Best IT Documents.com Blog


Sample Word – Reference – Legacy Securing X Windows

Posted in O S (375),Security (1500) by Guest on the June 30th, 2012

 Legacy Word reference but still useful:

Legacy Securing X Windows

 http://bestitdocuments.com/Services.html

 

Comments Off on Sample Word – Reference – Legacy Securing X Windows

Sample Word – Open Systems IPC – What is Inter-Process Communication?

Posted in O S (375),Security (1500) by Guest on the June 29th, 2012
Comments Off on Sample Word – Open Systems IPC – What is Inter-Process Communication?

Sample Excel – Unix File System listing Spreadsheet

Comments Off on Sample Excel – Unix File System listing Spreadsheet

Sample Visio – Cisco Secure Access Layer Processing

Comments Off on Sample Visio – Cisco Secure Access Layer Processing

Sample Visio – Cycle Assessment Activities

Comments Off on Sample Visio – Cycle Assessment Activities

Sample Visio – VMWare Infrastructure Design

Comments Off on Sample Visio – VMWare Infrastructure Design

Sample Excel – COBIT – Application Review Proprietary Third Party Matrix Spreadsheet

Comments Off on Sample Excel – COBIT – Application Review Proprietary Third Party Matrix Spreadsheet

Sample Excel – COBIT – Audit Business Continuity Disaster Recovery Matrix Spreadsheet

Comments Off on Sample Excel – COBIT – Audit Business Continuity Disaster Recovery Matrix Spreadsheet

Sample Excel – COBIT – Physical Security Room Access Spreadsheet

Comments Off on Sample Excel – COBIT – Physical Security Room Access Spreadsheet

Introduction to the New Mainframe z/OS Basics

Posted in Application (380),Compliances (1300),O S (375) by Guest on the June 26th, 2012
Comments Off on Introduction to the New Mainframe z/OS Basics

Excellent COBIT Legacy Documents

Posted in Business (600),Compliances (1300),Security (1500) by Guest on the June 25th, 2012

 

Excellent Cobit Legacy Documents

  • COBIT_Audit_Guidelines.pdf
  • COBIT_Control_Objectives.pdf
  • COBIT_Executive_Summary.pdf
  • COBIT_Management_Guidelines.pdf
  • COBIT_Mgt_Guidelines.pdf

 Free – Document download

Cobit Legacy Documents

 

Comments Off on Excellent COBIT Legacy Documents

Stepped Security Methodology

Posted in Compliances (1300),Security (1500) by Guest on the June 25th, 2012

1) Project Initiation – The project is setup in this phase.  A project manager is assigned, the project scope is clearly identified, the project organization is established, and an initial project plan is drafted. 

2) Discover – This is the most critical of all phases.  During this phase, the business and technical requirements are identified. Because these requirements guide the other phases, care must be taken to identify and understand the impact of each. Additionally points of pain or concern are documented for increased scrutiny in the following phases. 

3) Strategy – Based on the requirements gathered in the discovery phase, ‘Consultant’ begins the process of establishing the desired security state. 

4) Penetration and Vulnerability Assessment – In this phase, a external security assessment and review of the technology and architecture with business and technical requirements is performed.  Host and network configuration detail is captured; risks and system dependencies are also documented.  All possible impacts to the customer’s environment are reviewed and documented for analysis. 

5) Data Assimilation and Analysis – Technical brain storming session occurs with various subject matter experts. Security experts, using ‘Consultant’s methodology and a combination of in-house and industry tools, create a set of best business practice recommendation’s based on gathered data and facilitated discussions.  

6) Document and Recommend – A formal document outlining the current state of the client’s environment is created. All detailed configuration information, which was gathered during this process, is included in this document with identified areas of concern and appropriate recommendations for remediation. 

7) Baseline Presentation – This phase is a formal presentation of the current state of security. The delta to the desired state is defined and the remediation plan is presented. 

8) Remediation – The corrective measures are implemented in this phase. 

9) Management – This phase is the ongoing maintenance of the corporate assessments. It includes periodic assessments, server management, network device management as well as security monitoring of mission critical devices and networks.

Comments Off on Stepped Security Methodology

Sample Visio – SAP – Reporting Services Business Objects Environment

Comments Off on Sample Visio – SAP – Reporting Services Business Objects Environment

Sample Visio – ERP Epicor Strategic High Level Overview

Comments Off on Sample Visio – ERP Epicor Strategic High Level Overview

ITIL – Storage Backups Best Practices

 Best Practices:

1) Periodic backups of servers; periodic backup of application and database servers (os platforms and application files – not data) should be performed and shipped to an offsite location.

2) These backups can be either tape-based backups or backup to disk (based on the discretion of the service delivery teams).

3) Full backup should be performed at least monthly. It’s is recommended that incremental backups occur daily until changes to the systems and their configurations become infrequent – at which time it will be acceptable to perform weekly incremental backups, 

4) Snapshot of EMPI data; Where possible, 24 worth of local snapshots of changes to data (stored on SAN / NAS storage) should be maintained in 15 minutes increments to ensure that rollbacks of corrupted data can meet stated RPO requirements (assuming that the corruption is detected), 

5) Replication of EMPI Data to alternative Data Center.

 http://www.bestitdocuments.com/Change_management.html

 

Comments Off on ITIL – Storage Backups Best Practices

ITIL – Storage Infrastructure Redundancy

 It is assumed that Enterprise service delivery teams have configured the underlying infrastructure to eliminate as many single points of failure as possible. The following best practices and redundancies are assumed to exist in the network, server and storage infrastructures:

1) Redundant fiber-channel and / or Ethernet (for FCoE / iSCSI implementation) switches connected to redundant ports on the storage array.

2) Storage array has redundant processors, ports (SAN and Ethernet), and power supplies.

3) Storage volumes are created on RAID groups that meet recommended performance requirements and are capable and are capable of continuing to function after the loss of one or more hard disks or disk sets.

4) Redundant Ethernet switches and routers for business-critical networks (including WAN networks)

5) Multiple network paths between corporate datacenters and satellite locations (where practical / possible)

6) Servers with redundant power supplies

7) Servers have redundant network and storage network ports / cards (e.g. NIC, SCSI, HBA CAN, etc…)

8) Servers have multiple internal hard disks configured in an appropriate RAID configuration to meet performance requirements and provide protection from the failure of a single drive.

9) Each rack / cabinet should have multiple power feeds from separate and redundant power distribution units (PDU) (where possible).

10) Datacenters should be equipped with redundant power (including generators, UPS system, etc…) sources

11)  Datacenters should have sufficient cooling capacity to allow for the failure of a cooling unit

12)  Multiple WAN providers (where practical / possible)

 http://www.bestitdocuments.com/Change_management.html

 

Comments Off on ITIL – Storage Infrastructure Redundancy

Sample Excel – Partial Enterprise Content Management (ECM) Research Results

Posted in Application (380),Compliances (1300),Security (1500) by Guest on the June 22nd, 2012
Comments Off on Sample Excel – Partial Enterprise Content Management (ECM) Research Results

What you should look for in your Security Management and Administration

Posted in Compliances (1300),Security (1500) by Guest on the June 22nd, 2012

Overall:

Ensure your information security policy is aligned to ISO 2700x Information Security Standards. The highlights of what you should look for:

  1. Prepare and implement the Information Security Policies of your organization.
  2. Defining roles and responsibilities for information security across the organization, in co-operation with security representatives from your organization IT department / business units.
  3. Identifying controls and coordinating their implementation, in co-operation with security representatives from the affected departments periodically assessing the adequacy of information security implementation across the organization.
  4. Auditing internal systems and processes for compliance with security policies and standards.
  5. Validating all connectivity requirements from a security perspective.
  6. Anchoring security initiatives within your organization and promoting information security throughout the enterprise.
  7. Understanding / analyzing the Identity & access management requirements & implementing the same.
  8. Constantly reviewing the security compliance objectives and revisiting the controls that need to be implemented to meet the appropriate control objectives.
  9. Service window 24×7 on Seat with a combination of both onsite and offshore locations. 

Typical Security activities:

  1. Enforcing a strong password policy.
  2. Physical Access Control.
  3. Data Center / Server Room Security.
  4. Creation & Control of user accounts.
  5. Corporate Project Data Access control
  6. Managing users for Access management.
  7. Third-Party Connections which will include Firewall policies, IPS/IDS.
  8. Virus Protection.
  9. Audit and Compliance.
  10. Vulnerability monitoring, assessment and Penetration testing.
  11. Firewall, IDS/IPS, Antivirus monitoring and management.
  12. Internet access control.
  13. Encryption keys management.

http://bestitdocuments.com/Services.html

 

Comments Off on What you should look for in your Security Management and Administration

Sample Visio – ITIL Visual Framework

Comments Off on Sample Visio – ITIL Visual Framework

Sample Word – Transaction Process Tracking

Posted in Application (380),Compliances (1300),Security (1500) by Guest on the June 22nd, 2012
Comments Off on Sample Word – Transaction Process Tracking

Good Requirements Development Questions

Posted in Application (380),Compliances (1300),Projects (400),Security (1500) by Guest on the June 21st, 2012

Requirements Development

  1. Have you had extensive user involvement in developing the requirements?
  2. Do all stakeholders understand and agree on how the system will be used?
  3. Are all stakeholders satisfied with the requirements?
  4. Do the developers understand the requirements?
  5. Are all requirements clear and unambiguous?
  6. Have you distinguished between needs and wants?
  7. Are requirements relevant?
  8. Are requirements consistent with each other (i.e., they don’t conflict.)
  9. Are requirements complete?
  10. Do the requirements cover everything that is supposed to be accomplished?
  11. Has design detail been left out of the requirements?
  12. Are all requirements testable?
  13. Are requirements verifiable?
  14. Have the requirements been prioritized?
  15. Are requirements feasible with respect to cost, schedule, and technical capability?
  16. Is the system boundary clearly defined; what is in scope, what is not?
  17. Are all external interfaces to the system clearly defined?
  18. Is the specification written so that it can be modified when necessary, with minimal impact to the rest of the document?
  19. Are you conducting formal and informal reviews of requirements documents?
  20. Did you verify your requirements and gain acceptance from your stakeholders ? 

Requirements Management

  1. Have all requirements been entered into the requirements repository?
  2. Are the requirements traces sorted to allow requirements lookup by requirement ID, or other useful index?
  3. Can all requirements be traced to original business requirements?
  4. Are all business requirements allocated to lower level, user and functional requirements?
  5. Do you have a requirements change process documented and in place?
  6. Have you identified members of the requirements change board?
  7. Is adequate impact analysis performed for proposed requirements changes?
  8. Do you know who is responsible for making the changes?
  9. Have requirement changes been traced upward and downward through the higher and lower-level specifications?
  10. Do you have a process in place to maintain and control the different versions of the requirements specification?

 http://bestitdocuments.com/Services.html

 

Comments Off on Good Requirements Development Questions

Enterprise Data Management Strategic Challenges

Posted in Application (380),Business (600),Compliances (1300),Security (1500) by Guest on the June 21st, 2012

Problem

Most corporate environments do not have an authoritative source for enterprise data and no structure in place to manage it. 

Most Enterprises have not agreed upon repeatable methods to expose the data. Without repeatable methods of data analysis and delivery, your Enterprise will not be able to leverage one of its critical assets, information. 

This lack of data understanding has lead to lost business opportunities tactically and strategically.  A few examples of this are the following:

  • Duplicate data (increased cost to maintain and reconcile),
  • Un-defined defined data (difficult to consolidate and manage for analysis),
  • Poor data quality (inability to serve customers and associates effectively),
  • Inefficient data analysis (difficult to build reusable components which increases time to market of business solutions enabled by I.T. systems.) 
  • Inability to test business solutions (no test data available to ensure business solutions meet customer needs)
  • Lost productivity, as users spend their time collecting, re-keying, and consolidating data, rather than analyzing data and turning it into information 

Many of these challenges are driven from a lack of identified ownership, governance, processes, skills, and tooling.  These issues will need to be addressed in support of our strategy, drive east for business growth.

 

Comments Off on Enterprise Data Management Strategic Challenges

Sample Word – BIG-IP Logging Best Practices for Load Balance Applications

Posted in Application (380),Compliances (1300),Security (1500),Web Services (250) by Guest on the June 20th, 2012
Comments Off on Sample Word – BIG-IP Logging Best Practices for Load Balance Applications

Sample Word – BIG IP – Load Balance and Fail-Over Best Practices Document

Posted in Application (380),Compliances (1300),Security (1500),Web Services (250) by Guest on the June 20th, 2012
Comments Off on Sample Word – BIG IP – Load Balance and Fail-Over Best Practices Document

Sample Visio – Web Services Security Architecture

 Free Visio Document download

Web Services Security Architecture

Suggested security architecture for web services is SSL and HTTP Basic Authentication.

http://www.bestitdocuments.com/Web_services.html

 

Comments Off on Sample Visio – Web Services Security Architecture
Next Page »