Operating Standards and Practices for LANs Leo Wrobel
|
|
- Shanon Booth
- 8 years ago
- Views:
Transcription
1 Operating Standards and Practices for LANs Leo Wrobel Payoff Operating standards for LANs offer certain advantages for keeping expenses for procurement, maintenance, and support under control At the same time, any standards must enhance, not stifle, the productivity of users of local area networks. This article reviews the basics to include in a LAN standards document. Problems Addressed The following scenario is common in many organizations: There are 200 local area networks (LANs) located across the country, in everything from small sales offices with a handful of people to regional distribution centers. The company does not know if these outlying locations handle mission-critical data or not. The company does not know with certainty who is running these LANs, because it ranges from office managers and clerical employees right up to seasoned IS professionals. A site that once had 10 salespeople now has 9 salespeople and a LAN administrator. The company does not know how these sites are buying equipment, yet it is reasonably sure that they are paying too much, because they are not buying in bulk or enjoying any economies of scale in equipment purchases. Locations are beginning to lean on IS for help desk support because there is no way they can keep up with the rapid proliferation of hardware, platforms, software, and special equipment being installed in the field. The telecommunications department is worried about connecting all of these locations together. Although some attempts at standardization of these locations may be made, invariably, LAN managers in the field consider standards to be an attempt by the IS department to regain control of the LAN administrators' environment. Because LAN managers seldom have had any input into what these standards would be, they were soundly rejected. Today, there are literally thousands of companies fighting this same battle. This article gives some solutions to these problems. First, however, it is important to understand why standards are required and how IS can implement standards without stifling productivity or adversely affecting the organization. Why LANs Require Standards Exhibit 1 compares two distinctly different operating environments: mainframes and LANs. To illustrate a point, Exhibit 1 uses the same adjectives that LAN and mainframe people use to describe each other. Operational and Maintenance Characteristics
2 Operational Characteristics < > MAINFRAME LAN "Stodgy" "Seat-of-Pants Approach" "Stoic" "Close to Business" "Regimented" "Happy, Productive Users" "Inflexible" "Stifles Productively" Maintenance Characteristics < > MAINFRAME LAN "Highly Advanced Support Systems" "Evolving Support Systems" "High-Level Help Desk Support" "Difficult Help Desk Support" "Reliable and Well-Proven" "High User Involvement in Routine Problems" "High Support-to-Device-Ratio" "Low Support-to-Device Ratio" "High Maintenance" In an ideal environment, the LAN administrator can select exactly the type of equipment best tailored to do the job. LAN managers are historically close to the core business. For example, if the company is involved in trading stock, the LAN operations department can go out and buy equipment tailored exactly to trading stock. If the organization is engaged in engineering, the LAN administrator can buy equipment exactly tailored to engineering. From the standpoint of operational characteristics, LANs are far more desirable than mainframes because they are closer to the business, they empower people, and they make people enormously productive by being close to the core business. This is not the whole story, however. It is equally important to support LANs once they are in place. This is where the trade-offs come in. Lessons From Mainframe Experience Because mainframes have been around so long, there is a high degree of support available. When users in the mainframe environment call the help desk with a hardware or a software problem, the help desk knows what they are talking about. Help desk staff are well trained in the hardware and the software packages and can quickly solve the users' problems. As another example, in an IBM 3070 terminal environment, 100 terminals or more could be supported by a single technician. When those terminals became PCs, the ratio perhaps dropped to 50 PCs per technician. When those PCs became high-end workstations, the ratio dropped even further. The value of a mainframe level of technical support cannot be underestimated. Mainframe professionals had 20 years to write effective operating and security standards. These standards cover a number of preventive safeguards that should be taken in the operational environment to assure smooth operation. These range from: How often to change passwords. How often to make backups. What equipment should be locked up. Who is responsible for change control.
3 Defining the standards for interconnecting between environments. In the mainframe world it was also easy to make very large bulk purchases. Because the mainframe has been around for so long, many advanced network management systems exist that provide a high degree of support and fault isolation. Balancing Productivity and Support Requirements for LANs To the LAN administrator, the perfect environment, productivity-wise, is one which any LAN administrator anywhere in a large company can go out and buy anything at any time flexibility to buy equipment that is exactly tailored to the core business and that has the maximum effect in the way of enhancing productivity is highly desired in LAN environments. However, if someone calls the help desk, the help desk staff will not really be sure what they have out there, let alone how to troubleshoot it. In many ways, if the users buy an oddball piece of equipment, no matter how productive it makes them, they are on their own as far as supporting that equipment. LANs have a characteristically high ratio of technologists required to support the environment. Today, sophisticated boxes sit on the desktop that demand a much higher level of maintenance. Because people are such a valuable commodity and so difficult to justify because of downsizing or rightsizing, LAN administration is usually relegated to a firefighting mode, without a lot of emphasis on long-range planning. Because LAN platforms are relatively new, in comparison to mainframes, there has not been as much time to develop operating and security standards. This is especially irritating to auditors when mission-critical applications move from the traditional mainframe environment onto LANs and the protective safeguards around them do not follow. Something as simple as transporting a tape backup copy of a file between LAN departments can be extremely complicated without standards. What if everyone buys a different type of tape backup unit? Without standards on what type of equipment to use, bulk purchases of equipment become difficult or impossible. Even though major improvements have been made in network management systems over the past five years, the management systems associated with LANs often lag behind those associated with mainframe computers. Again, this causes the company to pay penalties in the area of maintenance and ease of use. One answer, of course, is to force users into rigid standards. While this pays a handsome dividend in the area of support, it stifles the users' productivity. They need equipment well suited to their core business purpose. An alternative is to let users install whatever they want. This may increase productivity greatly, though it is doubtful that a company could ever hire and support enough people to maintain this type of configuration. Worse, mission-critical applications could be damaged or lost altogether is users are not expected to take reasonable and prudent safeguards for their protection. It is the responsibility of both users and technologists to find the middle ground between the regimented mainframe environment and the seat-of-the-pants LAN environment. Through careful preplanning, it is possible to configure a set of standards that offers the advantage of greater productivity that is afforded by LANs, but also the advantages learned through 20 years of mainframe operations in the areas of support, bulk purchases, and network management. The remainder of this article concentrates on exactly what constitutes reasonable operating and security procedures for both LANs and telecommunications.
4 Standards Committees One method is through the formation of a communications and LAN operating and security standards committee. An ideal size for a standards committee would be 10 to 12 people, with representatives from sales, marketing, engineering, support, technical services, including LANs, IS and telecommunications, and other departments. It is important to broaden this committee to include not only technologists, but also people engaged in the core business, since enhancement of productivity would be a key concern. The actual standards document that this committee produces must deal with issues for both the operation and protection of a company's automated platforms (the Appendix provides a working table of contents from which to begin to write a document). Subjects include: Basic physical standards, including access to equipment rooms, where Private Branch exchange equipment is kept, what type of fire protection should be employed, standards for new construction, standards for housekeeping, and standards for electrical power. Software security, change control, which people are authorized to make changes, and how these changes are documented. The security of information, such as identifying who is allowed to dial into a system, determining how to dispose of confidential materials, determining which telephone conversations should be considered private, and the company's policy on telecommunications privacy. Weighing options with regard to technical support of equipment. Resolving issues regarding interconnection standards for the telecommunications network. Disaster backup and recovery for both LANs and telecommunications, including defining what users must do to ensure protection of mission-critical company applications. Defining Mission Critical" Before all of this, however, the committee is expected to define and understand what a mission-critical application is. Because standards are designed to cover both operational and security issues, the business processes themselves must be defined, in order to avoid imposing a heavy burden with regard to security on users who are not engaged in missioncritical applications, or by not imposing a high enough level of security on users who are. Standards for equipment that is not mission critical are relatively easy. Basically, a statement such as, The company bought it, the shareholders paid for it, the company will protect it, will suffice. In practice, this means securing the area in which the equipment resides from unauthorized access by outside persons when there is danger of tampering or theft. It also includes avoiding needless exposures to factors which could damage the equipment, such as water and combustibles, and controlling food items around the equipment, such as soft drinks and coffee. The most one would expect from a user
5 engaged in non-mission-critical applications would be something that protects the equipment itself, such as a maintenance contract. Mission-critical equipment, however, has a value to the company that far exceeds the value of the equipment itself, because of the type of functions it supports. Determination of what constitutes a mission-critical system should be made at a senior management level. It cannot be automatically assumed that technical services will be privy to the organization's financial data. LAN and telecommunication equipment that supports an in-bound call center for companies such as the Home Shopping Club, would definitely be mission-critical equipment, because disruption of the equipment, for whatever cause, would cause a financial hit to the company that far exceeds the value of the equipment. Therefore, mission-critical equipment should be defined as equipment that, if lost, would result in significant loss to the organization, measured in terms of lost sales, lost market share, lost customer confidence, or lost employee productivity. Monetary cost is not the only measurement with regard to mission-critical. If an organization supports a poison-control line, for example, and loss of equipment means a mother cannot get through when a child is in danger, it has other implications. Because financial cost is a meaningful criteria to probably 90% of the companies, it is the measurement used for purposes of this discussion. There is not necessarily a correlation between physical size and mission criticality. It is easy to look at a LAN of 100 people and say that it is more mission-critical than another LAN that has only 4 people. However, the LAN with 100 people on it may provide purely an administrative function. The LAN with four people on it may have an important financial function. Writing the Operating and Security Standards Document In the following approach, it is recommended that two distinct sets of standards are created for mission-critical versus non-mission-critical equipment. Network Software Security and Change Control Management One item that should be considered in this section is, Who is authorized to make major changes to LAN or telecommunications equipment? There is a good reason to consider this question. If everyone is making major changes to a system haphazardly, a company is inviting disaster, because there is little communication concerning who changed what and whether these changes are compatible with changes made by another person. Standards should therefore include a list of persons authorized to make major changes to a mission-critical technical system. It should also have procedures for changing passwords on a regular basis, both for the maintenance and operation functions of LANs and telecommunications. Procedures should be defined that mandate a backup before major changes in order to have something to fall back on in case something goes wrong. Procedures should be established to include Direct Inward System Access (direct inward system access). Unauthorized use of Direct Inward System Access lines is a major cause of telecommunication fraud or theft of long-distance services. Automated attendants, for example, should also be secured and telephone credit cards properly managed. As a minimum, establish a procedure that cancels remote access and telephone credit to employees who leave the company, especially under adverse conditions.
6 Physical and Environmental Security There should be a set of basic, physical standards for all installations, regardless of their mission-critical status. These might include use of a UPS (uninterruptible power supply) on any LAN server. A UPS not only guards against loss of productivity when the lights flicker, but also cleans up the power somewhat and protects the equipment itself. There should be standards for physically protecting the equipment, because LAN equipment is frequently stolen and because there is a black market for Private Branch exchange cards as well. There should be general housekeeping standards as far as prohibitions against eating and drinking in equipment areas and properly disposing of confidential materials through shredding or other means. No- smoking policies should be included. Standards for storing combustibles or flammables in the vicinity of equipment should also be written. Physical standards for mission-critical applications are more intensive. These might include sign-in logs for visitors requiring access to equipment rooms. They may require additional physical protection, such as sprinkler systems or fire extinguishers. They may require general improvements to the building, such as building fire-resistant walls. They should also include protection against water, since this is a frequent cause of disruption, either from drains, building plumbing, sprinklers, or other sources. Technical Support The standards committee ideally should provide a forum for users to display new technologies and subject them to a technical evaluation. For example, a LAN manager or end user may find a new, innovative use of technology that promises to greatly enhance productivity in their department. They can present this new technology to the standards committee for both productivity and technical evaluations. The technologist on the committee can then advise the user of the feasibility of this technology; whether it will create an undue maintenance burden, for example, or whether it is difficult to support. If it is found that this equipment does indeed increase productivity and that it does not create an undue maintenance burden, it could be accepted by the committee and added to a list of supported services and vendors that is underwritten by the committee. Other issues include what level of support users are required to provide for themselves, what the support level of the help desk should be, and more global issues, such as interconnection standards for a corporate backbone network and policies on virus protection. Conclusion The LAN operating and securities standards document is designed to be an organization's system of government with regard to the conduct and operation of technical platforms supporting the business. A properly written standards document includes input from departments throughout the organization, both the enhance productivity and to keep expenses for procurement, maintenance, and support under control. Standards also ensure that appropriate preventive safeguards are undertaken, especially for mission- critical equipment, to avoid undue loss of productivity, profitability, or equity to the company in the event something goes wrong. In other words, they are designed to prevent disruptions. Use of a LAN operating and security standards committee is advised to ensure that critical issues are decided by a group of people with wide exposure within the company and to increase ownership of the final document across departmental boundaries and throughout the organization. If properly defined, the standards document will
7 accommodate the advantages of the mainframe environment and needs of LAN administrators by finding the middle ground between these operating environments. By writing and adopting effective standards, an organization can enjoy the productivity afforded by modern LAN environments while at the same time enjoying a high level of support afforded through more traditional environments. The appendix lists examples of typical standards for these types of installations. Readers are recommended to use them as a baseline in developing standards and begin building a standards committee now. Author Biographies Leo Wrobel Leo Wrobel is president of Premier Network Services Inc. in Dallas.
5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel
5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel Payoff This article reviews the processes that must be documented in a recovery plan for a company's mission-critical
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationGuidelines for Distributed Computing Administration and Security
Guidelines for Distributed Computing Administration and Security As the University enters into the era of networked microcomputers and a distributed computing environment, many of the critical tasks originally
More informationIT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST
INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT
More informationWhy cloud backup? Top 10 reasons
Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable
More informationMAXIMUM PROTECTION, MINIMUM DOWNTIME
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
More informationMaking the leap to the cloud: IS my data private and secure?
Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationWHY CLOUD BACKUP: TOP 10 REASONS
WHITE PAPER DATA PROTECTION WHY CLOUD BACKUP: TOP 10 REASONS Contents REASON #1: Achieve disaster recovery with secure offsite cloud backup REASON #2: Freedom from manual and complex tape backup tasks
More informationCustomer Guide Helpdesk & Product Support. [Customer Name] www.four.co.uk Page 1 of 13
Customer Guide Helpdesk & Product Support [Customer Name] www.four.co.uk Page 1 of 13 Table of Contents HELP DESK AND PRODUCT SUPPORT SUMMARY... 3 1 FOUR HELP DESK STRUCTURE AND CALL ESCALATION... 6 2
More informationCPI Customer Success Story Sawyer Savings Bank
CPI Customer Success Story Sawyer Savings Bank Technology Management for Optimal Performance, Security & Cost Savings Leveraging CPI s expertise in capturing true IT value, mitigating risks and reducing
More informationInformation Resources Security Guidelines
Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive
More informationHIPAA Security COMPLIANCE Checklist For Employers
Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major
More informationHealthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service
Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that
More informationCOMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN
COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN By Leo A. Wrobel Technologists often exhibit an unexpected response when asked by management to produce a disaster recovery plan for an automated system.
More informationHow To Get Ready For Business
A Ready Business rises above infrastructure limitations Vodacom Power to you Vodacom Business Nigeria Managed Hosted Services Get Ready to free up your business. To succeed in today s world of dramatic
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationDETAIL AUDIT PROGRAM Information Systems General Controls Review
Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationStable and Secure Network Infrastructure Benchmarks
Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day
More informationIT Service Management
IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction
More informationPatch Management. Rich Bowen
Patch Management Rich Bowen April 9, 2004 Contents 1 Executive Summary 2 2 Risks 2 2.1 The patch fixes a problem...................................... 2 2.1.1 Do you have that problem?.................................
More informationWhite Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1
White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent
More informationWhite Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary
AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS Executive Summary Today s businesses rely heavily on voice communication systems and data networks to such
More informationWhat are the benefits of Cloud Computing for Small Business?
Cloud Computing A Small Business Guide. Whilst more and more small businesses are adopting Cloud Computing services, it is fair to say that most small businesses are still unsure of what Cloud Computing
More informationThe 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them
The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or
More informationThe Commonwealth of Massachusetts
A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE
More informationThe Essential Guide for Protecting Your Legal Practice From IT Downtime
The Essential Guide for Protecting Your Legal Practice From IT Downtime www.axcient.com Introduction: Technology in the Legal Practice In the professional services industry, the key deliverable of a project
More informationTop 10 Reasons for Using Disk-based Online Server Backup and Recovery
ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent
More informationNeverfail Solutions for VMware: Continuous Availability for Mission-Critical Applications throughout the Virtual Lifecycle
Neverfail Solutions for VMware: Continuous Availability for Mission-Critical Applications throughout the Virtual Lifecycle Table of Contents Virtualization 3 Benefits of Virtualization 3 Continuous Availability
More information16 Common Backup Problems & Mistakes
16 Common Backup Problems & Mistakes 1. Tape errors, Tape Drive failures. Probably the number one backup problem is simply caused by the unreliability of tape. Tape drives have a higher failure rate than
More informationGetting a Secure Intranet
61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like
More informationMoving Network Management from OnSite to SaaS. Key Challenges and How NMSaaS Helps Solve Them
Moving Network Management from OnSite to SaaS Key Challenges and How NMSaaS Helps Solve Them Executive Summary In areas such as sales force automation and customer relationship management, cloud-based
More informationDefining the Data Center Market. Data Center Market Size. and. Applied Computer Research, Inc. Prepared by: Applied Computer Research, Inc.
Defining the Data Center Market and Data Center Market Size Prepared by: Applied Computer Research, Inc. 1-800-234-2227 www.itmarketintelligence.com Copyright 2010, all rights reserved. Defining the Data
More information'Namgis Information Technology Policies
'Namgis Information Technology Policies Summary August 8th 2011 Government Security Policies CONFIDENTIAL Page 2 of 17 Contents... 5 Architecture Policy... 5 Backup Policy... 6 Data Policy... 7 Data Classification
More informationDPS HOSTED SOLUTIONS
DPS HOSTED SOLUTIONS DPS SOFTWARE 288 SOUTHBURY ROAD ENFIELD MIDDLESEX EN1 1TR DATE: OCTOBER 2009 DPS Software 2009 1 INDEX DPS HOSTED SOLUTIONS 1 INTRODUCTION 3 DPS HOSTING OVERVIEW 4 WHAT HAPPENS IF
More informationPrivate Cloud. One solution managed by Applied
Private Cloud : : C L O U D S E R V I C E S : : One solution managed by Applied THE CLOUD IS NO LONGER AN IT CONSIDERATION ALONE IT IS FUNDAMENTALLY CHANGING THE WAY EXECUTIVES ACROSS DEPARTMENTS VIEW
More informationPreparing for a Computer System. In a Wholesale Fruit and Vegetable Company
Preparing for a Computer System In a Wholesale Fruit and Vegetable Company by Bruce E. Lederer Market Research and Development Division Agricultural Marketing Service U.S. Department of Agriculture A computer
More informationHIPAA Security. assistance with implementation of the. security standards. This series aims to
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationResource Ordering and Status System. User Business Resumption Plan
Resource Ordering and Status System User Business Resumption Plan I. INTRODUCTION This document is the disaster preparedness and recovery plan for users of the Resource Ordering and Statusing System (ROSS).
More informationEnterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask
Enterprise Single Sign-On SOS The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On: The Critical Questions Every Company Needs to Ask 1 Table of Contents Introduction 2 Application
More informationHow to save money with Document Control software
How to save money with Document Control software A guide for getting the most out of your investment in a document control software package and some tips on what to look out for By Christopher Stainow
More informationHosted Desktop Model vs. SBC, VDI and Traditional Desktop Position Document
Hosted Desktop Model vs. SBC, VDI and Traditional Desktop Position Document Author: Richard South Document #: 1033 Date: 11/07/2008 Last Revision: 20/08/2008 Hosted Desktop Infrastructure is an innovative
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More information82-01-90 The Effects of Outsourcing on Information Security Marie Alner Payoff
82-01-90 The Effects of Outsourcing on Information Security Marie Alner Payoff Outsourcing is the process of contracting a third-party information systems vendor to perform all or part of a company's information
More informationBusiness Virtualization
Business Virtualization Why should I consider server virtualization? Save money. Often servers are dedicated to just one or two applications. As a result servers in many organizations are only using 15
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More information83-10-31 User Authentication: A Secure Networking Environment Ellen Bonsall Payoff
83-10-31 User Authentication: A Secure Networking Environment Ellen Bonsall Payoff After identifying network security requirements, defining the security process, setting policies and procedures, and defining
More informationTop 5 Cloud Computing Questions Answered!
Top 5 Cloud Computing Questions Answered! Regardless of your vertical sector or business size, cloud computing is big news for you and your company. However, it s easy to be overwhelmed with the sheer
More informationDISASTER RECOVERY PLANNING GUIDE
DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.
TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the
More informationOFFICE OF THE STATE AUDITOR General Controls Review Questionnaire
OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic
More informationIs online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution
PARTNER BRIEF: IS ONLINE BACKUP RIGHT FOR YOUR BUSINESS?........................................ Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid Who
More informationManaging business risk
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
More informationBackup and Redundancy
Backup and Redundancy White Paper NEC s UC for Business Backup and Redundancy allow businesses to operate with confidence, providing security for themselves and their customers. When a server goes down
More informationHow VDI Reduces the Risks of BYOD
How VDI Reduces the Risks of BYOD Technology leaders face a new challenge with consumerization of IT, as everyone from desktop workers to executives brings personal mobile devices into the workplace, expecting
More informationThe 10 Disaster Planning Essentials For A Small Business Network
The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or
More informationTHE GOOD, THE BAD, & THE UGLY
I.T. SERVICE AGREEMENTS THE GOOD, THE BAD, & THE UGLY SUMMARY: IT service agreements aren t always what they re cracked up to be. An agreement between two parties should be just that an agreement, not
More informationHow To Manage A Disaster Recovery Plan
5-04-26 Testing Disaster Recovery Plans Leo A. Wrobel Payoff The true test of a disaster recovery plan is whether it can uncover failure points. Companies should consistently tighten testing criteria and
More informationThe 7 Disaster Planning Essentials
The 7 Disaster Planning Essentials For Any Small Business Little-Known Facts, Mistakes And Blunders About Data Backup And IT Disaster Recovery Every Business Owner Must Know To Avoid Losing Everything
More informationAudit of Security Controls for DHS Information Technology Systems at San Francisco International Airport
Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport May 7, 2015 DHS OIG HIGHLIGHTS Audit of Security Controls for DHS Information Technology Systems
More informationThe Power Of Managed Services. Features
b u s i n e s s C a r e m a n a g e d S e r v i c e s Lower costs, increased profitability, new market expansions and happier customers. These are just a few of the most important priorities for business
More informationZCorum s Ask a Broadband Expert Series:
s Ask a Broadband Expert Series: Is Privacy a Cloud Illusion? By Rick Stiles, VP of Product Development StoAmigo.800.909.944 450 North Point Parkway, Suite 25 Alpharetta, GA 30022 ZCorum.com TruVizion.com
More informationThe Perfect Host How Hosted Services can save you time and money
The Perfect Host How can save you time and money An Introduction to Information Technology has become increasingly important within the legal market and firms and chambers are under increasing pressure
More informationTufts Health Plan Corporate Continuity Strategy
Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationWhy Managed Hosted Hosted Solutions in the Cloud Are Critical to Their Survival
Success on the fly Tap into real business efficiency with none of the infrastructure hassle D35252 Managed Hosted_v2b.indd 1 It s great to know that I can focus on broadening my business horizons not managing
More informationCyber Security: Guidelines for Backing Up Information. A Non-Technical Guide
Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:
More informationYour complete guide to Cloud Computing
Your complete guide to Cloud Computing 1 Doc V1.0 Dec 2013 Table of Contents Hosted Desk- 3 The Cloud and Cloud Computing... 4 The benefits of Cloud Solutions 6 The Cloud is Growing - Rapidly 7 Resolving
More informationThe Second National HIPAA Summit
HIPAA Security Regulations: Documentation and Procedures The Second National HIPAA Summit Healthcare Computing Strategies, Inc. John Parmigiani Practice Director, Compliance Programs Tom Walsh, CISSP Practice
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationCloud computing is a way of delivering IT services to users without the need to buy, install or manage any infrastructure.
hosted services dynamic Increased flexibility and cost saving The benefits employees can access information wherever they are, rather than having to remain at their desks. Reduced costs our hosted services
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationSuccessful EHR Change Management
Successful EHR Change Management Roles and responsibilities White paper Table of contents Executive summary... 2 Introduction... 3 Never underestimate the power of the people... 3 People... 4 From resisting
More informationCall us today 1300 724 599. Managed IT Services. Proactive, flexible and affordable
Call us today 1300 724 599 Managed IT Services Proactive, flexible and affordable We believe technology is at its best when it s invisible. When you can focus on the task you are achieving, not the technology
More informationChief Information Officer
Chief Information Officer The CIO leads the Information Technology Department maintaining the function of SETMA s electronic health record. The CIO is responsible for: 1. Maintaining the functions of SETMA
More informationInternet Content Provider Safeguards Customer Networks and Services
Internet Content Provider Safeguards Customer Networks and Services Synacor used Cisco network infrastructure and security solutions to enhance network protection and streamline compliance. NAME Synacor
More informationTen Warning Signs Your ERP System Is Killing Your Business
Ten Warning Signs Your ERP System Is Killing Your Business At a Glance: Today s manufacturing enterprise is challenged by rising material costs, increasing competition, and ever-changing customer requirements.
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationCloud Computing in Vermont State Government
Cloud Computing in Vermont State Government Analysis of Opportunities Duncan Goss, Legislative Director of Information Technology David Tucker, State CIO Introduction Legislation passed during the 2009
More informationA Guide to Information Technology Security in Trinity College Dublin
A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2
More informationCreated By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee
Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationReducing Total Cost of Ownership through Outsourced Hosted Virtual Desktops
Reducing Total Cost of Ownership through Outsourced Hosted Virtual Desktops July 2009 Table of Contents Introduction... 3 What are Outsourced Hosted Virtual Desktops?... 3 How Outsourced Hosted Virtual
More informationTop Three POS System Vulnerabilities Identified to Promote Data Security Awareness
CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA
More informationHow Cisco IT Reduced Costs Through PC Asset Management
How Cisco IT Reduced Costs Through PC Asset Management Centralized network-based PC management program keeps employee desktops current and reduces costs. Cisco IT Case Study / IT Services Expense Management
More informationOVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii
The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department
More informationIf You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center
If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center Not since the terms cyberspace and Y2K has there been an inexact technology term
More informationWelcome! What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business. Historical PC Business Network
More informationWHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...
WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive
More informationGETTING THE MOST FROM THE CLOUD. A White Paper presented by
GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are
More informationYour guide to choosing an IT support provider
Your guide to choosing an IT support provider T: 08452 41 41 55 Contents Introduction 3 IT and business continuity 4 About managed services 5 Modular vs packaged support 6 Checklist of supplier questions
More information1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...
Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless
More informationBirkenhead Sixth Form College IT Disaster Recovery Plan
Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service
More informationGlossary of Telco Terms
Glossary of Telco Terms Access Generally refers to the connection between your business and the public phone network, or between your business and another dedicated location. A large portion of your business
More information15 questions to ask before signing an electronic medical record or electronic health record agreement
15 questions to ask before signing an electronic medical record or electronic health record agreement Many definitions exist for electronic medical record (EMR) and electronic health record (EHR). Although
More informationFinally, An Easy Way To Never Have To Deal with Computer Problems Again!
Finally, An Easy Way To Never Have To Deal with Computer Problems Again! Finally, An Easy Way To Keep Your Computers Running Faster, Cleaner, And Problem Free Without The Expense Of A Full-Time IT Staff
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationMapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.
Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4
More information