Best IT Blog

IS / IT Best Practices

Posted in Data Center - SOC - NOC by Guest on the October 30th, 2014
  1.  Apply Unified Architecture Management
  2. Establish Firm Logical Boundaries
    • Reduce Integration Complexity
    • Partition Applications
    • Partition Databases
  3. Establish event-driven systems
  4. Design Highly Granular, Loosely Coupled Systems


Comments Off on IS / IT Best Practices

Simple Change Management Objectives

Purpose and Scope

To establish the activities needed to create and authorize a Standard Change for Change Management.

A Standard Change generally is a low risk, repeatable procedure that has demonstrated implementation success and been pre-approved for future implementations.


A Standard Change requires the following:

  • Is a low risk change
  • Occurs frequently
  • Has an Installation Instruction
  • Has a predefined Backout Plan
  • Have previous successful changes previously implemented in IT Service Request
  • Can be identified as a unique item on the approved Global Standard Change List
  • Has a scope that exactly matches the identified unique item on the approved Global Standard Change List

Standard Change Policy

Standard changes are pre-approved for creation of the RFC and deployment.

Key business rules include:

  • Standard changes will be restricted to those supported by a single implementation group (Change Owner group is Implementer group)
  • A particular type of RFC must be successfully deployed at least three consecutive times in order to be considered a candidate for a “Standard” pre-approved change type
  • The approval required in order to certify a normal change as a Standard Pre-Approved change requires approval by those owning the CIs the change may impact (based upon the business criticality). Annual re-authorization is required by all parties authorizing the original change
  • Changes owned by third party groups require approval from Corporate IT. and the appropriate account manager from the third party.
  • The Change Manager for the “domain” of the change must formally approve of the change becoming a Standard Pre-Approved change
  • Each Standard Change will be defined with the majority of the fields pre-defined
  • Those submitting an authorized Standard Change for deployment will use only the appropriate form / template that can be accessed
  • If a Standard Change’s deployment fails it will become a “Normal Change” and the Change Owner must re-apply to be considered a candidate for a Standard change once the issue causing the failure has been resolved and the change has been successfully deployed three consecutive times.
  • Must follow the Standard Change Procedures


Comments Off on Simple Change Management Objectives

Sample – Timesheet Workflow Details

Posted in Compliances (1300),Visio Samples - Stencils (457) by Guest on the October 27th, 2014
Comments Off on Sample – Timesheet Workflow Details

Sampe Word – Configuring PGP for VeriSign OnSite

Posted in Policies - Standards (600),Projects (400),Security (1500) by Guest on the October 26th, 2014
Comments Off on Sampe Word – Configuring PGP for VeriSign OnSite

Internetworking Challenges

Posted in Networking (340) by Guest on the October 25th, 2014

Implementing a functional Internetwork poses many challenges. These challenges fall into four major categories:

Connectivity — The challenge of connectivity is to support communication between disparate technologies, such as different media types or speeds.


Reliability — Reliable service is a must in any Internetwork. Individual users and whole organizations are dependent on getting consistent, reliable access to network resources.


Management — Network management must provide centralized support and troubleshooting capabilities in an Internetwork. Configuration, security, performance, and other issues must be adequately addressed in order for the Internetwork to function smoothly.


Flexibility — Flexibility is a necessity in the face of network expansion, new applications and services, and other such factors.


Comments Off on Internetworking Challenges

Sample Excel – OMB Policy Guidance

Comments Off on Sample Excel – OMB Policy Guidance

Business Drivers Impacting IS / IT

Posted in Data Center - SOC - NOC by Guest on the October 22nd, 2014
  1. Move to a business model which offers common services.
  2. Manage and support  services “anytime” from “anywhere”.
  3. Maintain  as a “growth oriented” investment for equity holders.
  4. Sustain compounded growth in local market.
  5. Be first to market with facilities based integrated service offerings.
  6. Improve quality and reliability of services to customers.
  7. Reduce time frames to deliver services.
  8. Lead industry in ‘revenue per employee’
  9. Maintain position as full facilities-based carrier.


Comments Off on Business Drivers Impacting IS / IT

Fundamental Differences Between Government and Private Sector

Posted in Compliances (1300) by Guest on the October 20th, 2014
  • Sovereignty — governments are unique in their sovereign role over customers
  • Privacy / Security — privacy and security are directly tied to public trust
  • Responsibility to Serve All — governments cannot select their “customers”
  • Distribution of value — governments are subject to different business models
  • Incentives and organization — checks and balances
  • Transformation


Comments Off on Fundamental Differences Between Government and Private Sector

Sample Excel – Web Content Requirements

Posted in Sample - IT Spreadsheets - PowerPoints (251),Web Services (250) by Guest on the October 17th, 2014
Comments Off on Sample Excel – Web Content Requirements

Sample Word – Enterprise Service Provider Partnership Business Plan Outline

Posted in Data Center - SOC - NOC by Guest on the October 16th, 2014
Comments Off on Sample Word – Enterprise Service Provider Partnership Business Plan Outline

Email Management Considerations

Posted in eMail (66) by Guest on the October 13th, 2014


Email has become a vital piece of corporate infrastructure although it often receives less attention than systems running other core business functions. Recent virus attacks have highlighted how reliant companies are on their email service.

Email is particularly vulnerable to any IT infrastructure failures in addition to specific challenges such as spam, virus attack and other security issues. As a key component for both external and internal communications, any service issues affecting email immediately impacts on a company’s ability to function.

Email volumes will continue to grow exponentially, spam will become an increasingly large issue and virus writers will become more cunning. This means that in order to continue to provide a high level of email service, the corporate IT department is going to have to allocate more and more specialist resources to running its email system. And this is at a time when the pressures of the economy are such that many businesses need to focus more on their core areas of expertise and competence.

This dilemma can be addressed by utilizing on an outside supplier to provide and manage email services. However, the challenge for companies will be to manage the balance between their internal resources and the services they have outsourced. This re-emphasizes the need to find reliable partners with the necessary expertise and who will deliver agreed service levels.

What is clear is that corporate email systems need specialist skills and are going to require more, not less resources as the reliance on email continues to grow.

Considerations for Email Management

In-house Managed Email Managed Email Service. Pros and cons of running an email system in-house vs. using an external managed service provider.


 Control over tools, content and updates

 Prioritize based on business drivers

 Grow internal skill and knowledge

 Easier integration with other systems


 Access to specialized skills

 More reliable and flexible service

 Predictable lower costs

 Focus on core business


 Finite resources with email skills

 No penalty based SLA

 Downtime caused through lack of focus

 Constant re-training needed to stay current

 Threat to knowledge base from staff turnover


 Negative perceptions within IT department

 Administrative overhead of communication

 Loss of in-house competence


Key Issues Relating to Email Management

Control of Viruses

Of all the issues relating to running an email system, dealing with the threat of virus attack is very high up on every organization’s priority list. We find that there is almost universal adoption of some sort of anti-virus process or product within the business community. The impact of virus attack on a company can be disastrous. Firstly there is the disruption to ongoing business while the impact of the virus attack is dealt with (user downtime, cleaning user PCs and so on), then there is the impact on business partners to whom the virus may have passed. This has in the past been measured in terms of minor embarrassment ranging to major lost contracts and long-term damage to a company brand. The commercial estimates relating to the damage done by viruses vary greatly. However all agree that virus damage and the ensuing clean up is costing British businesses billions of pounds each year.

All agree that protecting an organization against becoming the victim of a virus attack and in turn preventing the organization from propagating the virus attack is now a business critical function. Viruses are mainly distributed through email. Some are attachments to emails; others are included in the body of the email itself. Additionally viruses can be passed by accessing or downloading from websites, but this method is a relatively minor consideration compared to email transmission.

The solutions that organizations have implemented fall broadly into the following categories:

Total Outsourcing

By having an external organization take on responsibility for scanning all inbound and outbound email, a company is able to be comfortable in the knowledge that a professional is acting on their behalf. A specialist organization is working round the clock to ensure that viruses are kept at bay. Companies that have subscribed to this approach report an excellent level of service, with near 100% protection from viruses. However this does come with two downsides. Firstly, the cost of this service – typically around $1 per user per month. Secondly, the incidence of “false positives” – a false positive is where an email is wrongly diagnosed as having a virus attached or embedded. This becomes a problem if the email in question is of a critical nature and the process for dealing with the “false positive” results in a lengthy delay in delivering the message to the recipient.

A final consideration in this approach is that it does not prevent a virus from propagating around an organization should it manage to penetrate the outer defenses. It is this consideration that leads many companies to continue to run anti-virus protection on individual PCs and servers even though they are paying another organization to protect them.

In summary, this approach is well received by those using it. It is very effective at preventing viruses from penetrating into an organization but does not provide any protection should a virus be introduced by other means such as a user’s private webmail account. This therefore cannot be regarded as the complete solution for protecting a company from virus attack.


Excellent at trapping viruses, uses multiple different engines – constantly updated against the latest viruses and provided as a managed service so no dependency on company IT staff.


Does not protect against a virus propagating around a company once penetrated. In-house Server Based Virus Protection

This is by far the most common approach to protecting companies against virus attack. The anti-virus software is installed on all email servers and scans the emails passing through the server, quarantining any that it identifies as containing a virus.

As this approach is in-house, its success depends on the vigilance, capability and availability of the company’s IT department staff. Applying latest updates against new viruses is an hourly function and although automated, requires checking regularly. Server based virus prevention is also limited to one product (running multiple anti-virus products on the same server can make them both identify each other as a virus, due to the way they function!), which leads to a selection process where technical requirements may lose out to commercial considerations. Furthermore, different anti-virus vendors may be more successful than others in combating different viruses, so having more than one product running would provide enhanced protection.


Prevents spread of viruses within an organization as well as providing protection from inbound and outbound viruses.

Cons: Limited to one vendor’s approach. Reliant on the IT department to monitor, manage and apply updates constantly. Adds overhead to IT staff in dealing with quarantined messages. This approach allows viruses to penetrate a company’s network before being trapped. Increasingly complex viruses may exploit this vulnerability.

Client PC Based Protection

Client based virus protection is generally regarded as an adjunct to another approach or for mobile workers.


Protects the client PC.


Dependant on the user to setup and manage updates.

Only protects the client PC.

Does not protect servers or other network infrastructure.



Protecting an organization from the threat of viruses is paramount. Email communication is now business critical in most companies and being without it for any length of time starts to cost the company competitiveness, money and employee productivity. The business case for providing virus protection does not need proving. However, the level of protection that a company deems cost effective needs reviewing.

Whilst the majority of organizations are using server based virus protection, their reliance on one vendor and busy internal IT staff to run the service offers opportunities for breach by new viruses and the potential that new types of virus can do damage prior to being identified by the email server.

An approach that hands primary protection to a specialist who will trap and remove viruses prior to them ever arriving at your network is definitely the way of the future. Such an organization will be acting for many companies and so will have specialist knowledge that it is impossible to justify developing within a company’s IT department. However, reliance on a third party provider has limitations around preventing the internal spread of a virus that is introduced through other means (infected CD-ROM, Internet download, etc), so retaining server and client PC based virus protection is also recommended as a backup measure.


Comments Off on Email Management Considerations

Sample – Architecture Requirements

Posted in Compliances (1300) by Guest on the October 10th, 2014
  • Broad Expandability
  • Integrated System of Systems
  • Event-driven Information Access
  • Support the Operational Model
  • Simplicity
  • Service Management
  • Data Processing Environments
  • Legacy Integration


Comments Off on Sample – Architecture Requirements

Opportunities for Development

Posted in Web Services (250) by Guest on the October 8th, 2014
  • Plan development efforts
    Identify corporate IT needs & expectations
    Work with IT user community representatives 
  • Align Objectives with Organizational Goals
    Define Scope of Development Effort
    Define Scope of Services to be Offered 
  • Organizational Goals
    Executive Support
  • Work to be done
    How it will be done
    Implementation = > Operation 
  • Vigilantly scan for ways to meet new, unidentified, and evolving requirements.
  • Provide Additional Opportunities for our organization Participation


Comments Off on Opportunities for Development

Evolving Corporate IT

Posted in Business (600) by Guest on the October 4th, 2014

Corporate downsizing forces all of us to look at how our money is being spent.  In the age of point and click everything, highly technical employees have difficulty NOT using their highly technical skills.  I ask you, why should you pay top notch, highly paid, highly technical people to write program after program to get data that can now be gotten with basic PC skills? 

What about financial people that need to review how corporate IT resources are being spent and need to go to a programmer to have code written to find the answers? 

Why spend millions on an incident, when thousands on being proactive will do the job better? 

Earn a reputation as being entrepreneurial. Entrepreneurs are known as risk takers. Recognize that you are the first in the extraordinarily large Enterprise category to say goodbye old IT ways of doing business. 

This will not work with out management support. And not just the next manager up, I mean executive management.  Without it, there is not way we could have become successful.  

What’s been enhanced in the last year? 

What obstacles did we have to overcome?

Comments Off on Evolving Corporate IT

Ripple Effect of Bad Business Practices

Posted in Business (600) by Guest on the October 1st, 2014

A history of undelivered, paid goods /services will sour any business links. Fraudulent use of financial data will destroy any trust relationship. Business is increasingly little more than the processing. This is most obvious in the financial sector. 

Such enterprises are exploiting the internet technologies, with browsing the net for new product ideas and potential new markets becoming a legitimate business task. A coordinated rigorous internal review process is essential to ensure operational integrity. 

Business opportunities can be considered from many perspectives. The internet has bombarded us with unsolicited junk mail through spamming. Rapid network communication facilitates the “pyramid selling” of greed, through rumors, innuendoes etc… 

Such scams have been increasing all over the world, further economic and political integration through the European Union may, however, change this. Even a small percentage of gullible recipients in a potential market of millions can generate a lot of revenue to the unscrupulous organization. 

The Internet as a viable delivery system accessing “publicly available” yet corporate databases and information will do more than redefine products and services; it will irrevocably change work and employment patterns. 

Networking has had a profound impact on the transaction costs of the larger enterprise. Most modern business techniques are being enhanced by the availability of computer networking. 

The historical integration of the larger enterprise is being replaced by the more flexible and responsive core enterprise with it’s many ‘Teletrading’ partners. The early economic basis for vertically integrated companies was that direct control of all resources would reduce the time/cost of ‘legal’ negotiating between companies. Transaction costs  have fallen, generating new opportunities. Real-time networking will facilitate the mixing and matching of relationship between business entities. 

Concepts such as ‘just in time replenishment’ do not require total control of the supply process in the networked age. The obfuscation of earlier corporate boundaries can bring problems as well as opportunities. Global, public networks will allow distant competitors to infiltrate local environments will little or no effort. They may be providing real products and services thus increasing customer choice, but electronic access may result in the stealing of corporate resources. 

A successful dynamic market needs a mixture of investment; short and long term. The local emergence of a range of valuable networked products and services will be restricted by fears that such investment cannot be justified because of the emergence of global opportunists moving in and out of a market ‘, costly and with ‘impunity’ 

Business common sense and vigilance is probably even more relevant within the interactive global market than in the local context.

Comments Off on Ripple Effect of Bad Business Practices