Author: admini

Mark Nadeau, director of CRM, explains that APC’s culture is geared toward avoiding failure because its business is selling uninterruptible power supplies. Uninterruptible customer satisfaction–that’s a business every company should be in.

You know customer impact is critical to your company’s strategy, but how do you get there? Force the IT department to take on high-impact projects. Vanguard plots each IT project in one of nine boxes on a grid, with low, medium, and high ratings for client impact and operational impact, meaning increased revenue or lower cost.

Heller sets a goal for what percentage of spending falls in each box and gets a warning on his dashboard if he’s not spending on projects with high client impact.

Knowing that, CIO Catherine Boivie can make a business case to expand the e-claims system by comparing the costs for a system upgrade with the personnel costs for handling claims manually.

EMC wanted to see what effect near-shore contractors would have on an internal project to deploy Automatic Data Processing’s general ledger applications at the company’s offices in Brazil. “The knowledge of local needs, challenges, obstacles are key to the overall success of territory-specific projects,” he says. The lessons learned there are helping determine the mix of in-house and outsourced staffers for other IT initiatives.

Avnet business unit and IT managers jointly prioritize IT projects based on how quickly they can save money or deliver value to the company.

Stuart Madnick, a professor of IT at MIT’s Sloan School of Management, and associates are developing a methodology that compares IT security measures taken by an organization and the perception that employees and managers have of the current state of security. One survey showed a gap of 0.78 on people’s awareness of good security practices and a gap of 1.08 on whether they followed those practices.

Before implementing CMMI, the interface development team’s performance in meeting the model’s best practices was inconsistent. This is a critical issue for Vanguard Group, since the mutual fund company does about 80% of its interactions over the Web. So when it adds a feature, Vanguard tracks how many people start using the feature, how many get through the process, and how many drop out and where.

At Global Crossing, IT staff now accompany salespeople when meeting with customers and prospects. The rationale is that no one is better prepared to explain the company’s IP-based services than the IT experts who are responsible for managing its network. And CIO Dan Wagner isn’t making this some high-minded, fuzzy goal. The tally after the first three quarters of the year: Developers have attended 175 sales calls; operations people, 125 sales calls; and security staffers, 75 sales calls. Global Crossing CIO Wagner calls the new stuff “strategic software development”; Hewlett-Packard CIO Randy Mott refers to it as innovation.

http://www.informationweek.com/shared/printableArticle.jhtml?articleID=193401034

Sarbanes-Oxley, Section 404, requires public companies to annually assess and report on the effectiveness of internal controls over financial reporting. A component of risk management is information technology (IT) risk management and should be part of any IT security program. Every organization, no matter whether private or public, has a mission. For example, if your organization’s mission is to become one of the nation’s (or county’s or state’s) largest financial holdings companies, and you offer services such as commercial and retail banking, mortgage financing and servicing, consumer finance and asset management, then what are you going to protect and how are you going to protect it?

Requests for information arising from internal or external IT auditors are normally fielded by the IT and Security departments. In one particular audit I experienced while working for a financial firm, there was an IT audit finding due to the existence of numerous Domain Admins (everyone in IT had made himself or herself a Domain Admin and Domain Admins have total access to everything on a Windows network).

There are some basic risk management concepts that need to be ingrained into the technology manager’s mind before developing applications, and before deploying applications and technology. For starters, IT managers can look to the National Institute of Standards and Technology for some guidance. NIST Special Publication 800-30, published in July 2002, entitled Risk Management Guide for Information Technology Systems is a good place to start. It is free and does a decent job of explaining the basic concepts and providing a risk management methodology.

For example, “Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization”, is the opening definition of risk.

With management support and IT’s commitment to work through this, you can perform an internal IT risk assessment with some success yourself.

http://www.bankinfosecurity.com/articles.php?art_id=166&PHPSESSID=ceea138966d3138528becabe0eb4b292