Skip to main content

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an

One-sided look: (A short tale on) Infrastructure Security

Security, as they may say especially from specialists, without doubt has great impact to stakeholders and organizations that wants all its assets, except those of meant to be public, be protected at all times or when it is warranted.

In the case of a critical information infrastructure, there might be a one-sided answer that IT specialists would at first hand consider before dealing on any other security solutions. Look at how internetworks is link on one end to the other. There are many different ways a multiple network sites could be interconnected, most popularly through the Internet, however the choice still depends on the kind of data that flows through it. Say at Qwerty Auto Elec Company (QAEC in short, fictitious organization name only), the riches and biggest, wanted all of its domestic and international offices linked altogether and must be secured without regard to drawbacks. It does not want its information leaked, no unauthorized access and ingress attacks (e.g. DOS) on the physical and logical layer of the network, et al. Considering no internal misconduct or conspiracy will happen QAEC wanted to achieve a 99.999 if not 100 percent network stability, at least, for a certain time period.

The combination of firewall, VPN and cryptography, to support the security of a large and geographically diverse computing processes, are worthy of the requirements, still, they may only be second to how the network infrastructure is designed and erected. With the initial specification QAEC has laid out, it may need a confined circuit and shall not be interfaced to and from the public Internet. It would require the telco to install it just like how a local area network is rendered or even better, if any.

It might be too costly (at the start) for QAEC to pursue on this direction but the integrity, confidentiality, availability and genuinness of the information is more important over anything else with respect to the interest (where the whole world watch and can be one) of the stakeholders.

The said criteria might also be true to other settings where stability during the event and unploughed information system is expected.

Comments

Popular posts from this blog

Expressed information is key

It must be a great deal, nowadays. Though, not easy to accomplish and as easy as we say it, not impossible to re/construct it considering all the resources being wasted and ruined unwittingly, as the most probable causes ever. Given that we always try hard to be understood every time. With the COVID19 onslaught, or in any manner of emergency cases, it is very important for people to know where to find authoritative information. Mostly, we go to our government and organization's websites, the almost permanent fixture of our public information. We tune in to press conference and telecommunications' alert messaging on behalf of, or directives from the government and, its customers. Sometimes, the news would find us. Governments, international organizations and multinational companies need to have a coordinated strategy how to dispatch information, which can be a guidance what needs to be done and anything special when it comes to the safety and welfare of everyone. Above all, cru

[TW] IT documents, audit and leaders

IT documents comes with different names such as the following: - Manual or handbook, - Policies and procedures, - Management systems, - Project plans. In the real world we have various names with unique descriptions and purposes when in fact they could be made to do a uniform direction for which actions are based for the entire IT initiatives, probably the longest in IT lifecycle is operation. The problem is our inclination on something else which is wrong. IT remains an IT area. Business remains a business area. The same problem is carried out when we conduct IT audit. Most audit are missing the gists in which IT is being used by businesses. We once said that an effective IT audit is conducted by IT people themselves but there is something wrong with that even. Business and accounting people have been doing it with a different bias and preconceived notions which doesn't make the cut for IT direction and audit respectively. Leaders play the same game and so the problem continues an