SlideShare uma empresa Scribd logo

Information Office Functions

Mahesh Patwardhan
Mahesh Patwardhan

A presentation on the functioning of an Information Systems Department whose functions include Compliance, Control, Systems & Processes.

Tecnologia
1 de 29
The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant
Organization, roles and responsibilities
Organization
Responsibilities The main functions of the Information Office are:  Establishment of Compliance Office and IS0  ITGC Implementation – SOX  Standardized MIS – Cubot  Realtime Web Analytics – Omniture  Revenue Recognition Systems – ART  Workflow Systems – (AdSales ACA)  RDS – Automated Deployment System  BDMT – Batch Deployment and Monitoring  Realtime Web Analytics/Reporting – RWA/R  Integrated WFS-Campaign Control – WFS-CC  Sales Force Automation (Salesforce.com)  Integrated P4C-DSA Sales Automation (Salesforce.com)  Marketing Automation (Talisma Marketing)  Access-Control Automation  HelpDesk System
Objectives  To move from a state of low/no control to a SOX and ITGC Compliant organization • Low/No Control - ITGC • SOX 404 - GCC • Policies • Procedures • Systems • Reviews • Audits • Internal Control Framework • Internal Testing and attestation • To move from a manual processes organization to a automated, process oriented, systemic organization
Objectives  • Email/phone support - Talisma CS • DB Query Shopper List - Talisma Mktg Automation • MIS:8080/AdHoc Reports à Cubots • WebTrends - Omniture • WebTrends - Realtime Web Analytics • Sales Leads (notepad) - SFA • Contract email approvals - WFS • Manual Campaign Schedule - WFS-CC • Excel Sheet Rev. Rec - ART • Manual Entry in SunSystems - ART-SunSys Integration • Everybody deploys (uploads) - CMR/RDS • End-user alerts on batch jobs - BDMT • Manual Access-Control - Access Control System • Informal Bug reporting - HelpDesk System
Roles  As Chief Compliance Officer  Manage the Compliance Office and Implement ITGC  Own all Policies and Procedures  Manage Reviews  Logical Access Reviews  Segregation of Duties Reviews  Infrastructure Reviews  Data Center and Network Security Review  Internal Audit Schedule
Roles  As Chief Information Security Officer  Manage the Information Security Organization  Own Risk and Control Matrix  Conduct Risk Assessment and Planning  Security and Access Control  Conduct Security Audits / Reviews
Roles  As Director – Information Systems  Identify which applications create the most value for the business and build and deliver them – on time and budget.  Roadmap and manage lifecycle  Direction, Planning, Reviews  Systems Implementation  Ensure compliance in all implementations  Manage Partner Relationships  Develop Partners
Compliance and control
Responsibilities  The Compliance and Control Office is responsible for the following:  Information Security  Access Control  Change Management  Systems, Network and Data Security Reviews and Audits o ITGC - Policy & Control  Maintain Policy & Control Documentation  Policies  IT Security Policy  Access Control Policy  IT AUP  Data Backup/Restore Policy  Change Management Policy  Control Documents  Application Authorization Matrix  Batch Jobs Document  End-User Computing Traceability Matrix  Computing Resources Authorization Matrix  Conduct Risk Assessment  Maintain Control / Risk Matrix  Communications and Monitoring
Internal Control Framework  The Internal Control Framework shows the controlling processes and procedures used to achieve compliance and control in the organization.
Information Security  Information Security Office  The information security office is responsible for  implementing the security policies  conducting information security meetings  conducting security and access control reviews  communicating security policies  conducting security awareness sessions in the organization  defining processes for and reviewing the monitoring of system, network and data security implementations,  conducting internal security audits on a periodic basis.
…Information Security  Chief Information Security Officer  Responsibilities are:  Implement Policies  Information Security Policy  Access Control Policy  Backup/Restoration Policy  Conduct Information Security Office Meetings  All meetings to be recorded (MOM)  Conduct Reviews  Security, Access Control, AUP, B&R, DR Policy  Record all Policy Reviews (MOM)  Policies to be updated and approved  Updates to policies to be logged  Publish a review schedule
…Information Security  Communication  Information Security Policy and Access Control Policy updates to all employees periodically.  HR Training calendar for Security and Appropriate Usage sessions.  Conduct Security Awareness and Appropriate Sessions for new joinees.  Monitoring  Review of System Exception Logs, Unauthorized Logins, Authorized Users lists  All Reviews to be logged and the review reports with findings signed off on.  Action taken report to be reviewed and signed off-on.  Publish a review schedule.
…Information Security  Define  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Review  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Backup/Restoration/Recovery Testing Log Sheet  Monthly Tape-To-Bank Log Sheet  All reviews to be recorded (MOM)  Publish a review schedule.
Access Control  Centralized Access Control – Systems  Ad Server  Sun Systems  Cubots  ART  ACA  Omniture  SFA  Talisma  OTS / MIS:8080 / Vendors  Domain  Email  Review – All authorized requests for addition/deletion – Application Authorization Matrix maintenance – All authorized requests for root and privileged access – Server Access Authorization Matrix maintenance – Reviews to be recorded (MOM)
…Access Control  User Management of defined servers  All authorized requests for addition/deletion to be maintained  Application Authorization Matrix maintenance  All authorized requests for root and privileged access to be filed and maintained  User Management of defined servers not in scope (owned by NOC)  Server Access Authorization Matrix maintenance  Access logs, Authorized Requests and Authorization Matrix to be reviewed periodically  Owner: Manager – Process & Control  Centralized Access Control – Systems  Ad Server, Sun Systems, Cubots, ART / WFS  OTS / MIS:8080 / Vendors  Domain / Email
Change Management  Periodic Review of  Change Management Process.  Change Requests submitted.  Change Request Approvals  Pending deployments  Conducting periodic Review Meetings and documenting the findings of the review  Reviewing Reports with recommendations for re-mediation submitted and approving the recommendations.  Ensuring that the approved recommendations are carried out.  Reviewing the re-mediation carried out, approving and signing off on the same.
Policy Management  Policy Reviews and Updates  Schedule for ISC and Policy Reviews  Conduct Reviews, report submission.  Report Approvals, Policy updated and approved.
systems
Systems
Business Productivity Systems  Revenue Reconciliation and Settlement Systems  Ad Sales Contract and Credit Approval System  ART – AdSales / ECom / Mobile / Subs  Common Accounts Manager  Business Analytics Systems  Realtime Web Analytics System
Change Management & Access Control Systems  Applications Deployment System (RDS)  Batch Deployment & Monitoring System (BDMT)  Access Control System  Help Desk/Problem Management System
Partner Relations
Partner Relationship Management  Partner Evaluation  To evaluate partners for consultancy, software development or solution implementation.  Partner Acquisition  Negotiation with the shortlisted partners and completing the NDA and the Agreements.  Relationship Management  Managing the relationship so as to derive the maximum benefit and ensure that the projects are delivered on budget and on schedule.
Project Management  Ensure Project Delivery by managing various stages of the delivery  Planning  Execution  Review  Acceptance Test  Change Management  Project Management Methodology  SDLC – Project Plan / RA / FS / SD / UAT  Change Management  SCR / CMR / CVS / RDS
…Project Management  Project Documentation  RS / FS / DD / UAT / User Guide  Implementation & Ops Manual  Customer Management  Requirement Analysis / Change Request Process  Acceptance on RA/FS  UAT  Training and Support
The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant

Recomendados

Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006guest879489
 
FCAPS from an ITIL perspective
FCAPS from an ITIL perspective FCAPS from an ITIL perspective
FCAPS from an ITIL perspective ManageEngine
 
FAA ITSS OVERVIEW
FAA ITSS OVERVIEWFAA ITSS OVERVIEW
FAA ITSS OVERVIEWsushil allagh
 
How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]akquinet enterprise solutions GmbH
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Advanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of IIIAdvanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of IIINextLabs, Inc.
 

Recomendados

Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006guest879489
 
FCAPS from an ITIL perspective
FCAPS from an ITIL perspective FCAPS from an ITIL perspective
FCAPS from an ITIL perspective ManageEngine
 
FAA ITSS OVERVIEW
FAA ITSS OVERVIEWFAA ITSS OVERVIEW
FAA ITSS OVERVIEWsushil allagh
 
How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]How can managed services improve your SAP security and compliance? [Webinar]
How can managed services improve your SAP security and compliance? [Webinar]akquinet enterprise solutions GmbH
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]
GRCSG2014_Kumar_Lessons for ensuring_F2E [Compatibility Mode]Barun Kumar
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
Advanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of IIIAdvanced Authorization for SAP Global Deployments Part II of III
Advanced Authorization for SAP Global Deployments Part II of IIINextLabs, Inc.
 
Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Bindu Rathore
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemMuhammad Azmy
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentationpwal
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed ServicesCyril Simonnet
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed ServicesCyril Simonnet
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIIAdvanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIINextLabs, Inc.
 
Mso noc presentation
Mso noc presentationMso noc presentation
Mso noc presentationGraeme Spice
 
Magic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareMagic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareNetApp
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...akquinet enterprise solutions GmbH
 
Engica Q4 CMMS brochure
Engica Q4 CMMS brochureEngica Q4 CMMS brochure
Engica Q4 CMMS brochureEngica Technology Systems International
 
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...NextLabs, Inc.
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017Jane Jones
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]akquinet enterprise solutions GmbH
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]akquinet enterprise solutions GmbH
 
MSTS - Management Security Technology Suite
MSTS - Management Security Technology SuiteMSTS - Management Security Technology Suite
MSTS - Management Security Technology Suiteviktor_bezhenar
 
home-office-correspondence-tracking
home-office-correspondence-trackinghome-office-correspondence-tracking
home-office-correspondence-trackingMichelle Jennings
 
Office Forms & Their Purpose
Office Forms & Their PurposeOffice Forms & Their Purpose
Office Forms & Their Purposeguest551f0e
 

Mais conteúdo relacionado

Mais procurados

Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Bindu Rathore
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemMuhammad Azmy
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804James W. De Rienzo
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentationpwal
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsjayussuryawan
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIIAdvanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIINextLabs, Inc.
 
Mso noc presentation
Mso noc presentationMso noc presentation
Mso noc presentationGraeme Spice
 
Magic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareMagic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareNetApp
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...akquinet enterprise solutions GmbH
 
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...NextLabs, Inc.
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017Jane Jones
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]akquinet enterprise solutions GmbH
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSmart ERP Solutions, Inc.
 
MSTS - Management Security Technology Suite
MSTS - Management Security Technology SuiteMSTS - Management Security Technology Suite
MSTS - Management Security Technology Suiteviktor_bezhenar
 

Mais procurados (20)

Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013Ascent overview deck_sep_25_2013
Ascent overview deck_sep_25_2013
 
Chapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning SystemChapter 11 Enterprise Resource Planning System
Chapter 11 Enterprise Resource Planning System
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
(4) NIST SP 800-53 Revision 4 (security control enhancements omitted) 20140804
 
TroubleTicketing - product presentation
TroubleTicketing - product presentationTroubleTicketing - product presentation
TroubleTicketing - product presentation
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed Services
 
Ikon Managed Services
Ikon Managed ServicesIkon Managed Services
Ikon Managed Services
 
Chapter 2 auditing it governance controls
Chapter 2 auditing it governance controlsChapter 2 auditing it governance controls
Chapter 2 auditing it governance controls
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc
 
Advanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of IIIAdvanced Authorization for SAP Global Deployments Part III of III
Advanced Authorization for SAP Global Deployments Part III of III
 
Mso noc presentation
Mso noc presentationMso noc presentation
Mso noc presentation
 
Magic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management SoftwareMagic Quadrant for Storage Resource Management and SAN Management Software
Magic Quadrant for Storage Resource Management and SAN Management Software
 
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
How to manage users, roles and rights in S/4HANA systems audit compliant. [We...
 
Engica Q4 CMMS brochure
Engica Q4 CMMS brochureEngica Q4 CMMS brochure
Engica Q4 CMMS brochure
 
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...Part II of III: Advanced Authorization for SAP Global Deployments: September ...
Part II of III: Advanced Authorization for SAP Global Deployments: September ...
 
ERP Security as a Service 2017
ERP Security as a Service 2017ERP Security as a Service 2017
ERP Security as a Service 2017
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
 
Security & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoftSecurity & Segregation of Duties for PeopleSoft
Security & Segregation of Duties for PeopleSoft
 
Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]Towards new shores with cross-system SoD analyses. [Webinar]
Towards new shores with cross-system SoD analyses. [Webinar]
 
MSTS - Management Security Technology Suite
MSTS - Management Security Technology SuiteMSTS - Management Security Technology Suite
MSTS - Management Security Technology Suite
 

Destaque

home-office-correspondence-tracking
home-office-correspondence-trackinghome-office-correspondence-tracking
home-office-correspondence-trackingMichelle Jennings
 
Office Forms & Their Purpose
Office Forms & Their PurposeOffice Forms & Their Purpose
Office Forms & Their Purposeguest551f0e
 
Basic principles in Business Correspondence
Basic principles in Business CorrespondenceBasic principles in Business Correspondence
Basic principles in Business CorrespondenceShin Evangelista
 
Writing Effective Business Correspondence
Writing Effective Business Correspondence Writing Effective Business Correspondence
Writing Effective Business Correspondence Alfred Kristoffer Guiang
 
Forms of communication
Forms of communicationForms of communication
Forms of communicationShahid Ali
 
Business correspondence
Business correspondenceBusiness correspondence
Business correspondenceDaina Abdul
 
Administrative office management (aom)
Administrative office management (aom)Administrative office management (aom)
Administrative office management (aom)Edz Gapuz
 
Business Correspondence
Business CorrespondenceBusiness Correspondence
Business CorrespondenceSherrie Lee
 

Destaque (9)

home-office-correspondence-tracking
home-office-correspondence-trackinghome-office-correspondence-tracking
home-office-correspondence-tracking
 
Office Forms & Their Purpose
Office Forms & Their PurposeOffice Forms & Their Purpose
Office Forms & Their Purpose
 
Basic principles in Business Correspondence
Basic principles in Business CorrespondenceBasic principles in Business Correspondence
Basic principles in Business Correspondence
 
Business Etiquette..
Business Etiquette..Business Etiquette..
Business Etiquette..
 
Writing Effective Business Correspondence
Writing Effective Business Correspondence Writing Effective Business Correspondence
Writing Effective Business Correspondence
 
Forms of communication
Forms of communicationForms of communication
Forms of communication
 
Business correspondence
Business correspondenceBusiness correspondence
Business correspondence
 
Administrative office management (aom)
Administrative office management (aom)Administrative office management (aom)
Administrative office management (aom)
 
Business Correspondence
Business CorrespondenceBusiness Correspondence
Business Correspondence
 

Semelhante a Information Office Functions

How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xguest879489
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xguest879489
 
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
ICAB - ITA Chapter 5 class 7-8 - Controls and StandardsICAB - ITA Chapter 5 class 7-8 - Controls and Standards
ICAB - ITA Chapter 5 class 7-8 - Controls and StandardsMohammad Abdul Matin Emon
 
GLOPORE IMS RIMS Presentation
GLOPORE IMS RIMS PresentationGLOPORE IMS RIMS Presentation
GLOPORE IMS RIMS PresentationGLOPORE IMS
 
Layer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementLayer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementCA API Management
 
Change Management - ITIL
Change Management - ITILChange Management - ITIL
Change Management - ITILconnorsmaureen
 
ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsMohammad Abdul Matin Emon
 
Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Frameworkssuser65fa31
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Software India
 
Introduction to ITIL v3 Foundation exam
Introduction to ITIL v3 Foundation examIntroduction to ITIL v3 Foundation exam
Introduction to ITIL v3 Foundation examKadimil
 

Semelhante a Information Office Functions (20)

How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
 
Security audit
Security auditSecurity audit
Security audit
 
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
ICAB - ITA Chapter 5 class 7-8 - Controls and StandardsICAB - ITA Chapter 5 class 7-8 - Controls and Standards
ICAB - ITA Chapter 5 class 7-8 - Controls and Standards
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
 
GLOPORE IMS RIMS Presentation
GLOPORE IMS RIMS PresentationGLOPORE IMS RIMS Presentation
GLOPORE IMS RIMS Presentation
 
Layer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy EnforcementLayer 7: Automated SOA Policy Enforcement
Layer 7: Automated SOA Policy Enforcement
 
Change Management - ITIL
Change Management - ITILChange Management - ITIL
Change Management - ITIL
 
Motadata ITSM DCMS
Motadata ITSM DCMSMotadata ITSM DCMS
Motadata ITSM DCMS
 
Solusi Helpdesk ITSM dengan Motadata ITSM
Solusi Helpdesk ITSM dengan Motadata ITSMSolusi Helpdesk ITSM dengan Motadata ITSM
Solusi Helpdesk ITSM dengan Motadata ITSM
 
ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
 
Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Framework
 
ITSS OVERVIEW
ITSS OVERVIEWITSS OVERVIEW
ITSS OVERVIEW
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems Audit
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
Cisa domain 4
Cisa domain 4Cisa domain 4
Cisa domain 4
 
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
IBM Solutions Connect 2013 - Increase Efficiency by Automating IT Asset & Ser...
 
Introduction to ITIL v3 Foundation exam
Introduction to ITIL v3 Foundation examIntroduction to ITIL v3 Foundation exam
Introduction to ITIL v3 Foundation exam
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 

Mais de Mahesh Patwardhan

IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOXMahesh Patwardhan
 
Social Media Publishing & Aggregation
Social Media Publishing & AggregationSocial Media Publishing & Aggregation
Social Media Publishing & AggregationMahesh Patwardhan
 
Social Media For A Sporting Event
Social Media For A Sporting EventSocial Media For A Sporting Event
Social Media For A Sporting EventMahesh Patwardhan
 
A Real Time Web Analytics System
A Real Time Web Analytics SystemA Real Time Web Analytics System
A Real Time Web Analytics SystemMahesh Patwardhan
 
Revenue Reconciliation System
Revenue Reconciliation SystemRevenue Reconciliation System
Revenue Reconciliation SystemMahesh Patwardhan
 
Concept for a Facebook App for a Mexican Restaurant
Concept for a Facebook App for a Mexican RestaurantConcept for a Facebook App for a Mexican Restaurant
Concept for a Facebook App for a Mexican RestaurantMahesh Patwardhan
 
A concept for a facebook app
A concept for a facebook appA concept for a facebook app
A concept for a facebook appMahesh Patwardhan
 
Digital And New Media Strategy using Web 2.0
Digital And New Media Strategy using Web 2.0Digital And New Media Strategy using Web 2.0
Digital And New Media Strategy using Web 2.0Mahesh Patwardhan
 
Digital And New Media Consultancy Services
Digital And New Media Consultancy ServicesDigital And New Media Consultancy Services
Digital And New Media Consultancy ServicesMahesh Patwardhan
 
Social Media in Sports - some Case Studies
Social Media in Sports - some Case StudiesSocial Media in Sports - some Case Studies
Social Media in Sports - some Case StudiesMahesh Patwardhan
 
Social Media - some case studies
Social Media - some case studiesSocial Media - some case studies
Social Media - some case studiesMahesh Patwardhan
 

Mais de Mahesh Patwardhan (16)

IT Control Objectives for SOX
IT Control Objectives for SOXIT Control Objectives for SOX
IT Control Objectives for SOX
 
Model Information Office
Model Information OfficeModel Information Office
Model Information Office
 
Digital Landscape
Digital LandscapeDigital Landscape
Digital Landscape
 
Social Media Publishing & Aggregation
Social Media Publishing & AggregationSocial Media Publishing & Aggregation
Social Media Publishing & Aggregation
 
Social Media Metrics
Social Media MetricsSocial Media Metrics
Social Media Metrics
 
Social Media For A Sporting Event
Social Media For A Sporting EventSocial Media For A Sporting Event
Social Media For A Sporting Event
 
A Real Time Web Analytics System
A Real Time Web Analytics SystemA Real Time Web Analytics System
A Real Time Web Analytics System
 
Revenue Reconciliation System
Revenue Reconciliation SystemRevenue Reconciliation System
Revenue Reconciliation System
 
Business Analytics System
Business Analytics SystemBusiness Analytics System
Business Analytics System
 
Concept for a Facebook App for a Mexican Restaurant
Concept for a Facebook App for a Mexican RestaurantConcept for a Facebook App for a Mexican Restaurant
Concept for a Facebook App for a Mexican Restaurant
 
A concept for a facebook app
A concept for a facebook appA concept for a facebook app
A concept for a facebook app
 
Digital And New Media Strategy using Web 2.0
Digital And New Media Strategy using Web 2.0Digital And New Media Strategy using Web 2.0
Digital And New Media Strategy using Web 2.0
 
Digital And New Media Consultancy Services
Digital And New Media Consultancy ServicesDigital And New Media Consultancy Services
Digital And New Media Consultancy Services
 
Lets Build A Story
Lets Build A StoryLets Build A Story
Lets Build A Story
 
Social Media in Sports - some Case Studies
Social Media in Sports - some Case StudiesSocial Media in Sports - some Case Studies
Social Media in Sports - some Case Studies
 
Social Media - some case studies
Social Media - some case studiesSocial Media - some case studies
Social Media - some case studies
 

Último

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Information Office Functions

  • 1. The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant
  • 2. Organization, roles and responsibilities
  • 4. Responsibilities The main functions of the Information Office are:  Establishment of Compliance Office and IS0  ITGC Implementation – SOX  Standardized MIS – Cubot  Realtime Web Analytics – Omniture  Revenue Recognition Systems – ART  Workflow Systems – (AdSales ACA)  RDS – Automated Deployment System  BDMT – Batch Deployment and Monitoring  Realtime Web Analytics/Reporting – RWA/R  Integrated WFS-Campaign Control – WFS-CC  Sales Force Automation (Salesforce.com)  Integrated P4C-DSA Sales Automation (Salesforce.com)  Marketing Automation (Talisma Marketing)  Access-Control Automation  HelpDesk System
  • 5. Objectives  To move from a state of low/no control to a SOX and ITGC Compliant organization • Low/No Control - ITGC • SOX 404 - GCC • Policies • Procedures • Systems • Reviews • Audits • Internal Control Framework • Internal Testing and attestation • To move from a manual processes organization to a automated, process oriented, systemic organization
  • 6. Objectives  • Email/phone support - Talisma CS • DB Query Shopper List - Talisma Mktg Automation • MIS:8080/AdHoc Reports à Cubots • WebTrends - Omniture • WebTrends - Realtime Web Analytics • Sales Leads (notepad) - SFA • Contract email approvals - WFS • Manual Campaign Schedule - WFS-CC • Excel Sheet Rev. Rec - ART • Manual Entry in SunSystems - ART-SunSys Integration • Everybody deploys (uploads) - CMR/RDS • End-user alerts on batch jobs - BDMT • Manual Access-Control - Access Control System • Informal Bug reporting - HelpDesk System
  • 7. Roles  As Chief Compliance Officer  Manage the Compliance Office and Implement ITGC  Own all Policies and Procedures  Manage Reviews  Logical Access Reviews  Segregation of Duties Reviews  Infrastructure Reviews  Data Center and Network Security Review  Internal Audit Schedule
  • 8. Roles  As Chief Information Security Officer  Manage the Information Security Organization  Own Risk and Control Matrix  Conduct Risk Assessment and Planning  Security and Access Control  Conduct Security Audits / Reviews
  • 9. Roles  As Director – Information Systems  Identify which applications create the most value for the business and build and deliver them – on time and budget.  Roadmap and manage lifecycle  Direction, Planning, Reviews  Systems Implementation  Ensure compliance in all implementations  Manage Partner Relationships  Develop Partners
  • 11. Responsibilities  The Compliance and Control Office is responsible for the following:  Information Security  Access Control  Change Management  Systems, Network and Data Security Reviews and Audits o ITGC - Policy & Control  Maintain Policy & Control Documentation  Policies  IT Security Policy  Access Control Policy  IT AUP  Data Backup/Restore Policy  Change Management Policy  Control Documents  Application Authorization Matrix  Batch Jobs Document  End-User Computing Traceability Matrix  Computing Resources Authorization Matrix  Conduct Risk Assessment  Maintain Control / Risk Matrix  Communications and Monitoring
  • 12. Internal Control Framework  The Internal Control Framework shows the controlling processes and procedures used to achieve compliance and control in the organization.
  • 13. Information Security  Information Security Office  The information security office is responsible for  implementing the security policies  conducting information security meetings  conducting security and access control reviews  communicating security policies  conducting security awareness sessions in the organization  defining processes for and reviewing the monitoring of system, network and data security implementations,  conducting internal security audits on a periodic basis.
  • 14. …Information Security  Chief Information Security Officer  Responsibilities are:  Implement Policies  Information Security Policy  Access Control Policy  Backup/Restoration Policy  Conduct Information Security Office Meetings  All meetings to be recorded (MOM)  Conduct Reviews  Security, Access Control, AUP, B&R, DR Policy  Record all Policy Reviews (MOM)  Policies to be updated and approved  Updates to policies to be logged  Publish a review schedule
  • 15. …Information Security  Communication  Information Security Policy and Access Control Policy updates to all employees periodically.  HR Training calendar for Security and Appropriate Usage sessions.  Conduct Security Awareness and Appropriate Sessions for new joinees.  Monitoring  Review of System Exception Logs, Unauthorized Logins, Authorized Users lists  All Reviews to be logged and the review reports with findings signed off on.  Action taken report to be reviewed and signed off-on.  Publish a review schedule.
  • 16. …Information Security  Define  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Review  Data Backup/Restoration Process  Recovery Testing Process  Data securing process (tape-to-bank)  Backup/Restoration/Recovery Testing Log Sheet  Monthly Tape-To-Bank Log Sheet  All reviews to be recorded (MOM)  Publish a review schedule.
  • 17. Access Control  Centralized Access Control – Systems  Ad Server  Sun Systems  Cubots  ART  ACA  Omniture  SFA  Talisma  OTS / MIS:8080 / Vendors  Domain  Email  Review – All authorized requests for addition/deletion – Application Authorization Matrix maintenance – All authorized requests for root and privileged access – Server Access Authorization Matrix maintenance – Reviews to be recorded (MOM)
  • 18. …Access Control  User Management of defined servers  All authorized requests for addition/deletion to be maintained  Application Authorization Matrix maintenance  All authorized requests for root and privileged access to be filed and maintained  User Management of defined servers not in scope (owned by NOC)  Server Access Authorization Matrix maintenance  Access logs, Authorized Requests and Authorization Matrix to be reviewed periodically  Owner: Manager – Process & Control  Centralized Access Control – Systems  Ad Server, Sun Systems, Cubots, ART / WFS  OTS / MIS:8080 / Vendors  Domain / Email
  • 19. Change Management  Periodic Review of  Change Management Process.  Change Requests submitted.  Change Request Approvals  Pending deployments  Conducting periodic Review Meetings and documenting the findings of the review  Reviewing Reports with recommendations for re-mediation submitted and approving the recommendations.  Ensuring that the approved recommendations are carried out.  Reviewing the re-mediation carried out, approving and signing off on the same.
  • 20. Policy Management  Policy Reviews and Updates  Schedule for ISC and Policy Reviews  Conduct Reviews, report submission.  Report Approvals, Policy updated and approved.
  • 23. Business Productivity Systems  Revenue Reconciliation and Settlement Systems  Ad Sales Contract and Credit Approval System  ART – AdSales / ECom / Mobile / Subs  Common Accounts Manager  Business Analytics Systems  Realtime Web Analytics System
  • 24. Change Management & Access Control Systems  Applications Deployment System (RDS)  Batch Deployment & Monitoring System (BDMT)  Access Control System  Help Desk/Problem Management System
  • 26. Partner Relationship Management  Partner Evaluation  To evaluate partners for consultancy, software development or solution implementation.  Partner Acquisition  Negotiation with the shortlisted partners and completing the NDA and the Agreements.  Relationship Management  Managing the relationship so as to derive the maximum benefit and ensure that the projects are delivered on budget and on schedule.
  • 27. Project Management  Ensure Project Delivery by managing various stages of the delivery  Planning  Execution  Review  Acceptance Test  Change Management  Project Management Methodology  SDLC – Project Plan / RA / FS / SD / UAT  Change Management  SCR / CMR / CVS / RDS
  • 28. …Project Management  Project Documentation  RS / FS / DD / UAT / User Guide  Implementation & Ops Manual  Customer Management  Requirement Analysis / Change Request Process  Acceptance on RA/FS  UAT  Training and Support
  • 29. The Information Office Compliance, Control, Systems & Processes A presentation on the functioning of an Information Systems Department Mahesh Patwardhan Digital and New Media Consultant