All about IT Governance

The following are best management for release management:

a. Horizontal changes (including network, security changes) needs due diligence before changes are made

b. High-risk changes are to be planned well and preferably deployed in phases with the business owners on the phone or conference room

c. Communication is key - Release management has to ensure that the impacted departments are communicated well before the release.

Lastly, d. After the release is complete, the business or impacted users should know the release is completed and the necessary internal portal or database is updated with the new information - without which team members with previlege access may un-intentionally roll back the changes performed.

IT Forensics tools today can be categorized into Data gathering and data analysis.

 The data gathering tools runs a monitor on the subject machine and gathers the necessary information - typically a mdf or pst file in windows environment.

The data analysis tools are evolving and would depend on the legal objective - if the objective is a simple source code search or keywords, it is quite easy. However, if you are looking for photographs or audio or video, it is complex - luckily, most of the legal needs today are ‘text’ based lookups.

One of the key areas where the tools offer an extra hand is: they record the system name and date which are very important to prove it in a court of law.

IT Forensics is typically requested by legal department to investigate and record the digital traces of a corporate property - typically Desktop or a laptop.

Top 2 concerns of IT forensics is to record the supporting evidences untampered and present strong evidence in a court of law.  What do we mean by this? Read on.

There are two portions of IT forensics - Data collection and data analysis. Data collection, as said above has to be tamper-proof and should be detailed including screenshots with  dates and system names that connects to a subject under verification if necessary.

Data analysis has to be very supportive of the argument and cannot include ‘trends’ or ‘industry best-practices’ - it should clearly indicate the information from the data gathered and should be able to reperform the data analysis for the most part.

If data gathering and data analysis is produced accurately and timely, the data can be produced in a court of law without hesitation.

Yes. These are heavily loaded wordings here. For continuous operational needs, you would computing and storage. However, by virualizing these environments, your operations or engineering would benefit from being more scalable, experience higher availability with less hurdles from hardware aging as you can add or deplete storage or processing power without necessarily experiencing an outage.

Specifically, Computing Virtualization (CoV)  enables you to continue to offer the computing needs while the ‘underneath’  hardware is selectively modified without experiencing outage.  The CoV can be compared to a mobile home. You can always drive to a mobile park and use the services of the park. If the service offered is limited, you can drive away to another mobile park.

The StoV (Storage virtualization) is about virtualizing the storage to unleash the dependence on ‘absolute’ locators or paths.  In other words, your mobile home (as a storage of your stuff) can be made mobile and can be moved to another area for a larger space. One of the key advantages of StoV, as seen in some of the products including those from NetApp is, Cloning. To give you an example, a SAP IT house can quickly clone their environments into 3 environments - Development, Staging and Production. They can now have the business owners test and confirm the changes are ok.

Bottomline, you would need both StoV and CoV. Go Virtualization!