Electronic document and records 13

User Generated

noqhyynu666

Computer Science

Description

§One possible enhancement to the system is to allow customers to retrieve their electronic documents over the Internet (Cloud). You will have a meeting with the Customer Relations Manager next week to discuss this possible enhancement.

§Feel free to make assumptions. Based on your assumption, describe the pros and cons of this proposal, including a discussion of security and privacy. Summarize your position (fund the project or decline it).

§Cite all the sources

I have attached the slides for any information you need , not much needed just complete answers

Unformatted Attachment Preview

IT 380 Electronic Document and Record Management Systems Unit 13A: EDRMS Infrastructure Considerations Instructor: Dr. Michelle Liu Quiz 4 Terms (Next Friday)- Unit 10, 11 and 12 ▪ 5 key principles of data security plan Accountability ▪ ▪ Adverse selection ▪ Archive ▪ Cyber risk management ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ framework Cyber insurance coverage Data breach liability Declassification DMZ Document classification Encryption Firewall FOIA FS-ISAC Inventory ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ IPSec Misconfiguration OAIS Moral hazard Open Meeting Laws Password management Phishing pitch Privacy Act pulverize Retention SQL injection Symmetric vs. asymmetric key management System of records XSS 2 Zero Day Attack Classroom Project 1:Cyber Insurance Policy (Submit to Unit 12 Ex ) ▪ First, pick an industry or organization as the context in which you will develop your thoughts and arguments (E.g., a healthcare provider with electronic medical records, a utility company computer systems with critical infrastructure information, a multinational bank, etc.). ▪ Find and investigate one insurance company (some examples are listed below) and determine from their Web sites whether they may have a cyber insurance policy. ▪ Summarize its Cyber-Risk Insurance Policy. Do you recommend the business (you have picked in the first step) to select the insurer? Why or why not? Share your rationale and reasoning. Feel free to make your own assumptions about the organization’s situation (size, budget, etc.) and business requirements. Feel free to make your own assumptions about the organization’s situation (size, budget, etc.) and business requirements. ▪ Make sure to include the resources you cite in your post. ▪ Insurance companies: Chubb’s Cyber Security, AIG’s NetAdvantage Security, Legion Indemnity’s INSUREtrust, Marsh’s NetSecure, ACE DigiTech , etc. 3 Topics ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Client/server concepts Hosted vs. in-house solutions Hardware requirements Cloud computing Remote access Open-source software Proprietary software User interfaces 4 Question of the Day? ▪ Are we going to build our own EDRMS or use a hosted service? ▪ Why? ▪ How does security and privacy considerations affect our decision? 5 In-House vs Hosted Solutions ▪ Today, there are many options for implementing a document management solution ▪ In-house ▪ System runs on hardware and software in the user’s own business environment ▪ Hosted ▪ User accesses the hardware and software ▪ ▪ outside their internal business environment, either directly from vendor or from a third party Web-hosting very common place Accessed over network, usually via the Internet 6 Client-Server Computing ▪ Common platform for EDMS ▪ Shared processing power ▪ Most of the application processing is done on a computer (client side), which obtains application services (such as database services) from another computer (server side) in a master slave configuration ▪ Server software accepts requests for data from client software and returns the results to the client ▪ Servers are often specific in nature 7 Types of Servers ▪ File Server ▪ Typically houses documents ▪ Application Server ▪ Houses programs for business logic ▪ Database Server ▪ Houses the databases (RDBMS) ▪ Communication Server ▪ Manages communications across the network 8 Three-tier client/server 9 10 Three Configuration Permutations Software Model Purchased or Leased License Hardware Model #1 Software as a Service (SaaS) Not applicable • Highest upfront cost • You own or lease software In-house and hardware • Servers are in your office •Most control #2 Hosted • You own software • Servers are at hosting site • You pay a monthly hosting fee #3 • You rent software • Servers are at hosting site • You pay monthly subscription and hosting fees • Most expensive option over time 11 Evaluating the Options ▪ Software Model 1. Perpetual (owned) license 2. Subscription license (SaaS = Software as a Service) ▪ Hardware Model 1. Hosted at your office (“In-house hosting”) 2. Hosted at a remote data center (ASP = Application Service Provider) 12 Expenses in Deploying Solutions ▪ Capital (upfront lump sum) ▪ Hardware (PCs, printers, scanners, servers, network) ▪ Software licenses (upfront purchase – if chosen) ▪ Services (Installation, training, travel) ▪ Operational (ongoing cost) ▪ ▪ ▪ ▪ Software maintenance and support Software subscriptions IT support Remote hosting 13 Hardware Considerations ▪ In-house client-server implementation will require the acquisition of hardware to support implementation ▪ Hardware components ▪ ▪ ▪ ▪ ▪ ▪ Client machines (already own) Server machine Input devices Output devices Networking devices Storage devices 14 Remote Access ▪ Server may not be located close to users ▪ Document input ▪ Document searching ▪ Document retrieval ▪ Security is a major consideration ▪ Virtual Private Network (VPN) access ▪ High-levels of authentication ▪ Performance is a major issue ▪ Response time ▪ Reliability ▪ Especially important for hosted solutions 15 Levels of Authentication ▪ In-person authentication vs. computer authentication ▪ What you know ▪ User name and password ▪ What you have ▪ Token that automatically generates a one-time ▪ password Digital certificates ▪ Who you are ▪ Biometrics ▪ Fingerprints ▪ Iris scan 16 What is Cloud Computing? ▪ Cloud = Internet ▪ So…Cloud Computing = Internet-based Computing ▪ More precisely, Cloud computing is: ▪ ▪ ▪ ▪ ▪ using information technology as a service. having services that are available over a network. using encapsulated services that have an API. adding to the efficiency for deploying applications. billing by consumption. 17 18 Flavors of the Cloud ▪ Multi-Tenant- multiple clients share the same instance 19 Flavors of the Cloud ▪ Private Cloud IaaS Providers ▪ Private Cloud provides a unique instance per client with unique Service-Level Agreement (SLA) ▪ US government has qualified criteria through FEDRAMP (Federal Risk and Authorization Management Program) 20 Understand Your Information Lifecycle 21 Address Legacy Content Before Migrating 22 Cloud Capabilities Must be Tailored to Organization’s Unique Needs ⚫23 Multiple Delivery Models for Cloud Computing Outsourced Trust (Security and Data Privacy) High Private Cloud Commercially Hosted: Publically available Cloud Computing services offered through commercial sources that are dedicated and separate from the Public both physically and logically and must to remain within the U.S. borders to support heighted data security and privacy requirements. Access to these services are provided through a dedicated Government Intranet and is not accessible from the Public Internet. Public Cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Low Organization Cloud Sourcing Models Private Government Cloud : The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Private Commercially Hosted Cloud Organization Dedicated Intranet Private Cloud Community Cloud Public Cloud Public Internet Hybrid Cloud Community Cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Hybrid Cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting). 24 24 Most are Looking Hybrid Cloud ▪ Collaboration, Email, Unified ▪ Communications and Social in the Cloud Final Content & Records saved in SharePoint, either On-Premise or Private Cloud ▪ Policies managed by ▪ SharePoint Retention and disposition in SharePoint 25 How an Information Lifecycle Helps in the Cloud 26 Open Source Software ▪ Open Source Software (OSS) is software for which the programming code is available to the users so that they may: ▪ Copy it ▪ Study it ▪ Use it ▪ Modify it , and ▪ Redistribute it 27 Open Source Definition 1. Free Redistribution The license shall not restrict any party from selling or giving away the software. The license shall not require a royalty or other fee for such sale. 2. Source Code The program must include source code, and must allow distribution in source code as well as compiled form. 3. Derived Works The license must allow modifications and derived works, and must allow them to be redistributed. 4. No Discrimination Against Persons or Groups The license must not discriminate against any person or group of persons. 28 Open Source Definition Cont’d 5. License Must Not Be Specific to a Product The rights attached to the program must not depend on the program's being part of a particular software distribution. 6. License Must Not Restrict Other Software The license must not place restrictions on other software that is distributed along with the licensed software. 7. License Must Be Technology-Neutral No provision of the license may be predicated on any individual technology or style of interface. 29 Document Management Products ▪ Open-source document management products are available ▪ OpenCms ▪ Zope ▪ WebGui ▪ Many based on XML technology ▪ Needs high level of systems knowledge for in-house use 30 Proprietary Products ▪ Many proprietary products on the market ▪ Vary in cost and level of support ▪ MarkLogic is getting a lot of press ▪ Database specifically designed for unstructured data ▪ Other vendors are focused on collaboration ▪ Sharepoint ▪ Alfresco ▪ Very widely in cost and features 31 EDRMS Interaction ▪ Document Input ▪ User scans in the document and ensures it is of high quality ▪ Metadata ▪ User enters metadata to index document for later retrieval ▪ Document search ▪ Users need to be able to use the search facilities to find the documents that they need ▪ Document request ▪ Users request that a document be delivered to their machine or to a server for printing 32 User Interface Evaluation ▪ When buying an EDRMS some evaluation of a user interface design should be carried out to assess its suitability to the potential users of the system ▪ Full scale evaluation is very expensive and impractical for most systems and so it is important to consider the most critical factors ▪ Ideally, an interface should be evaluated against a usability specification. however, it is rare for such specifications to be produced 33 Usability attributes Attribute Description Lea rnability How long does it ta ke a new user to become productive with the system? Speed of operation How well does the system response match the userÕs work practice? Robustness How tolerant is the system of user error? Recoverability How good is the system at recovering from user errors? Adaptability How closely is the system t ied to a single model of work? Class Project 2: Retrieve Electronic Documents over the Internet (Submit to Unit 13A Discussions) ▪ One possible enhancement to the system is to allow customers to retrieve their electronic documents over the Internet (Cloud). You will have a meeting with the Customer Relations Manager next week to discuss this possible enhancement. ▪ Feel free to make assumptions. Based on your ▪ assumption, describe the pros and cons of this proposal, including a discussion of security and privacy. Summarize your position (fund the project or decline it). Cite all the sources 35
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running Head: RECORDS DESTRUCTION VENDOR SELECTION

Records Destruction Vendor Selection
Institution Affiliation
Date:

1

RECORDS DESTRUCTION VENDOR SELECTION

2

The records kept by a police department are very sensitive. Therefore the police
department should choose a competent vendor to ensure the complete destruction of its records.
This is because the records contain information that is private and confidential. The destruction
process should be secure to ensure that the records are not obtained by...


Anonymous
Really great stuff, couldn't ask for more.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags