Case Study

The rise in usage of mobile devices means that enterprise business is no longer being conducted only within the confines of the physical building. Factor in personal device usage by employees and you've got the potential for security breaches...

Video

Explosive data growth, cloud computing, virtualization and consolidation, mobile computing; these are all major technology trends that are having a large impact on IT departments today. For infrastructure professionals, these trends are top of...

Template/Policy

This document has been designed to inform employees and end users of best practices and policies. It will define standards, procedures, and restrictions to protect company-owned equipment and any sensitive data stored therein.

Video

Over 50% of security breaches are a result of end-user error, oversight, and ignorance. IT security training is an effective method of reducing end-user related security breaches. Watch this video and review the other materials in the solution...

Tool

There are many factors that affect an organization's IT security training needs and goals: environment, specific security threats, and end-user perceptions and knowledge. This information is essential to have before you can begin creating your...

Tool

In order to create an effective IT security training program, you must make a series of key decisions based on information gathered during the Establishing Training Parameters phase. Save time and money by using this tool to ensure that those...

Note

Security breaches caused by end-user error can be costly and time consuming. IT security training is a highly effective method of mitigating these threats and their effect on organizations. Info-Tech research shows 45% of companies that perform...

Tool

Managing telecom expense is a challenge when bills are not managed centrally or consolidated in a single file. Identifying cost-savings and synergy opportunities are also difficult if your telecom bills and information regarding telecom services...

Note

Telecom Expense Management (TEM) is a set of IT practices that organizations should not ignore; TEM can reduce telecom costs by 10% without affecting telecom service levels. Understand the benefits of optimizing telecom expenses and implement...

Solution Set

This solution set will help organizations understand where to focus their telecom cost reduction efforts and how to develop a practice for ongoing telecom expense management.

Template/Policy

Capturing and assembling site-by-site voice and data connectivity in a central repository will put the enterprise in the best position to review overall capacity and identify any costly exceptions. Use this template to get a start on information...

Tool

Use the Contract Management Tool to track location, status, and expiry dates of ongoing contracts. The tool provides advance warning of checkpoint dates for timely contract renewal decisions.

Template/Policy

This policy outlines the baseline behaviors required to ensure that employees, contractors and related constituents who use mobile devices to access corporate resources for business use do so in a safe, secure and responsible manner.

Video

The development of a comprehensive Security Policy allows the enterprise to define its intentions regarding IT security, as well as the manner in which employees should act to uphold that security. This video will help you understand what policy...

Solution Set

This solution set will guide you through the process of developing a policy, vetting it with the business, and getting it implemented.

Template/Policy

When acquiring information systems, following set protocols ensures that expenditures are made as wisely as possible regarding the provisioning of IT security. Without such protocols, the potential exists for purchases to be made that undermine...

Template/Policy

Security assessments are focused on determining if information system security controls are correctly implemented, operating as intended, and are producing the desired level of security. Without Security assessments, the potential exists for...

Template/Policy

Passwords are the primary form of user authentication used to grant access to information systems. To ensure that passwords provide as much security as possible they must be carefully created and used. Without strict usage guidelines, the...

Template/Policy

Data protection mechanisms allow a greater level of security for information than can be achieved with system-based protection mechanisms alone. Without data protection mechanisms, the potential exists that information assets could be exposed to...

Template/Policy

Physical access controls define who is allowed physical access to facilities that house information systems, and to the information systems within those facilities and/or the display mechanisms associated with those information systems. Without...

Template/Policy

Incident response capabilities are used for monitoring security incidents, determining the magnitude of the threat, and responding promptly. If a security incident occurs, without an incident response capability in place, the incident will go...

Template/Policy

Contingency plans are used to establish how information systems will continue to operate in the event of a catastrophic failure of the system or associated components. Without a clear contingency plan, the enterprise will not be prepared to...

Template/Policy

Configuration change control involves the systematic proposal, justification, implementation, test/evaluation, review, and disposition of changes to information systems, including upgrades and modifications. Without system change control the...

Template/Policy

System monitoring and auditing is used to determine if inappropriate actions have occurred within an information system. System monitoring is used to look for these actions in real time while system auditing looks for them after the fact....

Template/Policy

Security infrastructure allows information systems to be provided a greater level of security than can be achieved through configuration control alone by delivering enhanced security capabilities. Without dedicated infrastructure, the potential...

Template/Policy

Using pre-defined app dev principles and procedures, applications should be designed and implemented as securely as possible. Without secure app dev, the potential exists for an application component of an information system to be constructed...

Note

Following defined staffing protocols ensures that information system users understand and treat their access with appropriate care. Without these protocols the potential exists that users will have insufficient regard for the security of the...

Template/Policy

Information system accounts are the only legitimate method by which information systems may be accessed. Without active account management, the potential exists that legitimate users can use these accounts for illegitimate purposes....

Template/Policy

The use of authorization, identification and authentication controls ensures that only known users make use of information systems. Without authorization, identification and authentication controls, the potential exists that information systems...

Video

Stakeholders have varying attitudes towards IT and its initiatives. IT leaders encounter dissenters, apathetic stakeholders, helpers, and champions. Use the Stakeholder Spectrum to classify your stakeholders and develop a plan of engagement for...