Best IT Documents.com Blog


Cisco – B G P at a glance

Posted in Networking (340) by Guest on the August 24th, 2012
Comments Off on Cisco – B G P at a glance

Sample Visio – Exchange Server Services 200x Summary

Posted in Compliances (1300),Security (1500),Visio Samples - Stencils (457) by Guest on the August 23rd, 2012
Comments Off on Sample Visio – Exchange Server Services 200x Summary

Sample – IT Design Solution Roadmap

Key aspects to consider for each of your IT Domain towers are transition, cross tower optimize investments and innovation detailed below: 

Simplify client support model and optimize resource utilization, Integrate solutions and scalability.

  • Integrated solutions across various IT technology services
  • Focus on productivity
  • Integrated Infrastructure service desk with ITIL based processes across all Infrastructure services
  • KT client training and KT certifications in all necessary Infrastructure service technologies across all programs
  • Cross-KT across all IT Domains to improve first call resolution and to improve productivity. Use feedback from the operations teams on repetitive incidents can help drive improvements in applications that can further reduce the end user incidents and enhance their experience

Improving Process Efficiencies: Leveraging best of ITIL v.3 and MOF 4.0

  • Robust integrated set of tools to support the IT Services and business requirements
  • ITIL compliant approach to Service Delivery supported by compliant tools with adhere to the NIST 800-53 and ISO 2000x compliance

Minimum Business Disruption: Low Risk Transition

  • Reduce risk in transition by leveraging our proven transition framework that focuses on multiple work streams providing a full view of the transition while ensuring potential risks are mitigated
  • Setup a dedicated transition group at an engagement level that will eventually transform into a Program Management Office (PMO) during steady state
  • QA the IT transition and create an acceptance model readiness standards to ensure mutual acceptance and successful completion of a transition phase

Lower Total Cost of Ownership: Use CMMI Continuous Improvement models

  • Leverage the CMMI model to deliver Infrastructure services, by shifting all work to offshore locations with minimum accepted risks
  • Continuous Service Improvement approach via Transformational initiatives to reduce complexity, increase transparency and reduce risk and cost by leveraging Infrastructure
  • From inception consolidate, automate and virtualize where you can

High User Satisfaction: SLA Management & Service Delivery Standards

  • Better control of IT operational processes through definition and measurement of Key Performance Indicators (KPIs) for Infrastructure Service Management processes
  • Focus on ITIL Service Level Management and customer service standards

 

Comments Off on Sample – IT Design Solution Roadmap

Sample Visio – Exchange 200x Roles and Permissions

Comments Off on Sample Visio – Exchange 200x Roles and Permissions

Sample Mindmap – Diagram Types

Posted in Mindmap (100) by Guest on the August 19th, 2012
Comments Off on Sample Mindmap – Diagram Types

Sample Mindmap – Data Spectrum

Posted in Mindmap (100) by Guest on the August 18th, 2012
Comments Off on Sample Mindmap – Data Spectrum

Sample Visio – 802 EAP

Free Vision Document Download.

802 EAP

http://www.bestitdocuments.com/Services.html

 

Comments Off on Sample Visio – 802 EAP

Sample Word – FIPS 199 – System Security Plan

Posted in Compliances (1300),Security (1500) by Guest on the August 17th, 2012
Comments Off on Sample Word – FIPS 199 – System Security Plan

Sample Visio – 802.1x Overview

Comments Off on Sample Visio – 802.1x Overview

Encryption and Common Managed Security Service Recommendations

Posted in Application (380),Compliances (1300),Security (1500) by Guest on the August 15th, 2012

High level approach to encryption:

Encryption of archival data – Tape Encryption

    • Recommend hardware-based encryption for all backup tapes
    • Utilize central automated tape management and key management solution, such as Tivoli (TKMS) with appropriate tape hardware

Encryption of data at rest – NAS Encryption

    • Not recommended to encrypt entire NAS storage due to implementation and operational cost and complexity (e.g. performance impacts)
    • Recommended to apply database and/or application encryption to specific (high value, high sensitivity) data types i.e. Vormetric or Oracle encryption

Encryption of data in transit – Network Encryption

    • End-to-end protection for data in transit using SSL/TLS type encryption is recommended (Customer application owned)
    • Recommended for high value links like MSSP to Clients using (Cypher Optics)

http://bestitdocuments.com/Services.html

 

 

Comments Off on Encryption and Common Managed Security Service Recommendations

Symantec Veritas – Storage Migrator

Posted in Application (380),Business (600),Compliances (1300),Security (1500) by Guest on the August 14th, 2012

Symantec (Veritas) 

Storage Migrator – UNIX, currently at version 6.5  

Description:

Storage Migrator is a hierarchical storage management (HSM) product for distributed systems.  It can increase the amount of file space available to users by migrating files to secondary storage as space is needed in the local file system.  When a user accesses a migrated file, it is automatically retrieved from secondary storage and returned to the online file system.  Except for the delay to perform the retrieval, users and programs are unaware that file migration and retrieval are taking place. 

Typical Use:

UNIX clients for Storage Migrator have their managed file systems NFS mounted to the UNIX server with Storage Migrator – UNIX on it.  As the user determines data is to be managed by Storage Migrator, they move the data (either manually or automatically through some process) to the managed file system. 

The Storage Migrator – UNIX product resides on the UNIX server.  It is told which file systems to manage and based on configurable criteria such as size, age, and file system utilization; it marks the files for staging.  When the UNIX file system being managed reaches a particular setpoint, it will begin migrating (copying) files to tape (2 copies simultaneously – one for eventual offsite storage).  When the UNIX server reaches another particular setpoint, it stops.  When the UNIX file system being managed reaches a particular setpoint, it will begin deleting files leaving a small file stub on the UNIX server.  When the UNIX server reaches another particular setpoint, it stops.  There are Storage Migrator UNIX commands that can be run to determine if a file is migrated, staged or neither. 

If or when the file is needed on the UNIX server, Storage Migrator will request the file to be transferred back to disk from tape. 

At that point, the UNIX client (NFS mounted to the Storage Migrator server) would have instant access to it.  Since the file is still on tape, making space on the managed file system would simply involve making the stub again. 

There are separate pools of tape for use by Storage Migrator. 

The Production system is monitored via Patrol and logs and reports are checked during normal business days by the NetBackup Administrator in Storage Systems.

 

Comments Off on Symantec Veritas – Storage Migrator

Sample – NAS Storage Virtualization & Archiving Service Process

Posted in Application (380),Compliances (1300),Security (1500) by Guest on the August 13th, 2012

Storage Systems is a service to archive data stored on NAS disk filers at Company Business Units.  This service will reduce disk storage costs by moving inactive or infrequently-accessed data to less expensive disk storage and tape backups located at the IDN (Internal Data Network). 

NAS (Network-attached storage) Storage Virtualization & Archiving Service 

There are four charge rates for the archiving service: archive server, archived disk storage, tape backup and long-term tape retention. 

  • Archive Server—one of two models of the archive server must reside at each unit location, depending on the amount of data stored on the Unit NAS filer.   The monthly charge is $1,500 or $2,000 and includes the hardware, software, annual maintenance and 7×24 support.  Storage Systems will review each unit’s requirements to determine which model is required. 
  • Disk Storage—the charge for archived data residing on low-cost disk at the IDN is $1.00/GB per month; a copy of the data is also replicated to an offsite location for disaster backup.  Daily backups for two weeks and five weekly backups are included in the charge; these backups are snapshots of the archived data that allows for the recovery of data that may be inadvertently deleted or corrupted.  
  • Tape Backup—at the request of the data owner the archived data can be copied to backup tape on a monthly basis and retained for two months at a charge of $.25 per GB backed up per month.  In addition, the data owner can request a duplicate copy of the backup tape be stored offsite for disaster recovery purposes at an additional charge of $.25 per GB backed up per month. 
  • Long-term Tape Retention—tape backups can be retained longer than two months for an additional charge of $.10 per month for each GB stored on tape.   In addition, the data owner can request a duplicate copy of the backup tape be stored offsite for disaster recovery purposes at an additional charge of $.10/GB per month. 

To determine estimated costs for budgeting purposes each business unit must estimate the number of GB of archived data that will reside on disk, how many GB will be backed up to tape, how many copies of tape backup are needed, and how long the tape backups will be retained. 

A Word about Backups

One copy of the archived data resides on the archived disk storage at the IDN and a duplicate copy resides at an IDN offsite disaster backup location.  The daily and weekly snapshots (referenced in section above) allow for the restoration of deleted files up to five weeks after they were deleted.  Beyond 5 weeks, the data cannot be recovered unless the data owner had requested a tape backup.   

The default retention for tape data is three months.  Tape data can be retained longer if the data owner requested retention beyond three months.  

Data owners should carefully review the importance of their archived data and the impact of someone inadvertently deleting or corrupting their data.  If the disk snapshots are adequate, no further action is necessary.  Tape backup will retain the data for a total of two months; if longer retention is required, then long-term tape retention should be considered.

 http://www.bestitdocuments.com/Services.html

 

Comments Off on Sample – NAS Storage Virtualization & Archiving Service Process

CipherOptics – CipherEngine Functional Specification

Posted in Application (380),Compliances (1300),Security (1500) by Guest on the August 12th, 2012

CEP functional specification:

  • The CipherOptics line of encryptors operate as a Bump in the Wire (BITW). This translates to the encryptor being transparent to the network and applications – no performance impact. 
  • The CEP neither routes nor switches traffic. It checks each packet received against policy and takes the appropriate action – encrypt, bypass, or drop on packets received on the LAN side or decrypt, bypass, or drop on packets received on the WAN side. 
  • In Layer 2 mode the CEP will preserve the MAC addresses of the original Ethernet frame, thus allowing the frame to be switched after encryption just as it were if the packet was not encrypted. No changes required to the Layer 2 infrastructure. 
  • In the CEPs Layer 3 mode, the encrypted packet retains the original source and destination ip addresses, however, the ip next protocol field is changed to 50 (ESP). No changes are needed to the routed network – the encrypted packet has the original src/dst addresses required for routing. The Layer 3 header maintains the DSCP/TOS bits for QoS. The CEPs also operate in Layer 4 mode – this mode maintains the Layer 4 header (TCP/UDP header) in the clear. Only the TCP/UDP payload is encrypted. If the packet is not TCP/UDP, the entire ip payload is encrypted – the ip next protocol field is maintained. The Layer 4 encryption mode allows the following: NAT, setting COS based on port info, policy based routing, and collecting Netflow statistics all after encryption. Also, troubleshooting encrypted networks is easier with the Layer 4 policy as the Layer 4 information is accessible in the WAN. 
  • The CEP therefore allows the network to perform all switching and/or routing as originally intended – this includes load balancing, failover, etc. 
  • CEPs can also be configured in an Active-Active scenario where all pertinent encryptors will have the same policies and keys to allow for a packet to traverse any path on the WAN. 
  • Both Layer 2 and Layer 3/4 mode allows for full, wire rate processing of each packet that passes through the encryptor for: 
    • AES 256 bit encryption (3DES is an option)
    • SHA-1 authentication (MD5 is and option)
    • Packet fragmentation/reassembly (if needed – jumbo frames up to 9300 bytes for high MTU are supported to avoid fragmentation) CipherOptics CEP Encryptor Family 
  • The CipherOptics CEP encryptors are based on throughput:
    • The CEP10 has two 10Mbit ports for up to 10Mbit throughput requirements and has an internal throughput of 19Mbit for full duplex packet processing.
    • The CEP100 has two 10/100Mbit ports for up to 100Mbit throughput requirements and has an internal throughput of 190Mbit for full duplex packet processing.
    • The CEP1000 has two 1Gbit ports for up to 1 Gbit throughput requirements and has an internal throughput of 1.9Gbit for full duplex packet processing. The CEP1000 is SFP based and supports copper, MM fiber, or SM fiber SFPs.
    • The CEP100 will therefore suffice for DS3 (45Mbit) throughput requirements.
    • The CEP100 has copper only 100Mbit ports and will only negotiate its speed to 10/100 mbps. CipherOptics CipherEngine general functional specification
  • CipherEngine software/hardware allows for:
    • Easy, centralized, and GUI based management of encryption policies and keys.
    • Redundant key servers generate and distribute keys to CEP encryptors. They operate in active/standby mode.This process vastly simplifies how encryption policies are configured and maintained.
      • Endpoint encryptors no longer have to negotiate keys, nor are encryption tunnels created on the network, allowing the network to function as it was designed.
      • Policy and key centralization allows for policy management to be completed in seconds via policy creation/change, whether the environment contains 8 encryptors or 800 encryptors.
      • User created, per policy key intervals allow for the changing of keys when it’s most appropriate for the organization. Also available is anytime manual re-keying which enables the easy changing of keys at any time for any reason, regardless of any pre-defined keying interval.
      • Centralized CEP encryptor maintenance allows for multiple encryptor software updates, configuration updates and reporting.
      • CipherEngine GUI resides on a Windows OS and is simply used to manage encryptors as well as policy creation and distribution, and thus does not need to be running for the encrypted environment to function. 
  • Performance impact of CipherOptics CEP encryptors
    • In terms of throughput, the CEP encryptors perform at wire rate at the theroretical maximum of the IPSec standard.
    • In terms of latency, the CEP100 encryptors inject a minimal amount of latency into the network and is measured in microseconds (1/1000th of a millisecond):
    • Average latency is below 100 microseconds.
      • In other words, there is no performance impact, regardless of network or application. Latency sensitive applications such as VOIP and Video are not impacted by encryption. 
  • CipherOptics CEP Maintenance
    • Software updates occur on average two times a year.
    • It is recommended that all CEP encryptors are up to date with the latest software.
    • Platinum service includes next business day replacement for defective encryptors. If the SLA for downtime is less than 24 hours, then spare encryptors are recommended. 
  • CipherOptics downtime
    • CEP encryptors rarely fail with a third party validated MTBF of approx. 10 years.
    • Should an encryptor fail, it will fail closed, thus allowing the network to provide failover, which can be from a number of methods:
      • Multiple encryptors can be configured on a single link via a spanning tree to provide high availability.
      • Multiple encryptors can be configured on a single link via a link aggregation group to provide both high availability and aggregated throughput.
      • Normal network rerouting, via HSRP for example, on multiple links is fully supported should network traffic

 

Comments Off on CipherOptics – CipherEngine Functional Specification

Sample – Information Secure Logging Standards

Scope

This standard applies to all corporate data, including corporate customer data, whether located at a corporate facility or a third party facility, and whether handled by corporate employees, or corporate contractors, vendors, third party service providers, or their staff or agents.  This standard also applies to all wholly owned and partially owned subsidiaries. 

The guidance in this standard shall be considered the minimum acceptable requirements for the use of any media. This standard sets forth expectations across the entire organization.  Additional guidance and control measures may apply to certain areas of corporate.  This standard shall not be construed to limit application of more stringent requirements where justified by business needs or assessed risks. 

Logging Standard

Corporate’s business functions rely upon the integrity, confidentiality, and availability of its computer systems and the information assets stored within them.   Responsibilities and procedures for the management, operation and security of all information processing facilities must be established.  This Policy supports the stated objectives. 

It is the policy of corporate to provide safe, secure electronic messaging systems to its employees, contingent workforce, and other properly authorized persons, for the purpose of enabling and supporting the conduct of business.  Use of electronic messaging systems shall be in conformance with relevant corporate policies, and shall not, whether by intent or mistake, increase the risks to corporate information assets or business functions. 

Roles & Responsibilities 

The End User is responsible for the creation of electronic messages, usage of the related messaging services in a manner consistent with this Policy, and when such activity is within their span of control, the retention and disposal of electronic messages sent and received. 

The IT Custodian is responsible for defining and implementing security measures and controls to ensure the system(s)/application(s) are managed and operated in a secure and effective manner. 

The Chief Information Security Officer has overall responsibility for security policy, and in conjunction with the Information Security Department will be responsible for defining, implementing, managing, monitoring and reviewing compliance with the Electronic Messaging Policy. 

The Information Security Department will assist End Users and IT Custodians in assessing, defining, implementing, managing and monitoring appropriate controls and security measures. 

The Information Security Department will audit and review the adequacy of controls and security measures in place to measure and enforce conformance to this policy. 

Requirements and Implementations 

Security Administration

There are certain constraints on logging that need to be adhered to across the specific environments.  In order to ensure the accuracy of the data that is being logged, no system can overwrite the logs until the specified log duration has passed.  These log durations will be detailed per environment. 

Exceptions under this policy must be detailed in a Risk Acceptance form approved by the System/Application Business Owner, Executive Lines of Business representative and the IT Custodian and the Information Security Compliance Department.

 

Comments Off on Sample – Information Secure Logging Standards

What is Indentity and Access Management – Key Processes

Posted in Compliances (1300),Information Rights Management (100),Security (1500) by Guest on the August 10th, 2012
Comments Off on What is Indentity and Access Management – Key Processes

Compliance for IT Security

Posted in Compliances (1300),Security (1500) by Guest on the August 9th, 2012
Comments Off on Compliance for IT Security

Networks Endpoint Control Considerations

Posted in Application (380),Compliances (1300),Networking (340),Security (1500) by Guest on the August 8th, 2012

Network Access Control

  • Comprehensive Endpoint Control
  • On-entry Risk Assessment
  • Policy Enforcement
  • IP Telephony Enabled
  • Wireless Support
  • Out-of-Band Management
  • Agent and Agentless 

Day One Threat Protection

  • Predictable Policy Based Behavioral Technology
  • Leverages Dark IP Space
  • Minimal False Positives
  • Customized Policies 

Policy Enforcement

  • Surgical Quarantining
  • Customized remediation
  • Infrastructure-Independent
  • No Network Re-architecture
  • Flexible Self-Remediation Options
  • ARP Management – No VLAN of Death 

Network Intelligence

  • Centralized Management
  • Asset Tracking
  • Network Visibility
  • Executive Reports
  • Cross Network Correlation
  • Compliance & Audit Support

 http://www.bestitdocuments.com/Networking.html

 

Comments Off on Networks Endpoint Control Considerations

SDLC – Sample Software Development Initiatives Charter

Posted in Application (380),Business (600),Compliances (1300),Security (1500) by Guest on the August 7th, 2012

Free sample download.

We are generally seeking to establish a minimum environment that enables applications to flourish using compatible standards and policies, where practical: 

The infrastructure, then, provides the bridge between data and applications.

  • Goal is to improve security 

Security is a cost/benefit proposition

  • Balance security objectives with operational realities 

Internal threat is greater than external threat

  • Insider knowledge and understanding of  operational applications is far greater and more dangerous 

Perimeter network is secure

  • Assume the Internal network is insecure 

Assessment Critical Success Factors 

Complete

  • The assessment must be broad and deep in order to review the entire technology stack and application 

Accurate

  • All the information and recommendations must be precise and correct to allow for a rapid and thorough implementation of those recommendations 

Applicable

  • With the multitude of versions, modules, and configurations of SAP, CRM and Oracle Applications, the assessment must focus not only on the current state of the application but also address future patches, upgrades, and configuration changes. 

Effective

  • Changes to the configuration and installation must be supported and work with minimal effort and change. 

Efficient

  • The recommendations must able to be implemented in a cost effective and timely manner. 

Operational Security Assessment 

Operational activities related to the SAP, CRM and Oracle Applications environment are assessed to determine if there are security or controls weaknesses

  • Security management, auditing, monitoring and troubleshooting, change management, patching, and development are assessed for the Oracle Applications, database, application servers, and operating system 

Operations specific to Oracle Applications are categorized into 27 domains

  • Domains are individually assessed
  • Domains are mapped to ISO 17799 / 27002 and COBIT
  • Interview questions and tests/validations for each domain are defined in the assessment methodology

 http://www.bestitdocuments.com/Data_technologies_solutions.html

Comments Off on SDLC – Sample Software Development Initiatives Charter

Sample Excel – Job Roles SAP Sample output

Posted in Business (600),Compliances (1300),Security (1500) by Guest on the August 6th, 2012
Comments Off on Sample Excel – Job Roles SAP Sample output

Sample Mindmap – Data Rights Management (DRM) – Data Demographic Deliverable Example

Posted in Mindmap (100) by Guest on the August 5th, 2012
Comments Off on Sample Mindmap – Data Rights Management (DRM) – Data Demographic Deliverable Example

Sample Visio – Managed Services Lifecycle Process

Comments Off on Sample Visio – Managed Services Lifecycle Process

Sample Mindmap – Data Demographic Deliverables

Posted in Mindmap (100) by Guest on the August 3rd, 2012
Comments Off on Sample Mindmap – Data Demographic Deliverables

Sample Mindmap – Manage Meetings considerations

Posted in Mindmap (100) by Guest on the August 2nd, 2012
Comments Off on Sample Mindmap – Manage Meetings considerations

Sample Mindmap – Microsoft Exchange Debug Maintenance considerations

Posted in Mindmap (100) by Guest on the August 1st, 2012
Comments Off on Sample Mindmap – Microsoft Exchange Debug Maintenance considerations