IT Governance, Risk, and Compliance


March 11, 2011  3:16 PM

Managing the Dynamic Uncertainties of IT – Part I



Posted by: Robert Davis
Adaptive Systems, Control Environment, Dynamic Equilibrium, Risk Assessment, Risk Management

Most entities operate in an environment that is influenced by perceived stakeholder values; the entity’s mission, vision and values; community and organizational ethics and culture; applicable laws, regulations and policies; as well as industry practices. When interacting with the environment, organizational units endeavor to maintain their basic culture while attempting to control external and internal factors impacting programs, systems, and processes dedicated to pursuing the entity’s mission. In systems theory, this characteristic is known as dynamic homeostasis. Contextually, ‘dynamic homeostasis’ means stability is achieved even though the system is in a constant state of variable activity. Consequently, organizational units generally rely on adaptive processes for appropriate responses to cope with changing environmental circumstances.

March 8, 2011  8:41 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part VIII



Posted by: Robert Davis
Availability, Demand Paging, Demand Segmentation, Hypervisor, IT Configuration, IT Service Delivery, Multiprocessing, Multiprogramming, Operating System, OS, Virtual Machine, Virtual Machine Monitor, Virtual Memory, VM, VMM

Given the proliferation of available hardware and software products that enable capitalizing on benefits associated with IT virtualization, when IT employees fail to perform effective configuration management; potential threats to the IT architecture are significantly increased. Besides managing the common risks associated with utilizing virtual memory and system virtual machines, additional procedures are necessary due to the inherent control weakness in program conversion to binary code for deployed process virtual machines. In particular, since process virtual machines are typically implemented using a program interpreter that relies on just-in-time source code compilation, programs are more susceptible to task modification. Thus, IT virtualization technology must be controlled to prevent service disruptions to end users and financial losses to the entity.

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


March 4, 2011  6:42 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part VII



Posted by: Robert Davis
Availability, Demand Paging, Demand Segmentation, Hypervisor, IT Configuration, IT Service Delivery, Multiprocessing, Multiprogramming, Operating System, OS, Virtual Machine, Virtual Machine Monitor, Virtual Memory, VM, VMM

As with any IT architecture item, to address the entity’s processing needs, virtual machines require execution of effective configuration management. Application of effective configuration management principles and practices “enables management to reduce the risk of requiring back-out due to inadequate preparation and/or incompatible changes affecting system availability and data processing integrity.” Therefore, an entity’s IT management should ensure the IT department has:

  • undertaken configuration management planning
  • identified configuration items
  • established a configuration management database
  • established a definitive software library
  • recorded configuration controls
  • maintained the status of configuration items
  • tracked the status of configuration items
  • reviewed configuration items against configuration management database records
  • managed configuration item libraries, licenses, and stores

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


March 1, 2011  4:21 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part VI



Posted by: Robert Davis
Availability, Demand Paging, Demand Segmentation, Hypervisor, IT Configuration, IT Service Delivery, Multiprocessing, Multiprogramming, Operating System, OS, Virtual Machine, Virtual Machine Monitor, Virtual Memory, VM, VMM

Though a process virtual machine can be considered an application-orientated system virtual machine; process virtual machine uniqueness resides in the provisioning of “a platform-independent programming environment that abstracts away details of the underlying hardware or operating system, and allows a program to execute in the same way on any platform.” Moreover, a process virtual machine executes as a normal application inside operating systems and only supports a single process. It is created when a process is started and dismantled when the process has concluded. At this configuration level, appropriate utilization of command services is a practical method for controlling a process virtual machine.

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


February 25, 2011  5:47 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part V



Posted by: Robert Davis
Availability, Demand Paging, Demand Segmentation, Hypervisor, IT Configuration, IT Service Delivery, Multiprocessing, Multiprogramming, Operating System, OS, Virtual Machine, Virtual Machine Monitor, Virtual Memory, VM, VMM

Derived from virtual memory concepts, virtual machines are a distinct IT configuration class. Under the virtual machine class, a ‘system virtual machine’ represents one physical unit subdivided so each of the component partitions function independently. The attractiveness of this technique is that it enables the deployment of more than one similar or dissimilar operating system within an IT hardware configuration. In addition, a ‘system virtual machine’ allows for the tandem operation of two or more programs within the definitions of multiprocessing. Control over the ‘system virtual machine’ is achieved through a virtual machine monitor (also known as a hypervisor) that typically provides consolidation, stability, security, flexibility, migration, and cloning capabilities.

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


February 22, 2011  11:34 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part IV



Posted by: Robert Davis
Availability, Demand Paging, Demand Segmentation, IT Configuration, IT Service Delivery, Multiprogramming, Operating System, OS, Virtual Memory, VM

Demand paging is a technique wherein computer memory is divided into fixed-length blocks. These fixed-length blocks, commonly referred to as pages, can be effectively exchanged or swapped back and forth between primary and secondary storage devices as required. When a page is needed, the location must be immediately determinable. If a page is located in primary memory, it is bound for use in performing the originating object’s objective. That is, memory is relocated and/or attached to permit the completion of the originating program’s functions, even if the page is in a secondary storage device. Generally, control software employs tables to accomplish the task of making pages accessible for processing.

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


February 18, 2011  9:11 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part III



Posted by: Robert Davis
Availability, Demand Segmentation, IT Configuration, IT Service Delivery, Multiprogramming, Operating System, OS, Virtual Memory, VM

Virtual memory is typically implemented based on at least one of two principle techniques: demand segmentation and demand paging.

Demand segmentation is a technique in which locating computer objects is determined by criteria applied only at the moment of need. Employing primary and secondary storage devices, this technique allocates memory segments as they are required. Concurrently, control software manages the availability of memory segments and connects each incoming module to its originating program according to its function within the IT configuration. A control routine then links the internal and external modules, managing while processing both permanent and transient objects as necessary.

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


February 15, 2011  10:06 PM

Managing the Growth and Impact of Virtual Machines and Memory – Part II



Posted by: Robert Davis
Availability, IT Configuration, IT Service Delivery, Multiprogramming, Operating System, OS, Virtual Memory, VM

IT virtualization services are derived from the application of virtual memory deployment conventions. In layperson terms, virtual memory exists when the operating system separates end-user logical addressable space from physical addressable space, thus allowing the end-user to have access to memory essentially equivalent to the total primary and secondary storage capacity associated with an IT configuration. Commonly, the primary storage unit associated with an IT configuration is a Random Access Memory card, while the secondary storage unit is typically a hard disk drive capable of reading and writing electronically encoded datum.

Technically, virtual memory is the space defined by the range of allocated addresses that are not part of the physical addressing scheme of the computer. Thus, the virtual memory concept assumes that the storage capacity of an IT configuration item extends beyond its physical limitations. Whereby, to the end-user, it appears as if unlimited memory is available to execute a requested IT service.

View Part I of the Managing the Growth and Impact of Virtual Machines and Memory series here


February 12, 2011  12:46 AM

Managing the Growth and Impact of Virtual Machines and Memory – Part I



Posted by: Robert Davis
Availability, IT Configuration, IT Service Delivery, Multiprogramming

IT virtualization represents the creation of a seemly boundless version of an IT resource to the end-user. Historically, once a suitable means of multiprogramming was discovered for processing datum, efforts to expand the utilization of IT were vigorously pursued. IT virtualization is one productive outcome of these efforts to enhance IT architectural capacity. Consequently, the virtual concept is now pervasive in most IT configurations available for deployment and in many entities considered a key component for ensuring IT availability.


February 8, 2011  9:21 PM

Governing IT: Setting Control Objectives – Part VIII



Posted by: Robert Davis
Acquire and Implement, Availability, COBIT Domains, Confidentiality, Control Objectives, Deliver and Support, Effectiveness, Efficiency, Integrity, MIS, Monitor and Evaluate, Plan and Organize, Planning Committee, Reliability, Risk Management

IT goals election as well as information systems design, implementation, and maintenance are bound by IT objectives. Performing an IT maturity assessment can assist in determining where improvements are most needed. Subsequently, IT control objectives selection conveys what is considered important to the entity’s IT governance program. Whereas, monitoring and evaluating IT objectives drives assurances provided or obtained through due care and due diligence as well as enables managerial fiduciary oversight expectations fulfillment. The absence of setting and periodically assessing IT control objectives is commonly interpreted as a major deficiency in the entity’s control structure that can result in a material financial loss.

View Part I of the Governing IT: Setting Control Objectives series here


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: