opengroup.org/sites/default/files/contentimages/Press/Excerpts/first_30_pages.pdf
Panko, R. (2003). Business Data Networks and Telecommunications, 4th edition, Upper Saddle River, N.J. Pearson Education.
Weaver, R., Weaver, D., & Farwood, D. (2014) Guide to Network Defense and Countermeasures, 3rd edition, Boston, MA, Course Technology, Cengage Learning.
Whitman, M., Mattord, H., & Green, A. (2012) Guide to Firewalls & VPNs, 3rd edition, Boston, MA. Course Technology, Cengage Learning.
Whitman, M. E., & Mattord, H. J. (2008). Management of information and security Boston: Course Technology Cengage Learning.