task two.edited

3 Table of Contents Abstract ............................................................................................................................................ 2 Comprehensive Modernization and Upgrade of a Company's IT Infrastructure to Reduce Cybersecurity Risks ......................................................................................................................... 6 Needs Analysis ................................................................................................................................ 8 Problem and Causes ...................................................................................................... 8 Impact on Each Stakeholder Group .......................................................................... 10 Solution Alignment ...................................................................................................... 11 Cost Analysis ................................................................................................................................. 13 Itemized Costs .............................................................................................................. 13 Justification for Costs .................................................................................................. 14 Risk Assessment ............................................................................................................................ 14 Quantitative and Qualitative Risks ............................................................................ 15 Cost Benefit Analysis ................................................................................................... 16 Mitigation of Risks ....................................................................................................... 18 Justification of Approach ............................................................................................................ 19 Project Resource Management Plan .............................................................................................. 19 Resources ...................................................................................................................... 19 Justification of Resources ............................................................................................ 20 Resource Allocation Plan ............................................................................................. 20

6 Comprehensive Modernization and Upgrade of a Company's IT Infrastructure to Reduce Cybersecurity Risks The IT challenge under investigation is using outdated IT infrastructure in a company that results in inefficiencies, cybersecurity vulnerabilities, and increased operational costs (Cremer et al., 2022). For a business that uses hardware and software that has reached its end-of-life, moving forward toward attaining the business goal can be difficult. Digital transformation has resulted in significant alterations within business operations, including modifications in user experience, customer relationships, target markets, business processes, and diverse cultural implications. Nyamuchiwa et al. (2022) posit that as dependence on internet interconnected systems expands, the proliferation risks increase because of malicious software in the form of worms, viruses, ransomware, and Trojan horses, and their effects on companies can result in financial strain and productivity disruption. The cybersecurity threat is imminent while depending on outdated IT infrastructure to run business operations. Aslan et al. (2023) indicate that vulnerabilities in outdated software, hardware, and networks are commonly used. With the development of a new attack tool, a cybercriminal is able to steal sensitive data from a company, encrypt computer data on hard drives, and prevent access to the firm's resources by launching DDoS. According to Aslan et al. (2023), new technological development has enabled malicious cybercriminals to generate automated tools to launch sophisticated cyber-attacks that aim to alter, assess, or destroy sensitive details, extort monetary benefits from users, or disrupt normal business procedures. Cyber threats related to IoT equipment, cloud computing, and cryptocurrency are increasing (Saeed et al., 2023). Cybercriminals are generating fake

9 devices without proper backup is dangerous for a business' operation. Unpatched software bugs can result in application and system crashes, which contribute to reliability-related data loss. According to Cremer et al. (2022), prevalent cyber risk events comprise cyberattacks, and data breaches cause high costs. Malicious cybercriminals can exploit the vulnerabilities to attain sensitive data, launch distributed denial-of-service attacks, or take control of critical infrastructure within the company, which disrupts essential services (Tariq et al., 2023). Cyberattacks have profound knowledge of operating systems and can write computer programs swiftly while detecting program and system vulnerabilities in a short time. Additionally, some professional websites can offer automatic tools and applications for hacking as a service (Aslan et al., 2023). Computer network exploitation enabling operations can be executed with the motive of stealing vital computer data. Trap sniffers and doors are some of the tools for cyber especially as they allow an external user to access software without a computer user's knowledge. The major reason for the rapid increase in cybersecurity attacks is the computer systems' structure and communication networks. Aslan et al. (2023) indicate that a high number of deficiencies and vulnerabilities in protocols in computer networks makes the system defenseless against cyberattacks. Outdated IT infrastructure comprises aging hardware such as network equipment, servers, and workstations, which slow work performance. Attacks brought about by hardware flaws and errors are challenging to inhibit because software-based tools are insufficient to detect and prevent these attacks. Malicious software variants such as Trojan horses cause excessive usage of computer resources, minimize performance, and cause the system to shut down by consuming excessive power supply (Aslan et al., 2023). Obsolete software is vulnerable to cybersecurity threats. Insufficient cybersecurity measures, such as inadequate antivirus

12 specialists, and external IT vendors to ensure they are informed of changes, progress, and any possible issues. Third, I will involve the stakeholders in key decisions, more so when it comes to choosing modernized IT devices, security measures, and system deployment techniques. Fourth, training and education are vital to ensure that every stakeholder is familiarized with their roles in the project and establish a feedback channel so that they can raise their concerns and input throughout the project. Fifth, every stakeholder will be involved in testing and validation of the activities to ensure that the upgraded systems meet the expectations. Lastly, at the completion of the project, I will hold a closing meeting to review the project’s outcome and acknowledge the contribution of every stakeholder. Solution Alignment The digital development dimensions are constantly evolving, and it has swiftly changed the value proposition of services and goods that a company has to offer (NU CEPAL, 2021). Using outdated technology is risky to business operations, and the proposed solution focuses on modernizing the IT infrastructure to minimize manual workloads, boost general productivity, accommodate changes in the industry, and ascertain compliance with industry-specific laws and regulations. Addressing the core challenges of cybersecurity will efficiently minimize the risk of cyber threats and data breaches as it impacts efficiency and investment costs for the company. The first alternative solution that I considered for outdated IT infrastructure was a partial upgrade, which allows for staging of upgrades on a few hardware and software without the need to upgrade the whole IT infrastructure (Ciltrix, 2018). While the approach would be more cost- effective and less disruptive, it might not fully address the cybersecurity vulnerability and inefficiencies across the whole IT system. However, the alternative approach is not a viable long- term solution as it can result in integration challenges and dependence on external providers.

15 Pioth (2023) asserts that different factors can drive an IT infrastructure's Cost up or down. The company will spend $ 409388, which is a few thousand dollars, on IT infrastructure due to its limited size and current organizational needs. Fewer hardware, such as storage devices, servers, network equipment, and workstations, as itemized in Table 1, require upgrades as the company intends to focus on using cloud IT infrastructure, which makes the inclusion of software upgrade cost necessary in the proposed project. The itemized cost includes security software, updated operating systems, and productivity applications. The company will be purchasing licensing materials to ensure legal compliance and mitigate security threats involved in cyberattacks. Employing the right staff workers is vital to the project's success, and the company will incur direct labor costs and time (Muehlemann & Leiser, 2018). Skilled labor is essential in project development, and hiring experienced professionals will result in better project outcomes. the company will also incur staff risks during the hiring and training procedure of the new employees. Risk Assessment A completed "MSITM Capstone Risk Register." This project could encounter the seven risks I have included in table 2. Every asset has been analyzed based on its threat, existing controls, likelihood, consequences, risk level, and priority. The first risk that the proposed project could encounter, as highlighted in Table 2, is the company's data server risk. The possible threat is unauthorized access, and there is a possibility that it could happen due to the usage of outdated IT infrastructure. The existing control measures include control policies. The level of risk is high, and it has major consequences for the business' operation. Secondly, the staff's PC could be infected with malware. The likelihood of this threat

18 in user education amounting to $90000 to prevent malware infection outweighs the Cost of possible malware infection during the project and in the long haul. The CBA is positive with a net benefit of $20000. DDoS attacks on the network equipment can result in potential revenue loss due to the downtime experienced, estimated at $ 100,000. Implementing traffic analysis and IPS/IDS to inhibit DDoS risks is valued at roughly $ 50,000. The Cost-Benefit Analysis is positive, with a net benefit of $ 50,000. Reputation is an intangible asset that impacts all stakeholders of a firm other than chasing material and financial gain (Perera et al., 2022). Various elements such as consumer confidence in the firm, investor's trust, and the company's perception to the public as a trustable and respectable entity, affect reputation. Invasion of clients’ privacy and suppliers’ data can attract potential lawsuits and reputational damage to the company, which can be challenging to quantify. The firm must contemplate the privacy regulation’s impact when formulating the acquisition process in order to build trust with potential clients and suppliers. Incorporating a privacy- focused policy is fundamental in the company’s day-to-day operations. Modernizing the software within the company can assist the firm in practicing role-based access control and regularly auditing everyone who accessed the company’s data. Investing in encryption measures to protect the clients' and suppliers’ data is valuable in maintaining trust and avoiding possible lawsuits. According to Li & Liu (2021), encryption is a powerful tool for protecting sensitive and private data when exposed to threats from cybercriminals and unwarranted third parties. Technology is rapidly changing, and cryptographic algorithms need sustained consolidation to inhibit insecurities.

21 practices. conducting regular security audits will assist in identifying possible vulnerabilities in the clients' and suppliers' data handling mechanisms. I will educate staff workers on the importance of caring for their mobile devices, enabling remote wipe capability and reporting any stolen device promptly. Updating and reinforcing encryption protocol will assist in preventing data from landing in unauthorized personnel when a device is lost or stolen. There is need for periodic mobile device security training for staff worker to educate them on the cyber threats they can encounter with the mobile devices Justification of Approach The project’s management methodology integrates elements of the Project Management Body of Knowledge (PMBOK) and Agile principles to address the identified challenge and align with the project’s nature. The project’s sophisticated nature incorporates extensive IT infrastructure upgrade and cybersecurity risk reduction. Hidalgo (2018) asserts that agile methods are essential in facilitating teamwork in a collaborative project. The agile practices and principles allow cross- functional teams to develop project needs and solutions internally while responding to weaknesses of the project development, making it ideal for the problem I propose to solve. According to Hidalgo (2018), the initial core practice and principle of agile framework is the social aspect which emphasizes on individuals in project development. Secondly, using shared visualization system focuses on the doable and transparent work. Third, an iterative development cycle with a self-management team adhered to communication-oriented rules. Forth, the facilitator's key role is to assist in coordination and conflict resolution to ascertain the contribution of each member during project development (Hidalgo, 2018). Lastly, usage of

22 “kanban board” is vital in the reflection procedure which is an artefact that allows transparency and documentation of project activities. Takagi & Varajão (2020) asserts that PMBOK constitutes of the best practices in project management includes procedures that can be used to initiate, plan, execute, monitor, control and close a project. The PMBOK's elements assist a project manager and his team in defining the project early to inhibit costly delays as the project continues. It is essential to map out activities needed in the project's execution to make it easier to determine the resources required and how they will be used. The PMBOK's elements assist in monitoring and controlling any problem that may arise before it escalates to a major challenge. The project involves notable cybersecurity risks within the business operations and PMBOK's risk management framework is vital in optimizing the chances of project success by reducing the possibility of negative risks and capitalizing on possibility of positive risks (Takagi & Varajão, 2020). A proactive risk management is essential in the project’s lifecycle. I will tailor this methodology to fit the nature of my project by implementing the project management process outlined by PMBOK guide. In the initiation phase, I will identify the key stakeholders, define the project’s initial scope and get approval for the new project. The project's scope comprises the upgrade and modernization of the firm's IT infrastructure, including hardware and software upgrades, SaaS integration, cybersecurity enhancement and cloud migration. In the planning phase, I will have a communication plan because an efficient communication strategy is responsible for ideal project planning among the stakeholders ( Takagi & Varajão, 2020 ). During this phase I will implement the risk management plan to identify,

23 assess, monitor and mitigate risks throughout the project. the KPI will be elaborated to measure the project’s success and align with cybersecurity risk reduction and strategic company goals. In the execution phase, I will focus on infrastructure upgrades following the project plan. The agile principles will enable adaptability to unforeseen challenges and emerging cybersecurity vulnerabilities. I will execute various cybersecurity measures such as access control, implementation of intrusion systems, and encryption according to the plan. Training program is fundamental during this state to educate staff workers on the upgrades within the business premises and the best cybersecurity practices they should know in the evolving digital landscape. KPIs will be monitored to ascertain that the project aligns with the objectives throughout this phase. It will also enable early identification of deviations and allow the project managers and other stakeholders to take corrective steps. In the monitoring and control phase, the project managers will assess the project’s progress and make vital changes where necessary. Data modeling is essential in visualizing the progress and probable areas for improvement. The risk management plan integrated from the PMBOK will facilitate continuous risk assessment to address any emerging threats and performing a preventive and corrective action ( Takagi & Varajão, 2020 ). If the KPIs portray any cybersecurity ineffectiveness or vulnerability, alterations to the project strategies will be executed immediately. In the closing phase, I will evaluate the project’s general success. The evaluation will comprise of assessing the project’s alignment with strategic and operational business goals. Holding a closing meeting with the stakeholders is essential as it gives a chance to offer detailed project closure report which summarizes the project outcomes, recommendations and lessons learned for similar future projects.

24 Project Resource Management Plan Using outdated IT infrastructure in a firm results in inefficiencies, cybersecurity threats and increased costs. The proposed project looks into modernizing IT infrastructure to boost general work productivity, accommodate changes in the industry and compliance with specific laws and regulations. Human resources, hardware and software resources, time, and financial resources are fundamental in the execution of this project Resources Resources are vital assets whose principal role is to assist in executing a particular project (Wrike, n.d.). The resources needed to design and implement this project include personnel resources such as project manager, IT specialist, security, and vendors. An expert manager is needed to oversee the whole project from its inception to completion. A manager will be involved in all the project phases listed in Table 5, from the initiation, planning, execution, monitoring, and control to the closing of the project. IT experts are vital in executing fundamental tasks like IT infrastructure upgrades, the use of training programs, and the implementation of cybersecurity measures. The hardware resources encompass cloud services, workstations, and network equipment, while software resources include cybersecurity software, operating systems, and project management software. The financial resources needed for this project include budgeting for software and hardware. It includes the itemized costs listed in Table 1, such as the network servers, network equipment, storage devices, security software, licensing, and labor costs. It is essential to set aside finances for the risks that may transpire during the project execution. Scheduling time resources is vital in defining the project timeline. It will ensure that every task is completed in a logical sequence, thus preventing any delays that may

25 affect business operations. The time availability of human resources especially the project manager, and IT specialists is crucial in adhering to the project schedule. Justification of Resources The strategic alignment of human, time, financial and hardware and software resources is key in the IT infrastructure upgrade endeavor as it champions for efficiency, cybersecurity resiliency and competitiveness. Each personnel resource is vital in the execution of this project. The project manager will lead the project's strategic planning, resource coordination and decision-making, while the IT specialists will offer expertise in IT infrastructure modernization. The security personnel will provide knowledge in mitigating cybersecurity threats, while the vendors will offer the needed software and hardware resources. These stakeholders work towards supporting the firm’s performance goals and priorities which is fostering a cybersecurity awareness culture, reducing human risks that could result in security breaches and ensuring industry compliance. The hardware resources, such as the upgraded network equipment, will ensure reliability, while workstations will boost productivity. Cloud services are essential in data management by offering scalability and flexibility, which is cost-effective to the company. Software resources such as cybersecurity software protect the company's data from threats, while project management software will facilitate project planning. Upgraded operating systems will ensure system performance and security from cybersecurity threats. Setting up financial resources is vital in the project’s investment as it promotes technological innovation and advancement within the firm. It will assist in modernizing the IT system and ascertaining compatibility with the latest technologies in the industry. Setting up a

26 contingency fund, as listed in Table 1, is vital in offering flexibility to address any unexpected challenges that are bound to arise without compromising the project's success. A structured project timeline, as listed in Table 5, is vital in the tasks’ completion and timely delivery. It will enable all stakeholders know which tasks they are performing during a specific period and strive to complete it within the se deadline. Coordinating the resources’ availability with the project milestone is fundamental in a seamless execution to ensure the project does not fall behind schedule. Resource Allocation Plan a resource allocation plan is fundamental in managing assets and assigning them in a manner that supports the business’s strategic goals and priorities (Lutkevich, n.d.). The resource allocation plan includes manpower, hardware and software, finances and time allocation to determine the ideal route for maximizing limited resources and completing the project as scheduled. Manpower allocation The table below shows the manpower allocation for this project if it approved. The project manager will be allocated full-time to oversee the project from the initiation to the closing phase. Their role includes project planning, risk management, coordination, communication, and ensuring the project aligns with the company's priorities and goals. The IT specialists and cybersecurity personnel will offer partial commitment to the project. They will be present in the initial meeting with stakeholders and understand the project’s scope. They will be present in the planning, execution, monitoring and controlling phases of the project to ascertain the implementation of the IT infrastructure upgrades and cybersecurity measures. The IT

27 specialists and security personnel will be responsible for training staff workers in the execution stage. The table below shows that the external IT vendors will be in the initiation, execution, and monitoring stage of the project. Their involvement is essential in this phase as they will provide upgraded hardware and software to the project to ensure a seamless upgrade takes place. Role Project Phase Allocation Project Manager Initiation to Closing IT Specialists and security personnel Initiation, planning, Execution, monitoring and controlling External IT vendors Execution Project manager Initiation, Execution and Monitoring Finances allocation The table below shows the financial allocation goes towards the overall budget of the project and the contingency fund. The overall budget will cover each itemized cost included in table 1 that is the hardware, software, licensing, labor, and risks reserves as highlighted in table one. the total budgeted items including the risks costs will amount to $409388 as listed in table one. the finances allocation will cover the contingency fund during the project management to cover any unexpected challenges that are not covered by the risk reserves listed in table 1. Financial Resource Allocation Overall Budget Project Management Contingency Fund Project Management Hardware and software allocation Resource Budget Allocation Hardware Procurement Workstation, storage devices, servers, network equipment Software procurement Security software, upgraded operating system, antivirus software licensing, productivity application The table above shows the budget allocation that will be made for procurement of upgraded hardware equipment including storage devices, network equipment, servers and workstation. The capital costs for each itemized segment is listed in table 1 and it includes $

28 5000, $ 150000, $34000 and $7000 respectively. The budget allocation that covers software procurement included the costs of security software, upgraded operating system, antivirus software licensing, and productivity application. The capital costs for the software is listed in table 1 and it includes $18000, $25000, $10000 and $22000 respectively. Time (scheduling) allocation. A detailed timeline will be developed, as shown in Table 5. Every phase, starting with the initiation to closing, will have different variables and milestones defined so that every stakeholder will know where they are needed. Human resources, including the project manager, IT experts security personnel, and External IT vendors, will be contacted when they are required to prevent any delays during the project’s execution. Gaps and Impact on Other Projects This project's successful completion will fill the existing gaps within the business that affects its general performance. The first existing gap is the usage of outdated IT infrastructure within the business, which is not suited for the level of scalability and agility needed in today's digital age. Prakash (2020) asserts that a business’s dynamic requirement keeps seeking for innovation and expanding digitization. Outdated IT systems result in high operational costs, increased cybersecurity threats, and inefficiencies, which affect the business' service quality. The proposed project aims to fill this gap by comprehensively upgrading and modernizing the IT system. It will result in improved operational efficiency, minimize cybersecurity vulnerabilities, and align the business with industry standards. Secondly, outdated IT infrastructure poses cybersecurity vulnerabilities. According to Aslan et al. (2023), the vulnerabilities in software, hardware and networks are commonly used by cybercriminals to spread attacks that could result in data breach, compliance issues and

29 unauthorized access. The project aims to minimize cybersecurity vulnerabilities via the implementation of an upgraded cybersecurity system and user education program to enhance the company’s entire cybersecurity posture. Third, inefficient IT infrastructure results in performance bottlenecks, downtime, and ineffectiveness that affects the company's productivity. Modernizing the IT system will address these existing inefficiencies and result in minimized downtime, improved staff productivity and system performance. Lastly, insufficient user education increases cybersecurity vulnerabilities within the business. Staff workers require regular training on the new IT tools to seal any suboptimal usage of technologies and increased risk of human-linked cybersecurity vulnerabilities. The inclusion of training programs in the proposed project will bridge this gap by ascertaining that staff workers are equipped with the knowledge and expertise to use upgraded IT systems securely. The proposed project will positively affect another active project by generating secure IT equipment, networks and chipsets, vital security measures that will streamline the workflow and minimize data breach risks (Tariq et al., 2023). If approved, the proposed project may need shared resources such as a project manager or IT experts who are involved in other active projects. Developing a resource allocation plan will ensure seamless coordination of resource allocation to ensure the project does not affect other ongoing projects negatively or resource conflict. If the proposed project is approved its timeline might overlap with other active IT projects which may cause possible delays and conflict. However, regular communication among the project stakeholders will avoid any overlapping activities and bot alignment. The budget allocation for the itemized costs in table 1 may compete with financial needs of other active IT

30 projects if this project is approved. It is essential to ensure the budget allocation is distributed appropriately to avoid any probable budget constraint and keep a record of the use of finances to allow early budget reallocation if needed. Project Plan Scope The project's scope comprises the upgrade and modernization of the firm's IT infrastructure, including hardware and software upgrades, SaaS integration, cybersecurity enhancement and cloud migration. The project aims to boost data security, operational efficiency, and compliance with industry standards and regulations. A project manager who will oversee the project's execution, an IT and security specialist responsible for IT infrastructure upgrades and cybersecurity measures and vendors who will supply upgraded software and hardware to the company are required during the project duration. Assumptions The first assumption is that all the project’s stakeholders will collaborate from the onset to the completion of the project. Secondly, the required resources, ranging from financial to personnel, will be available as planned. Third, the external IT vendors offering software and hardware solutions will cooperate seamlessly with the project requirements and timeline. Fourth, the upgraded software and hardware will be compatible with the existing IT system and technology within the business, and they will be secure. Fifth, all the staff workers will cooperate and avail themselves during staff training. Lastly, the project solution will boost productivity and minimize cybersecurity threats, and the upgraded IT system will be relevant and applicable even after completion of the project.

31 Project Phases Table 5 indicates the project phases and each milestone. The first phase initiation phase. The milestones in this phase include identifying and meeting with the proposed project's stakeholders. During this phase, each stakeholder will learn about the project's initial scope while waiting for the project’s approval .The second phase in table 5 shows the planning phase. During this phase, the implementation of a risk management plan will take place, including having an elaborate communication plan. In the execution phase, as highlighted in Table 5, external vendors will be contacted, and the IT infrastructure will be upgraded. In this phase, execution of cybersecurity measures will take place, including training staff workers concerning the IT upgrades. In the monitoring and controlling phase, necessary alterations will be made to ensure everything aligns with company goals and the project's objectives. Lastly, the closing phase will comprise of evaluating the project’s success and holding a closing meeting where all the stakeholders will be involved. They will receive the documentation to check is everything is in compliance and the project’s objectives were met. Timelines The table 5 shows the project timeline. The project will run from December 2023 to April 2024. The first phase’s timeline will be 7 December 2023 to 21 December 2023, as indicated in Table 5, and it will comprise the initiation phase, which will include meeting with stakeholders and defining the project’s scope. The two-week timeline is essential in gathering the requirements from each stakeholder, communicating expectations, and setting the foundation of the project The second phase timeline, will run from 13 th December 2023 to 21 st December 2023 and it will involve executing the communication plan an implementing risk management plan. The

32 allocated time will ensure that each stakeholder embraces a proactive approach towards the project. Table 5 shows that the execution phase will run from January to march of 2024. This phase will comprise several milestones, including contacting external IT vendors, starting the IT infrastructure upgrade, executing cybersecurity measures, and training the staff workers on the upgraded IT system. This phase is the longest, with multiple comprehensive activities, and it will take three months to execute the proposed project. The lengthy period will ensure that every core element of the project is addressed by the involved stakeholders. The monitoring and controlling phase will run for one week in the month of April, starting from 8 th April 2024 to 14 th April 2024, as shown in Table 5. The one-week duration will allow continuous assessment of KPIs for the necessary changes that will offer. While making these changes, it is essential to rely on the dynamic feedback loop to ensure the project's objectives are met. Lastly the closing phase will run from 15 th April 2024 to 30 th April 2024 and it will comprise of evaluating the project success and holding a closing meeting with all the stakeholders. The two-week duration will allow a detailed assessment of the project's success criteria, generation of a detailed closure report, and offer insights into future projects. Dependencies The success and completion of the proposed project will depend on various items, including the availability of the project stakeholders and their collaboration during the project duration, the industry's regulatory changes and updates and. The project depends on successful external IT vendors’ collaboration and deliveries as they are fundamental in the offering software and hardware solutions to prevent any unnecessary disruptions. Delays in resource availability

33 can result in execution of tasks. successful completion of the proposed project depends on timely resource availability to prevent project bottlenecks. A comprehensive and successful staff training program is essential in supporting the project’s smooth implementation and maximization of the upgraded system’s benefits. Developing a proactive risk management plan is vital in the proposed project’s success because it cater for unforeseen challenges that are bound to arise during the project implementation. Adhering to the industry regulatory compliance is vital in the project’s success as it ensures the project does not compromise the business’s reputation or attracts legal issues that leads to unending litigation procedures. Fostering an efficient communication strategy from the onset of the project is vital in managing the stakeholders' expectations, disseminating the proposed project's updates, and addressing the stakeholders' concerns. Setting a communication plan in place allows all the stakeholders to stay informed about the project's progress, possible effects, the business's priority and the ongoing progress of the proposed project. The project will also depend on budget approval and the release of the finances to pay for the project. Risk Factors The first potential risk factor is human risk, including a diverse workforce and interpersonal conflict among the stakeholders, which might derail the project's completion. Involving unskilled project team members, especially in emerging technologies, could result in suboptimal implementation and errors that have detrimental effects on the business's operation. During the project execution and completion, there is a possibility that staff workers might not adapt well to the new technology. Efficient training and continued collaboration are vital to assist the staff workers in learning about the upgraded system. Insufficient cybersecurity knowledge

34 can pose a significant threat to the firm’s network security. According to Aslan et al. (2023), properly trained staff workers are the first line of defense against cyberattacks. Secondly, financial risk factors can harm the project's outcome, thus the need to develop a budget and stick to it. Any unforeseen expenses that leads to budget overrun will impact the project’s feasibility. The fluctuating currency exchange rate is a significant financial risk that will affect the project when dealing with external IT vendors. It is vital to monitor the exchange rate trends and contemplate about adding the currency fluctuation clauses in the contract. Lastly, environmental risk factors such as natural disasters may affect the project’s execution and continuity. Developing a disaster recovery plan is a proactive measure that focuses on the technical aspects that will keep the systems up and running if a disaster strikes during the project (Laudon & Laudon, 2022). The regular changes in the regulatory standards may affect the project’s compliance needs and operational procedures. Flexibility is key while monitoring the regulatory updates and maintaining close communication with regulatory bodies to adjust the project plans accordingly. Important Milestones The critical milestones in this project are listed in table 5. The milestones in the initiation phase will comprise of identifying and meeting the stakeholders and defining the project's initial scope. the milestones in the planning phase will include having a communication plan and implementing the risk management plan. Table 5 lists three milestones in the execution phase, which consists of contacting external IT vendors and starting the IT infrastructure upgrade, executing cybersecurity measures, and training staff workers. The monitoring and controlling phase will achieve one milestone, which is making changes where necessary while checking the

35 KPI metrics. Lastly, the milestones in the closing phase includes evaluating the project's success and closing the meeting with stakeholders while offering them a detailed closing report. Details of Project Launch The first step of the project launch is the scope. After the scope has been validated and defined, it will be executed, controlled and monitored. Secondly, managing the project team is essential in adhering to the timeline and ensuring operational efficiency. Third, changing the project will address any emerging issues and recommendations to keep the project on track. Fourth, updating the stakeholders on the project's progress is vital to ensure they are actively engaged. Fifth, team building will assist the team members in working with cohesion. Sixth, keeping tabs on the project's milestones will motivate the team members to increase productivity. Seventh, holding regular meetings is a chance to collect feedback, concerns and status reports. Lastly, documenting the changes in the project is essential in learning how to improve future projects. Strategy for Implementation My project's implementation starts with the initiation phase. I will use the PMBOK principles for precise scope definition to align the project goals with IT strategies and stakeholder identification. In the planning phase, I will include risk management and communication plan to create an architectural roadmap that aligns with the company’s priorities and the project’s objectives. I will define disaster recovery techniques for vital IT components. In the execution phase, I will implement the best practices for seamless execution of IT infrastructure upgrades including cloud migration, software and hardware upgrades. During this phase, it is essential to check for compatibility of the new technologies with the existing systems.

36 Conducting IT training programs for the employees is vital in user adoption and efficiency to reduce resistance of the upgraded systems. In the monitoring and controlling phase, making necessary changes is essential in aligning the project’s outcomes. it is a chance to ensure responsiveness and ongoing assessment of the system’s scalability and performance. In the closing phase, proper documentation of the lessons learned during the project’s implementation will provide a guiding foundation for future projects within the business. Meeting with stakeholders will enable them acquire the closure report and measure the project’s success. Documentation Deliverables The documentation deliverables will comprise an IT infrastructure assessment report, IT vendor agreement and procurement records, modernization and cloud migration plans, risk assessment and detailed documentation of the changes in the project's duration. . Hardware and Software Deliverables The hardware and software deliverables will comprise modernized hardware components, updating software applications, successful SaaS integration, and migrated systems with proper documentation and documentation of the general upgrade procedure. These deliverables will facilitate a smooth transition to the modernized and upgraded IT system and foster improved business operation and positive user experience. Evaluation Framework Project evaluation is vital in depicting project transparency, accountability and enables the learned project lessons to be shared to other people who did not partake in the project’s execution (Haass & Guzman, 2020). It also offers a solid foundation for examining all previous assumptions and reviewing if they are reliable. The final result will be evaluated against the IT

37 industry's regulations, compliance standards and accepted criteria. It will comprise a compliance check, security audit and performance benchmark to ensure the project aligns with the industry's legal requirements and best practices. Continuous surveillance of the project activities while adhering to the project timeline an quality standards is an essential practice in the project. Evaluating the project against internal and external quality assurance audit will establish if the project deliverables and activities align with the defined quality standards. The evaluation framework will comprise of a compliance checklist based on the industry standards and regulations to ensure that the project is in line with the standards and implement any corrective action should deviations occur. Designing and distributing surveys at fundamental project milestones is vital in analyzing the responses to note the areas that require improvement. Integrating quality assurance standards such as Capability Maturity Model Integration (CMMI) and ISO 9001 into the project activities is vital in implementing a systematic approach towards quality management as they aim to boost the quality and efficiency of the project. CMMI is a framework that assist the project to boost the development processes to achieve better performance while ISO 9001 offers an approach that ascertains consistent delivery of the project that meets the requires and compliance with relevant regulations (visure, n.d.). The ISO/IEC 25010 for software quality is a reference framework for evaluating the quality characteristics of various software components taken into account when assessing the software product’s properties such as security, reliability and functionality (ISO 25000, n.d.). A quality software product needs to satisfy the stated needs of the project’s stakeholders and activities while offering value

38 References

39 Tables Table 1: itemized costs segment Item cost ($/uni t) Qty (uni t) tim e (hr ) lab or (hr) licen se cost monthl y support ($/mont h) total annu al cost ($/yr ) capital costs hardware Workstati on 3500 2 7000 storage devices 5000 1 5000 servers 34000 1 34000 network equipmen t 15000 0 1 150000 software security software 18000 updated operating systems 25000 productivi ty applicatio ns 22000 licensing antivirus software 1 per device 1000 0 10000 operating systems 2500 0 25000 time project planning 70 40 managem ent 30 40 execution 60 120 Labor wages and salaries 15000 benefits for project's team members 7000 risk hardware 1 12000

40 reserves risks software risks 1 2500 staff risks 25000 total planned 357500 managem ent contingen cy reserves 30000 average state risk (7.25%) 21888 total budgeted (including risk costs) 409388 Table 2: A completed "MSITM Capstone Risk Register." SSM3: Design and Development Asset Threat/Vulnerabil ity Existing Controls Likelihoo d Consequen ce Level of Risk Risk Priority the company 's data server unauthorized access control policies Possible Major High 5 staff's PCs malware infection user education Possible Moderate Medium 3 network equipme nt DDoS attacks IPS/IDS traffic Rare Major Extreme 2 clients' data invasion of privacy encryptio n Possible Major Extreme 6 cloud storage unauthorized access two-step verificati on Rare Major Extreme 1 suppliers ' data data breach auditing Rare Major Extreme 1 mobile devices stolen device encryptio n Possible Moderate High 4

41 Table 3: Quantitative Risk Analysis quantitative risk analysis risk probabilit y cost impact expected monetary value (Probability X impact ) network equipment 35% $20,000 $10,000 company's data server 30% $1,000 $500 cloud storage security 45% $2,000 $1,500 the total expected monetary value $12,000 Table 4: qualitative risks analysis of risk register items qualitative risk analysis of risk register items consequence s likelihood minor moderate major rare 0 0 3 possible 0 2 2 Table 5: project phases and timeline project phases milestones start end project month initiation identify and meet with stakeholders 7/12/2023 9/12/2023 December define the project's initial scope and get approval 10/12/2023 12/12/202 3 planning have a communication plan 13/12/2023 16/12/202 3 implement risk management plan 17/12/2023 21/12/202 3 execution Contact External IT vendors and begin IT infrastructure upgrade 2/1/2024 2/2/2024 January - march execute cybersecurity measures 3/2/2024 22/2/2024 train staff workers 23/2/2024 8/3/2024 monitoring and controlling evaluation of the upgraded IT infrastructure 9/3/2024 7/4/2024 make changes where necessary 8/4/2024 14/4/2024 April

42 closing evaluate project success 15/4/2024 21/4/2024 closing meeting with stakeholders and give detailed project closure report 22/4/2024 30/4/2024