management software

Sep 17 2008   11:06PM GMT

Making the Outsourcing Decision - SAS 70

Posted by: sas70expert
Third-party services, Management, management software, SAS 70

When deciding to outsource information technology to third-party services, Executive management should conduct an analysis to evaluate available options and determine if the vendor capabilities aligns with corporate objectives. First, determine what the driving factors that require you to outsource are – is it simple economics, as cost of technology for your industry is beyond your reach, or do you not have the internal talent to manage an entire network infrastructure. By identifying the company specific strategic drivers for outsourcing, you will be able to quickly weed away the inept vendors.

 

When selecting the outsourced vendor, carefully screen each vendor to determine if they have the necessary expertise to perform on time and after hours when emergencies occur. Don’t just go to lunch with the local sales representative and expect him to be there when an emergency occurs. Be sure to get all guarantees in writing, and a service level agreement is required. Due diligence is required to understand and compare the capabilities in order to meet corporate objectives.  Trackback URL

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 28 2008   1:33AM GMT

Are you ready to make decisions as CSO or CIO? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Networking, Security, Strategic Enterprise Management, Microsoft Windows, Information risk management, Career development, Management, Security Program Management, Compliance, Risk management, human factors, business/IT alignment, Auditing, Monitoring, Financials, Data center operations, CIO, DataCenter, DataManagement, CEO, management software, CFO, Email, Exchange, SAS 70, CSO

As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:

• Communicate effectively
• Lead during a disaster
• Provide an IT strategy

 What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?

SAS70ExPERT@gmail.com

 

Jun 26 2008   4:30AM GMT

What’s your data loss prevention strategy? – SAS70

Posted by: sas70expert
Security management, Third-party services, Database issues, Networking, Network security, Firewalls, Incident response, Security, Network monitoring, Identity & Access Management, Information risk management, routers, Management, Security Program Management, Compliance, Viruses, Database, patching, Configuration, Database Management Systems, business/IT alignment, Auditing, Monitoring, Access, Access control, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Security tokens, Patch management, CFO, router configuration, SAS 70, CSO, Intrustion management, TrendMirco

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.