Getting IT under control is all about consistent and repeatable IT processes. Change and release management has become a defining performance factor in high performing IT shops. Significant research has also been completed which identifies the huge benefits of tackling change management “head on”.
Dan Swanson
1. Keeping Up Your SOX Compliance And Turning IT into a High Performer by improving Change Control –A Compelling Business Case for Change Management.
There is a substantial and growing body of evidence that “change management” is a key success factor in the implementation of efficient, effective and secure IT Operations. Because every “IT risk” creates some degree of business risk, it is important that executives thoroughly understand change management issues.
http://www.tripwire.com/resources/asset_request.cfm?aid=2184(registration may be required).
2. 20 Questions Directors Should Ask About Information Technology Outsourcing
Directors of organizations are expected to satisfy themselves that the information technology function is effective, whether it is outsourced or not. This briefing provides suggested questions for board to ask the Chief Information Officer and others within the organization. http://www.cica.ca/index.cfm/ci_id/20018/la_id/1.htm
3. Auditing IT Initiatives “Thought Leadership” – (Because an IT Project Failure is NOT An Option).
Some key questions to consider:
- Does the proposed IT solution work & will it meet the needs of the organization?
- Does the security aspect of the IT solution work?
- Will the privacy of the organization’s information be maintained?
- Will the staff know how to perform “productively” and accurately?
- Have we done everything necessary to be prepared?
- Are we ready to implement and how do you know it’ll work?
http://www.auditnet.org/articles/DSIA200702.htm
4. US Federal Information Processing Standard (FIPS) 200, “Minimum Security Requirements for Federal Information and Information Systems” (PDF)
The minimum security requirements cover seventeen security-related areas with regard to protecting the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems. The security-related areas include: (i) access control; (ii) awareness and training; (iii) audit and accountability; (iv) certification, accreditation, and security assessments; (v) configuration management; (vi) contingency planning; (vii) identification and authentication; (viii) incident response; (ix) maintenance; (x) media protection; (xi) physical and environmental protection; (xii) planning; (xiii) personnel security; (xiv) risk assessment; (xv) systems and services acquisition; (xvi) system and communications protection; and (xvii) system and information integrity. The seventeen areas represent a broad-based, balanced information security program that addresses the management, operational, and technical aspects of protecting federal information and information systems. http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf
5. SECURITY BENCHMARK.COM
This web site was created from the very unique and comprehensive list of Information Security related resources Dan has managed to collect. Security benchmark is managed and maintained by Seccuris Inc.http://www.securitybenchmark.com/
6. EARLY WARNING SIGNS OF IT PROJECT FAILURE: THE DOMINANT DOZEN
The post mortem examination of failed IT projects reveals that long before the failure there
were significant symptoms or “early warning signs.” This article describes the top 12 people related and project related IT project risks, based on “early warning sign” data collected from a panel of 19 experts and a survey of 55 IT project managers.
http://www.ism-journal.com/ITToday/projectfailure.pdf