Monday Apr 30, 2007
- Abraham- Hicks
- Big4Guy ITIL IT Infrastructure Library (nice blog)
- Bill Vass Sun Blog
- CareerCoach HFCN
- Dr Denis Waitley
-
Escape from Cubicle Nation
- Fast Feng Shui Blog
- Greg P Blog
- HFCN Blogspot
- Helping Friends Career Network
- INVITATION: LinkedIn Group for HF Career Network
- Job Leads- HFCN
- Jonathan Schwartz Sun Blog
- LeverageBlog
- LinkedIn HF Career Network Companion Group
- Lisa Nichols
- Mark Dixon Blog
- Resume To Referral Blogspot
- Social Networks and the Profit Motive
- The Secret
- Troy DuMoulin Hitch Hiker's Guide to the ITIL Galaxy and Beyond
- blogs.sun.com
- opensolaris.org
Today's Page Hits: 121
Monday Apr 30, 2007
In your industry:
How are you seeing prioritization for the risks of compliance, and at what level are they assessed?
What is your best practices for integrating Service Management with Compliance?
I recently read in CIO magazine that Stratavia reported typical efficiencies of 30-60% lower operational costs in supporting database environments, while improving the consistency of service delivery and decreasing those human error based risks. They have more details in a white paper titled, 'Five Steps Towards Increased Operational Maturity Through IT Automation'.
Good thing to read when you are in the midst of dramatic IT Database System Automation activity, that best practices suggest the path you are on is a good one for Return on Investment.
Another interesting read from CIO Magazine was the cover Story 'The Complying Game'. Many corporations have had to argue the resource of man hours to stay compliant against the risks of getting caught. According to a Global State of Information Security survey taken in 2006, some 42% ar noncompliant with the HIPAA laws, 28% are noncompliant with Sarbanes Oxley, and 32% are noncompliant with State and Local Privacy regulations. Some of this a function of available resource, others the forces of shifting compliance/audit criteria.
What becomes clear is that regardless of the risk/benefit of getting compliance versus ducking compliance, IT groups should be preparing and prioritizing an awareness to the controls necessary-- in my mind, for the mid to larger size enterprise, this implies a level of focus and governance incorporated into the Service Management Standard-- that risk analysis should likely not be added to the mix of an operational groups juggling to maintain operations and compliance.
Remembering that most of the violations taken by the Federal Trade Commission stem from a lack of security, monitoring and service mangement practices, the notion of process requiring both a strategic and operational element is likely here to stay. Cobit, maturity modeling and ITIL work hand in hand to give us the 'Service Improvement Process' framework to reduce this risk and prove good intent-- something that is far more than a nice to have in today's industry.
Comments: