3. (11)Security Planning & Management
21. SECURITY THREATS
23. VIRUS IMPACT How have viruses affected your company?
26. Low Confidence in Net Privacy
32. Top Security Obstacles�Need to get hit to change
35. Who’s Breaking Into Your Systems?
36. THE ENEMY WITHIN
37. Top Tips for Preventing Insider Attacks
40. Activities Included in Job descriptions for Information Security Managers
44. HONEYPOT SECURITY LURES INTRUDERS TO WHAT THEY THINK IS A SENSITIVE AREA
51. Staff Assigned to Information Security
52. IS YOUR IT SECURITY BUDGET HIGHER OR LOWER THAN LAST YEAR’S? Base: 257 data center managers surveyed earlier this year
54. Remote Access Security Reference Materials
56. Big Names in Identity From modular components to full-fledged suites, the top vendors in the identity management space offer a range of tools to strengthen the security of your network.
59. (12)Audit Planning & Management�
60. THE AUDIT MISSION
61. Fair Information Practices Principles
65. SARBANES-OXLEY Info
68. WHEN WAS YOUR ORGANIZATIONS POLICY LAST UPDATED?
69. Which department created the data policy?
70. Top ten factors that could trigger workers to act unethically or illegally
71. Ten Tips for Taming the E-mail Problem Create a reasonable and enforceable policy.
Spell out privacy expectation clearly.
Require that each employee sign the policy. Issue frequent policy reminders.
When the policy is broken, consult the legal department and have an immediate conversation with the employee, accompanied by a human resources representative.
Don’t limit employee training to policy issues. Also include etiquette, proper use of group mailing lists, and information about recognizing scams and urban legends.
Limit employee mailboxes to an appropriate size (CIOs interviewed for this article recommended a range from 15MB to 150MB depending on the type of work).
Consider your potential legal liability in determining how long to store messages.
Consider filtering tools, but be aware of the limitations.
Install two different antivirus software packages (one for servers, one for the desktops).
Teach users to distrust all attachments, particularly unexpected ones.
.
73. (13) Capacity Planning & Management
74. Why is Capacity Planning Important ?
75. CAPACITY PLANNING PROCESS
77. CAPACITY PLANNING RATIONALE
78. CAPACITY MANAGEMENT
79. CAPACITY MANAGEMENT
81. Planning Capacity
82. (23) Change Control
90. CHANGE MANAGEMENT
91. (24) ASSET MANAGEMENT
92. Asset Management Practices
96. Fate of Old PCs�This year, what percentage of your retired PCs will be :
98. WAYS TO PROTECT YOURSELF 1 LEASE EQUIPMENT so that the title to the equipment transfers to the leasing company at the end of the term- along with the disposition issues.
DISPOSE OF IT EQUIPMENT when it’s removed from service.
BUNDLE DISPOSAL COSTS into new purchases by including the disposition of old IT assets in the RFP for equipment that replaces it.
EMPTY THE IT CLOSETS: Dispose of unused, stored equipment immediately. This equipment incurs storage costs and property taxes plus disposal costs that are likely to increase over time.
INCLUDE A COPY OF THE OPERATING SYSTEM when donating equipment. Machines without an operating system are likely to be discarded or shipped overseas. INCLUDE CONTRACT WORDING that prohibits the recycling vendor or its subcontractors from exporting equipment to developing countries that lack environmental regulations.
REQUIRE A FULLY DOCUMENTED AUDIT TRAIL that shows what happened to each IT asset through its final disposition, whether sold, recycled or destroyed.
CONDCT A DUE DILIGENCE background check on the recycling vendor and its practices that includes an on-site visit.
CONSIDER DISPOSITION SERVICES from IBM, HP, Dell or other major IT equipment vendors. They charge more than smaller recyclers, but they have reputations to protect and deeper pockets if liability issues arise.
102. Selected Systems Management Software(1 OF 6)
103. Selected Systems Management Software (2 OF 6)
104. Selected Systems Management Software (3 OF 6)
105. Selected Systems Management Software (4OF 6)
106. Selected Systems Management Software (5 OF 6)
107. (26) Problem Control
108. PROBLEM MANAGEMENT
111. CAUSE OF UNPLANNED APPLICATION DOWNTIME
112. RELATIVE OCCURRENCE OF OUTAGE INCIDENTS
113. Most frequently cited outages Systems: operational error, user error, third party software error, internally developed software problem, inadequate change control, lack of automated processes
Networks: performance overload, peak load problems, insufficient bandwidth
Database: out of disk space, log file full, performance overload
Applications: application error, inadequate change control, operational error, nonautomated application exceptions
114. Fundamentals of autonomic computing ? Self-configuring
? Self-healing
? Self-optimizing
? Self-protecting
116. How many calls does the help desk get ?
117. EXAMPLE:Who calls the HELP desk?
118. EXAMPLE:What are the calls for ?
120. *** PROBLEM REPORTING FORM ***
123. (27) Service Evaluating
126. Systems Management Tools
127. (29) Software Procurement
128. Steps in �Selecting a �Vendor
133. SW Product Assessment Criteria
134. (30) Hardware Procurement and Upgrade
136. HW Product Assessment Criteria
141. Room for Improvement
142. Purchase cards
Borrow funds or petty cash
Auctioning
Sealed bidding
Two-step sealed bidding
Competitive proposals
Competitive negotiations
143. Contract Categories and Types
144. Types of Lock-In and Associated Switching Costs
147. FOUR WAYS NOT TO PERSUADE
148. Tips for dealing with IT sales representatives:
151. RELATIVE IMPORTANCE OF STANDARD COMPUTER CONTRACT PROVISIONS
152. 17 Ways to Bust a Deadlock
153. WIN-WIN WILL KILL YOUR DEAL
154. Negotiation Tactics and Countertactics
155. Crafting Your Behavior Slow down the conversation
Listen and think
Maintain a buffer between your brain and your mouth. Consider your response carefully in light of your new guiding principles
Ask questions to get relevant information
Catch the cue(s)
Ask for time-out (that is, postpone your response) if need be
Prepare for, and reflect on, interactions
Think ahead to conversations and interactions
Reflect back on conversations and interactions
158. Negotiating the Contract Checklist
161. (2) Architecture Scanning & Definition
162. Architecture A set of guidelines and standards detailed enough that people can work independently yet create an envisioned end product
Blueprint for a house�
Sub-division plan�
City highway plan
163. DEVELOPING AN IT ARCHITECTURE
164. DEVELOPING AN IT ARCHITECTURE
165. Platform Decision Makers
166. Technology Domains Clear accountabilityClear accountability
171. ARCHITECTED DATA WAREHOUSING SYSTEM
176. Key Factors
181. Notable Standards Efforts Central Computing and Telecommunications Agency (CCTA) Methodology - IT Infrastructure Library (ITIL) http://www.exin.nl/itil/itinf/home
Service Level Agreement (SLA) Working Group created by the Distributed Management Task Force (DMTF) http://www.dmtf.org
The Appl MIB by the Internet Engineering Task Force (IETF) http://www.ietf.org
Application Resource Measurement (ARM)
Computer Measurement Group http://www.cmg.org
184. Historical Architectural Changes
185. Historical Architectural Changes
186. Historical Architectural Change
188. Think? Which processes are most important?
Who owns each of these process containers?
How much resource will be applied to each process?
How effective are each of these processes today?
What priority should be placed on improving each of these processes?
