Best IT Blog

Sample Visio – Employee Relations Issues workflow

Posted in Visio Samples - Stencils (457) by Guest on the September 22nd, 2013
Comments Off on Sample Visio – Employee Relations Issues workflow

Sample Visio – High Level Sample ERP Web Portal Flow design Considerations

Posted in Application (380),Security (1500),Visio Samples - Stencils (457) by Guest on the September 18th, 2013

Free Visio Document Download

High Level Sample ERP Web Portal Flow design considerations.

ERP Portal Flows


Comments Off on Sample Visio – High Level Sample ERP Web Portal Flow design Considerations

Sample – SDLC Testing Considerations

Posted in Web Services (250) by Guest on the September 14th, 2013


Test Schedule

Details the schedule of testing, and includes information such as critical tests and milestones. This section should also address hours during which the testing will take place—for example, it may be prudent to conduct technical testing of an operational site during evening hours rather than during peak business periods. 

Test Site

Identifies the location or locations from which testing is authorized. If testing will occur on the organization’s site, building and equipment access should be discussed. Physical access should cover requirements such as badges, escorts, and security personnel that the testers may encounter. Equipment access should address areas such as level of access (user or administrator) to the systems and / or network, and physical access to computer rooms or specific racks that these rooms contain. Areas to which the test team will not be given access should be identified here as well. 

If testing will be conducted from a remote location such as a rented server farm or test lab, details of the test site architecture should be included in this section. 

Test Equipment

Identifies equipment that the test team will use to conduct the information security tests. This section should also identify the method of differentiating between the organization’s systems and the systems conducting the testing—for example, if the test team’s systems are identified by MAC, keeping track of test systems could be handled through use of network discovery software. In addition to hardware, tools authorized for use on the network should be identified. It would also be appropriate to include a write-up of each tools. 

Communication Strategy

General Communication

Discusses frequency and methods of communication. For example, identify meeting schedule, locations, and conference call information if appropriate. 

Incident Handling and Response

This section is critical in the event that an incident occurs on the network while testing is in progress. Criteria for halting the information security testing should be provided, as should details on the test team’s course of action in the event that a test procedure negatively impacts the network or an adversary attacks the organization while testing is underway. The organization’s incident response call tree / chain of command should be provided in a quick-reference format. A process for reinstating the test team and resuming testing should also be provided. 

Target System / Network

Identifies the systems and / or networks to be tested throughout the information security testing process. Information should include authorized and unauthorized IP addresses or other distinguishing identifiers, if appropriate, for the systems (servers, workstations, firewalls, routers, etc.), operating systems, and any applications to be tested. It is also crucial to identify any system not authorized for testing—this is referred to as the “exclude list.” 

Testing Execution

This section is specific to test type and scope, but should detail allowable and unallowable activities and include a description of the information security testing methodology. If necessary, an assessment plan should be developed that complements the ROE—this could be either an appendix or a separate document. 

Nontechnical Test Components

Identifies nontechnical test activities that will take place, and includes information to help identify the types of policies, procedures, and other documents that should be reviewed. If interviews or site surveys are to be conducted, guidelines should be established for advance approval of the interview list and questions. If physical security of information systems is in the scope of the testing, procedures should be determined and a form—with appropriate signatures and contact information—generated for the test team to show to law enforcement or onsite security personnel in the event that they are questioned. 

Technical Test Components

Includes the type of technical testing to be conducted (e.g., network scanning, discovery, penetration testing); discusses whether files are authorized to be installed, created, modified, and / or executed to facilitate testing; and explains the required actions for those files once testing is completed. Any additional information regarding the technical testing of the organization’s systems and networks should also be included in this section. Significant detail should be included on what activities will occur on the target network to ensure that all parties are aware of what is authorized and to be expected as a result of the testing. 

Data Handling

Identifies guidelines for gathering, storing, transmitting, and destroying test data, and establishes detailed, unambiguous requirements for data handling. Keep in mind that data results from any type of information security test will identify vulnerabilities that an adversary can exploit, and should be considered sensitive. 


Details reporting requirements and the report deliverables expected to be provided throughout the testing process and at its conclusion. Minimum information to be provided in each report (e.g., vulnerabilities and recommended mitigation techniques) and the frequency with which the reports will be delivered (e.g., daily status reports) should be included.


Comments Off on Sample – SDLC Testing Considerations

Sample Excel – Domain PW Policy Tracking

Posted in Sample - IT Spreadsheets - PowerPoints (251) by Guest on the September 10th, 2013
Comments Off on Sample Excel – Domain PW Policy Tracking

Sample Visio – Citrix XenServer Drawing

Posted in Visio Samples - Stencils (457) by Guest on the September 4th, 2013

Free Visio Document Download

Sample and simple high level design.

Citrix XenServer


Comments Off on Sample Visio – Citrix XenServer Drawing

SAP – What is your Risk Management Technique / Methodology?

Posted in Compliances (1300),Projects (400) by Guest on the September 1st, 2013

The following section depicts the key risks and mitigation steps as identified by “Managed Service Provider” for typical engagements. The key risks will also be a part of status communication at various levels with the client team. 

Scope change during project       

  • Clearly defined baseline scope prior to commencement of engagement
  • Clearly defined procedure for scope change management
  • Regular and periodic planning of the development workload in advance to minimize load fluctuations 

Inadequate understanding of applications/systems/business processes  

  • Regular Knowledge transfer between functional team & “Managed Service Provider” development team.
  • Involve “Managed Service Provider” in functional team if possible
  • Formalize procedure for assistance from functional team in specification and test plan reviews
  • Continuity of key “Managed Service Provider” resources during the entire engagement 

High onsite presence requirement might lead to lower cost benefits          

  • Have a proven onsite-offshore balance for this engagement 

Lack of clarity of roles and responsibilities and unavailability of key client resources     

  • Clear mapping of roles and responsibilities
  • Clear documentation of Operating Procedures to define flow of work between various parties
  • The resource requirement would be communicated to clients at the start of the engagement
  • Not meeting project requirements due to delay in connectivity set up and bandwidth issues
  • Start connectivity set up as soon as contract is signed
  • Plan for redundant network connections (“Managed Service Provider” standard practice to use VPN’s, etc.)
  • Propose a faster link in order to have faster connectivity between offshore development centre and client network. The bandwidth requirement needs determined during planning stage or before and to be reviewed periodically. 

Cultural Differences

  • Key client personnel to attend cross cultural workshops
  • “Managed Service Provider” resources to undergo ‘Cross cultural sensitivity’ training 

Informal incident and issue resolution process

  • During initiation, formalize issue resolution process
  • Identify most frequent types of issues/problems and agree upon resolutions for these 

Attrition Risk

  • Please refer to Section 3.6 for our approach to mitigate attrition 

“Managed Service Provider”’ Project Management methodology has been created and fine-tuned on the basis of several thousand years of project experience. The Project Management methodology draws on industry standards and best practices. “Managed Service Provider” Project management process is an integral process that spans the entire project life cycle. 

The approach revolves around Methods, Tools and metrics designed specifically for effective management of large scale, global programs. Our approach is consistent with the Project Management Institute (PMI) body of knowledge on project and program management. Our methodologies are designed to manage six core program processes: 

  • Scope Management
  • Program Planning
  • Cost Management
  • Quality Management
  • Resource Management
  • Risk and Issues Management 

This toolsets enable management and control of these processes. Key features include: 

  • Collaborative partnership with Service Recipient and SAP for effective governance.
  • Methods, tools, and metrics that are designed specifically for effective management of large scale, global programs.
  • Consistent with SAP’s ASAP Methodology and the Project Management Institute (PMI) body of knowledge on program and project management 

Testing Tools: Some of the test tools we have used for different types of testing as part of our SAP engagements are Load runner, Mercury Test Director, Rational Test Studio, Rational Performance Studio, Win Runner 

Communications Methodology

“Managed Service Provider” believes communication management for global delivery is extremely important and needs to be planned and executed for the success of a global delivery project. A typical “Managed Service Provider” communication management plan for the project will consist of: 

  • Communications Planning
  • Develop the project communications plan
  • Identify  who needs to see what information, when and how
  • Information Distribution
  • Conduct ad hoc performance reporting
  • Conduct regular project progress reporting
  • Close PMM phase/ASAP Roadmap phase
  • Close the project  
  • Performance Reporting
  • Administrative Closure 

The plan would also cover requirements for global delivery:

  • Differences in language (if any)
  • Time zone differences
  • Dependency on tools, software, etc. for regular communication


Comments Off on SAP – What is your Risk Management Technique / Methodology?