IT Governance, Risk, and Compliance


October 1, 2009  11:22 PM

Hardware Protection… Dust, Temperature, and Humidity – Oh My! – Part IV

Robert Davis Robert Davis Profile: Robert Davis

IT can, and does, operate within a wide humidity range. Seasonal humidity changes are usually easier to control than hourly fluctuations. Under either circumstance, normally the primary environmental concern is preventing conditions that permit humidity alterations where condensation is the result. Data culled from analysis of historical psychrometer reading can be instrumental in determining seasonal changes or outside influences. Technically, a psychrometer is a hydrometer consisting of two thermometers with bulbs, one wet and one dry. One bulb is kept wet so the cooling that results from evaporation permits registration of a lower temperature than the dry bulb. The difference between the two readings constitutes a measure of atmospheric dryness.

View Part I of the Hardware Protection… Dust, Temperature, and Humidity – Oh My! series here

September 28, 2009  6:11 PM

Hardware Protection… Dust, Temperature, and Humidity – Oh My! – Part III

Robert Davis Robert Davis Profile: Robert Davis

When the relative humidity is high, water particulates are formed corresponding to the heat index. High humidity can warp hardware configuration cards. In addition, without adequate insulation, any conditions that cause moisture to be deposited on equipment will eventually depreciate hardware functionality. Maintaining the optimal temperature and humidity enable planning minimum user impact responses to hardware configuration item failures.

View Part I of the Hardware Protection… Dust, Temperature, and Humidity – Oh My! series here


September 24, 2009  7:03 PM

Hardware Protection… Dust, Temperature, and Humidity – Oh My! – Part II

Robert Davis Robert Davis Profile: Robert Davis

Climatically, strategizing optimum environmental conditions for information assets is a managerial safeguarding responsibility. Environmental conditions such as heat production, airflow, and humidity are factors that should be considered during IT site preparation as well as operational sustainability. Concerning heat production, equipment utilizing energy releases thermal units that can substantially increase ambient temperature. Air movement must be enabled or temperature and humidity will normally escalate within an unregulated confined space. When ambient temperature is at the manufacturer’s recommended level, there usually is adequate cool air flow for minimizing IT availability risks.

Low humidity can generate static electricity, causing shocks, electrical malfunctions, paper jams, and recording media errors. In too dry a climatic, dust can accumulate on system boards; where the first components typically effected are the central processing unit modules, thus potentially causing system reliability problems that translate to IT availability issues.

View Part I of the Hardware Protection… Dust, Temperature, and Humidity – Oh My! series here


September 21, 2009  6:24 PM

Hardware Protection… Dust, Temperature, and Humidity – Oh My! – Part I

Robert Davis Robert Davis Profile: Robert Davis

‘Plug-and-Play’ devices should never be regarded as ‘Install-and-Forget’ hardware. Though computer operations personnel are normally responsible for IT related hardware implementations, monitoring environmental adequacy falls within the realm of information security due diligence. In particular, accurate and comprehensive monitoring of environmental support equipment and installation conditions is critical for reliable processing within complex and sensitive hardware configuration areas.


September 17, 2009  7:15 PM

Supporting ISG Deployment – Part V

Robert Davis Robert Davis Profile: Robert Davis

What ever your perspective may be, the importance of effective and efficient ISG cannot be overlooked in the current global high technology environment. Considering what is at stake for most entities, when security is compromised, usually justifying ISG deployment based on one viewpoint narrows managerial suitability and expected benefits. In the final analysis, combining the discussed individual abstraction level may provide the most appropriate support for institutionalizing ISG.

View Part I of the Supporting ISG Deployment series here


September 14, 2009  6:19 PM

Supporting ISG Deployment – Part IV

Robert Davis Robert Davis Profile: Robert Davis

If, however, you assume ISG provides financial and/or reputational benefits, potential stakeholders are presumed to rely upon governance elements prior to investing their time, talent, and/or money. Therefore, ascertaining the effectiveness and efficiency of entity-centric information security objectives, through adequate monitoring, is rudimentary to sound business practices for satisfying stakeholder safeguarding expectations. In this regard, effectiveness and efficiency evaluation requires measurement against established standards. The performance measures should be established when standards are created or adopted. Techniques utilized for ISG implementation include: maturity modeling, budgeting, benchmarking, and gap analysis. Base on the perceived opportunity for enrichment, with provable risk reductions, publicized superior ISG deployment may attract additional investors.

View Part I of the Supporting ISG Deployment series here


September 10, 2009  9:01 PM

Supporting ISG Deployment – Part III

Robert Davis Robert Davis Profile: Robert Davis

Alternatively, if you perceive ISG as a descriptive prescription for achieving managerial objectives, the adopted ISG methodology should provide security assessments defining strategic, tactical, and operational risks. Management usually is vigilant regarding the cost of controls and the benefits that can be derived from controls deployment and utilization, while achieving an entity’s strategic direction. Concurrently, auditors are concerned with the impact of information security controls on an entity’s internal control system. To redress cost-benefit, strategic direction as well as control impact issues, ISG effectiveness and efficiency directly related to managerial responsibility, accountability, and authority structure should be demonstrated through appropriate measurement tools. Therefore, at the methodological root, understanding ISG roles are considered crucial to managing secure processes.

View Part I of the Supporting ISG Deployment series here


September 8, 2009  6:56 PM

Supporting ISG Deployment – Part II

Robert Davis Robert Davis Profile: Robert Davis

If you envision ISG as a framework servicing entity and ‘IT governance‘, then structurally, ISG should be implemented as an organizational program with objectives, goals, policies, procedures, standards, and rules designed to accomplish management’s intentions. To drive safeguarding controls, ISG should receive ‘significant program’ status because other entity and IT programs are directly impacted by ISG effectiveness. Furthermore, efficiency of controls should be obtained through models available to assist in deploying ISG.

View Part I of the Supporting ISG Deployment series here


September 3, 2009  8:04 PM

Supporting ISG Deployment – Part I

Robert Davis Robert Davis Profile: Robert Davis

Traversing to and aligning with potential ‘Governance Tree‘ third-tier abstraction levels; information security governance (ISG) can be viewed as a framework, methodology, or technique. Framing ISG enables a “system of controls” assisting in assuring organizational goals and objectives are achieved effectively and efficiently. Methodologically, ISG furnishes descriptive details of the role direction and controls play in achieving entity-centric objectives. Lastly, as a technique, ISG provides processes and steps that can generate superior financial and/or reputational returns for stakeholders.


August 31, 2009  8:57 PM

Synchronizing Balanced Scorecards – Part IV

Robert Davis Robert Davis Profile: Robert Davis

Balanced Scorecards are considered an effective means to assist the entity’s oversight committee and operational management in achieving information security, IT and business alignment. The aim of instituting performance measurements is to permit activities transparency that enables circumspective managerial decisions. A comprehensive set of entity-centric measures or indicators tied to performance requirements can represent a visible strategic foundation for alignment of all associated activities with entity-centric goals.

View Part I of the Synchronizing Balanced Scorecards series here


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: