Best IT Blog

Sample Visio – Common Business Perspectives

Posted in Visio Samples - Stencils (457) by Guest on the October 29th, 2013
Comments Off on Sample Visio – Common Business Perspectives

Sample – An overview of an Enterprise Taxonomy Discovery

Posted in Compliances (1300),Policies - Standards (600),Security (1500) by Guest on the October 25th, 2013

The development of an Enterprise Taxonomy- a structured classification scheme for Corporate data and content- is vital to improve the ‘findability’ of information necessary to support each staff member’s daily job performance. To collect these details a questionnaire followed up by interviews is the best overall venue. 

The focus of interviews should be to gather high level requirements or ‘problem statements’ to guide the scope and best approach to develop the taxonomy.  These sessions are intended to begin the building the taxonomy analysis. 

Key business users to be interviewed:

Representatives from each of the major organizational units can speak to the typical information needs in their respective business units and can identify current issues in search and retrieval of data and content in their domains. 

Type of information needed:

The information needed will be a listing of the most frequently used information sources, such as the Source, network file shares, existing database applications, etc. 

Type of interview & duration (one-on-one/focus group):

Initial group interviews for each of the major organizational units with representatives who can speak to the major business functions performed by the business unit.  We estimate that these group interviews will take 1 hour each.  

Follow up one-on-one interviews may be required to focus on particular issues identified in the group interview sessions. 

Objective of the interview:

The primary objective of the interviews will be to identify the high level information needs for each major business unit and any current issues encountered in meeting those information needs. 


The portal surfaces key information to different user groups and packages that information into an experience (which can differ depending on the user-group).  The Team needs to determine the “As-Is” state of portal plans and “To-Be” state. 

Key business users to be interviewed:

Representatives from each of the major organizational units who can speak to the typical information needs in their respective business units and can identify current and planned business cases for the portal at Corporate. 

Sample – Type of information needed (and questions to be asked):

 The portal team needs to investigate the following:

  • Existing business/use cases for a portal interface at Corporate and supporting documentation (are there any existing business/use cases for the portal)?
  • Perceived business value of a portal (why do you believe Corporate needs a portal?)
  • Appropriate user groups (who needs access to the portal from both an internal and external perspective)?
  • Core functionality for the portal for both internal and external users (who are the users and what is their experience in the portal from a data and content perspective)?

Types of interview & duration (one-on-one/focus group):

  • One hour (max) interviews with business staff or individuals from organizational units (individual or group interviews depending on the nature of business involvement with portal issues).
  • Follow-up interviews may be required; 

Objective of the interview:

  • Determine existing (if any) and future business and use-cases for the portal and gather information on what to integrate into the portal environment in the near and long-term (for both internal and external users)
  • Determine preferences for internal or external functionality (prioritize specific content/data integration options)
  • Determine preferences for deployment (internal vs. external) and how to sequence rollouts. 


Developing a security strategy for both the data and infrastructure components of the Customer, Client, Partner, Vendor and Employee Portals and corresponding Taxonomy is critical to the success of these projects.  An integrated security approach to the design, development, and deployment of the Intranet and Extranet Portals is required to identify and categorize potential risks to the data and underlying IT infrastructure and ensure security controls are effectively mapped to business rules and workflow.  

This integrated approach will reduce risk, support budget control, and aid in on-time delivery of these infrastructure enhancements while allowing business owners and users to better understand the security requirements and processes of the systems. 

Key business users to be interviewed:

To continue to understand the ‘as-is’ security posture, we will need to interview infrastructure/network support personnel, system and security administrators, and policy management and administration personnel.  Follow-up interviews will be conducted with the Director of Security, the Network / VLAN Design Teams, the security administrators, representatives from the Enterprise Shared Services Offices, and the Enterprise Architecture teams.

Type of information needed:

  • Security plans and policies (have several already)
  • Network/infrastructure diagrams
  • Standard Configurations for workstations and servers
  • Parameter/External router and firewall configurations
  • User Account Management process
  • Inventory security tools and technologies deployed on within the infrastructure
  • Access Controls schema/process
  • Remote Access policies and procedures
  • Auditing/Monitoring policies and procedures, along with logs for review
  • PCI Quarterly Scan results 

Type of interview & duration (one-on-one / focus group)

Both one-on-one and group interviews with key stakeholders identified above (1 hour max). 

Objective of the interview:

  • Determine current state of Corporate security posture from an operational, technical, and management control perspective through the review/assessment of plans,  processes, policies, infrastructure and data security control
  • Identify baseline security requirements and security requirements traceability matrix for the Access Portals, and corresponding Taxonomy and integrate these requirements into ‘use-cases’, design specifications, business rules, and workflow
  • Compile data collected from interviews to develop security roadmap to be integrated into the Access Portals, and corresponding Taxonomy along with a security architecture and engineering plan to provide security within and throughout the Corporate infrastructure


Comments Off on Sample – An overview of an Enterprise Taxonomy Discovery

Sample Mindmap – SDLC QA Testing

Posted in Mindmap (100) by Guest on the October 20th, 2013
Comments Off on Sample Mindmap – SDLC QA Testing

Developing an Anti-virus Security Policy

Posted in Policies - Standards (600),Security (1500) by Guest on the October 11th, 2013

An IT Security Policy is aimed at protecting the Confidentiality, Integrity and Availability of resources, data and programs. Essentially, it will:

  • Define what you want to protect
  • Analyze what it is you want to protect it from
  • Explain how you intend to protect it 

To be effective, it must be both holistic and dynamic. To be achievable, it must be realistic in its goals, and (where user conformity is required) expressed in a way that is simple and short enough to ensure it is read, understood and followed. 

The overall security policy will address such areas as:

  • Physical security of your data and systems
  • Access control to your data and systems
  • Data integrity and availability
  • Contingency and recovery plans (Disaster Recovery, Failover, Backup Recovery) 

Anti-virus issues are simply one element of such a policy – viruses are one of the risks this policy must protect against.


Comments Off on Developing an Anti-virus Security Policy

Sample – End To End implementation “Managed Service Provider” Considerations

Posted in Projects (400) by Guest on the October 10th, 2013

“Managed Service Provider” engages in opportunities with the clear intent to leverage delivery distributed teams. 

Engagements are typically structure in various models

  • Time and materials (T&M) – hourly rates
  • Fixed Price – Scope and costs are constant
  • Performance Based — SLAs or similar performance measures are layered on T&M or fixed model. 
  • On-Demand/Transaction based – example, fixed fee for simple, medium, complex trouble-ticket management. 
  • Value Based – portion of our fees are linked to business value delivered.
  • Offshore Development Center – Dedicated facility, personnel and hardware and software to support long term client relationships; various combinations of above models used. 

Factors taken into consideration for the engagement model and geographic / staffing decisions are

  • Nature, duration and complexity of engagement
  • Stability of the existing systems and processes in consideration
  • Business drivers (cost cutting vs. capacity enhancement vs. one off project)
  • Strategic level of the relationship 

“Managed Service Provider” advises clients to follow a highly integrative process of delivery models having a combination of onsite-offshore resources. The offshore resources are located in low-cost geographies. Almost all projects can be executed or evolved to this methodology. 

Onsite-offshore model

This involves a combination of “Managed Service Provider” staff working out of the client location and out of “Managed Service Provider” development centers offshore. The onsite personnel primarily act as project managers and coordinators – collecting requirements, planning and prioritizing work in consultation with client management, attending to critical issues which require urgent responses and facilitating communication with the offshore teams. 

How Works ?

“Managed Service Provider” centered around an intelligent work breakdown strategy through which project tasks are broken down at an atomic level based on certain factors and each task is executed at a location that makes the best sense. The factors considered include:

  • Lifecycle stage of the project
  • Extent to which any task or activity can be isolated from other tasks or activities
  • Extent of user / client partner’s involvement required
  • Extent of collaboration required between “Managed Service Provider” and client IT teams
  • Extent of knowledge gained by “Managed Service Provider” team
  • Need for any specific tools, interfaces or connectivity 

The delivery model utilizes time and geography to its advantage and provides a 24-hour work day and faster time to market.

  • Onsite team’s responsibilities include:
  • User Clarifications
  • Clarification on requirements & design
  • Change Management
  • User Acceptance Testing 

Offshore team’s responsibilities include:

  •  Project Management
  •  Code Changes
  •  Testing
  •  Documentation 

Onsite team utilizes some of its after office hours to make phone calls to the off-shore team to ensure complete understanding of tasks. The offshore team usually has responds with an email or phone call at the end of his day for any clarifications or issues. This way, the baton passes between onsite and offshore seamlessly.


Comments Off on Sample – End To End implementation “Managed Service Provider” Considerations