compliances , policies , security

Sample – An overview of an Enterprise Taxonomy Discovery

October 25, 2013

The development of an Enterprise Taxonomy- a structured classification scheme for Corporate data and content- is vital to improve the ‘findability’ of information necessary to support each staff member’s daily job performance. To collect these details a questionnaire followed up by interviews is the best overall venue.

The focus of interviews should be to gather high level requirements or ‘problem statements’ to guide the scope and best approach to develop the taxonomy.  These sessions are intended to begin the building the taxonomy analysis.

Key business users to be interviewed:

Representatives from each of the major organizational units can speak to the typical information needs in their respective business units and can identify current issues in search and retrieval of data and content in their domains.

Type of information needed:

The information needed will be a listing of the most frequently used information sources, such as the Source, network file shares, existing database applications, etc.

Type of interview & duration (one-on-one/focus group):

Initial group interviews for each of the major organizational units with representatives who can speak to the major business functions performed by the business unit.  We estimate that these group interviews will take 1 hour each.

Follow up one-on-one interviews may be required to focus on particular issues identified in the group interview sessions.

Objective of the interview:

The primary objective of the interviews will be to identify the high level information needs for each major business unit and any current issues encountered in meeting those information needs.

Portal:

The portal surfaces key information to different user groups and packages that information into an experience (which can differ depending on the user-group).  The Team needs to determine the “As-Is” state of portal plans and “To-Be” state.

Key business users to be interviewed:

Representatives from each of the major organizational units who can speak to the typical information needs in their respective business units and can identify current and planned business cases for the portal at Corporate.

Sample – Type of information needed (and questions to be asked):

The portal team needs to investigate the following:

  • Existing business/use cases for a portal interface at Corporate and supporting documentation (are there any existing business/use cases for the portal)?
  • Perceived business value of a portal (why do you believe Corporate needs a portal?)
  • Appropriate user groups (who needs access to the portal from both an internal and external perspective)?
  • Core functionality for the portal for both internal and external users (who are the users and what is their experience in the portal from a data and content perspective)?

Types of interview & duration (one-on-one/focus group):

  • One hour (max) interviews with business staff or individuals from organizational units (individual or group interviews depending on the nature of business involvement with portal issues).
  • Follow-up interviews may be required;

Objective of the interview:

  • Determine existing (if any) and future business and use-cases for the portal and gather information on what to integrate into the portal environment in the near and long-term (for both internal and external users)
  • Determine preferences for internal or external functionality (prioritize specific content/data integration options)
  • Determine preferences for deployment (internal vs. external) and how to sequence rollouts.

Security:

Developing a security strategy for both the data and infrastructure components of the Customer, Client, Partner, Vendor and Employee Portals and corresponding Taxonomy is critical to the success of these projects.  An integrated security approach to the design, development, and deployment of the Intranet and Extranet Portals is required to identify and categorize potential risks to the data and underlying IT infrastructure and ensure security controls are effectively mapped to business rules and workflow.

This integrated approach will reduce risk, support budget control, and aid in on-time delivery of these infrastructure enhancements while allowing business owners and users to better understand the security requirements and processes of the systems.

Key business users to be interviewed:

To continue to understand the ‘as-is’ security posture, we will need to interview infrastructure/network support personnel, system and security administrators, and policy management and administration personnel.  Follow-up interviews will be conducted with the Director of Security, the Network / VLAN Design Teams, the security administrators, representatives from the Enterprise Shared Services Offices, and the Enterprise Architecture teams.

Type of information needed:

  • Security plans and policies (have several already)
  • Network/infrastructure diagrams
  • Standard Configurations for workstations and servers
  • Parameter/External router and firewall configurations
  • User Account Management process
  • Inventory security tools and technologies deployed on within the infrastructure
  • Access Controls schema/process
  • Remote Access policies and procedures
  • Auditing/Monitoring policies and procedures, along with logs for review
  • PCI Quarterly Scan results

Type of interview & duration (one-on-one / focus group)

Both one-on-one and group interviews with key stakeholders identified above (1 hour max).

Objective of the interview:

  • Determine current state of Corporate security posture from an operational, technical, and management control perspective through the review/assessment of plans,  processes, policies, infrastructure and data security control
  • Identify baseline security requirements and security requirements traceability matrix for the Access Portals, and corresponding Taxonomy and integrate these requirements into ‘use-cases’, design specifications, business rules, and workflow
  • Compile data collected from interviews to develop security roadmap to be integrated into the Access Portals, and corresponding Taxonomy along with a security architecture and engineering plan to provide security within and throughout the Corporate infrastructure

www.bestitdocuments.com