Email

Jun 28 2008   1:33AM GMT

Are you ready to make decisions as CSO or CIO? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Networking, Security, Strategic Enterprise Management, Microsoft Windows, Information risk management, Career development, Management, Security Program Management, Compliance, Risk management, human factors, business/IT alignment, Auditing, Monitoring, Financials, Data center operations, CIO, DataCenter, DataManagement, CEO, management software, CFO, Email, Exchange, SAS 70, CSO

As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:

• Communicate effectively
• Lead during a disaster
• Provide an IT strategy

 What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?

SAS70ExPERT@gmail.com

 

Jun 25 2008   11:21AM GMT

Data Exchange and SAS70

Posted by: sas70expert
Third-party services, Networking, Security, Identity & Access Management, routers, Compliance, Encryption, business/IT alignment, Auditing, Monitoring, Access control, CIO, DataCenter, DataManagement, CEO, FTP, instant messaging, CFO, Email, Exchange, SAS 70, CSO

Various transport methods, such as email, instant messaging, FTP, and encryption have been implemented to share files/data between Companies. But many methods, suffer from security, manageability, and the ability to track/log the transfer of information. Increasing regulations and SAS70 audit guidelines are requiring that privacy and security of data be maintained. What data transfer method are you using and is it secure,manageable and auditable?

 

The types of data transfer continue to evolve and a variety of people with whom companies exchange data is also changing. For example, many companies outsource processes that they used to perform in-house. Furthermore, some even are processed overseas, especially in India. How much control do you have on your outsourced vendor? How do you know that their process to transfer data is secure and managed appropriately?  Trackback URL

Jun 16 2008   4:46AM GMT

CIO, CEO, CFO’s role in future Information Technology(IT) - SAS70

Posted by: sas70expert
Disaster Recovery, Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

When I was with the big four, we couldn’t just be auditors, we were risk management consultants. Today, it seems that IT job titles and roles are in a similar transition.As a consultant/auditor, I am always discussing with the client the value that I bring to their organization as an experienced SAS70 auditor. Because of my expertise my audit will be much more in-depth, more efficient and effective with their time, resources, and revenue.

According to Computerworld, the below job titles are examples of the kinds you’ll see cropping up in IT in the not-too-distant future. IT job titles with any hint of computers, databases, software development languages or data network will disappear.

· Product Architect

· Chief Delivery Officer

· Chief Process Officer

Why? It’s a direct result of IT becoming integrated into the business strategy and being considered a partner in the business instead of a service provider who has no effect on revenue.

Xcel Energy, a $10 billion electric power and natural gas utility in Minneapolis, is changing the way it looks at IT. The company expects its data managers to be able to look at data and figure out answers to questions, such as where money is being lost. In other words, the company wants someone to put data in a business context.

The outsourcing of ping, power, and pipe is common to third party vendors. Even management of the application is increasing outsourced; however, companies still need IT to manage the flow of data in/out of the application, the relationship with the outsourced vendor, and assist in performing data analysis.

The focus more on life-cycle management, vendor management and data analysis has raised the expertise requirements of IT functions and is requiring more business management decisions to be made by IT. Moving IT management away from technology management doesn’t take them out of the picture, it will make them more critical to the survival of the business and elevate their ability to make a difference within their companies strategic direction.

How do you think your role is changing? Are you being elevated? Or just asked to do more with less?

SAS70ExPERT@gmail. com

Jun 14 2008   6:39AM GMT

CIO - Are you sitting on your DataCenter assets or using them?

Posted by: sas70expert
Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CEO, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

Are you sitting on your DataCenter assets or using them? CIO/SAS70

 

As the economy continues to be unsteady, what are your priorities as CIO? As CEO’s continue to be fired, CIO’s should use the uncertainty to prioritize there IT efforts, strengthen their information security within their DataCenters, and improve communication to the business of IT efforts.

 

IT project funds are shrinking. Are you concentrating in the area that will return results to the bottom line of the business and keep your paycheck coming? Re-evaluate your priorities now – concentrate on those projects that will improve revenue; that will make you a superstar in the eyes of your management, and will solidify your job.

 

Prioritize and communicate to get the most value from all the hard work that you do. According to survey results, only 10% of CIO’s say that they did an excellent job of communicating the value of their IT assets to their bosses. If you performed a SAS70 audit, not only tell your customers, but make your internal management aware of it, as it should strengthen your network security internal controls. CIO’s should form an alliance with CFO’s to communicate the business value of the core IT assets and the projects completed within the year. Make efforts to let the Board, Management and other stakeholders aware of your hardwork and that are critical to survival of the business and quantity the net return that these IT projects bring to the organization. Scorecards work best to quickly identify areas of accomplishments, areas in process, and future plans. I use a similar technique to communicate to the audited the SAS70 audit process, results, issues and deadlines. What other methods do you use? Do you plan on cutting or adding to your IT budget for 2008 an 2009?

 

TAGs: DataCenter, Budgeting, Business/IT alignment, Career development, CIO,

 

Jun 12 2008   8:51PM GMT

iPhone’s and data security

Posted by: sas70expert
Networking, Security, Servers, Compliance, Viruses, Auditing, CIO, Mobile, DataManagement, Email, Exchange, SAS 70

What about the new iPhone? It has an abundance of new features and new headaches? With the latest push of emails to your iPhone, how many more network issues will this create? 

With the iPhone, you can download, pictures, music, and applications – how many of these will have undetected viruses or Trojan horses? As executives demand more technology, do you have enough security in place to prevent such disasters to your network? How much downtime can you afford? 

In a SAS70 audit, wireless networks and the related controls are normally tested. Testing of phone connectivity to internal networks and the related hazards are not normal considerations. 

I would recommend standardization of cell phones. Chose a cell phone that meets business needs and provides basic communication access for employees. Enact most security features to prevent rogue viruses from attacking your network. The phones should only sync with your business Exchange server and not the employee’s personal contacts or emails.

 

Jun 11 2008   12:47AM GMT

Exchange and Email

Posted by: sas70expert
Disaster Recovery, Auditing, Email, Backup & recovery, Exchange, Backup, SAS 70

SAS70 audits do not require disaster recovery to be audited; however, backups of email can be critical to survival of a Company should they be sued.

The process to back up emails can be expensive and time-consuming. I tried clustering Exchange servers. It was a mistake from the start – it became too complicated, I had to add 3 additional staff, hardware and don’t forget the licensing costs.

There are some appliances that make it easier to replicate to Exchange and other major mail servers. What appliances worked best for you? Or are there other techniques you can recommend to expedite the email backup process?