Windows and UNIX Security Configuration and Patch Update Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作)

1.        Purpose

Ensuring the continuity of systems that are responsible for hosting the company’s business applications is regarded as of vital importance to our sustained competitiveness. Not only should these systems be protected against the obvious external threats, such as viruses and hackers, they should also be secured against potential, and possibly more dangerous internal “threats”. The rule is that employees should never have more privileges than is necessary for their functions. This issue can be addressed by proper configuration of the systems. Configuration of systems, however, only provides a basic security level. Adapting to the dynamic IT environment requires continuous updating through service packs, hotfixes, and security patches. Figure 1. illustrates this concept. Read More

Server Room Security Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作)

1.        Purpose

Many large enterprises employ numerous servers to support their needs. These servers, hosting a business’ most critical applications, are often physically stored at one single location within the enterprise. This concept, commonly referred to as a server farm, provides the benefits of centralized control and management. Nevertheless, this approach has its inherent weaknesses as a collection of servers are more vulnerable to physical damage than distributed servers. This issue, however, can be properly addressed by appropriate security measures. The Company IT’s Server Room Security Procedure addresses the issue and provides policy guidelines necessary to sustain server operations. Read More

FILE SERVER PROCEDURE

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理)

1.        Purpose

Information systems generate large amounts of data that require storage and protection. In the case of single systems (e.g. a single desktop computer), this data is commonly stored on internal storage devices, often a harddrive. Larger and more complex systems, however, require dedicated storage provided by file servers. By centralizing the point of storage, file servers enhance the management, control, and backup of corporate data. The company’s File Server Procedure provides a guideline to IT staff on managing these file servers. Moreover, it offers employees and departments a clarification of file server policy and procedures. Read More

IT HELPDESK PROCEDURE

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理) Tagged , ,

1.        Purpose

Company, like many other companies nowadays, depend to a great extent on information technology in conducting its daily operations. Users are expected to interact with increasingly complex information systems and applications, requiring not only more intensive training, but also more efficient and effective support from dedicated staff should problems arise. Company’s IT Helpdesk Procedure provides transparency in the processing of these IT related problems. From a user perspective, IT ensures that users will receive effective and professional support from IT staff. From the IT helpdesk perspective, this procedure provides a solid guideline for a professional approach to solving problems of users. Read More

Visitor IT Security Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作)

1.        Purpose

Visitors to the Company carrying IT equipment pose a serious threat to the security of our IT systems. Commonly, the equipment in question are laptops, and we will use the term laptops instead. Without proper control, a visitor with a laptop can connect to the network and infect the system with viruses or malicious programs (e.g. Trojans), either on purpose or unintentionally. The Visitor IT Security Procedure is designed with the purpose of preventing and covering such cases, should they occur. Read More

Vulnerability Scanning and Correction Procedure

by Posted in 2. IT Security (資訊保安), 2.2 IT Security Operation (保安操作) Tagged

1.        Purpose

The development of Internet technology has originated a surge of new application solutions to improve business practices in corporations. This technology has allowed companies to be more competitive on a global scale and changed the way people do business.However, as businesses worldwide place increasing reliance on interconnected systems and electronic data, the risks of fraud, inappropriate disclosure of sensitive data, and disruption of critical operations and services increase. The same factors that benefit business operations also make it possible for individuals and organizations to inexpensively interfere with or eavesdrop on these operations from remote locations for purposes of fraud or sabotage, or other mischievous or malicious purposes.

Evidently, security and privacy protection are key issues for companies nowadays. Maintaining security and privacy requires corporate planning, training, implementing controls properly, monitoring the effectiveness of controls and taking necessary corrective action. Read More

NETWORK DEVICE CONFIGURATION PROCEDURE

by Posted in 1. IT Service Mgt (服務管理), 1.2 IT Operation (運作管理) Tagged

1.        Purpose

The company Network Device Configuration Procedure aims at establishing a standard guideline for network administrators in managing network devices. More specifically, this procedure provides a step-by-step guide to (1) configuring a network device, (2) Installing a new security patch (i.e. firmware upgrade) on a network device, and (3) monitoring (malicious) network activity. Read More

IT Strategies and Roadmaps Document

by Posted in 1. IT Service Mgt (服務管理), 1.1 IT Strategic and Service (策略及服務)

1.        Introduction

Strategies and roadmaps direct involved people towards their longer-term goals and business objectives. The purpose of this IT Strategy and Roadmap document is to achieve just this; to ensure that members of the IT organization head towards clearly defined business goals, through shared vision and approach. A necessary common vision (or rather the lack of it) has been highlighted in several feedback sessions and team meetings. The importance of this document for the IT organization should therefore not underestimated. Chapter two and three specify the scope and owner of this document, respectively. Chapter four elaborates the strategic direction currently applicable to our organization, in which compliance with PD directives is emphasized. Chapter five explains the current application portfolio and highlights changes and trends. Chapter six and seven elaborate automation, information, and project plans. Chapter eight provides an overview of our IT organization. Chapter nine shows our current resource situation with special emphasis on the resource constraints. Chapter ten highlights the plan of training and “upgrading” current employees in order to achieve our business objectives. Chapter eleven, lastly, provides an overview of operational policies and guidelines for our IT organization.  Read More

Blueprint Document for implementation of SAP Project

by Posted in 3. IT Application (應用軟件), 3.1 ERP System (資源管理) Tagged

1      Management summary

The purpose of the business blueprint document is to present the results, findings and conclusions of the blueprint finalization phase of the SAP project. This document consists of:

  • The business process requirements of Company within the scope of SAP;
  • The specification for the SAP system to support these target business processes;
  • The detailed work-plan to design the SAP system and business processes.

SAP poject phase overview:

Setup and Scoping –> Blueprint  –> Core System –> Core System –> Implementation
Scoping                        finalization      realization           construction Read More

Information Security Plan

by Posted in 2. IT Security (資訊保安), 2.1 IT Security Requirement (保安要求) Tagged

1           Introduction

1.1             General

To realize the business strategy plan of Company, ICT will play, as enabler, an important role. As described hereafter ICT will contribute in the primary, secondary and managed operations processes by enabling global connectivity, integration of business systems and standardization of business processes. The changing business processes will have consequences for the ICT environment. The ICT programdescribes the steps, which are needed to support the business processes as they are being developed in the years to come. In this information plan an overview is given of the expected business processes and the required information architecture in a global environment. It is obvious that changes in the business strategy of Company will have to be reflected in this information plan. Read More