Project planning for our VR tour project

 Smart objectives for VR project 

S – Making a virtual tour of the IT department of the college.   

M – Setting a time span for certain tasks (e.g. 2 weeks to film things) 

A – Setting small deadlines for tasks to ensure it gets completed  

R – only doing the IT department as that is all we had time to do.  

T – making sure that the whole of the project was complete by the open evening of the project.  

 

Client needs for VR project 

Patrick, Will, and Debbie wanted a virtual tour of the IT department of the college to present it to people coming to the open evening. They wanted it to look professional and well presented as we are displaying the college to potential future students. We needed to have it so it would work on most devices but mainly using a VR headset.  

Customer needs 

The customer would have wanted a clear a professional video that would not be to overwhelming and easy to use. This included making sure that we had an easy-to-use website with clear instructions on how to get access to the videos and view them. We also hosted the website so people could remotely view the college without the need of having to come in. We also put warnings for things like motion sickness to ensure the upmost customer satisfaction.  

Cloud solutions study

 ** using Netflix and AWS as the context to this ** 

Cloud solutions  

Cloud solutions deliver computing solutions such as storage and networking over the internet. Cloud solutions could provide: 

Connectivity – employees are connected to the business at anytime and anywhere in the world, using any devices if available.  

Faster implementation – installing a cloud solution can take as little as a few hours rather than months or even years it takes to deploy a physical solution.  

Improved collaboration – the improved connectivity allows workers to work together wherever they are available at their location.  

Reduced risk of data loss – better backup facilities at distant locations avoiding local natural disasters and cyber-attacks.  

Security – cloud facility providers employ highly trained and experienced computer security staff and spend more on hardware and software security than any company can afford 

Cost saving – there is the reduced cost of physical servers, physical data storage and processing power.  

So, in terms of Netflix using AWS, it allows them to not need to own physical systems and servers to store all the information allowing them to save on costs and maintenance.  

Types of virtualizations 

Server virtualization – enables one physical server to run multiple operating servers and virtual machines. Some of the benifits are more efficient use of IT equipment, faster workload distribution, better application operation, improved server access, and reduced operating costs.  

Network virtualization – reproduces the physical network requirements as a virtual network to allow applications to run in the same way as on the physical network but with logical rather than physical ports, devices, routers, firewalls, and so on.  

Desktop virtualization – enables organizations to provide software configured for the specific needs of the workplace or individual. Any changes that need to be made can be done quickly and easily from the IT department to all relevant locations.  

 

 

AWS 

This is a cloud computing platform provided by amazon that offers a wide range of services like computing power, storage, databases. Machine learning. It also allows individuals to build, deploy and manage applications and infrastructure without needing physical servers, making it very cost effective. It is estimated that netflix pays AWS anywhere from $150 million to $300 million. 

 

Change advisory board 

This is a group of people within an organization which are responsible for reviewing, assessing and approving proposed changes to IT systems, services or infrastructure. So, for example, if Netflix wanted to change where they keep their cloud storage, the change advisory board would need to approve it first 

 

Request for change  

This is a formal proposal to modify an IT service, system, or infrastructure. It provides details about proposed changes, including their purpose, potential impacts, and required resources.  

 

S pcific 

M easurable  

A chievable  

R ealistc 

T ime-bound 

E valuate  

R e-evaluate 

Backups 

Most companies will have backups of the data that they store, and this is usually done by doing it through multiple different servers. For example, Netflix will store their backup data across multiple servers that are on AWS. This means that if one of the servers shuts down or needs repairing, then Netflix is still able to be used by its customers.  

Copeland Cyber attack case study

 Resilient digital environments 

• Installation of software updates/upgrades 

• Replacement and removal of hardware  

• Adding redundancy into systems  

• Decommission and remove legacy hardware and software  

• Device hardening: 

• Removing unneeded applications, ports, permissions and access 

• Limiting user account functions  

• Maintaining effective back-up systems: 

• On-premises 

• Off-site/remote 

• Cloud  

• Appropriate and reviewed standard operating procedures (sops) 

• Structured staff training: 

• New hardware/software  

• Staff inductions  

• New and updated policies and procedures 

 

A summary of the methods used to implement digital resilience  

• Risk analysis of digital systems resilience 

• Planning for disruption scenarios  

• Planning disaster recovery and conducting recovery exercise  

• Documenting lessons learnt and incorporating resilience in the continuous improvement part of the lifecycle (ITIL) 

 

A summary of the benefits to the organisations of being digitally resilient 

• Increased security: 

• Secure transfer of data  

• Secure storage of data  

• Reduced system vulnerabilities  

• Reduced probability of targeted cyber attacks 

• Increased reputation and profile: 

• Customer confidence  

• Protects brand image  

Case study of Copeland borough council  

Content for the presentation: 

1. Lessons learned from the Copeland borough council disaster  

2. An action plan to implement digital resilience that would have prevented this disaster  

3. The impact of the disaster on the organisation and its clients 

 

Some of the lessons learned 

• Be prepared  

• Makes sure that the investment into cyber security is worth it, appropriate, and sufficient 

• Makes sure you have some plans in the event of a total IT loss scenario 

• Don’t always assume that your IT infrastructure is safe and makes sure to get it tested  

• Data and system security is the responsibility of everyone  

• Everyone needs to make sure that they are storing sensitive data securely and making sure that it is not at any risk of being breached. 

• Educate staff on making sure that they don’t install applications that might harm the device or the network.  

• Make sure that people take the time to properly and safely make backups of their files and multiple ones (for example, using the cloud, storage out of site, and more storage on site).  

• Oversite and verification of IT in the enterprise  

• IT inform business decisions – not make them. Business staff do not make the IT input and advice, and they should just leave it to the professionals.  

• Do not underestimate how long the recovery will take and lasting impact on all who was involved.  

Advice 

• Take cyber-attacks seriously and make sure to be prepared 

• Well maintained firewalls and supporting network devices  

• Ensure all points of ingress and egress and covered  

• Make sure to test for vulnerable points in the business and makes sure to address them ASAP when they get identified 

• Make sure you know what it is happening in the network and who has access to it throughout the day.  

• Follow advice from the national cyber security program centre  

• Know the organisations that one can contact if they get into this sort of situation.  

• Make secure backups and multiple ones to make sure that you are not venerable at a single point of failure.  

 

Impact  

• All computers switched off, unable to print, unable to access anything 

• No finance  

• 2 weeks until pay day 

• 1 week to pay for diesel for waste collection services  

• Local by-election called 

• No access to electoral register, or election systems  

• Land searches backing up and housing market grinding to a halt 

• Families forced to stay in hotels  

• SLT 

• Business as usual couldn’t happen  

• Impossible to understand what had happened, or, if and when we will switch on 

How the council delt with it  

• Reverted all their operations to pen and paper and the ability to pay the staff was affected  

• Staff where possible were dispersed to work in non-council and where feasible neighbouring local authorities, if that enabled them to have access to relevant IT systems external to the council 

• Over 2 years after the initial event, Copeland remains in recovery mode with some of the IT systems still in the process of undergoing remediation. Some data has been subject to total loss.  

• Ignoring the cost of the loss of productivity, the cyber-attack cost the council £2.5 million 

• Our customer service IT systems recorded an average of 25,000 processed service requests per anum prior to the cyber attack 

The cyber-attack – problems faced  

• The IT systems were fully up to date and did have an active anti-virus put in place, but they were hit with a new ‘zero day’ ransomware virus which mean that they anti-virus that they had didn’t detect it.  

• The attack happened on the august bank holiday in 2017, meaning that it took until Monday to discover that they attack had happened, which meant that it took until the Tuesday for anyone to realise that it happened.  

• Before any sort of containment actions took place, nearly all IT systems and network services gone and nearly all their end port devices were lost, such as desktops and laptops.  

• All connections to partners that were associated with the council had to be cut off to stop the spread of the virus.  

• The council were affectively in the situation of no technology 

 

• “The IT team will sort it!” 

• The council assumed that the IT team could sort it quickly, but this wasn't realistic 

• The council had a very small IT department, so the scale of the attack was too big and overwhelmed them. This resulted them in bringing in extra IT staff to help with the problem.  

• The IT manager thought that problem was so big and damaging that it might not ever be fixed.  

• The network had been compromised, and it took days to regain pockets of the network. It was also at this point that the system backups were also compromised meaning that there was no easy way for them to restore the IT systems to how they were before the attack.  

• The IT infrastructure had to be rebuilt from the ground up which meant that they had to go with a long period of time with no IT systems at all.