Wednesday, August 20, 2008

Latest Version of IAM Module

Latest Version based on all your kind feedback..

Module Overview
In a world where collaboration is increasingly the norm, information is an increasingly valuable asset. High profile attacks on organisations from foreign states, credit card information being stolen from unprotected wireless networks, or simply the loss of personal data sent through the post on CD-ROMs, all demonstrate the changing shape of the risks to that value. Information Systems are used to store and disseminate these information assets within and between organisations. Organisations therefore need to ensure they protect the communication and storage of this information in these systems by understanding the risks they face and putting in place appropriate measures to prevent their information assets from being compromised. This module will explore this Information Asset Management (IAM), and the role that information professionals take in IAM. Opening with the framing and history of IAM, the module will use key industry resources and knowledge of business information systems to approach the analysis of business risk and planning of information risk management, realised through real-life case studies and guest lectures.

Learning Outcomes
By the end of the module the student will be expected to be able to:
• Understand the different types of information threats and vulnerabilities that an information system may experience, and how they may impact businesses.
• Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.
• Analyse the security elements of information technology services, systems and assets within an organisation. This will include the competencies required to manage the confidentiality, integrity, and availability of data and information.
• Develop appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level
• Show understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
• Demonstrate understanding of the techniques used to manage data and information within an organisation and as it crosses into and out of an organisation. This includes the IT and information management processes involved in the acquisition, creation, categorisation, storage, transfer and disposal of data and information.


Initial Plans for the Assessment

2 hour unseen examination

Initial Group development and implementation of an Audit Plan:
Based on a case study of Company X, that holds a number of information risks of various degrees of complexity and transparency. In groups, students will produce an audit plan, and implement the information risk assessment. The case study is based upon real-life situations.
Groups will have the opportunity to interview a guest IT professional and the lecturer who will both role-play Business and IT Leaders in the Case.

To address the following learning outcomes:
- Evaluate the information risks information systems may bring to a business and communicate the potential business impact of those risks.
- Analyse the security elements of information technology services, systems and assets within an organisation. This also covers the competencies required to manage the confidentiality, integrity of and availability of data and information
- Show their understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
The development and implementation of the audit plan allows discovery of the risks. Feedback will be given on the approaches the groups have taken.

Group Information Risk Assessment and Control Plan Presentation:
Subsequently the groups should analyse their assessment develop their proposals for the final phase. In this phase the groups will present their assessment and proposals, as if to Company X’s Audit Committee. They will produce a written audit document, to include; an executive summary, a detailed information risk assessment, an outline of the potential impacts, and any proposed policies, controls and/or mitigations.

To address the following learning outcomes:
- Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.
- Analyse the security elements of information technology services, systems and assets within an organisation. This also covers the competencies required to manage the confidentiality, integrity of and availability of data and information
- Develop appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level.
- Show their understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
The Information Risk Assessment and Control Plan will be marked per group, but an individual portion of the marks will be assigned based on how well each student worked within the group.

Monday, August 18, 2008

Information Asset Management: Draft Learning Objectives

I am starting on the journey of module development... lecturing on Information Asset Management to third year computing students at a UK University.

I have the passion for the subject, I know that they really need to know this stuff, especially in the collaborative "cloud" world we have racing at us fast! My challenge is that there are apparently few courses out there for me to build upon, and even less reading material written on the subject. I am excited at the opportunity to help prepare information professionals in this way. So given the nudge I had this morning on Twitter from @gblnetwkr, I decided to start to call upon the wisdom of the crowds!!!

Draft Module Aims
This module will focus on the importance of managing information assets to maximise value and mange risk to an appropriate level. It will explore the various agencies, roles, policies, processes and technologies involved, while highlighting the importance of the role Information Professionals, and others, need to play in managing information assets.

I am using the e-skills PROCOM work as a guide, though that is still in draft, and is not too strong in the area of Information Security. I will also be using PROCOM, COBIT and ITIL more formally when I figure out the appropriate approvals and copyright implications.

My first ever "initial" draft set of Learning Outcomes !!!

By the end of the module the student will be expected to be able to:
• Understand the different types of information threats and vulnerabilities that an information system may experience, and how they may impact businesses.
• Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.
• Develop appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level.
• Ensure the security of information technology services, systems and assets within an organisation. This also covers the competencies required to manage the confidentiality, integrity, and availability of data and information.
• Show their understanding of the various aspects of information asset governance, including policy development and related regulations, compliance practises and issues.
• Demonstrate their understanding of the techniques used to manage data and information within an organisation and as it crosses into and out of an organisation. This includes the IT and information management processes involved in the acquisition, creation, categorisation, storage, transfer and disposal of data and information.

All that draft language should give you the clue, feedback welcome.

...on three counts
1) If you were a student would you want to come to the lectures?
2) Is the content right?
3) Any other perspective you might have....?

Sunday, August 10, 2008

How to Trust Apple's Time Machine and Time Capsule

For reasons I am still not totally clear on, but that I suspect could be down to poor coding, my Apple Time Capsule and Apple Time Machine became unworthy of e-trust.

The dreaded words "Preparing Backup" being the harbinger of doom for many, and for those who enjoy console logs the still scarier words "Node requires deep traversal" tended to signify a VERY long wait for the backup to prepare, my record stint of patience being over two weeks! This is not one users experience according to various forums. However those same forums hold some gems that helped me regain control of my errant backup processes, while I wait impatiently for Apple to figure out that they really do have a problem with their Time Machine and Time Capsule.

So for those who have the same problem I will be placing in this blog a few of the gems I have gleaned from the various fora.

I will also be attributing the finds, but for now some quick pointers

1) Use the Console (iashton in Apple Support Forum)
Try starting Console - its in Applications/Utilities
Click on system.log in the left hand pane and then type backupd into the filter box in the top right of the window
Click the Time Machine icon on the top menu bar and select Back Up Now.
A backup should start and you can check its progress in the Console window.

2) A Fix (Patty Patty in Apple Support Forum)
1) Turn Time Machine off
2) Trash the com.apple.TimeMachine.plist in /Library/Preferences
3) Restart
4) Full Spotlight reindex of the Macintosh HD
5) Added a bunch of folders to the "Do Not Backup" list in Time Machine
6) Turn Time Machine on

3) A Great Tool The Time Machine Editor
I used this to reduce the number of backups