SlideShare a Scribd company logo

The Information Office

Mahesh Patwardhan
Mahesh Patwardhan

A presentation on the functioning of an Information Systems Department whose functions include Compliance, Control, Systems & Processes.

Technology
1 of 29
The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant
Organization, roles and responsibilities
Organization
Responsibilities The main functions of the Information Office are:  Establishment of Compliance Office and IS0  ITGC Implementation – SOX  Standardized MIS – Cubot  Realtime Web Analytics – Omniture  Revenue Recognition Systems – ART  Workflow Systems – (AdSales ACA)  RDS – Automated Deployment System  BDMT – Batch Deployment and Monitoring  Realtime Web Analytics/Reporting – RWA/R  Integrated WFS-Campaign Control – WFS-CC  Sales Force Automation (Salesforce.com)  Integrated P4C-DSA Sales Automation (Salesforce.com)  Marketing Automation (Talisma Marketing)  Access-Control Automation  HelpDesk System
Objectives  To move from a state of low/no control to a SOX and ITGC Compliant organization • Low/No Control - ITGC • SOX 404 - GCC • Policies • Procedures • Systems • Reviews • Audits • Internal Control Framework • Internal Testing and attestation • To move from a manual processes organization to a automated, process oriented, systemic organization
Objectives  • Email/phone support - Talisma CS • DB Query Shopper List - Talisma Mktg Automation • MIS:8080/AdHoc Reports à Cubots • WebTrends - Omniture • WebTrends - Realtime Web Analytics • Sales Leads (notepad) - SFA • Contract email approvals - WFS • Manual Campaign Schedule - WFS-CC • Excel Sheet Rev. Rec - ART • Manual Entry in SunSystems - ART-SunSys Integration • Everybody deploys (uploads) - CMR/RDS • End-user alerts on batch jobs - BDMT • Manual Access-Control - Access Control System • Informal Bug reporting - HelpDesk System
Roles  As Chief Compliance Officer  Manage the Compliance Office and Implement ITGC  Own all Policies and Procedures  Manage Reviews  Logical Access Reviews  Segregation of Duties Reviews  Infrastructure Reviews  Data Center and Network Security Review  Internal Audit Schedule
Roles  As Chief Information Security Officer  Manage the Information Security Organization  Own Risk and Control Matrix  Conduct Risk Assessment and Planning  Security and Access Control  Conduct Security Audits / Reviews
Roles  As Director – Information Systems  Identify which applications create the most value for the business and build and deliver them – on time and budget.  Roadmap and manage lifecycle  Direction, Planning, Reviews  Systems Implementation  Ensure compliance in all implementations  Manage Partner Relationships  Develop Partners
Compliance and control
Responsibilities  The Compliance and Control Office is responsible for the following:  Information Security  Access Control  Change Management  Systems, Network and Data Security Reviews and Audits o ITGC - Policy & Control  Maintain Policy & Control Documentation  Policies  IT Security Policy  Access Control Policy  IT AUP  Data Backup/Restore Policy  Change Management Policy  Control Documents  Application Authorization Matrix  Batch Jobs Document  End-User Computing Traceability Matrix  Computing Resources Authorization Matrix  Conduct Risk Assessment  Maintain Control / Risk Matrix  Communications and Monitoring
Internal Control Framework  The Internal Control Framework shows the controlling processes and procedures used to achieve compliance and control in the organization.
Information Security  Information Security Office  The information security office is responsible for  implementing the security policies  conducting information security meetings  conducting security and access control reviews  communicating security policies  conducting security awareness sessions in the organization  defining processes for and reviewing the monitoring of system, network and data security implementations,  conducting internal security audits on a periodic basis.
…Information Security  Chief Information Security Officer  Responsibilities are:  Implement Policies  Information Security Policy  Access Control Policy  Backup/Restoration Policy  Conduct Information Security Office Meetings  All meetings to be recorded (MOM)  Conduct Reviews  Security, Access Control, AUP, B&R, DR Policy  Record all Policy Reviews (MOM)  Policies to be updated and approved  Updates to policies to be logged  Publish a review schedule
…Information Security  Communication  Information Security Policy and Access Control Policy updates to all employees periodically.  HR Training calendar for Security and Appropriate Usage sessions.  Conduct Security Awareness and Appropriate Sessions for new joinees.  Monitoring  Review of System Exception Logs, Unauthorized Logins, Authorized Users lists  All Reviews to be logged and the review reports with findings signed off on.  Action taken report to be reviewed and signed off-on.  Publish a review schedule.
…Information Security  Define  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Review  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Backup/Restoration/Recovery Testing Log Sheet  Monthly Tape-To-Bank Log Sheet  All reviews to be recorded (MOM)  Publish a review schedule.
Access Control  Centralized Access Control – Systems  Ad Server  Sun Systems  Cubots  ART  ACA  Omniture  SFA  Talisma  OTS / MIS:8080 / Vendors  Domain  Email  Review – All authorized requests for addition/deletion – Application Authorization Matrix maintenance – All authorized requests for root and privileged access – Server Access Authorization Matrix maintenance – Reviews to be recorded (MOM)
…Access Control  User Management of defined servers  All authorized requests for addition/deletion to be maintained  Application Authorization Matrix maintenance  All authorized requests for root and privileged access to be filed and maintained  User Management of defined servers not in scope (owned by NOC)  Server Access Authorization Matrix maintenance  Access logs, Authorized Requests and Authorization Matrix to be reviewed periodically  Owner: Manager – Process & Control  Centralized Access Control – Systems  Ad Server, Sun Systems, Cubots, ART / WFS  OTS / MIS:8080 / Vendors  Domain / Email
Change Management  Periodic Review of  Change Management Process.  Change Requests submitted.  Change Request Approvals  Pending deployments  Conducting periodic Review Meetings and documenting the findings of the review  Reviewing Reports with recommendations for re-mediation submitted and approving the recommendations.  Ensuring that the approved recommendations are carried out.  Reviewing the re-mediation carried out, approving and signing off on the same.
Policy Management  Policy Reviews and Updates  Schedule for ISC and Policy Reviews  Conduct Reviews, report submission.  Report Approvals, Policy updated and approved.
systems
Systems
Business Productivity Systems  Revenue Reconciliation and Settlement Systems  Ad Sales Contract and Credit Approval System  ART – AdSales / ECom / Mobile / Subs  Common Accounts Manager  Business Analytics Systems  Realtime Web Analytics System
Change Management & Access Control Systems  Applications Deployment System (RDS)  Batch Deployment & Monitoring System (BDMT)  Access Control System  Help Desk/Problem Management System
Partner Relations
Partner Relationship Management  Partner Evaluation  To evaluate partners for consultancy, software development or solution implementation.  Partner Acquisition  Negotiation with the shortlisted partners and completing the NDA and the Agreements.  Relationship Management  Managing the relationship so as to derive the maximum benefit and ensure that the projects are delivered on budget and on schedule.
Project Management  Ensure Project Delivery by managing various stages of the delivery  Planning  Execution  Review  Acceptance Test  Change Management  Project Management Methodology  SDLC – Project Plan / RA / FS / SD / UAT  Change Management  SCR / CMR / CVS / RDS
…Project Management  Project Documentation  RS / FS / DD / UAT / User Guide  Implementation & Ops Manual  Customer Management  Requirement Analysis / Change Request Process  Acceptance on RA/FS  UAT  Training and Support
The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant

Recommended

Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006
guest879489
 
FCAPS from an ITIL perspective
FCAPS from an ITIL perspective FCAPS from an ITIL perspective
FCAPS from an ITIL perspective
ManageEngine
 
FAA ITSS OVERVIEW
FAA ITSS OVERVIEWFAA ITSS OVERVIEW
FAA ITSS OVERVIEW
sushil allagh
 
How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]
akquinet enterprise solutions GmbH
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
Barun Kumar
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
hkodali
 
Advanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of IIIAdvanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of III
NextLabs, Inc.
 

Recommended

Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006
guest879489
 
FCAPS from an ITIL perspective
FCAPS from an ITIL perspective FCAPS from an ITIL perspective
FCAPS from an ITIL perspective
ManageEngine
 
FAA ITSS OVERVIEW
FAA ITSS OVERVIEWFAA ITSS OVERVIEW
FAA ITSS OVERVIEW
sushil allagh
 
How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]
akquinet enterprise solutions GmbH
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
Barun Kumar
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
hkodali
 
Advanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of IIIAdvanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of III
NextLabs, Inc.
 
Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013
Bindu Rathore
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
Muhammad Azmy
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
James W. De Rienzo
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentation
pwal
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed Services
Cyril Simonnet
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed Services
Cyril Simonnet
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
jayussuryawan
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
hkodali
 
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIIAdvanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of III
NextLabs, Inc.
 
Mso noc presentation
Mso noc presentationMso noc presentation
Mso noc presentation
Graeme Spice
 
Magic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareMagic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management Software
NetApp
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
Engica Q4 CMMS brochure
Engica Q4 CMMS brochureEngica Q4 CMMS brochure
Engica Q4 CMMS brochure
Engica Technology Systems International
 
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
NextLabs, Inc.
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017
Jane Jones
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
akquinet enterprise solutions GmbH
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
Smart ERP Solutions, Inc.
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
akquinet enterprise solutions GmbH
 
MSTS - Management Security Technology Suite
MSTS - Management Security Technology SuiteMSTS - Management Security Technology Suite
MSTS - Management Security Technology Suite
viktor_bezhenar
 
home-office-correspondence-tracking
home-office-correspondence-trackinghome-office-correspondence-tracking
home-office-correspondence-tracking
Michelle Jennings
 
Office Forms & Their Purpose
Office Forms & Their PurposeOffice Forms & Their Purpose
Office Forms & Their Purpose
guest551f0e
 

More Related Content

What's hot

Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013
Bindu Rathore
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
hkodali
 
Mso noc presentation
Mso noc presentationMso noc presentation
Mso noc presentation
Graeme Spice
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
akquinet enterprise solutions GmbH
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
akquinet enterprise solutions GmbH
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
akquinet enterprise solutions GmbH
 

What's hot (20)

Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentation
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed Services
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed Services
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIIAdvanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of III
 
Mso noc presentation
Mso noc presentationMso noc presentation
Mso noc presentation
 
Magic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareMagic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management Software
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
 
Engica Q4 CMMS brochure
Engica Q4 CMMS brochureEngica Q4 CMMS brochure
Engica Q4 CMMS brochure
 
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
 
MSTS - Management Security Technology Suite
MSTS - Management Security Technology SuiteMSTS - Management Security Technology Suite
MSTS - Management Security Technology Suite
 

Viewers also liked

home-office-correspondence-tracking
home-office-correspondence-trackinghome-office-correspondence-tracking
home-office-correspondence-tracking
Michelle Jennings
 
Forms of communication
Forms of communicationForms of communication
Forms of communication
Shahid Ali
 
Administrative office management (aom)
Administrative office management (aom)Administrative office management (aom)
Administrative office management (aom)
Edz Gapuz
 

Viewers also liked (9)

home-office-correspondence-tracking
home-office-correspondence-trackinghome-office-correspondence-tracking
home-office-correspondence-tracking
 
Office Forms & Their Purpose
Office Forms & Their PurposeOffice Forms & Their Purpose
Office Forms & Their Purpose
 
Basic principles in Business Correspondence
Basic principles in Business CorrespondenceBasic principles in Business Correspondence
Basic principles in Business Correspondence
 
Business Etiquette..
Business Etiquette..Business Etiquette..
Business Etiquette..
 
Writing Effective Business Correspondence
Writing Effective Business Correspondence Writing Effective Business Correspondence
Writing Effective Business Correspondence
 
Forms of communication
Forms of communicationForms of communication
Forms of communication
 
Business correspondence
Business correspondenceBusiness correspondence
Business correspondence
 
Administrative office management (aom)
Administrative office management (aom)Administrative office management (aom)
Administrative office management (aom)
 
Business Correspondence
Business CorrespondenceBusiness Correspondence
Business Correspondence
 

Similar to The Information Office

How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
mbmobile
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
guest879489
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
guest879489
 

Similar to The Information Office (20)

How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
 
Security audit
Security auditSecurity audit
Security audit
 
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
ICAB - ITA Chapter 5 class 7-8 - Controls and StandardsICAB - ITA Chapter 5 class 7-8 - Controls and Standards
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
GLOPORE IMS RIMS Presentation
GLOPORE IMS RIMS PresentationGLOPORE IMS RIMS Presentation
GLOPORE IMS RIMS Presentation
 
Layer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementLayer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy Enforcement
 
Change Management - ITIL
Change Management - ITILChange Management - ITIL
Change Management - ITIL
 
Motadata ITSM DCMS
Motadata ITSM DCMSMotadata ITSM DCMS
Motadata ITSM DCMS
 
Solusi Helpdesk ITSM dengan Motadata ITSM
Solusi Helpdesk ITSM dengan Motadata ITSMSolusi Helpdesk ITSM dengan Motadata ITSM
Solusi Helpdesk ITSM dengan Motadata ITSM
 
ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
 
Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Framework
 
ITSS OVERVIEW
ITSS OVERVIEWITSS OVERVIEW
ITSS OVERVIEW
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
Cisa domain 4
Cisa domain 4Cisa domain 4
Cisa domain 4
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
 
Introduction to ITIL v3 Foundation exam
Introduction to ITIL v3 Foundation examIntroduction to ITIL v3 Foundation exam
Introduction to ITIL v3 Foundation exam
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 

More from Mahesh Patwardhan

Social Media in Sports - some Case Studies
Social Media in Sports - some Case StudiesSocial Media in Sports - some Case Studies
Social Media in Sports - some Case Studies
Mahesh Patwardhan
 

More from Mahesh Patwardhan (16)

IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
Model Information Office
Model Information OfficeModel Information Office
Model Information Office
 
Digital Landscape
Digital LandscapeDigital Landscape
Digital Landscape
 
Social Media Publishing & Aggregation
Social Media Publishing & AggregationSocial Media Publishing & Aggregation
Social Media Publishing & Aggregation
 
Social Media Metrics
Social Media MetricsSocial Media Metrics
Social Media Metrics
 
Social Media For A Sporting Event
Social Media For A Sporting EventSocial Media For A Sporting Event
Social Media For A Sporting Event
 
A Real Time Web Analytics System
A Real Time Web Analytics SystemA Real Time Web Analytics System
A Real Time Web Analytics System
 
Revenue Reconciliation System
Revenue Reconciliation SystemRevenue Reconciliation System
Revenue Reconciliation System
 
Business Analytics System
Business Analytics SystemBusiness Analytics System
Business Analytics System
 
Concept for a Facebook App for a Mexican Restaurant
Concept for a Facebook App for a Mexican RestaurantConcept for a Facebook App for a Mexican Restaurant
Concept for a Facebook App for a Mexican Restaurant
 
A concept for a facebook app
A concept for a facebook appA concept for a facebook app
A concept for a facebook app
 
Digital And New Media Strategy using Web 2.0
Digital And New Media Strategy using Web 2.0Digital And New Media Strategy using Web 2.0
Digital And New Media Strategy using Web 2.0
 
Digital And New Media Consultancy Services
Digital And New Media Consultancy ServicesDigital And New Media Consultancy Services
Digital And New Media Consultancy Services
 
Lets Build A Story
Lets Build A StoryLets Build A Story
Lets Build A Story
 
Social Media in Sports - some Case Studies
Social Media in Sports - some Case StudiesSocial Media in Sports - some Case Studies
Social Media in Sports - some Case Studies
 
Social Media - some case studies
Social Media - some case studiesSocial Media - some case studies
Social Media - some case studies
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

The Information Office

  • 1. The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant
  • 2. Organization, roles and responsibilities
  • 4. Responsibilities The main functions of the Information Office are:  Establishment of Compliance Office and IS0  ITGC Implementation – SOX  Standardized MIS – Cubot  Realtime Web Analytics – Omniture  Revenue Recognition Systems – ART  Workflow Systems – (AdSales ACA)  RDS – Automated Deployment System  BDMT – Batch Deployment and Monitoring  Realtime Web Analytics/Reporting – RWA/R  Integrated WFS-Campaign Control – WFS-CC  Sales Force Automation (Salesforce.com)  Integrated P4C-DSA Sales Automation (Salesforce.com)  Marketing Automation (Talisma Marketing)  Access-Control Automation  HelpDesk System
  • 5. Objectives  To move from a state of low/no control to a SOX and ITGC Compliant organization • Low/No Control - ITGC • SOX 404 - GCC • Policies • Procedures • Systems • Reviews • Audits • Internal Control Framework • Internal Testing and attestation • To move from a manual processes organization to a automated, process oriented, systemic organization
  • 6. Objectives  • Email/phone support - Talisma CS • DB Query Shopper List - Talisma Mktg Automation • MIS:8080/AdHoc Reports à Cubots • WebTrends - Omniture • WebTrends - Realtime Web Analytics • Sales Leads (notepad) - SFA • Contract email approvals - WFS • Manual Campaign Schedule - WFS-CC • Excel Sheet Rev. Rec - ART • Manual Entry in SunSystems - ART-SunSys Integration • Everybody deploys (uploads) - CMR/RDS • End-user alerts on batch jobs - BDMT • Manual Access-Control - Access Control System • Informal Bug reporting - HelpDesk System
  • 7. Roles  As Chief Compliance Officer  Manage the Compliance Office and Implement ITGC  Own all Policies and Procedures  Manage Reviews  Logical Access Reviews  Segregation of Duties Reviews  Infrastructure Reviews  Data Center and Network Security Review  Internal Audit Schedule
  • 8. Roles  As Chief Information Security Officer  Manage the Information Security Organization  Own Risk and Control Matrix  Conduct Risk Assessment and Planning  Security and Access Control  Conduct Security Audits / Reviews
  • 9. Roles  As Director – Information Systems  Identify which applications create the most value for the business and build and deliver them – on time and budget.  Roadmap and manage lifecycle  Direction, Planning, Reviews  Systems Implementation  Ensure compliance in all implementations  Manage Partner Relationships  Develop Partners
  • 11. Responsibilities  The Compliance and Control Office is responsible for the following:  Information Security  Access Control  Change Management  Systems, Network and Data Security Reviews and Audits o ITGC - Policy & Control  Maintain Policy & Control Documentation  Policies  IT Security Policy  Access Control Policy  IT AUP  Data Backup/Restore Policy  Change Management Policy  Control Documents  Application Authorization Matrix  Batch Jobs Document  End-User Computing Traceability Matrix  Computing Resources Authorization Matrix  Conduct Risk Assessment  Maintain Control / Risk Matrix  Communications and Monitoring
  • 12. Internal Control Framework  The Internal Control Framework shows the controlling processes and procedures used to achieve compliance and control in the organization.
  • 13. Information Security  Information Security Office  The information security office is responsible for  implementing the security policies  conducting information security meetings  conducting security and access control reviews  communicating security policies  conducting security awareness sessions in the organization  defining processes for and reviewing the monitoring of system, network and data security implementations,  conducting internal security audits on a periodic basis.
  • 14. …Information Security  Chief Information Security Officer  Responsibilities are:  Implement Policies  Information Security Policy  Access Control Policy  Backup/Restoration Policy  Conduct Information Security Office Meetings  All meetings to be recorded (MOM)  Conduct Reviews  Security, Access Control, AUP, B&R, DR Policy  Record all Policy Reviews (MOM)  Policies to be updated and approved  Updates to policies to be logged  Publish a review schedule
  • 15. …Information Security  Communication  Information Security Policy and Access Control Policy updates to all employees periodically.  HR Training calendar for Security and Appropriate Usage sessions.  Conduct Security Awareness and Appropriate Sessions for new joinees.  Monitoring  Review of System Exception Logs, Unauthorized Logins, Authorized Users lists  All Reviews to be logged and the review reports with findings signed off on.  Action taken report to be reviewed and signed off-on.  Publish a review schedule.
  • 16. …Information Security  Define  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Review  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Backup/Restoration/Recovery Testing Log Sheet  Monthly Tape-To-Bank Log Sheet  All reviews to be recorded (MOM)  Publish a review schedule.
  • 17. Access Control  Centralized Access Control – Systems  Ad Server  Sun Systems  Cubots  ART  ACA  Omniture  SFA  Talisma  OTS / MIS:8080 / Vendors  Domain  Email  Review – All authorized requests for addition/deletion – Application Authorization Matrix maintenance – All authorized requests for root and privileged access – Server Access Authorization Matrix maintenance – Reviews to be recorded (MOM)
  • 18. …Access Control  User Management of defined servers  All authorized requests for addition/deletion to be maintained  Application Authorization Matrix maintenance  All authorized requests for root and privileged access to be filed and maintained  User Management of defined servers not in scope (owned by NOC)  Server Access Authorization Matrix maintenance  Access logs, Authorized Requests and Authorization Matrix to be reviewed periodically  Owner: Manager – Process & Control  Centralized Access Control – Systems  Ad Server, Sun Systems, Cubots, ART / WFS  OTS / MIS:8080 / Vendors  Domain / Email
  • 19. Change Management  Periodic Review of  Change Management Process.  Change Requests submitted.  Change Request Approvals  Pending deployments  Conducting periodic Review Meetings and documenting the findings of the review  Reviewing Reports with recommendations for re-mediation submitted and approving the recommendations.  Ensuring that the approved recommendations are carried out.  Reviewing the re-mediation carried out, approving and signing off on the same.
  • 20. Policy Management  Policy Reviews and Updates  Schedule for ISC and Policy Reviews  Conduct Reviews, report submission.  Report Approvals, Policy updated and approved.
  • 23. Business Productivity Systems  Revenue Reconciliation and Settlement Systems  Ad Sales Contract and Credit Approval System  ART – AdSales / ECom / Mobile / Subs  Common Accounts Manager  Business Analytics Systems  Realtime Web Analytics System
  • 24. Change Management & Access Control Systems  Applications Deployment System (RDS)  Batch Deployment & Monitoring System (BDMT)  Access Control System  Help Desk/Problem Management System
  • 26. Partner Relationship Management  Partner Evaluation  To evaluate partners for consultancy, software development or solution implementation.  Partner Acquisition  Negotiation with the shortlisted partners and completing the NDA and the Agreements.  Relationship Management  Managing the relationship so as to derive the maximum benefit and ensure that the projects are delivered on budget and on schedule.
  • 27. Project Management  Ensure Project Delivery by managing various stages of the delivery  Planning  Execution  Review  Acceptance Test  Change Management  Project Management Methodology  SDLC – Project Plan / RA / FS / SD / UAT  Change Management  SCR / CMR / CVS / RDS
  • 28. …Project Management  Project Documentation  RS / FS / DD / UAT / User Guide  Implementation & Ops Manual  Customer Management  Requirement Analysis / Change Request Process  Acceptance on RA/FS  UAT  Training and Support
  • 29. The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant