- Identity and Access Management
- Directory Services for Authentication of User
- Implemented Active Directory directory service for authentication of 80 percent or more of connected users.
- Directory Services for Authentication of User
- Desktop, Device and Server Management
- Automated Patch Distribution to Desktops and Laptops
- Implemented process and tools to inventory hardware and software assets.
- Implemented process and tools to scan client computers for software updates.
- Established a process to automatically identify available patches.
- Established standard testing for every patch.
- Implemented patch distribution software.
- Defined Standard Images for Desktops and Laptops
- Used tools to capture a standard image.
- Defined a strategy for standard images.
- Defined a standard set of disk images (OS and applications) for all hardware types.
- Established deployment tools for network-based or offline image installation.
- Centralized Management of Mobile Devices
- Installed software to discover and track the mobile devices in your organization
- Implemented password-controlled access.
- Established centralized data and software synchronization.
- Ensured that decommissioned devices are free of company information.
- Identity Validation, Data Protection, and Data Backup of Mobile Devices
- Established and are enforcing a password-access policy or using public key certificates for user identification.
- Encrypted all transfers for data distribution to, and data backup from, mobile devices.
- Implemented device lockout on mobile devices.
- Ensured that company information can be removed with remote wipe in case a mobile device is lost or stolen.
- Consolidation of Desktop Images to Two Operating System Versions
- Implemented an image-consolidation strategy.
- Reduced the number of production operating systems to no more than two.
- Automated Patch Distribution to Desktops and Laptops
- Security and Networking
- Antivirus Software for Desktops
- Installed all operating system and software application security updates.
- Activated available host-based firewalls.
- Installed antivirus software on 80 percent or more of your desktop computers.
- Central Firewall Services
- Installed a centralized hardware or software firewall.
- Internally Managed Basic Networking Services (DNS, DHCP, WINS)
- Implemented DNS services on servers or other devices within your organization.
- Implemented DHCP services on servers or other devices within your organization.
- Implemented WINS services for older operating systems on servers or other devices within your organization.
- Availability Monitoring of Critical Servers
- Installed availability monitoring software such as Microsoft Operations Manager (MOM).
- Are monitoring 80 percent of your critical servers for performance, events, and alerts.
- Antivirus Software for Desktops
- Data Protection and Recovery
- Defined Backup and Restore Services for Critical Servers
- Created a data backup plan and a recovery plan for 80 percent or more of your critical servers.
- Used drills to test your plans.
- Defined Backup and Restore Services for Critical Servers
- Security Process
- Security Policies, Risk Assessment, Incident Response, and Data Security
- Named a dedicated person for security strategy and policy.
- Established a risk assessment methodology.
- Established an incident response plan.
- Established a process to manage user, device, and service identities
- Established consistent processes to identify security issues, including all network-connected devices
- Established consistent security policy compliance on network devices
- Established a plan to evaluate and test all acquired software for security compliance
- Established a consistent policy to classify data
- Security Policies, Risk Assessment, Incident Response, and Data Security
- ITIL/COBIT-Based Management Process
- Support and Change Management Process
- Implemented incident management techniques.
- Implemented problem management techniques.
- Improved end-user support services.
- Implemented service definition and configuration management
- Implemented change management best practices.
- Support and Change Management Process
Rationalized
- Identity and Access Management
- Implemented a directory-based tool to centrally administer configurations and security on 80 percent or more of your desktops
- Identified which configurations should be monitored or enforced.
- Selected tools for monitoring and enforcing configuration compliance.
- Defined Group Policy objects for settings managed through Group Policy.
- Implemented Group Policy Management Console to manage Group Policy objects.
- Applied Group Policy to at least 80 percent of your desktops.
- Implemented a directory-based tool to centrally administer configurations and security on 80 percent or more of your desktops
- Desktop, Device and Server Management
- An automated software distribution solution for operating system deployment
- Identified tools and technologies required to enable automated operating system deployment.
- Performed necessary pre-deployment tasks for application compatibility and packaging, infrastructure remediation, imaging, user-state migration, and desktop security.
- Tested and validated Zero Touch Installation in a lab environment and pilot program.
- Performed automated OS deployment to end users.
- Automated tracking of hardware and software assets of 80 percent or more of your desktops
- Deployed tools and procedures to automate desktop asset inventory.
- Implemented procedures and technologies to automate application and operating system deployment
- Implemented tools and procedures to perform and analyze software usage tracking reporting.
- Implemented best practice automated software update management.
- Deployed tools and procedures to monitor desktop system status, including product compliance and system status monitoring.
- Eighty percent or more of your desktops running one of the two most recent operating system versions
- Inventoried existing production operating systems.
- Determined new computer and refresh strategies in order to phase out older operating systems.
- Deployed two most recent operating system versions to at least 80 percent of all desktops.
- Eighty percent or more of your desktops running Microsoft Office 2003 or the 2007 Microsoft Office system
- Evaluated the latest versions of Office and defined plan to consolidate Office versions on production workstations.
- Deployed latest versions of Office to desktops.
- Defined plan for managing Office configurations.
- Tests and certifies application compatibility on 80 percent of new or updated applications before deploying them to desktops
- Collected and analyzed the application inventory in your organization to build your application portfolio.
- Implemented standard testing of your mitigation strategies to create your application mitigation packages.
- Implemented standard processes to resolve any outstanding compatibility issues to report compatibility mitigation to management.
- Implemented automated deployment of all compatibility mitigation packages.
- Patch management solution for 80 percent or more of your servers
- Implemented process and tools to inventory hardware and software assets.
- Implemented process and tools to scan servers for software updates.
- Established a process to automatically identify available patches.
- Established standard testing for every patch.
- Implemented patch distribution software.
- Secured and guaranteed way to verify secure communications between your corporate network and mobile devices
- Inventoried mobile devices connecting to your network.
- Determined a communication security strategy appropriate for your needs.
- Implemented mobile device authentication to all connected devices.
- Access provided to Web applications via WAP or HTTP for mobile devices
- Inventoried mobile devices connecting to your network and Web applications currently consumed or potentially consumed by mobile device users.
- Developed and implemented a strategy to optimize Web applications for mobile device users, update mobile device hardware, or both.
- Planning for server consolidation with virtualization
- Inventoried all IT services and LOB applications in your organization, including performance and traffic data.
- Developed a plan to consolidate server infrastructure by implementing virtual machine technologies.
- Implemented a layered-image strategy for managing your desktop images
- Inventoried and rationalized the current set of managed desktop images in your organization.
- Developed and implemented a strategy to consolidate desktop images by using thin or hybrid layered-imaging for desktop deployment.
- An automated software distribution solution for operating system deployment
- Security and Networking
- Policy-managed firewall on 80 percent or more of your servers and desktops
- Inventoried your desktop and server computers to identify which hardware currently has host-based firewall technologies.
- Deployed host-based firewall technology to hardware lacking firewall capabilities or updated servers to Windows Server 2003 SP1 or later.
- Established policy enforcement to ensure host-based firewalls are always enabled and cannot be disabled.
- Secure remote access to internal resources and line-of-business applications beyond e-mail (that is , VPN and/or Terminal Services)
- Evaluated remote access requirements for remote clients and branch offices.
- Designed and implemented secure virtual private network or similar services to remote clients and branch office.
- Secured and guaranteed way to verify communication between critical servers , such as domain controllers and e-mail servers
- Assessed the current state of network infrastructure affected by Internet Protocol Security (IPsec).
- Identified organizational requirements to ensure secured and guaranteed communication between servers, including regulation and compliance impacts.
- Developed and implemented a plan across the organization using Ipsec to meet defined requirements.
- Monitoring and service level reporting for 80 percent or more of your servers to ensure a consistent and reliable user experience
- Defined your organization’s IT services in a service catalog.
- Determined the baseline or current service levels for defined services.
- Defined service levels appropriate for your organization and determined a plan for automating service level monitoring.
- Implemented an automated availability monitoring solution.
- Providing a secured communication mechanism for presence
- Assessed any current unmanaged methods used for presence and instant communication.
- Created a requirements specification for presence and instant messaging, aligning to industry or local regulations and policies.
- Evaluated presence and instant technology and created a plan to implement your selected solution.
- Implemented presence at minimum through managed instant messaging and optionally through collaboration and e-mail infrastructure.
- Deployed a secure wireless network using Active Directory and IAS/RADIUS for authentication and authorization
- Identified current wireless access and related topologies.
- Evaluated wireless technologies, protocols, and standards.
- Developed and implemented plans for secure wireless authentication infrastructure.
- Centrally managed certificate services infrastructure (PKI)
- Performed a network discovery to inventory all components.
- Identified people, process and technology design considerations for the certification authority and public key infrastructure.
- Created a detailed deployment plan to enable the PKI.
- Implemented PKI deployment plan.
- Proactively managing bandwidth to branch offices
- Identified and documented branch office topology.
- Created requirement specification based on the needs of all branch office types.
- Created a plan and architecture for branch office service consolidation and identified performance thresholds for reexamination of branch office WAN requirements.
- Implemented plan to optimize branch office services against WAN link limitations.
- Policy-managed firewall on 80 percent or more of your servers and desktops
- Data Protection and Recovery
- Centrally managing data backup for your branch offices
- Created a centralized data backup plan and a recovery plan for branch offices in your organization.
- Implemented a backup and recovery plan for centralized control of backup and recovery operations, either via network-centralized tools or operational guidelines for local backup and recovery, with defined service levels.
- Service level agreement (SLA) for system backup and restore , and defined recovery times for 80 percent of your servers
- Created a data backup plan and a recovery plan for 80 percent or more of all servers in your organization.
- Used drills to test your plans and validate defined recovery times.
- Centrally managing data backup for your branch offices
- Security and ITIL/COBIT-based Management Process
- Established security processes for two-factor user authentication , standard security review for new software acquisitions , and data classification
- Developed and implemented two-factor identity and access management policies.
- Developed a process to manage security requirement testing on all acquired or developed software.
- Established a standard and repeatable procedure for classifying sensitive data.
- Implemented best practices for operating , optimizing , and change processes in your IT organization
- Implemented service level management across IT operations.
- Implemented best practice release management.
- Optimized network and system administration processes.
- Implemented best practice job scheduling.
- Established security processes for two-factor user authentication , standard security review for new software acquisitions , and data classification
Dynamic
- Identity and Access Management
- Centralized automated user account provisioning (for example , issuing new accounts, changing passwords , synchronizing permissions , enabling access to business applications) across 80 percent or more of heterogeneous systems.
- Defined current identity object provisioning workflows in your organization, as well as areas to improve or optimize.
- Identified technologies used to manage object identity life cycles.
- Implemented a consolidated solution to automate common user account provisioning workflows.
- Implemented a federated directory-based tool to enable authenticated access to external customers , service providers , and business partners.
- Validated need for providing authenticated access to external entities.
- Determined strategies and policies for providing external access to defined resources.
- Implemented technologies to ensure secure access for defined external users to defined services.
- Centralized automated user account provisioning (for example , issuing new accounts, changing passwords , synchronizing permissions , enabling access to business applications) across 80 percent or more of heterogeneous systems.
- Desktop, Device and Server Management
- Tools in place to perform automated infrastructure capacity planning for primary IT services (such as e-mail).
- Identified primary IT service candidates for automated capacity planning.
- Created capacity models to automate capacity planning or implemented capacity planning tools.
- Management of mobile devices and access to IT services and applications nearly at parity with managed desktop and laptop computers.
- Implemented secure technologies to provide access to primary line-of-business applications (for example, LOB apps, CRM, supply chain) via mobile devices.
- Established defined set of standard basic images for mobile devices.
- Implemented an automated solution to continuously update configuration settings and/or applications in mobile devices.
- Deployed an automated quarantine solution for mobile devices.
- Implemented an automated patch management solution for mobile devices.
- Implemented an automated asset management solution for mobile devices.
- Implemented virtualization to dynamically move workloads from server to server based on resource needs or business rules.
- Deployed a subset of production IT services or applications to virtual machines.
- Actively managing and optimizing system resources on shared hardware devices.
- Tools in place to perform automated infrastructure capacity planning for primary IT services (such as e-mail).
- Security and Networking
- Integrated threat management and mitigation across clients and server edge.
- Assessed server edge security threats and evaluated threat mitigation solutions.
- Implemented technology solutions to protect against Internet-based threats across the client and server edge.
- Model-enabled service level monitoring of desktops , applications , and server infrastructure.
- Defined desktop, application, and server infrastructure service models.
- Evaluated technologies for monitoring availability of connections and components across defined services.
- Implemented automated solution to define and monitor service levels.
- Automated quarantine solution for unpatched or infected computers.
- Evaluated technologies to enable network quarantine for remote and on-site users.
- Implemented VPN quarantine solution for remote users.
- Integrated threat management and mitigation across clients and server edge.
- Data Protection and Recovery
- Implemented defined backup and restore services with service level agreements for 80 percent or more of desktops.
- Established goals for the desktop backup and recovery service.
- Defined and implemented a suitable backup and restore service for desktops in the organization and established SLAs.
- Implemented defined backup and restore services with service level agreements for 80 percent or more of desktops.
- Security Process
- Established security processes and technologies to enable advanced two-factor user authentication (such as biometric scans) for highly sensitive data.
- Developed and implemented advanced two-factor identity and access management policies for highly sensitive data.
- Established security processes and technologies to enable advanced two-factor user authentication (such as biometric scans) for highly sensitive data.
- ITIL/COBIT-based Management Process
- Implemented best practices for further optimizing your IT organization.
- Implemented best practice Availability Management.
- Implemented best practice Financial Management.
- Implemented best practice Infrastructure Engineering.
- Implemented best practice IT Service Continuity Management.
- Implemented best practice Workforce Management.
- Implemented best practices for further optimizing your IT organization.
Comments
Post a Comment