Trusted by +2 million users,
1000+ happy students everyday
1000+ happy students everyday
Showing pages 1 to 4 of 11 pages
Appendix AOperating ScenarioGPS/CDU Project for Wild Blue Yonder TechnologiesWild Blue Yonder Technologies Inc (WYBT) is a general holding company whoseline of business is tailored to high-tech holdings. Wild Blue Yonder Technologies varioussubsidiary companies are maintained as one coordinated business from offices in NewYork City. The centralization of policy and planning direction at one location hashistorically produced higher revenues, profit margins, and customer satisfaction. Thenecessary degree of coordination is enabled by a global, enterprise network that ismanaged from the New York location. That network provides securetelecommunications capability with embedded firewall protection, multi-carrier cellularaccess options and automatic access point database updates for all connection types. Itenables access to the enterprise’s applications from any location onan as-needed basis.The network also providesintegrated, any distance, seamless connectivity to WBYT’scentralized information resources.WBYT’s holdings are concentrated inadvanced technology productsand services. Twoclosely held subsidiaries deal exclusively with the Federal government. The line ofbusiness of one, which is based in Gaithersburg, Maryland, is R&D and manufacture foradvanced capability components for the F 16 Fighting Falcon and F 18 Super Hornet. Theother, based in Jacksonville deals in R&D in target acquisition and fire control systemsfor Army helicopters. There is also a manufacturing facility in Detroit. That facility buildsLeopard tanks for the Canadian Army under license from the German government.Other close holdings in WBYT’s empire include a commercial electronics R&D facility inCorvallis. The Corvallis facility also does contract work for the Idaho National Laboratory.In addition to the closely held corporations, there are loosely held electronicsmanufacturing, or service holdings in Pittsburgh, Houston, Des Moines, Sioux Falls,Denver and Bozeman. These facilities serve the consumer high-tech industry.
Finally, there are a number of loosely held international corporations in India, Australiaand across the Pacific Rim, all concentrated in advanced technology. All computerservices for that region are provided overa public/private VPN, which is maintained forthat area in Singapore. The Singapore data center is actually owned and operated byWBYT, as part of the company’s global VPN. The VPN itself is maintained out of the NewYork office.According to WBYT’s charter, the primary business goal of the Company is to utilize theglobal marketplace to provide high quality technology components at the lowest pricepossible price. Wild Blue Yonder Technologies entered the market knowing that theability to closely monitor its operation and deliver competitive business informationquickly was going to be a prerequisite to its success, particularly in the integration andreuse of COTS products. In essence, its entire business model was based on thepresumed ability to do that. In fact, since information was the key to company survival,that mission was laid out even before the technical capability for achieving it was inplace.Wild Blue Yonder Technologies information processing operation delivers informationand services to its various subsidiaries in two ways: hosted and embedded. The hostedmodel removes the burden of maintaining on-site data acquisition and managementfunctions from the facility’s operations managers, while ensuring a secure and scalableworldwide environment. The embedded model allows each local facility to operate andmaintain its own IT infrastructure, which is tailored around WBYT’s enterprise systemsto support that subsidiary’s specific line of business and business operation.Company Organization OverviewBecause it is focused on the development of very advanced software products WBYTgets most of its business from the Pentagon. It utilizes a well-defined, flexible processfor planning for and developing this software. It is also known as an innovative place towork. WBYT is operating under a pressing NIST 800-53 mandate and the only process
holding up the assessment is the Risk Management area. As such, the WBYTmanagement would like you to implement a robust and persistent risk managementprocess for its supply chain.Early software project planning is stressed at WBYT, and project plans are developed tointegrate effectively with the other engineering plans within each project. There isstrong informal communication among all the engineering disciplines, and a singleprogram manager manages each new project from an integrated system view. Softwareestimates are derived through expert analysis and documented for use throughout theproject's life. These estimates are backed up with outputs from estimation tools that areused to provide a “reality check” to the experts’ initial idea. Actual project data isretained to support a cost estimation improvement effort under way at WBYT but it isnot used in a formal feedback sense.Software project management metrics are used to provide visibility into projectperformance at the project level. When performance deviates from the initial plans, theproject manager is responsible for either making changes to the way the project is beinghandled (in order to bring the project back into conformance with the plan), or re-planning. Software subcontracts are managed using a set of defined policies andprocedures. Software requirements, design, and code inspections are used to supportdevelopment. Defect metrics from the inspections are maintained. Other productrelated metrics are identified and maintained for each development effort to help keepreasonable visibility into the development effort. These metrics also are used to supportsoftware project management and risk assessment. The only problem is that all of thistakes place at the project rather than the organizational level. The Program Managerand upper management never see the results of this extensive measurement process.The review culture at WBYT is not well developed. However, assurance is primarilydefined as testing the code. There is no software configuration management at any levelin the supply chain. A SEPG team of engineers and managers from the softwareengineering organization are responsible for keeping the approved software engineering
processes up to date, and identifying new opportunities for improvement. This teamreports to the manager of software engineering and to the corporate vice president ofengineering. The vice president of engineering maintains a keen interest in the softwareengineering processes for the corporation. The manager of software engineering andthe vice president of engineering are responsible for providing quarterly reports to thecompany president on the state of software engineering and software assuranceprocess improvement. The problem is that most of this reporting up and down the chainof command is in the form of rumor rather than objective data.COTS and GOTSWBYT uses COTS and GOTS software when possible, but it does not hesitate to build itsown components when necessary or to mitigate risk. Humongous Holdings chiefarchitect and the CIO are both former employees of a major Web search enginesite/content provider. In four years back in the late 1990s, they watched that provider’susage go from 45,000 to 45,000,000 page views per day. With millions of people usingthe system, they learned very quickly to take whatever security precautions needed toavoid being awakened in the middle of the night with a business-threatening problem.WBYT’s management’s major concern about COTS products centers on the ability toensure its security. That was particularly true when targeted bench-checks found Trojancode embedded in products that were acquired from an overseas source. Thus, whensecurity is essential and the source of the code is in doubt, WBYT will not hesitate tobuild the necessary components in-house. WBYT’s rule of thumb is that if the function isunimportant, COTS will do. If there’s an actual or de facto security requirement for someaspect of the system, the COTS product will have to be proven secure. Otherwise, thatcomponent is a strong candidate for in-house implementation.