Components Of A Good Password Computer Science Essay

Components Of A Good Password Computer Science Essay Computer manufacturer and OS developers often build and deliver systems in default modes to secure the system from external attacks. From developers view this is the most efficient mode of product delivery. As per the organisation or a user, they require more protected and secured system before it is placed into service. Security baselines are standards which defines a minimum set of security controls for organisations. Security baselines typically address both technical issues such as software configuration and operational issues such as keeping applications up to date with vendor patches. In the security baselines, if hardware, OS, network and application followed the recommended minimum set of security settings then it will significantly decrease its vulnerability to security threats. The process of securing and preparing the system against the internal and external threats and system vulnerabilities is called hardening. Reduce the main reasons of attack that includes the removal of unnecessary services, software and unnecessary usernames or logins. It makes the system more secure, reliable, efficient and gives optimised performance. 12.2 Password Selection Password selection is one of the critical activities that often get neglected as part of a good security baseline. Currently most systems are protected by a user ID and password. If an attacker discovers the correct user ID and password by guessing or by using freely available password cracker tools, then they can gain access to the system. By following basic guidelines and principles in choosing passwords, the passwords used on the system will protect the assets. 12.2.1 Selecting a Password Users should consider a few basic requirements while choosing the password. Set a minimum number of characters and never accept shorter password. Do not use dictionary words and mix of lowercase and uppercase letters with usually one or two numbers. Randomly created passwords are strong passwords and they are difficult to guess and will defeat most password-cracking utilities. However, randomly generated passwords are difficult to remember and users often write down these passwords usually in a location close to the machine. Thus it defeats the purpose of the password. 12.2.2 Components of a Good Password User should create their own easy to remember passwords. Password is meant to protect access and resources from hackers. It should not be easy for them to guess or crack through password cracking tools. Common guidelines to make the password more difficult to guess or obtain are as follows: It should be at least eight characters long. It should include uppercase and lowercase letters, numbers, special characters or punctuation marks. It should not contain dictionary words. It should not contain the users personal information such as their name, family members name, birth date, pet name, phone number or any other detail that can easily be identified. It should not be the same as the users login name. It should not be the default passwords as supplied by the system vendor such as password, guest, admin and so on. 12.2.3 Password Aging Password aging is technique used by system administrators and it forces the user to change their passwords after specified period of time. If it is not changed within a specific period of time, it expires and must be reset. Password aging can also force a user to keep a password for a certain number of weeks before changing it. Changing passwords periodically will protect against brute-force attacks because when password is changed the attacker must restart the attack from the beginning. If password is changed periodically, an attacker will never be able to cycle through all the possible combinations before the password is changed again. Most operating systems have options that allow system administrators to apply password aging and prevent password reuse. Common guidelines are as follows: User must change their passwords in every 60 to 90 days. A very secured service requires to change passwords every 30 to 45 days. System must remember each users last five to ten passwords and should not allow the user to reuse those passwords. 12.3 Hardening Most computers provide network security features to control outside access to the system. All nonessential softwares such as spyware blockers and antivirus programs prevent malicious software to run on the system. Even with all these security measures, systems are still vulnerable to outside access. System hardening is a step by step process of securely configuring a system to protect it against unauthorised access. It also helps to minimise the security vulnerabilities. The three basic areas of hardening are as follows: Operating system-based hardening It includes information about securing and hardening various operating system. It also includes methods to secure file systems. Network-based hardening It examines the methods and procedures of hardening network devices, services and protocols. Application-based hardening It includes security of client-side user applications and services such as Domain Name Service (DNS), Dynamic Host Configuration Protocol (DHCP) and Web servers. 12.3.1 Operating System-Based Hardening Operating system hardening is the first step towards safeguarding systems from intrusion. Systems received from the vendors have preinstalled development tools and utilities which are beneficial to the new user as well as it also provide back-door access to an organisations systems. Operating system hardening includes the removal of all non essential tools, utilities and other systems administration options through which hackers can easily access the system. Hardening process will ensure that all security features are activated and configured correctly. This process makes the system secure, efficient, reliable and gives optimised performance. Some of the security tips to harden the OS include the following: Disable all unnecessary protocols. Disable all unnecessary services. Disable all unnecessary programs and processes. Verify and then install all vendor patches. Install all product updates. Use vulnerability scanner to identify potential security weaknesses. Configure file system security according to the least privilege rule. Note: Least privilege rule states that, allow access to those individuals who require it and allow only as much access required to complete the task. File System Controlling access to the resources is an important factor in maintaining system security. The most secure environment follows the rule of least privilege. The network administrator receives more complaints from users after following this rule as they are unable to access resources. However, receiving complaints from unauthorised users is more beneficial than suffering access violations that damage the organisations capability to conduct business. The least privileged environment can use the user groups to assign the same access to the resources instead of assigning individual access controls. However, in some cases individual users need more or less access than other group members. To maintain security, network administrator provides greater control over what each user can and cannot access. Updates OS updates are provided by the manufacturer of the specific component. Updates contain improvements to the OS and hence, will make the product more secure, efficient and stable to the users. For example, Microsoft updates are labelled with security updates. These updates address security concerns recognised by Microsoft and install them if required. In addition, updates enhance the capability of a specific function that was underdeveloped at the time the system or application was released. Updates should be thoroughly tested in non-production environments before implementation. Since this new and improved function has more security breaches than the original components, it requires complete testing. Hotfixes, security packs and patches are product updates to resolve a known issue. Hotfixes Hotfixes are components that are designed to fix a particular critical system fault. Hotfixes are created by the vendor when a number of client systems indicate that there is compatibility or functional problem with a manufacturers products used on a particular platform. These are fixes for reported or known problems. Hence, hotfixes should only be installed to correct a specific problem. Service Packs Service packs are collection of updates or hotfixes. It correct known issues and provide drivers, updates and system administration tools that extends product functionality that include enhancements developed after the product is released. Service packs are tested on different hardware and applications to ensure compatibility of existing patches and updates. Service packs must be thoroughly tested and verified in non-production environment before it installed on working systems. Patches Patches are used to prevent hackers from invading the system with virus and other malware that exploits the operating systems vulnerabilities. This improves the usability and performance of the system. OS patches are available on the vendor Website that supplies the product. Since patches are issued at unpredictable intervals, it is important to configure the system to automatically connect with the latest security patch updates. When the new update is released, the OS will prompt to install. While preparing clean installation it is advisable to download and install all known patches before introducing the system to the network. 12.3.2 Network-Based Hardening The tremendous growth of the Internet allows to openly access any system on a network. Hence, proper control over network access must be established on systems by controlling the services that are running and the ports that are opened for network access. In addition to the systems, network devices such as hub, routers, switches and modems must be examined for any security vulnerability. Any flaws in the coding of the OS can be exploited to gain access to the network components. These components should be configured with very strict parameters to maintain network security. The softwares of these components require to be updated regularly. By taking necessary steps, network administrator should limit or reduce attacks, accidental damage through their networks. In addition, network hardening also recommend the correct configuration of network devices and the requirement to enable and disable the services and protocols within a network. Firmware Updates Updating the firmware of the hardware device is provided by the manufacturers. These updates fix incompatibility problems or device operation problems. These updates should be applied if the update includes fixes for an existing condition or if it will make the device more secure and more functional or extends its operational life. It is recommended to install and test the firmware updates in a non-production environment to verify if the update contains the necessary fixes and benefits that are required. Device Configuration Network devices such as routers and switches configured with default installation settings. These default settings leave a system extremely vulnerable as it is set for convenience and not for security. Choosing a good password and limiting access to any open ports is very important in maintaining security of the devices. Good passwords are one of the most effective security tools because a good password can be resistant to several forms of attack. Determining the minimum set of services that the devices are running and good passwords is important for maintaining security of those devices. Apply patches and updates that are released by the product vendor in a regular interval. Enabling and Disabling Services and Protocols It is important to measure the current requirements and conditions of the network and infrastructure and then disable the unnecessary services and protocols. This leads to network infrastructure that is less vulnerable to attack. Access Control Lists Configure access list at the network devices to control access to a network. Access list can prevent certain traffic from entering and exiting a network. Access control lists are controlled by an administrator. 12.3.3 Application-Based Hardening Application hardening is the process to prevent exploitation of various types of vulnerabilities in software application by implementing the latest updates. Applications such as browsers, office suites, e-mail client and services provided through servers such as Web servers, File Transfer Protocol (FTP), DNS servers and DHCP servers on a network require regular updates to provide protection against newly developed threats. Web Servers At present most of the organisations have a Web presence on the Internet for numerous business advantages. Due to Internet popularity, Web servers have become extremely popular targets for attackers. Original content on the Websites are replaced with hackers data. E-commerce sites are attacked and users personal account information is stolen. Microsofts Internet Information Server (IIS) or Apache server are most popular Web servers applications in use today. To secure Web servers from hackers, administrator must apply updates and patches, remove unnecessary protocols and services and properly configured all native controls. It is also recommended to place the Web server behind a firewall or a reverse proxy. Microsoft has developed URLScan and IIS Lockdown tools which are designed to secure IIS servers from attacks and exploits. URLScan is a monitoring utility that examines all incoming URLs and rejects any requests for files, directories or services outside the intended scope of the Website. The IIS Lockdown tool turns off unnecessary functions which reduces the attack surface available to an attacker. E-mail Servers E-mail servers and clients are vulnerable to different attacks such as Denial of Service (DoS) attacks, virus attacks, relay and spoofing attacks. There are numerous deficiencies in the different versions of e-mail server software such as Sendmail for Linux and UNIX and the Exchange or Outlook for Microsoft. E-mail servers are constant potential sources of virus attacks and therefore must have the strongest possible protection for scanning incoming and outgoing messages. E-mail servers should not have non-essential services and applications installed. Administrative and system access should also be securely controlled to block installation or execution of unauthorised programs and trojans. The following attack points should be considered while hardening an e-mail server: Open mail relay allows unauthorised users to send e-mail through an e-mail server. Storage limitation, to limit DoS attacks based on message size. Spamming includes identical messages sent to numerous clients by e-mail. Virus propagation, ensure the anti-virus programs and applications are performing correctly. FTP Servers FTP allows number of users to access and download remotely stored data. It distributes application updates, device drivers and free software to users. Users access this data anonymously. This anonymous access to FTP servers becomes a problem as administrator does not provide anonymous access or does not properly secure the FTP service. This involves setting the appropriate permissions, not allowing the FTP process to be run by an unprivileged user and not allowing users to upload or modify files. Some FTP servers allow upload and download service for authorised users and hence, in that case anonymous access should be completely removed. To overcome buffer overflow problem ensure that FTP server software is up to date and patched. DNS Servers DNS server converts systems host names into IP addresses so that the communication can be correctly routed through the network. Client systems use DNS to locate Web servers, e-mail servers, FTP servers and number of other servers and network services. DNS can be major target for an attacker. The DNS server can be exploited by the following ways: Stealing zone transfers DNS servers are configured to provide information such as list of hosts and routers with IP addresses to other secondary DNS servers. This secondary DNS server is used to maintain a backup copy of the DNS database and to provide name resolution services for client systems. An attacker can receive a zone transfer and use it to track victims network and search for potential targets. Zone update spoofing An attacker can spoof the address of the primary DNS server and send a bogus update to a secondary DNS server. Client systems receive incorrect information and network communication from this bogus server and redirects users to a location controlled by the attacker. DNS cache poisoning Some DNS servers allow attackers to insert bogus information into a DNS cache. To secure and harden the DNS server from various types of exploits, actions to be taken are as follows: Do not place any information on publicly accessible DNS server to avoid snooping around the DNS server. Do not provide additional host information in Host Information (HINFO) records of DNS. HINFO record contains descriptive information about the OS and features of particular system and attacker could use this information to gain access. Configure the DNS servers to only allow zone transfers to specific secondary servers. Berkeley Internet Name Domain (BIND) allows zone transfer to be signed. Zone transfer signing allows secondary servers to verify the credentials of the primary server before accepting data. Ensure that DNS software is patched and up to date to avoid DNS cache poisoning. NNTP Servers Network News Transfer Protocol (NNTP) servers allow news clients to connect to news servers to share information privately or to post articles to a public NNTP server. NNTP servers are vulnerable to DoS attacks, buffer overflows. To exploit server, attackers connect to a private NNTP server to gain any information to compromise network. Sometimes users post accurate diagrams of their network to ask a technical question and attacker can use this information to find ways to exploit a network. They can even offer bogus advice to create a hole in the networks defences. To protect the organisation from NNTP server exploits, block the NNTP port at the firewall to make NNTP server inaccessible to external users. To protect posted private information, authenticate user to prevent anonymous logins to the NNTP server. Also encrypt communications using SSL/TLS to prevent packet sniffing of confidential data. Do not allow users to post confidential information to the public which will compromise their network. File and Print Servers Files and print servers in a network are used to share resources but it is a common way in which hackers can gain information and unauthorised access. When sharing is enabled to share the resources with a trusted internal network over a NIC, the system is also sharing those resources with the entire untrusted external network over the external interface connection. Attackers attempt to make unauthenticated connections to shared resources on the network. If sharing permissions are configured incorrectly for an easily exploited user account, attackers can gain access to resources and alter them. To secure the file and printer shares block access to shares and related information at the firewall. Use the rule of least privilege to secure shares from external attacker. Virtual Private Network (VPN) is also used to encrypt communications between clients and servers to secure data transmission. Data Repositories Data repositories are locations that hold information about networks, applications and users. Attackers can use the information stored in data repositories to formulate attacks against organisation. Hence, ensure that this information is limited and restricted for external users. As well as authentication and encryption of the data is necessary to protect them from external attacks. Directory Services A directory service is used to store, organise and provide access to information in a directory. The information in a directory services can include system accounts, user accounts, mail accounts, service locations and shared resource information. The Lightweight Directory Access Protocol (LDAP) is a common directory service that organises data in a hierarchical manner. The top entry in a LDAP directory information tree is called root and this LDAP root server creates the hierarchy. The directory service hierarchy and the information it stores provide a good map of network infrastructure. This is convenient for authorised users in a network as well as for attacker. Attacker can use numerous ways to compromise LDAP servers such as attacker can use network resources information stored at directory service to examine network structure, resources and potential targets. Attacker can gain victims network information that is transferred over LDAP through eavesdropping. Some of the ways to protect LDAP hierarchy are as follows: Protect LDAP hierarchy by configuring the strongest authentication to the different versions of LDAP. Both LADP v2 and LDAP v3 support anonymous and simple authentication which are not very secure. Anonymous authentication does not require password and simple authentication uses a password in unencrypted format which attacker can easily hack. Strong authentication over LDAP v2 and LDAP v3 is provided through Kerberos version 4 authentication and Simple Authentication and Security Layer (SASL) communications respectively. Use Secure LDAP (LDAPS) that allows encrypting communications using SSL/TLS. Block access to LDAP ports from the Internet so that attackers cannot make connections using these ports. Databases Database servers are used to store data. Both the data and the database server can be target for an attacker. An attacker can steal the data or take over the database server to exploit it. Some of the ways that the database servers can be exploited are as follows: Unexpected data queries or commands Numerous database servers use Structured Query Language (SQL) which allows for the querying and posting of data. An attacker can use SQL commands to do unexpected things is called SQL injection. Unauthenticated access If unauthenticated access to database server is allowed then the attackers can easily connect and exploit the database server. To secure database servers consider the following points: Test the database by running irrelevant queries and attempt to access unauthorised information. Do not allow unauthenticated connections to the database server. While transferring confidential data to and from database server, use SSL/TLS or VPN connection to protect data. To avoid database server to be queried by external users, block access to it at the firewall. 12.4 Chapter Review Questions 1. How an individual should secure a password? (A) Selecting a password with at least eight characters, at least one change in case and at least one number or special character (C) Storing the password in wallet or purse (B) Using the same password on every system (D) Changing passwords at least once a year Ans: A 2. Which of the following steps is part of the hardening process for OS? (A) Remove unnecessary programs and processes (C) Setting appropriate permissions on files (B) Disable unnecessary services (D) All of these Ans: D 3. Which amongst the following is the correct step to overcome buffer overflow problems? (A) Select strong passwords (C) Install the latest patches (B) Remove sample files (D) Set appropriate permissions on files Ans: C 4. Which of the following requires software up to date and patched? (A) Operating systems (C) Applications (B) Network devices (D) All of these Ans: D 5. Rule of least privilege states that ____. (A) allow access to users who requires it (C) allow limited access (B) allow access to everyone (D) allow full access Ans: A and C 6. Which of the following is designed to fix a particular critical system fault? (A) Hotfixes (C) Patches (B) Service packs (D) None of these Ans: A 7. Which of the following extends product functionality after the release of product? (A) Hotfixes (C) Patches (B) Service packs (D) None of these Ans: B 8. Which of the following fixes incompatibility problems or device operation problems? (A) Hotfixes (C) Firmware update (B) Service packs (D) None of these Ans: C 9. Which of the following steps are used to secure Web servers? (A) Apply patches and updates (C) Place the web server behind a firewall (B) Remove unnecessary protocols and services (D) All of these Ans: D 10. BIND stands for _______. (A) Berkeley Internet Network Domain (C) Berkeley Intranet Name Domain (B) Berkeley Internet Name Domain (D) Business Internet Network Domain Ans: B 12.4.1 Answers 1. A 2. D 3. C 4. D 5. A and C 6. A 7. B 8. C 9. D 10. B Summary In the chapter, Security Baselines, you learnt about: Components of a good password and password aging. Different ways to harden the OS. Different ways to harden the network and its devices. Different ways to harden applications such as browsers, office suites, e-mail client and services provided through servers such as Web servers, E-mail servers, FTP servers, DNS servers, NNTP servers, file and print servers, directory services and databases.

Essay --

Latin American countries should provide free birth control devices to all its citizens. Giving free birth control devices will cause a cascade effect that will help these countries that are in poverty. Since many of these Latin American countries are in poverty such as Brazil, Colombia and Guatemala it will make these countries have less deaths, crime and drug trafficking. In many of these countries there are huge amounts of drug trafficking and gang violence happening in these same countries that have a huge poverty and high amount of children born. Since many of these children are born with poverty they struggle to eat. Providing birth control devices for the Latin American countries would allow a lesser birth rate in these countries allowing these family to afford a living rather than having to survive whether it be legal or not. Since these countries are not providing birth control devices there is a high birth rate that far exceeds the income that one can provide. However there are many different ways that are birth control such as pills, condoms, etc.; since none of these devi...

Part a Critical Analysis of Project Management Plan

Part A Critical Analysis of Project Management Plan Executive Summary Table of Contents 1 Introduction This report will present the critical analysis about humanities financial services review project management plan. The purpose of the report is to apply the different theories and ideas regarding the project management plan. The main purpose of the critical analysis is to critique as well as evaluate somebody’s work based on the opinion, idea and perspective of someone. It is an academic report that contains a description of the project plan (part B) as well as its content.This report will also express the opinion of the author with regards to the different part of the project management plan that has chosen. It will analyze the whole project plan by breaking down the project into parts and then studying and evaluating each and every part using the support and help of different references from different books, journals and other related studies. This report will also show the importance of a project plan and who will be benefited from its use and implementation. The structure of the report will follow the structure of the chosen project plan.It will individually analyze the different part or aspect of the project plan based on the project management body of knowledge. The main focus of the report is to give analysis about the different important aspect of the project management plan such as the time or schedule, money or cost, human resource or work breakdown structure as well as different risk that can be encountered by the project during the implementation of the plan. 2 Project Background 2. 1 Information about the Work 2. 1. 1 Title: Humanities Financial Services Review Project Management Plan . 1. 2 Author: Craig Medley 2. 1. 3 Publication Information: Project Id HUM-PR-P1, v. 04 Draft, August 30, 2007, from http://edo. humanities. curtin. edu. au/pdf/Project_Managem ent_Plan_2007. pdf 2. 2 Project Description The chosen document focuses on the pla n for the management of the humanities financial services review project. It was written in order to show or review the different areas or aspects of the newly implemented new transactional systems in November 2007, with an upgrade to the finance one to the Concur and BPI in Humanities only.It can help to know the different processes and flow of data and information of its accounting and purchasing transactions across each and every division (Medley 2007, p. 4). The Faculty of the Humanities of the Curtin University of the Technology offers different courses in Media, Communications, Built Environment, Art and Design, Education, Languages, Human Services as well as Social Sciences. All f the said courses are only few of the courses that the said department of the Curtin University is offering (Faculty of Humanities 2008).The project plan focuses on the implementation of the finance and accounting system of the department that focuses on the needs of the users of the system like invo icing, ordering, approving, reconciling, access to the system, structure of the outputs, skills and request and access for the different outputs (Medley 2007, p. 4). The project management plan will help the current system to improve its operations and increase the security that will eventually help to meet the demands and needs of the different stakeholders or users. Structure and contents of the Project Plan 3. 1 Project Management Plan and Its Purpose 3. 1. 1 What is Project Plan? Project management plan or simply project plan is a document that corresponds to the overall purposes or objectives, responsibilities, resource requirements and agenda for the project (Baker & Baker 2003, p. 29). It is considered as more than a playbook that determine what are the different works or task that are need to done and accomplish (Phillips 2004, p. 32). It is a fluid document that controls the following elements: Provide structure – project plan is developed in order to present a struc ture or composition in order to get the project to its completion. It must be methodical and systematical but brief and short, compilation of different documents that serves as a point of references in the course of the project implementation (Phillips 2004, p. 32). ? Provide Documentation – documented project plan is needed in order for the project to be a successful one. This is due to the fact that it must present historical references and the different reasons behind the decisions that have been made (Phillips 2004, p. 32). Provide Baselines – a project plan includes a number of baselines. As the project shift towards the finishing point, the management together with the stakeholders and the project managers can use the project plan in order to see what was predicted for the costs, schedules, qualities and scopes – and compare it to the present condition (Phillips 2004, p. 32). Project plan is the output or result of the planning phase that confines the diff erent information that has been observed and fulfilled with the team and lays out the different activities and processes about how the project will be carried out.It also represents the projected reality (Martin & Tate 2001, p. 155). 3. 1. 2 Purposes and Importance of the Project Plan The major function of the project plan is to provide a step-by-step insight into what it takes in order to satisfy the requirements or the needs of the system (Frame 2002, p. 97). An inclusive and fittingly comprehensive project plan is essential to a successful completion of any project. It can help to direct the project itself.Without the aid or help of a project plan, it will hard and even impossible to lead a group to carry out their different responsibilities in order achieves their common goal (Baker & Baker 2003, p. 29). It is a directing document of the project management that serves up as a storage area for all of the supplementary plans. It is a guiding document for the project and it’ s intrinsically needs to replicate all of the information that is critical or crucial to the project manager, project team, customer as well as management sponsor. It offers broad direction as to the cost, schedule and requirements baselines.In its thorough and comprehensive form, it provides much more exact and precise guidance on the nature of the components of the different supporting plans (Pritchard 2004, p. 100). 3. 2 Stakeholder of the Humanities Financial Services Review Project Management Plan The main audience or target of the humanities of the financial services review project management are the higher officials who are involved in the overall process and management of the different financial and accounting activities in the humanities department of the   Curtin University of the Technology.The plan will focus on the review of the different areas of the current system of the humanities of the Curtin University of the Technology such as the different internal process flo ws such as invoicing, ordering, approving as well as reconciling; the number of the people or the user that can access the systems of the Concur and the Finance One; the structure of the invoicing as well as procurement function as well as the different responsibilities and functions of each and every users; the different skills of every users; the different uses and what they are used for such as the request for the Curtin tax invoice and its different uses and the different types of transactions that are involved with the credit card or purchase request (Medley 2007, p. 4).All of the said information together with other result of the review will be helpful for the management in order for them to improve the current system of the Humanities department that will ensure competitive advantage for their part because it can make the life of their stakeholders a lot easier. It can also help them to excel in their different operations as well as to ensure or add their financial security. 3. 3 Structure of   Ã‚  Ã‚  Ã‚  Ã‚   the Humanities Financial Services Review Project Management Plan 3. 4 Different Sections of the Humanities Financial Services Review Project Management Plan 4 Conclusions 5 Recommendations Part B Humanities Financial Services Review Project Management Plan 1 Introduction 1. 1 About this Document This document provides a plan for the management of the Humanities Financial Services Review Project. 1. 2 BackgroundNew transactional systems and processes have been implemented recently, being Concur and BPI (Humanities only) with an upgrade to Finance One to occur in November 2007. In addition, the Division is looking at ways in which to best undertake support activities including purchasing and accounting to ensure that efficiencies are obtained. A Financial Services Office is already operational and undertakes some financial processes i. e. electronic processing of credit card transactions. Based on the above, it is now timely to review current sys tems, processes and structures which accounting and purchasing transactions operate under across the Division.The areas that would be reviewed include but are not limited to; internal process flows (including invoicing, ordering, approving and reconciling), the number of people with access to systems (both Concur and Finance One), the structure of the invoicing and procurement function (who does what), skills, and how systems are used and what they are used for (e. g. request for Curtin tax invoice, what are allonges used for, what type of transactions are going through credit cards / purchase request). 1. 3 Project Sponsor The Project Sponsor is Ken McCluskey 1. 4 Project Manager The Project Manager is Craig Medley. 1. 5 Project Team The Project team is comprised of Raymond Seah and Craig Medley 1. 6 Key StakeholdersThe key stakeholders (Humanities only) of this project include: Executive Dean Deans Review Panel 2 Project Scope 2. 1 Strategic Link This project specifically contribu tes towards to the following strategic objective(s):  §Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Excellence in operations  §Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚  Ã‚   Financial security 2. 2 Project Benefits The expected benefits and impacts of the project deliverables are: ? Improved definition and understanding of the role / scope of work of the Financial Service Office in Humanities, ? Roadmap and high level implementation plan for the agreed changes, ? Improved efficiencies and effectiveness of processes within Humanities through standardization and centralization where identified, Potential cost savings and risk reduction in procurement and credit cards processes / systems. 2. 3 Project Deliverables The project’s key deliverables are: Document / s covering: ? Matrix of processes and systems under Humanities Financial Services Office and respective Teaching Areas, ? Services identified for improvement via end to end processing / procurement arrangements / invoicing, ? Recommended proces s flow for identified services, ? List of service deliverables (with the resource requirement) of the Humanities Financial Services Office, ? Policies to support recommended services, ? High level implementation plan 2. 4 Out of Scope The following items are considered out of the scope: ? Implementation of recommendations Expenditure incurred whilst traveling (this may be included at a later date) 2. 5 Work Breakdown Structure (WBS) The project tasks to produce the project deliverables are listed in the Gantt chart at Appendix B1. 2. 6 Constraints The following key project constraints were identified: ? Availability and willingness of staff to contribute ? Data quality 2. 7 Assumptions The following key assumptions influenced the development of this Project Management Plan: ? All staff will be available as required 3 Project Time Schedule 3. 1 Schedule The detailed project schedule is provided in the Gantt chart at Appendix B1 4 Project Costs 4. 1 Budget summary The budget breakdown is summarized as follows: Resource Type |Total Cost ($) |Hours | |Human resources |$30,000 | |Equipment and products | |Consumables | |Totals |$30,000 | |   |   |   |   | The Communication Plan examines the key contacts, frequency of communications, and communication medium to be deployed.It is used to ensure adequate consideration has been given to consultation and information dissemination. It is attached as Appendix D. 5 Project Accountabilities 5. 1 Project Organizational Chart The Project Organizational Chart provides a visual representation of the project team and project reporting structure. It is attached as Appendix B. 5. 2 Responsibility Assignment Matrix The Responsibility Assignment Matrix outlines responsibilities allocated to individuals for each task. It is attached as Appendix C. 5. 3 Project Sponsor The roles and responsibilities of the Project Sponsor include: Responsibility to senior management for the project;Endorsing this document to confirm that proj ect scope and deliverables are correct; Approving changes to scope, schedule, and quality; Reviewing progress and providing strategic direction; Resolving issues beyond the Project Manager’s authority; Providing the resources and sponsorship for the project; and Examining the project at completion2 and completing a Project Sign-off form. 5. 4 Project Manager The roles and responsibilities of the Project Manager include: Managing the day-to-day operations of the project to ensure the project deliverables are produced to scope, schedule, and quality; Monitoring and controlling the Project Management Plan;Providing status reports to the Project Sponsor; Leading the project teams to meet the project objectives; Undertaking the tasks assigned, as specified in the Responsibility Assignment Matrix (refer Appendix C); and Consulting with the Project Sponsor and key stakeholders to maintain communications and keep parties up to date on project progress. 6 Communications Plan 6. 1 Plan The Communication Plan examines the key contacts, frequency of communications, and communication medium to be deployed. It is used to ensure adequate consideration has been given to consultation and information dissemination. It is attached as Appendix B4. 7 Risk Management Plan 7. 1 Risk AssessmentThe Risk Management Plan, attached as Appendix B5, examines risks, rates those risks and identifies potential treatment strategies. 8 Project Control 8. 1 Progress Reporting The Project Management Plan will be controlled on a regular basis, by means of completing Project Status Report to the Project Sponsor on a fortnightly basis. The key elements are scope, schedule, and risk, with the control process comprising: †¢ Monitoring and measuring performance; †¢ Comparing performance to this plan; †¢ Reporting on deviations and issues; and †¢ Taking corrective action (where necessary). 8. 2 Change Management Any proposed changes to the scope or quality will be processed as follows: Proposed changes will be evaluated on the basis of their impact on the project process and outcome, and in light of reasonable alternatives; ? Proposed changes will be formally recorded on a Project Change Control report and submitted to the Project Sponsor; ? The Project Sponsor will review proposed changes, and either accept or reject them; and ? Accepted changes will be communicated to all concerned stakeholders, and project documentation will be amended accordingly. Appendices Appendix A1 Project Management Areas of Knowledge and Its Process ? Appendix B1 Task, Schedule & Gantt Chart Adapted from (PMI Standards & Duncan 1996, p. 7) Appendix B1 Timeline/ Gantt Chart Appendix B2 Project Organizational Chart Appendix B3 – Responsibility Assignment Matrix ID |WBS TASKS |Project |Team Member |Review Committee |Sponsor | | | |Manager | | | | | | |Craig |Raymond |Ken |   | |1 |Policy review |R |I |N |I | |2 |Purchase to Pay Stream |R |I |N, C |A | |2. 1 |Data analysi s |R |I |N, C |C | |2. 2 |Data modelling |R |I |N |N | |3 |Invoicing Stream |N, I |R |I, C |I, C | |3. |Invoice profiling |N, I |R |N |N | |3. 2 |Develop process documentation |N, I |R |N |N | |3. 3 |Present P2P and Invoice data |R |I |N |N | |4 |Interviews |R |I |I, C |C | |4. 1 |Define questions |R |R |C |I | |4. 2 |Agree on questions |R |I |C |A | |4. |Conduct interviews |R |R |I, C |N | |4. 4 |Collate information |R |I |N |N | |4. 5 |Develop activity lists / |R |R |I |N | | |matrices | | | | | |4. 6 |Develop process maps |R |R |N |N | |4. 7 |Review process maps with users|R |R |I |I | |4. |Present findings |R |I |N |C, I | |5 |Recommendations development |R |R |I |I, A | |5. 1 |Analyze prior findings |R |I |N |N, I | |5. 2 |Brainstorm options |R |I |I |I | |5. 3 |Develop recommendations |R |I |I |I | |5. 4 |Review recommendations |R |I |I |I | |5. 5 |Finalize ecommendations |R |I |A |A | |   | |LEGEND | |R – Responsible for executing activity A – Approval author ity | |I – Provides input C – Consulted | |N – Notified | APPENDIX B4 – Communication Plan Stakeholder |Information To Be Communicated|Frequency |Medium |Responsible |Timing | |Faculty/Area Administration staff affected by this review | |Review Panel |Request for feedback on the |Once before the |Meeting |Project Sponsor, |31st August | | |draft project plan and |project is | |Chair of panel & | | | |outlining next steps |officially kicked| |Project Manager | | | | |off | | | | |Executive Dean |Presentation of the draft |Once before the |Meeting |Project Sponsor and |Beginning of Sept 07 | | |project plan. The purpose of |project is | |Project manager | | | |the project; next stage on |officially | | | | | |from previous financial |kicked-off | | | | |services review project | | | | | | |looking at financial | | | | | | |transactional processes & | | | | | | |where these could be improved | | | | | | |& additional services that may| | | | | | |then res ide within the | | | | | | |division’s financial Services | | | | | | |office in the future. | | | | | |Representative from |Outline of Humanities |Prior to project |Meeting & Emails |Project Sponsor and |1st meeting end of August | |Price Waterhouse looking|Financial Services Review |kick-off | |Project Manager | | |at standardization of |project and the Project Team’s| | | | | |processes & systems |approach.Also to gain input | | | | | |across the organization |into the project depending on | | | | | | |some of the objectives that | | | | | | |Price Waterhouse have been | | | | | | |tasked with. | | | | | |Executive Dean and Deans|Kick-off Project, Project plan|At start of Presentation at HMB |Project Sponsor & |10th Sept | | |- main project objectives, |Project | |Project Manager | | | |communications plan, risks & | | | | | | |key areas being covered in the| | | | | | |project | | | | | |Project Sponsor |Project Status updates – |Fortnightly |Meeting |Projec t Manager |Starting 5th September | | |activities, key findings and | | | | | | |issues | | | | | |Financial Services |Introduce the new Associate |Once |Meeting |Project Sponsor, |Approx 3rd week in Sept | | |Director Transaction services | | |Project Team, & | | | |to the project and go through | | |Chair of Review | | | |project plan & request his | | |Committee | | | |involvement on the review | | | | | | |committee | | | | | |Review Committee |Introduction of the new |One of three |Committee meeting |Chair of Review |Towards end of September | | |Associate Director Transaction| | |Committee & Project | | | |services to the review | | |Manager | | | committee as a new member, | | | | | | |Also Summarization of | | | | | | |activities, findings at end of| | | | | | |Purchase to Pay Stream Phase | | | | | | |plus next steps | | | | | |Faculty/Area |General communication to staff|One of three |One on One meetings |Review Panel Members|Towards end of Sept | |Administration staff |in their area about the 1st | | | | | |affected by this review |phase i. e.P2P & Invoicing | | | | | | |quantitative analysis | | | | | |Review Committee |Summarization of activities, |Two of Three |Committee meeting |Project Manager |Towards end of October | | |findings at end of Invoice | | | | | | |Phase plus next steps | | | | | |Faculty/Area |General communication to staff|Two of Three |One on One meetings |Review Panel Members|Towards end of October | |Administration staff |in their area about the 2nd | | | | | |affected by this review |phase i. e. Interviews | | | | | |Review Committee |Review of draft |Three of Three |Committee meeting |Project Manager |Mid November | | |recommendations and gather | | | | | |feedback for inclusion in | | | | | | |final report | | | | | |Faculty/Area |General communication to staff|Two of Three |One on One meetings |Review Panel Members|Mid November | |Administration staff |in their area about the | | | | | |affected by this review |‘draf t’ recommendations | | | | | |Executive Dean and Deans|Project Outcomes and |Conclusion |Presentation at HMB |Project Sponsor and |Early December | | |Recommendations | | |Manager | | Appendix B5 Communication Plan Calendar *Note – Meeting dates with exception of HMB are indicative and subject to change Appendix B6 Risk Management Plan Legend for the Risk Management Plan Defining Likelihood Ratings The following table outlines the definition of likelihood rating as applied to the risk assessment. Descriptor |Definition | |Almost certain |Expected to occur in most circumstances | |Likely |Will probably occur in most circumstances | |Possible |Might occur at some time | |Unlikely |Could occur at some time | |Rare |May only occur in exceptional circumstances | Defining Consequence Ratings The following table outlines the definition of consequence rating as applied to the risk assessment. Consequence |Project Consequence | |Catastrophic |Unacceptable effect on project ob jectives | |Major |Major effects on project objectives, requiring significant effort to rectify. | |Moderate |Moderate effects on project objectives, requiring management effort to rectify | |Minor |Some difficulties experienced, but these are easily managed. | |Insignificant |No noticeable effect on project management objectives | Defining Risk Rankings The following table outlines the definition of risk categorizes, determined by combining the likelihood and consequence of a risk. RISK FACTOR |Insignificant |Minor |Moderate |Major |Catastrophic | |Almost |Low |High |High |Extreme |Extreme | |certain | | | | | | |Likely |Low |Moderate |High |Extreme |Extreme | |Possible |Low |Moderate |High |High |Extreme | |Unlikely |Low |Low |Moderate |High |High | |Rare |Low |Low |Low |Moderate |High |

Competition Is The Cornerstone Of Capitalism - 1499 Words

Competition is the cornerstone of capitalism. It creates rivalry among businesses to produce quality goods and services at competitive prices. This gives consumers a better sense of variety when making purchases. Competition in its purest form creates small buyers and sellers none of which are too large to negatively affect the market as a whole. Competitive markets can be dated back to ancient times when merchants competed in foreign trade. In the 19th century economists considered competition as a natural phenomenon in which growth of an operation was fueled by supply and demand in a free market economy. They also believed that supply and demand worked better in a laissez faire type environment. This was possible through freedom to trade, transparent knowledge of market conditions, no government restrictions on trade, and access to buyers and sellers. These conditions prevented any buyer or seller to significantly affect the market price of a single commodity. After the mid 1800â⠂¬â„¢s, limitations to compete became evident during the industrial revolution. Corporations achieved manufacturing capabilities that would surpass their competitors and would allow them to fix prices and squeeze out their rivals. Eventually some businesses became so large that they controlled enough market share to deceptively manipulate prices in their industry. This activity created an atmosphere for President Theodore Roosevelt to launch his famous trust busting campaigns. The era of antitrustShow MoreRelatedCommunism, Capitalism, and Socialism Essay652 Words   |  3 PagesThree different types of economic systems used by governments are Communism, Capitalism, and Socialism. Each type of system is unique in different ways. Each has distinct aspects that make it what it is. In communism, the government runs everything and there are no social classes. The government in capitalism doesn’t interfere with any businesses and lets the citizens own and operate them. Social ism is basically a mixture of the two economic systems. The government runs certain businesses,Read MoreThe New Deal: Radical Policies towards a Conservative Goal1539 Words   |  6 Pagespolicies that gave the federal government unprecedented power in the nation’s economy and society, however, the New Deal did not bring America out of the Great Depression and could be considered conservative in the context of the era, ultimately saving capitalism from collapsing in America. Many of the New Deal’s relief programs were revolutionary; the federal government was now responsible for relieving the problems of society previously left to individuals, states, and local governments. Work relief programsRead MoreThe Major Systems Of The World Capitalistic And Socialistic2278 Words   |  10 PagesThere are two major systems in the world capitalistic and socialistic. Both are quite different. Both systems are competing for moral standing. Capitalism is about you pursuing your own goals without caring about the others. Socialism is about you pursuing goals with others in mind at the same time. The question is which system is morally right. This is of high importance for the future of our world. Socialism is a political and economic theory of that advocates that the means of production, distributionRead MoreThe Gilded Age : Fear Of Reform1351 Words   |  6 Pagesstrike. The poor began to realize the American ideology of pulling up your bootstraps and that hard work would pay off was an inaccurate pipe dream. The laborers hard work only provided a better life for their already wealthy employers. Greed and competition drove these employers to treat their workers inhumanely and had the mentality of the workers being unappreciative of them providing jobs. Again with this tension the root of the problem was fear of reform. The wealthy businessmen feared an uprisingRead MoreMigrating to Miami from Nigeria: The Nigerian Culture Essay919 Words   |  4 Pagesautocrat.    Masculinity-femininity: Nigeria scores 60 on this dimension and is thus a masculine society. In masculine countries people â€Å"live in order to work†, managers are expected to be decisive and assertive, the emphasis is on equity, competition and performance and conflicts are resolved by fighting them out. Other observations 2: My Nigerian friend has a young child who is not able to walk on his own yet. I noticed that she carries her child on her back. The child would be carried byRead MoreWhole Foods Market Inc: Company Analysis1219 Words   |  5 Pagesrevenues, profits, and increasing share price; in 2011 the company recorded 10.1 billion in revenues, 342 million in profit, and a 38% boost in stock price (Whole Foods Market.com. Whole Foods Market.com. 2011 Annual Report. PP. 4). Competition From a competition perspective, Whole Foods shares the Supermarket space with a plethora of rivals ranging from the big box retailers Wal-Mart and Costco, to regional chains such as Safeway and Krogers, and to specialty stores such as Trader Joes. The foodRead MoreEthics vs. Capitalism2412 Words   |  10 PagesCan Business Ethics Capitalism coexist? The concept of business ethics has tried to change the way businesses operate over the years. Business ethics is a form of ethics that governs the actions of businesses to circumvent the affects business has on every day society. But some question its effectiveness in the application of capitalism. Several case studies have shown that this is the case; many companies place the pursuit of money in front of the pursuit of virtue. Although, the majority ofRead MoreThe Great Impact On Intellectual And Artistic Endeavors And Theses Ideas Essay1262 Words   |  6 Pagesbe seen in this time period is a clear change in direction for a nation recovering from a very real and bitter war. Sciences will change, Philosophy will change, and even Literature will change. These directional changes will begin laying a new cornerstone for which the United States will continue towards the new century with such an evolving identity. There are many important events that occurred during the Gilded Age. This age was birthed at a time following the Civil War, around the ReconstructionRead More Business Ethics vs. Capitalism Essay2407 Words   |  10 Pageseffectiveness in the application of capitalism. Several case studies have shown that this is the case; many companies place the pursuit of money in front of the pursuit of virtue. Although, the majority of companies are not in the spotlight of acting unethically, can we conclude that they follow the ethical norms? It is natural for normal human beings to act ethical but businesses are on a completely different playing field. But could business ethics be clearly possible in capitalism?   Ã‚  Ã‚  Ã‚  Ã‚  In order to understandRead MoreStrategic Alliances and International Mergers and Acquisitions in the Modern Global Business Environment2317 Words   |  10 Pagesincrease their market power, reduce their transaction costs, or as a defensive reaction to guard against losing a potential opportunity. The market power approach, a strategy utilized by firms to capitalize on a particular market while restraining competition, and the transaction cost approach, a inter-firm relationship to reduce transaction costs between companies, both are reflected in the world economy practices of international firms of most of the past century. While each of these objectives still