Вы находитесь на странице: 1из 2

Jennifer Brower

SE571
May 14, 2006

Project Definition Statement: Outback Oils Shipping Division

Outback Oil is a fictional international petroleum company headquartered in


Melbourne, Australia. This company has many branch offices located throughout
the United States. The branch office that focuses on oil shipping is located in
Warrenville, Illinois. This Chicago area branch was opened five years ago with
the purpose of managing all oil shipping internationally. It must exchange data
and communicate with the Melbourne office. Melbourne continues to handle the
shipping functionality for much of Southeast Asia.

Outback Oil employs Charterers, Commodity Traders, and Sea Captains all over
the world. The software used to manage all of these activities must be accessible
in the Warrenville, Dallas, and Melbourne offices, as well as aboard the ships.
First, oil traders purchase the oil using software provided and supported by JP
Morgan. A Charterer must then create a voyage and assign a ship for that
voyage using CAT, or the Charter Analytics Tool. The purpose of the voyage is to
charter a ship to go to the location where the oil currently is and then transport it
to where it needs to be. The Sea Captains take on the role of gathering
information about the ports the ship will enter, ensuring that the ship meets
Outback Oils standards, and verifying that the ship meets the ports criteria using
software called SPV&C, or Ship/Port Vetting & Clearance. After a ship begins her
voyage, data relevant to the ship, as well as emails to and from the Ships
Master, are stored in an Oil Shipping System called OOOSS. Teams of
Application Support Analysts also access the Shipping data as they provide
support for the software. CAT, SPV&C, and OOOSS are all new applications that
were all originally part of a very large DOS-based software package called
ISMIS. Most employees are unhappy with the new products and prefer ISMIS.
ISMIS was also much more robust and secure than the new applications.

Employees must be available 24 hours per day so they carry company-issued


laptops. Many also use Blackberries and wireless phones. Employees often must
use home and hotel Internet connections, connecting to Outback Oils network
using iRAS. The Outback Oil office located in Dallas, Texas assigns e-mail and
the NT ID. This office has been very lax in the past concerning the prevention of
viruses and has few rules for assigning roles to NT IDs. Rarely does this office
review network IDs and has been known to forget to delete user IDs when an
employee is fired. There has been evidence of hackers obtaining information and
accessing employees personal bank accounts via the wireless network in
Warrenville.

The oil commodity trading information and ship locations are considered
extremely valuable to the company. The company has recently faced a multitude
of treats from hackers. Most want to cause mischief because of the high oil
prices in todays marketplace. Also, the Department of Homeland Security has
elevated the threat risk of international terrorism on oil ships that are not owned
by the Al-NonSeqitr terror organization. The offices in Warrenville, Dallas, and
Melbourne are also under high security alert.

There are server farms and database clusters located throughout the world in
places such as Melbourne, Warrenville, Dallas, Omaha, and Singapore.
Currently, there are hardware and software solutions in place to protect security
at each location. The company has worked very diligently to protect the server
farm from external intrusion at some locations. However, each location has
different server configurations and uses various versions of operating systems.
There remain many opportunities for breaches of security from within the
company. The company is attempting to become Sarbanes-Oxley compliant.
Last, there are no global audits.

This study will focus on the internal security needs of Outback Oil and the
potential for exploitation from the outside using an inside man scenario from a
global and local outlook. Security will be reviewed within several areas of interest
including: the Global Shipping Division, e-mail, network IDs, Internet connections,
shipping software, branch locations, server farms/database clusters, wireless
technologies, and data aboard the ships. This will have a more secure IT focus to
improve the security of the Shipping division globally.

Похожие интересы