Best IT Documents.com Blog


Sample Visio – SAP, Greatplains Preparation for Salary Administration Flow

Posted in Visio Samples - Stencils (457) by Guest on the May 22nd, 2013
Comments Off on Sample Visio – SAP, Greatplains Preparation for Salary Administration Flow

Sample – Project Level Metrics

Posted in Compliances (1300),Projects (400),Security (1500) by Guest on the May 21st, 2013

At the project level, the key parameters are timeliness, productivity, quality, availability and user satisfaction. The following table details the matrices, tools used and some illustrative target details. 

Parameter

Metric

Measurement Tool

Description

Illustrative Target

Timeliness ResponseTime TBD % of problems responded within the time to respond a problem    TBD
  Resolution Time TBD % of problems resolved within the time to resolve a problem TBD
Availability Online Availability Server Log + Internal Tool Availability of the online applications TBD
Quality Bug fix Rejection Rate TBD % of problems rejected which are resolved TBD
Production Back outs TBD % of fixes backed out from Production after Production Move TBD
Preventive Maintenance Throughput TBD % of fixes that are induced because of preventive maintenance TBD
Productivity Year-on-year improvements TBD % improvement in average resolution time TBD
User Satisfaction Stakeholder Satisfaction Survey Manual Qualitative measure of stakeholder satisfaction TBD

http://www.bestitdocuments.com/Services.html

 

Comments Off on Sample – Project Level Metrics

Sample Visio – Waterfall Service Reference Model

Posted in Visio Samples - Stencils (457) by Guest on the May 20th, 2013
Comments Off on Sample Visio – Waterfall Service Reference Model

Cisco – Short Cryto PIX commands

Posted in Networking (340) by Guest on the May 18th, 2013

PIX IPSEC Commands 

isakamp enable interface-name

isakamp policy policy-number, authentication pre-share

isakamp policy policy-number, encryption 3des

isakamp policy policy-number, hash md5

isakamp policy policy-number group 1

isakamp policy policy-number lifetime 1000

crypto ipsec transform-set set-name esp-3des esp-md5-hmac

crypto map name priority set peer peer-address

crypto map name priority set transform-set set-name

access-list name / number permit ip local-network mask remote-network-mask

crypto map name priority match address access-list

crypto map name interface interface-name

 

domain-name domain-name

ca generate rsa key 1024

ca save all

 

crpto map name priority ipsec-isakamp

crypto map name priority set peer peer-address

 

PIX Show Commands

show crypto map

show crypto map –  show’s all current IKE SA’s at a peer

show crypto isakamp sa

show crypto ipsec sa – displays eccypted sessions

 debug crypto commands

debug crypto isa

debug crypto engine – display’s debug messages about crypto engines, which perform encryption and de-cryption

debug crypto isakamp – displays messages IKE events 

clear crypto commands

clear crypto ipsec sa –  to reset the ipsec association after a failed attempt to negotiate a VPN tunnel.

clear crypto isakamp sa – to reset the Internet Security Association and key management protocol (ISAKAMP) security association after failed attempts to negotiate a VPN tunnel

http://www.bestitdocuments.com/Services.html

 

Comments Off on Cisco – Short Cryto PIX commands

Sample Word – US State – PII Data Destruction Laws

Posted in Compliances (1300),Security (1500) by Guest on the May 18th, 2013
Comments Off on Sample Word – US State – PII Data Destruction Laws

Sample Word – HR Healthcare Environmental Assessment Review Example

Posted in Compliances (1300),Security (1500) by Guest on the May 17th, 2013
Comments Off on Sample Word – HR Healthcare Environmental Assessment Review Example

Sample Visio – Simple Extranet Incident Management Flow

Comments Off on Sample Visio – Simple Extranet Incident Management Flow

Simple – Data Security Overview Considerations

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the May 16th, 2013

Corporate Security

Information security is a major concern with any application exposed to the Internet. Certain Software has implemented multiple levels of security to ensure maximum security of corporate, SOX, PCI cardholder data, HIPAA or PII data. 

Included in the extensive security features of our systems are:

  • Checkpoint, Cisco, Juniper Netscreen Firewalls blocking all un-trusted access to SIM events, installations as well as limiting access to web servers. 
  • The use of Microsoft 2003/8 Server with IIS 6 / 7 implements the latest security features offered by Microsoft. 
  • The use of Unix systems with Apache, Tomcat and other web server services latest security features offered by the OS and Web Service vendors. 
  • Regular scheduled reviews of security and patch updates for the application environment. 
  • Strong physical security if servers preventing unauthorized access. 
  • Norton Antivirus software is updated daily with the most current virus definitions and constantly scans the server farm, acting as a second layer of protection, logging and quarantining any potentially threatening software. 
  • Symantec, McAfee Hacker Safe Certifications. 
  • Secure password policy and auditing. 

Data Integrity

In addition to protecting corporate data and cardholder information from security risks, Certain Software actively attempts to protect data from system failure.

  • Any server storing application data is equipped with a RAID disk array capable of handling disk failures instantaneously, without data loss or downtime. 
  • All data is backed up nightly to tape and disk, allowing rapid data recovery in the unlikely case of data corruption or loss. 
  • Disk backups are held on-site for at least 7 days before being overwritten and offline backups for 30 days. 
  • Tape backups are rotated to a geographically disparate and secure off-site storage location for long=term storage (7 days for daily backups, 6 months for monthly backups, yearly backup’s are taken biannually and kept for 12 months).

http://www.bestitdocuments.com/Services.html

 

Comments Off on Simple – Data Security Overview Considerations

Sample Excel – McAfee – SCM Block List Example Spreadsheet

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the May 15th, 2013

These regular expressions work well and considering McAfee SCM supports regular expressions but contains none makes these regular expressions much needed. 

McAfee in general has the potential of blocking valid email traffic and so does this use of regular expressions.  What works at one client may work differently at other clients – thus the need for a formal testing process. 

  1. Save this file as a “Blocked.csv” to your McAfee server.
  2. Open the definitions and go to “Keyword Lists” tab.
  3. Create a new Keywords list and name it by clicking “Add” (I used Blocked for the name because I will eventually set this filter to blocked for the action).
  4. Right click in the body of the new Keyword list and choose import. Steer to the Blocked.csv file you saved from this email.
  5. Assign a threshold of “1” and choose “Regular Expressions”. Click okay, and then yes to distribute the rules.
  6. Open the Rules and go to the SMTP tab.
  7. Open the default rule that all or most of your email filtering occurs in. Click edit policies and choose new. Name the policy something descriptive.
  8. Click “Next” and then click “Add” and name the new content filtering properties.
  9. Then expand the “Email Header” section and choose “Subject String Search”.
  10. Then choose the keywords list you created. Click “OK” twice and then “Next”.
  11. Add a new Action and name it.
  12. Choose the action you want to happen (I would suggest Alert Message and Quarantine with the Quarantine folder name to match the keyword list).
  13. When you choose Quarantine, click on the “Add new” to create a new folder and name it.
  14. And then click “Finish” and distribute the rules.

Sample import file

Always verify and always test solutions

 http://www.bestitdocuments.com/Services.html

 

Comments Off on Sample Excel – McAfee – SCM Block List Example Spreadsheet

Biometric Technology Vendor Options

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the May 15th, 2013

 

Authentec: 2501
Futronic: FS‐80(1), FS‐90
KSI: 1006‐TCS3C, 1008‐TCS1C
Precise: ST Chip 100xs
Upek: TCRU1C, TCRF1C, TCRF2S, TCRE3C
WinBio compatible devices
Proximity & Smart Card Support Omnikey: 5325(1), 5321, 5125, 5121,6121, 6125, 6321
RF Ideas: pcProx, Indala, Prox Dongle
Strong Authentication Keyboard Support WinBio compatible devices
KSI: Any combination of supported devices
Cherry: Any combination of supported devices

http://www.bestitdocuments.com/Services.html

 

Comments Off on Biometric Technology Vendor Options

IT Consolidation and Shared Services

Posted in Compliances (1300) by Guest on the May 14th, 2013

Two concepts used almost interchangeably, some refer to information technology in its entirety as being a shared service achieved only through massive reorganization and consolidation. Although they seem to be two flavors of similar endeavors, they nevertheless are different. Moving towards consolidation or shared services is more of a progression or a continuum, and along that progression there are many variables, depending on the political situation in each state, depending on the type of services, depending on the types of organizations that have already been established. However, at their most basic, consolidation and shared services can be defined as follows: 

  • Shared Services, focuses on the delivery of a particular service or services in the most efficient and effective way, as a way of gaining economies of scale and other benefits. The centralization of specific IT activities that function as everyone’s vendor of choice:
  • Usually implies voluntary participation involving service level agreements (SLA’s).
  • Usually implies voluntary participation involving operational level agreements (OLA’s).

Current Trends in Common IT Consolidation and Shared Services 

Sample IT Consolidation and Shared Services Initiatives: 

Initiatives Reported as Completed or In Progress
Initiative Consolidation Shared Service
ePayment Engine 71.4 percent 78.6 percent
Communications Services/ Telephony 91.4 percent 85.2 percent
Data Center 77.1 percent 84.7 percent
Disaster Recovery 68.6 percent 86.2 percent
E-mail Services 71.5 percent 61.5 percent
ERP/ Financial/ HR 73.5 percent 71.5 percent
Global Information Security 58.8 percent 79.3 percent
Network 85.7 percent 70.3 percent
Portals 77.2 percent 93.1 percent
Procurement 80 percent 82.1 percent
Security Services 65.7 percent 79.3 percent
Servers 65.7 percent 77.8 percent
End User Services    

The move towards consolidation and shared services is a business solution usually under the purview of Corporate CIOs to examine opportunities or optional business approaches; however, there appears to be a trend. 

The trend is Corporate CIO’s have no idea what they are doing and IT organizations are just trying to keep the lights on.

They can barely focus on a 6 month plan much less a 3 year strategic plan.

Get rid of the CIO’s they take up space, when was the last time you CIO showed any leadership and captained IT forward.

Use the salary to find SME’s to analyze, design and implement IT fixes.

http://www.bestitdocuments.com/Services.html

 

Comments Off on IT Consolidation and Shared Services

Cerner System includes some of the following components areas:

Posted in Application (380),Security (1500) by Guest on the May 14th, 2013

 

  • Surgery (SurgiNet)
  • Radiology (RadNet)
  • Pharmacy (ePrescribing)
  • Scheduling (Enterprise Scheduling Management)
  • Lab (PathNet)
  • Nursing Documentation (CareNet)
  • Physician Documentation (PowerNote)
  • Computerized Provider Order Entry (CPOE)
  • Emergency Department (FirstNet)

http://www.bestitdocuments.com/Services.html

 

Comments Off on Cerner System includes some of the following components areas:

Modile Device – Information Technology Security, Risk and Compliance

Posted in Compliances (1300),Security (1500) by Guest on the May 13th, 2013

Mobile Device Issues

  • According to the a large Wireless ISP, data breach reports 47% of all records breached in 2011 were on end-user devices.
    • Recent examples of mobile device security issues / breaches include:
      • Android – Sensitive SOX, PCI, HIPAA, or personally identifiable information (PII) was stolen from Skype users by malicious third-party applications
      • BlackBerry – JavaScript vulnerability allowed hackers to steal user data
      • Android Marketplace – Two dozen infected applications containing Malware were removed
      • Symbian and Windows – Zeus malware captured sensitive financial information from thousands of mobile user
      • Apple iOS – Jailbroke phones and password encryption hack lead to vulnerable devices
    • Mobile devices pose significant risk
      • Sensitive SOX, PCI, HIPAA, or PII or data loss through lost or stolen hardware
      • Virus or malware injection into the corporate network
      • Social engineering
      • Exploitation of social networking, mobile applications, m-commerce
        • Mobile botnets
        • Location Trackin
        • Unauthorized modification, monitoring and disclosure of SOX, PCI, HIPAA or PII
    • It’s not a matter of if the lack of mobile device security controls will lead to a data breach but a matter of when. 

Current Mobile Device Status

  • Corporate does not have an enterprise mobile device strategy
    • No standardization on whether to allow personal devices
    • Current standard, Windows Mobile operating system, is not enforceable and is outdated
    • No standard deployment methodology of mobile devices across Corporate
      • No formal technical or security controls in plac
      • No device management proces
      • Unknown number of personal devices connecting to the network
      • No centralized tracking of corporate owned devices
      • No mechanism or process in place for updates – Applications, OS, and Firmwar
      • No method of enforcing Corporate policies and standards
  • iPads are capable of implementing formal security controls 

Current Initiatives

  • Mobile Device Workgroup
    • Representation from: Server Team, Architecture, Voice and Data Networking, Corporate Responsibility, Client Computing, Security Architecture, Security Governance & Risk
    • Mobile Device scope for this group includes Smartphone’s, handhelds, and pad devices.  USB storage, removable media and laptops are excluded. 
  • Reviewed current business needs and uses
  • Identified required Security controls
    • Selection of 20 security controls using Security standards and business needs 

Recommendations

  • Creation of a mobile device security standard ensuring the appropriate infrastructure, security controls and ability for enforcement are implemented.
  • All devices must follow the existing System Security, Encryption and Wireless Communications standards
  • Create a division of support duties
    • Security – Maintain security control software and configuration
    • Voice and Data Networking – Phone provisioning
    • Client Computing – Endpoint, OS and application support

http://www.bestitdocuments.com/Services.html

 

Comments Off on Modile Device – Information Technology Security, Risk and Compliance

Sample Word – Basic Template Technical RFI

Posted in Compliances (1300),Projects (400) by Guest on the May 13th, 2013
Comments Off on Sample Word – Basic Template Technical RFI

Sample Word – Job Roles VOIP Segregation of Duties

Posted in Networking (340),Security (1500) by Guest on the May 12th, 2013
Comments Off on Sample Word – Job Roles VOIP Segregation of Duties

Sample Visio – High Level Authentication Integration View

Posted in Visio Samples - Stencils (457) by Guest on the May 11th, 2013
Comments Off on Sample Visio – High Level Authentication Integration View

Sample Visio – HR Tuition Assistance

Posted in Visio Samples - Stencils (457) by Guest on the May 11th, 2013
Comments Off on Sample Visio – HR Tuition Assistance

How do you measure ERP Client engagement success?

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the May 10th, 2013

Focus on quantifiable success measurement

Measure engagement success at various levels depending on the type of engagements – business

level, project level and relationship level. 

Business Level Metrics

At the Business level, we measure engagement success by monitoring business metrics that are expected to be delivered as a result of our engagement. This measurement is ideally suited for engagements where “Managed Service Provider” has been part of the entire life cycle of the program and/or where a solution is being designed with a high focus on certain performance metrics. Examples of such metrics include:

Reduction in monthly financial closing cycle time (ERP Financials implementation)

Improvement in inventory positions (ERP Financials / Materials implementation)

Reduced cycle time (manufacturing, order to cash, procure to pay, etc.) 

Reduction in average call handling time (CRM implementation)

Reduction in non-PO purchases (SRM Implementation)

These are highly customized to the business drivers for the project as well as the solution being implemented.

http://www.bestitdocuments.com/Services.html

 

Comments Off on How do you measure ERP Client engagement success?

Integration Framework Services Overview

Posted in Web Services (250) by Guest on the May 10th, 2013

A central concept in the Integration Framework  architecture is the adapter-based access to the service implementation. This creates an abstraction layer for the services.

The Abstraction Layer is comprised of a set of programmatic components and interfaces that the framework interfaces leverage for accessing the physical services.  The Abstraction Layer manages access to the physical services to provide a general and consistent way for accessing services from the framework interfaces.  The adapters’ role is to allow new services to be easily added or existing services modified.

http://www.bestitdocuments.com/DTE.html

 

Comments Off on Integration Framework Services Overview

Sample Visio – HR New Hire Paperwork

Posted in Visio Samples - Stencils (457) by Guest on the May 9th, 2013
Comments Off on Sample Visio – HR New Hire Paperwork

Sample Excel – Sample Application Tracking

Posted in Sample - IT Spreadsheets - PowerPoints (251) by Guest on the May 8th, 2013
Comments Off on Sample Excel – Sample Application Tracking

A Framework and Roadmap for FISMA

A proposed Enterprise Risk Management Program structure would be developed and implemented in a phased, or incremental manner

  • Phase One:
    • Strategy and communications planning
    • Organizational construct framework developed and approved with resources assigned
    • Identification of major milestones for program reporting, usually tied to IT audit and/or FISMA reporting cycle
    • Security policy review and refresh
    • Security Architecture review and gap analysis 
  • Phase Two:
    • Asset inventory
    • Continuous Monitoring program development and initiation
    • Identification/revalidation of High and Moderate Impact Systems according to Nist 800-53x and FIPS 199 System Categorization
    • Security Architecture refresh 
  • Phase Three:
    • Ongoing Continuous Monitoring and reporting
    • Communications and outreach planning to disseminate new program and policy objectives
    • Training and Awareness of staff and key security/program managers
    • Integration of Cyber Security Program into all Enterprise IT planning, acquisition, and operational activities

Risk Management Organizational Structure and Services 

Governance & Oversight
Certification & Accreditation (C&A)
FISMA Compliance
Security Test & Evaluation (ST&E)
Security Policy Development and Maintenance
Security Training and Awareness
Compliance Audits
Vulnerability Scanning
Security Policy Development and Management
Security Architecture & Engineering
Network and Perimeter Security
Intrusion Prevention and Detection
Audit and Monitoring
System and Application Hardening
Database Security
Code Review
Security Operations
Incident Response & Management
Contingency Planning
Critical Infrastructure Protection
Security Operations Center (SOC)
Network Operations Center (NOC)
Asset Monitoring and Management
Security Help Desk and Field Support
Physical Security and Secure Environment Services

 http://www.bestitdocuments.com/IT_services.html

 

Comments Off on A Framework and Roadmap for FISMA

Sample Visio – HR Total Compensation Statement

Posted in Visio Samples - Stencils (457) by Guest on the May 6th, 2013
Comments Off on Sample Visio – HR Total Compensation Statement

Sample Visio – MSSP Hardware Tracking Spectrum

Posted in Visio Samples - Stencils (457) by Guest on the May 5th, 2013
Comments Off on Sample Visio – MSSP Hardware Tracking Spectrum

Sample Visio – High Level SAP Overview

Posted in Visio Samples - Stencils (457) by Guest on the May 4th, 2013
Comments Off on Sample Visio – High Level SAP Overview
Next Page »