Helpful Tips
Get to the information you want quicker by selecting a category name or a popular tag.

Posts Tagged ‘COBIT’

Lets consider, if you will, that there are multiple layers of Enterprise Architecture. One aspect is the business aspect. Another aspect is divisional aspect.

The basic premise of people, process, and enablement applies in either case. I would agree with the argument that organizations worldwide have lost the art of Enterprise Architecture as is obvious by the numerous structures and departments littered across the landscape of business today. Even more substantial is the structure of governmental bodies proliferating the map (i.e. take IT – 27 CIOs for one department of the US Government). Read the rest of this entry »

There are multiple ways to look at recovery time objectives (RTO – how much time we can be without) and recovery point objetives (RPO – how much we can afford to lose). If we look at it from a top (business level) down (IT level), there would be a similar concept to a simple criticality rating that may be indicated that eliminates portions of data (that support business functions) that are not “critical” and some that stays critical that would flow from the following elements:

  • Business Impact Analysis (BIA) that identifies business risk
  • Business Continuity Plan (BCP) that outlines recovery of business function (including IT as a business unit – mangement structure, procurement, etc.)
    • Recovery Point and Time Objectives for BC (Business Continuity)
  • Disaster Recovery Plan (DRP) for the recovery of technology to support the deemed critical business functions outlined in the BCP
    • Recovery Point and Time Objectives for DR (Disaster Recovery)
  • Application Matrix for coorelation between physical infrastructure with application functionality
    • Single Points of Failure for application matrix
  • Synchronization requirements for multiple data stores to eliminate corruption (i.e. different time stamps or multiple access point for shared data)

This describes how any Backup (Operational Recovery as I like to call it) system supports the business in the event of disaster and are longer due to the massive effort to focus on recovery of entire business unit(s), business location(s), and/or data center(s). One important item to note: backup / operational recovery is _not_ disaster recovery; however, every good disaster recovery plan has backup / operational recovery in it. So, this is one perspective of RTO / RPO, and it is separate from what is needed from a day to day or operational perspective. This is why I like to call it operational recovery. Read the rest of this entry »

There have been many Interesting comments discussions about Cloud Computing over the last year.  In fact, many have predicted that Cloud Computing has the same goal as Pinky and the Brain (Pinky asks Brain, “what are we going to do tonight?” The Brain answers, “The same thing we do every night, Pinky. Take over the world!”).  The issue of what is “cloud computing” is extremely relevant as every vendor in the world is trying to spin it unique to them. Ownership of assets is not necessarily what the “cloud” is about. Unfortunately, technology is required to send and receive content; thus, elimination of assets via the cloud is a mirage. Read the rest of this entry »

Deduplication is certainly a hot topic! I have seen many great discussions about deduplication in many different forums. Many of the discussions center around technical specifications.  Unfortunately, this is not a new phenomenon.  Technical specifications address the applicability of a particular product to a range of uses, sometimes broad but more often narrow in focus.  Deduplication has grown out of many different needs in the industry.  The greatest of these is cost reduction.  Cost reduction in storage, backup, network, and protection (lumping information security with data loss prevention and the like). Read the rest of this entry »

Technology is not a Plan.  Technology enables a Plan.  A Plan coordinates the people and processes that are then enabled by the technology.  A replication package only “copies” (I realize it does more than copy, but for simplification purposes that’s what we will call it) bits from one location to another one.  How do you decide what to replicate?  How do you decide whether there is corruption?  How do you handle a hardware failure on one or both of the arrays which are involved in the replication during a disaster?  Who declares disaster?  Who makes the decision to purchase an array, if necessary?  How do you communicate between team members if cell phones and land lines are down?  Where do you go to connect if the normal location is inaccessible (blocked off by police, etc.)? Read the rest of this entry »

What ROI does the CIO provide the business?  What is the next step for the CIO?  What is the evolutionary development path for IT?  All of these are daunting questions to which many have opinions and thoughts.  So, let me give my two cents.  Business and IT Alignment is necessary.  The CIO must play a significant role in this, not to mention develop beyond the role that he/she has been fulfilling for the last few decades within business and organizational constructs. In so doing, the elements of risk management, due diligence, and efficiency reverberate throughout most of the comments and thoughts that are going through your head at this very instant.  Not to mention the ironic and funny coincidence that a Chief Information Officer and a Chief Investment Officer both share the same acronym and, albeit abstract, similar function. Read the rest of this entry »

All too often, organizations that do have Business Continuity Plans (BCP) in place rarely test them.  Those that do, go through a typical tabletop exercise.  Organizations that have Disaster Recovery Plans (DRP) generally test them, but why?  I ask why because it has been my experience that the “tests” are an exercise in futility.  I say futility because they are tests to satisfy an audit that prove very little. Read the rest of this entry »

Read the rest of this entry »

Investors’ confidence in corporate America has been shaken to the core, affecting the culture in which we live at the most basic level— for we are all investors in one way or another. Regulations governing information policy, process, and recovery are continuing to litter the radar screen of business strategy. It may be a leap of faith to see the correlation between regulations, whether civil or criminal; however, it is not as clear when comparing human resources issues and corporate governance issues. However, it will become clear that the correlation lies in the approaches organizations must take to comply with and survive an audit of human resources issues such as Equal Employment Opportunity and corporate governance issues such as Sarbanes- Oxley. Read the rest of this entry »

Solving the incident / problem management quandary has many different perspectives. Education, automation, and knowledge management continue to bubble to the top as elements to resolve the number of incidents; however, the chain to resolution must be analyzed. This chain is not simply looking at what resolved that particular incident and problem. There must be a completion or recognition of the same ground covered so that the fundamental flaw of IT does not appear (http://blog.engagedconsulting.com/?p234).

Read the rest of this entry »

Close
loading...