Equipment Application and Disposition Policy

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理)

EXECUTIVE Summary:

This document is to describe the policy and process involved in the requisition, review and approval of the computer and related accessories, and to describe the process on the disposition of obsolete and damage computer/accessories, especially, disposition of hard disk that was removed from computer or server, with an objective to make sure that business information are not released to public unintentionally. Read More

Security Awareness for email & Internet usage

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged ,

General Rules of using email from Corp IT policy:

l  There should be a clear business objective and need to send a mass mail.

l  The target group should be carefully selected so that the mail is relevant to all or most of the people receiving it.

l  Don’t spend spam: such as advertising or anything that can be considered as junk mail. Read More

Problem Management

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理) Tagged

1           Scope

Problem Management describes all of the actions of the Problem Manager of the ICT-department of Company and of all operations and proceedings arising from these activities and all of the persons he has assigned to perform in relation to these actions in order to prevent downtime of services in the IT-infrastructure of Company Headquarters.

This procedure is valid for the whole Company ICT organization and applies from the moment of the analyzing Incidents until the moment the Problem is closed. Read More

ICT Service Document

by Posted in 1. IT Service Mgt (服務管理), 1.1 IT Strategic and Service (策略及服務) Tagged

EXECUTIVE Summary: The primary objective of the APR-ICT Service is to support the ICT operation in Company office. In additional, APR-ICT will monitor the ICT operations in other branch offices within Asia Pacific, while the local-site ICT Staff (or delegated Staff) in each APR office is response to manage their routine ICT operation as well as their local out-source service. Global-ICT acts as a competency center to provide directive and also assist the operation in other regions. For the ERP Support model, APR-ICT will act as the first line support of any trouble shooting or software change request within APR region; those requests will be escalated to 2nd line support (i.e. Global-ICT or Consultancy Company) if necessary. Read More

Password Cracking Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1      Introduction

1.1    Overview

Passwords are used in almost every interaction between users and information systems. Most forms of user authentication, as well as file and data protection, rely on user-supplied passwords. Since properly authenticated access is often not logged, or even if logged not likely to arouse suspicion, a compromised password is an opportunity to explore a system from the inside virtually undetected. As attacker would have complete access to any resources available to that user, and would be significantly closer to being able to access other accounts, nearby machines, and perhaps even administrative privileges. Despite this threat, accounts with bad or empty passwords remain extremely common and organizations with good password policy far too rare. The most common password vulnerabilities are that (a) user accounts have weak or non-existing passwords, (b) regardless of the strength of their passwords, users fail to protect it, and (c) the operating system or additional software creates administrative accounts with weak or non-existing passwords. Read More