The most essential, yet problematic, element for IT professionals is communication. The most effective IT executives are those who can communicate technological solutions to a non-technical audience. Writing a technical paper is a great thing, but it’s of little value to those who do the funding.For this assignment, create PowerPoint (PPT) presentations for Deliverables 1-4 to complement the written papers. The presentation for each deliverable must include no more than five slides; use the speaker notes section to add narrative explaining each slide. The presentations should be thorough, with enough detail to be informative, but not as detailed as a technical paper. You should submit one PPT document that contains all four presentations.Your four-part PPT document must conform to the CSU Global Writing Center (Links to an external site.). Include at least two scholarly references in addition to the required readings. The CSU Global Library is a good place to find these resources.Included are the 4 deliverable topics as well as the corresponding papers. DELIVERABLE #1: COMPREHENSIVE LIFECYCLE PLAN DELIVERABLE #2: NETWORK AND SERVER UPGRADES DELIVERABLE #3: SECURITY PLAN DELIVERABLE #4: CLOUD-BASED SERVICES
4 attachmentsSlide 1 of 4attachment_1attachment_1attachment_2attachment_2attachment_3attachment_3attachment_4attachment_4
Unformatted Attachment Preview
PCs Upgrade and Software Life cycle
January 24, 2022
PCs Upgrade and Software Life cycle
Delta is an organization with 5000 employees seeking to upgrade its PCs that are
currently utilizing Windows 7. The staff working for the organization do not require any addition
to the PCs as there is no specialized skills requirement. However, the entity would like to obtain
top-of-range modern devices that the staff can use and enhance their output in the organization’s
undertakings. It is paramount for the organization to keep up with the times and get up-to-date
software and hardware that all will utilize. There is a direct correlation between the devices
utilized and employee output, irrespective of the fact that specialized skills are not required.
Also, from the notion of staff morale, providing personnel with up-to-date devices gives them the
feeling that the company values them and the work they do, which leads to higher levels of
output. The life cycle of the software, which then determines the hardware, is vital in churning
out the upgrade plan by the organization.
Devices and Options in the Upgrade Process
Investment and Ideal Windows to Purchase
In any organization, investment in hardware is extensive and is sadly a target for budget
cuts. It is, therefore, crucial to have a well-thought plan in place on how to produce the greatest
value from the investment (Smith and Osborne, 2021). The higher the level of productivity being
generated from the PCs, the greater the return from the hardware investment. Hardware typically
becomes obsolete in one or two years after being manufactured. It can work fine but lack the
desired capabilities of new computers being sold in the marketplace (Sher, 2021). The
organization will require the latest version of Windows for the new PCs, Windows 11, version
21H2, or use Windows 10, 21H1 (Gilbertson, 2021). There have been multiple complaints that
Windows 11 is not compatible with other applications, and many organizations have opted to
utilize Windows 10 instead (Goldman, 2022).
Laptops / Notebooks
The systems should meet or surpass the requirements below;
Intel Core i5
6th generation or even newer
Ms. Windows 10 Professional*64
RAM – 16GB
1GB Internal storage
14 LCD Monitor
Resolution – 1600*900 or even better
Integrated 802.11n or 802.11ac Wireless Networking
Graphics Accelerator Intel HD Graphics /
discrete graphics card
The list above, as mentioned earlier, is the minimum requirement for the staff members to
navigate through their daily tasks, and this only highlights the essential functions required from
the devices to be purchased.
For the desktops, the following will be required.
Intel Core i5
6th generation or even newer
Ms. Windows 10 Professional*64
RAM – 16GB
Integrated 10/100/1000 Ethernet Adapter
The tablets have gained considerable interest in the organization and are an innovative method
for taking notes. When paired with a keyboard, their functionality is enhanced, making it similar
to a laptop.
The Microsoft Surface Pro X is a 2 in 1 type of tablet powered using an SQ1 processor and
Windows 10. It allows for quick access to files and applications required for work (Smith and
Osborne, 2021). The RAM comprises either 8 or 16GB RAM, and the maximum memory
storage is 512GB (Smith and Osborne, 2021). The tablet also has Bluetooth and touchscreen
capability, with the touch screen being a 13inch in size. The battery lasts for 16 hours (Smith and
Osborne, 2021). It goes for roughly $900, which is within its budget.
The organization’s staff will have a mixture of desktops and laptops, with the laptops
being provided for relatively mobile such as the marketing team, finance when conducting
audits, and the IT department. Other departments such as the customer service department will
utilize the desktops considering they have minimum mobility. However, the heads of
departments will all receive a laptop instead of a desktop to conduct their activities. The life
cycle of the gadgets purchased will be broadened to be over four years and not two years,
considering that the organization is making a heavy investment and buying top-of-the-range
Gilbertson, S. (2021). 12 Laptops We’ve Tested and Love. https://www.wired.com/gallery/bestlaptops/
Goldman, J. (2022). Best laptop for 2022: Here are 15 laptops we recommend.
Sher, R. (2021). When Should Your Company Develop Its Own Software?
Smith, M. & Osborne, J. (2021). The 8 best laptops in 2021 for work, entertainment, and gaming.
Module 4 Portfolio Milestone
February 11th, 2022
Reasons for the upgrade of Ipv4 to Ipv6
The 4th type of Internet Protocol, IPv4, identifies IP codes on a system. It was created to
be used in a network. It has a period-separated 32-bit numeric addressing mechanism. It allows
devices like cellphones, PCs, and game consoles to link to the internet using about four billion
Internet Protocol addresses. The most recent and 6th version of the IP is the IPv6, which was
created to meet the demand for additional IP codes to be connected to the network. It facilitates
communication by assisting in the identification of devices across the internet. IPv6 is a
sophisticated Internet Protocol that requires additional address space, although extensively used.
IPv6 employs 128-bits, comprising of 4 characters and 8 numeric disjointed by a colon. It
provides “340 undecillion IP addresses” which is a large quantity that ensures businesses will not
run away from IP address spaces shortly (Pérez Monte et al., 2012).
How to Make the Switch from IPv4 to IPv6
Budgeting for IPv6
Before moving from IPv4 to IPv6, the most significant factors to have in mind include
budget and the amount of money the company will save because of the shift. While the project is
being implemented, cost breakdown consents teams to come up with educated decisions about
resources and administration competencies at all ranks.
Assessments are used to assess readiness.
It is critical to have a thorough understanding of IPv4 addresses utilized within a link as well
as DNS mapping and applications. This evaluation aids the company in determining if the
existing DNS supplier and infrastructure machines are capable of supporting the IPv6 transition.
Upgrading IPv6 Devices That Aren’t Supported
It is necessary to document each device that does not support IPv6. Management should
decide whether or not to upgrade devices to support IPv6. It is the most critical phase in the IPv6
Make a Migration Plan
Following the research, enterprises must decide whether to undertake a full changeover to
IPv6 or if a “dual-stack approach” is more applicable. A dual-stack execution allows businesses
to transition from IPv4 to IPv6 over time. Even though a dual-stack adds complexity, it benefits
medium and small-sized organizations by allowing individual devices to revert to IPv4 if
migration challenges arise.
How to Ensure a Smooth and Secure IPv6 Transition
Before migrating, train your IT team. The IPv6 protocol requires thorough training for
technical design and support employees. Without this training, a business runs the danger of
having a badly constructed IPv6 scheme, resulting in system downtime, a complicated network,
and lower security.
Infrastructure should be modernized. According to Dargin, “upgrading, changing, and
testing various hardware devices and software” are all part of the changeover. “Updates will be
required for routers, switches, servers, application settings, laptops, cellphones, firewalls, and
other devices. It will be necessary to update policy and procedural documentation as well. This
effort may take years to complete for larger firms.”
Successfully navigate the transition. According to Dargin, enterprises confront another
danger that some legacy gear and software may not support IPv6. “The devices on the network
must have both IPv6 and IPv4 address during a migration.” “If the gadget can’t use IPv6, it will
cause communication problems,” he explains. As the network evolves toward IPv6, the device
will lose more connectivity until it is replaced with IPv6. Keep your gadgets safe. That new
connected Xbox game console or IPv6-enabled smart thermostat in your office could be a
security risk. To get the most out of IPv6, businesses will have to rethink their network
topologies. “Don’t perform numerous migrations, and make sure to analyze the design of both
Internet-facing and LAN resources – don’t get rid of your DMZ on the spur of the moment!”
(Zhai et al., 2011).
The Benefits of Migrating from IPv4 to IPv6
This feature improves routing efficiency by decreasing the routing table’s size. IPv6
makes routing much more hierarchical and effective. With the support of ISPs, IPv6 aggregates
the precedes of many client systems and leads them to the ‘IPv6 internet’ as a single prefix. The
procedure becomes faster and more efficient as a result of this. The source device in IPv6
networks uses a protocol to detect various MTU paths, preventing fragmentation.
End-to-End Transparency is guaranteed because multiple stages of “network address
translators” increase network go-slows and make troubleshooting difficult by preventing
operators from locating illicit activities. To improve safety as well as performance, IPv6 handles
Packet headers are used in IPv6 to make packet processing easier, and IPv6 does not
include a header checksum used in IPv4 to detect flaws in the packet header. Because “linklayer” devices and “transport layer” contain error-control capabilities, it is useless to have several
checksums in various locations (Sailan et al., 2009). This saves time and improves packet
Internet Protocol Security (IPsec) is a network protocol collection that ensures data
packets’ security, encryption, and secrecy. IPsec is comparable to both IPv6 and IPv4, however,
IPv6’s site-to-site mode is the sole mechanism for data packets to travel via it.
IPv6 uses multicast rather than broadcast. Multicast allows data packets to be broadcast
swiftly to a large number of recipients, lowering network bandwidth usage. Flow Label is also
used by IPv6 to determine whether the lost packets are part of the same flow.
Pérez Monte, C., Robles, M. I., Mercado, G., Taffernaberry, J. C., Orbiscay, M., Tobar, S., &
Pérez, S. (2012). Implementation and evaluation of protocols translating methods for IPv4
to IPv6 transition. Journal of Computer Science & Technology, 12.
Sailan, M. K., Hassan, R., & Patel, A. (2009, August). A comparative review of IPv4 and IPv6 for
a research testbed. In 2009 International Conference on electrical engineering and
informatics (Vol. 2, pp. 427-433). IEEE.
Zhai, Y., Bao, C., & Li, X. (2011, July). The transition from ipv4 to ipv6: A translation approach.
In 2011 IEEE Sixth International Conference on Networking, Architecture, and Storage
(pp. 30-39). IEEE.
February 17, 2022
Cases of data breaches continue to increase with a notable increase in the data security events
reported in 2021 as compared to 2021. 2021 recorded 1291 security events, while 2020 had 1108
events. This has been reflected in the increase in attacks on digital assets and information
systems. As the call for cyber and data security becomes more profound, attackers are finding all
the means to keep themselves relevant and hence attack even the most secure systems (Al-Daeef,
Basir, & Saudi, 2017). However, the increase in such security compromise events results that
there is an increasing number of unsecured distributed databases. One of the major pathways of
cyber-attacks has been e-mail communication, social engineering, and hardcore system
penetration, among other mechanisms.
It should safeguard digital assets and classifieds from any potential security loopholes, since
data and information stored by such assets mean a lot to users’ privacy and confidentiality. Every
data or system user should know the formal policies and procedures within their organization to
keep themselves, customers, and the organization safe (Al-Daeef, Basir, & Saudi, 2017). This
paper discusses a security plan that a Fortune 500 corporation can use to attain physical, remote,
application, and operational security for digital assets and classifieds.
B. Comprehensive Security Plan
The physical security of digital assets is quite important because of the increasing amount
of data available for such an organization. Physical data stores are where the corporation has a
vast database. The infrastructure within the organization can be exposed to vandalism when
unauthorized persons gain access to the infrastructure. Other threats to physical security include
Protection of the physical facility will help protect the corporation and ensure that the
possible physical attacks or threats are alleviated. A report published in 2019 showed that 54% of
attacks leading to data breaches are as a result of physical attacks (Hammouchi et.al, 2019).
Physical security is very important since data breaches involving money and time are quite
complex and resource-consuming.
If a thief or an intruder gains access to a data room for the corporation, most of the
privileged information or data can leak, exposing the whole organization (Ali & Awad, 2018).
Therefore, there is a need to restrict a room with sensitive gadgets to only persons who are
allowed. If good physical security is available, then any intruder will have a hard time trying to
access confidential or rather sensitive information.
Considering that physical security depends on internal, external, natural, and manmanmade factors, it demands a lot of effort. Besides intruders, insiders can steal expose
information that should have been held confidentially. For such a corporation, this can be a
significant risk (Ali & Awad, 2018). Sometimes, the vulnerability can result from an
unanticipated occurrence, such as losing a PC or laptop or even sending some information to the
wrong email address.
There are a couple of security guidelines and procedures that can help achieve physical
security. For such a company, it is important to have an automated person’s monitoring system
to ensure that any unauthorized or suspicious person entering premises is recognized. This can
include using security checkpoints (Ali & Awad, 2018). For entry, the corporation can
implement a card-supported or biometric entry to strictly allow only authorized personnel. Using
sensor devices and cameras can help keep track of activity in real-time and alert should there be
a suspect. Notably, for the data rooms or places with sensitive materials, IoT security solutions
such as asset trackers and digital keys can be used. These technologies can support physical
security as a service.
Application security involves the measures that are meant to protect data and information
at the application level. Applications can be hijacked or compromised by attackers who can end
up stealing or accessing sensitive and confidential details such as code and data. App developers
should be well informed of the security measures to put in place to ensure that the applications
they create a well-tested and that their design is secure (Al-Daeef, Basir, & Saudi, 2017).
Application security goes all the way to the time after the app has been deployed.
The corporation should consider implementing procedures, software, and hardware that
can help mitigate any potential app vulnerabilities. Application security can be exposed through
network activity and even compromised data files and user activity. Using hardware such as
routers that prevent one from seeing the IP address can help achieve hardware app security
(Thomas et.al., 2018). However, more rigid procedures can be achieved by building security on
the application such as setting up the application firewall. Inbuilt application security
automatically defines the activities that the app should allow or restrict.
With the amount of data or information that is handled by the corporation and since
applications mainly manage data interfaces, application security should be held in high regard.
Secondly, the fact that most applications are also connected to the cloud exposes the applications
to cyber-attacks and security breaches (Hui, Vance, & Zhdanov, 2016). Currently, attacks are
focusing more on app-based attacks to utilize weaknesses in the application to launch attacks.
Application-level security that can be considered in this case includes authentication,
authorization, logging, encryption, and app security testing. These types of security can work for
cloud-based apps, web apps, and mobile apps. Penetration testing is crucial when it comes to
establishing app security and so unauthenticated security scans can help know security
vulnerabilities during app access and use (Thomas et.al., 2018).
Users are usually categorized as one of the most common pathways to data breaches
within an organization. Imagine a user who sends an email with company sensitive information
to the wrong address, leaves their network exposed, or gives out information or infrastructure
that can be utilized for an attack. Attacks through users can be executed without much struggle
since the information needed by attackers is easily exposed. Humans are considered the weakest
link to attacks since they can easily get naïve without knowing how much it can cost the
For operational security, the key controls involve the use of acceptable use policy and
mobile device policy that governs how employees and other system users conduct themselves
when on a network or using their devices. With good policies on system use and interaction,
most people will be aware of the effect of every action they take (Al-Daeef, Basir, & Saudi,
2017). Acceptable standards of quality also ensure that the security posture of the organization is
hardened and that practices such as password complexity are not left to chance. A solid security
awareness training program will ensure that all employees are continually updated on the
With the increase in remote work, more workers will mostly be in charge of the security
status of the systems they use. Therefore, the corporation should ensure remote worker security
policy is active and followed to the letter. Persons who interact with the digital assets or data
remotely should enforce practices such as the use of VPNs, strong passwords for their devices,
and take part in security training (Balozian & Leidner, 2017). They should be informed of the
need to stay aware of the potential attacks, such as phishing, that are common for remote system
C. Computing use and acceptable Internet use policy
The nature of the use of computers determines how security breaches transpire. The use of
company technology should be governed and regulated by advising and monitoring on how
networks, computers, networks, and other connected devices are used. Computer users should be
informed of the courses of action that can endanger company and personal privacy. Under
circumstances of ignorance or oversight that lead to a data breach or attacks, they should hold the
persons in charge accountable (Balozian & Leidner, 2017). In this case, it may include getting
computer users to connect to company portals or systems only when they are connected to a
secured network and using a computer only after activating any installed security features.
Notable computer misuse activities will include:
a. Using an unauthorized computer or user account
b. Getting login credentials without the consent of the account owner
c. Circumventing the existing data protection procedures
d. Masking computer identity
e. Deliberately running computer programs that compromise the computer security
f. Tampering or monitoring other user sessions
Internet acceptable use policy controls surfing with ill intentions, sending unauthorized
emails with the company’s account, accessing websites that are used for attacks, sharing
sensitive data without encryption or protection, and breaching data protection guidelines
(Balozian & Leidner, 2017). Internet acceptable use policy also governs how internet behavior is
tracked. All devices used to connect to the internet to access sensitive data should also be
secured and monitored for any potential threat.
The rising concern over data breaches and security threats on data and digital assets calls
for a more solid security plan and training and awareness programs for all users of computer
resources and data. Every organization should remain vigilant and ensure that all the security
procedures, practices, and use policies are aligned and up to date since attacks are dynamically
changing as well.
Al-Daeef, M. M., Basir, N., & Saudi, M. M. (2017). Security awareness training: A
review. Lecture Notes in Engineering and Computer Science.
Ali, B., & Awad, A. I. (2018). Cyber and physical security vulnerability assessment for IoTbased smart homes. sensors, 18(3), 817.
Balozian, P., & Leidner, D. (2017). Review of IS security policy compliance: Toward the
building blocks of an IS security theory. ACM SIGMIS Database: The DATABASE for
Advances in Information Systems, 48(3), 11-43.
Graham, J., Olson, R., & Howard, R. (Eds.). (2016). Cyber security essentials. CRC Press.
Hammouchi, H., Cherqi, O., Mezzour, G., Ghogho, M., & El Koutbi, M. (2019). Digging deeper
into data breaches: An exploratory data analysis of hacking breaches over time. Procedia
Computer Science, 151, 1004-1009.
Hui, K. L., Vance, A., & Zhdanov, D. (2016). Securing digital assets. MIS Quarterly Research
Module 6 Portfolio Project
February 25th, 2022
Software as a Service (SaaS) also known as a Web-based software or an on-demand
software or a hosted software is a method of delivering applications or any kind of software over
the internet as service to various end-users. It is a way of freeing the user from the hurdles of
complex software and hardware management. The provider runs them on servers to the user. The
provider manages the access, security, availability and the performance of the applications. SaaS
is a major component of the cloud computing. Software as a Service is a smaller part of the
cloud-based services. They may sound similar though, however Software as Service-based
applications will be cloud-based, and cloud-based services may not always be SaaS based.
Cloud-based services is composed of three main components namely:
Platform as a Service (PaaS).
Infrastructure as a Service (IaaS).
Software as a Service (SaaS).
Cloud-computing services varies from maintenance, data storage and manipulation to programs
which are functional including software for accounting, tolls that aid in customer service and
remote accessibility of a customer’s desktop.
Infrastructure as a service (IaaS)
This service replaces hardware part in the system, such as in-house web hosting servers.
This is achieved through giving a variety of priorities such as virtual servers or virtual machines.
Infrastructure as a service (IaaS) aids organizations and business take the upper hand to handle
different workload needs and set goals. Among the major main applications found in this field
are Microsoft Azure and Amazon Web Services.
Platform as service
It provides the software developers entrance to cloud-based instruments like APIs,
gateway software or web portals. Services like the Google App Engine, Salesforce’s Lightning
and AWS’ Elastic Beanstalk.
Software as a service
It provides clients with entrance to various software, which is over the internet, through
computers or devices that can access the internet. It enables users to work as a group, get
together on projects, access crucial data and information, and work on special programs
seamlessly. Services such as Google Workspace or Microsoft Office 365 are examples of
applications of SaaS.
Where is SaaS Used?
SaaS is used in areas such as technology market analysis. Forrester Research shows that
Software as a Service (SaaS) acceptance has risen in business areas such as Customer
Relationship Management (CRM), human resource management (HRM), collaboration software
(e.g., Orange scrum, Asana, Wrike, email), and finally procurement or financial solutions
Applications of cloud-based services include:
1. Business continuity.
For a business to run successfully and safely, their data should be well maintained,
reliable and readily available to the company. The use of SaaS provides the availability of
this information readily to the clients and the staff available at the business. The business
data and information should also be stored securely in order to avoid fraud and hacking. The
availability of multiple data and information on the cloud provides a certain assurance that
the data will not be infringed in any way.
Cloud-based services also offer various business performances and data analysis tools
that may help a business set, and plan their goals. Through the available tools on the
provider, a business can be able to safely and adequately analyze and calculate their losses
and gains. This way, the business can be able to plan ahead of their competitors. A business
can choose from three various ways in which they can subscribe to a provider’s services.
They include public, private and hybrid cloud.
A private cloud entails setting up one’s own hardware and software to create an internal
cloud, with their own team of IT experts involved. This is more expensive in terms of
maintenance, setting up and running. However, it is more flexible, secure and gives the
business more control over their applications and data.
A public cloud entails subscribing to a provider to gain access to the various clarified
services and applications off from where the business runs. It offers reduced cost and the
users can gain the chance to use the latest technologies since the provider updates regularly.
There is also more elasticity in terms of choosing what and what not to include in the
Hybrid cloud entails the private cloud and public cloud, which means that a business has its
own team of IT experts and relies on off-site cloud provider. For instance, when a business
wants management of their data related to the organization like customer data and
information, inside the company, but want their non-shared data stored or shared with a thirdparty. This is advantageous because data control and protection is well managed. The
downside is that the data can be lost in case of proper back up or inadequate IT personnel.
There might also be the higher cost factor to set up and run this kind of service.
2. Disaster recovery
When a company or business’s data is backed-up in various locations, it becomes easier
to recover and restore it. This is made easier through the availability of a Shared
Responsibility Model whereby the management and security of the data and information is
shared between a customer and the cloud provider. This implies that the data and information
of the customer is solely their own responsibility and not that of the provider. However, this
can be overcome by selecting a reliable provider and being transparent in how the
information should be protected and stored. This way, in case there is a disaster, which may
cause data loss, the provider could give the consumer a back up of their data.
When it is about ensuring the performance of SaaS business data, a fully featured SaaS
provides a backup solution that will cover all the variations of data protection that the
application misses. Most of the SaaS providers recommend using third-party back-up
software to ensure delicate data is properly secured and is available for restoration just in
case of any disasters or data loss.
3. Storage and Applications
Cloud-based services come a great deal in dealing with storage expenses and reliability.
Since the data and information is stored on the provider’s server, the cost of purchasing,
adding and maintaining the size of storage is eliminated. This also comes at an advantage
where the customer’s data is growing exponentially. The customer will only have to
subscribe to a higher data storage size from the provider. The downside of this is that some of
the data stored in the cloud could be redundant and may not be well organized. For this to be
curbed, one needs to have an agreement with the provider on how the data is handled, stored
and accessed (Das J, 2022). There might also the risk of data being hacked or accessed by
Either cloud-based services can provide a wide variety of applications, which the
customer could not afford to buy or run in their computers. This availability of a wide range
of applications means that the customer spends less time and money in choosing, acquiring
and using the appropriate applications. The cloud-based services also provide the customer
with up to date applications meaning that their services are seamless and of higher quality.
(What is SaaS backup, and how do you protect your SaaS application data? – Infrascale, 2010)
Andolasoft. 2022. 7 Areas Where SaaS Scores over On-premise Solution. [online]
Available at: [Accessed 25 February 2022]
Das, J. (2022). 7 Areas Where SaaS Scores over On-premise Solution. Andolasoft. Retrieved 25
February 2022, from https://www.andolasoft.com/blog/7-areas-where-saas-scoresover-on-premise-solutions.html.
Purchase answer to see full
Explanation & Answer:
User generated content is uploaded by users for the purposes of learning and should be used following Studypool’s honor code & terms of service.