Archiv für März 2012
1. Periodic meetings involving briefings to the senior management about information security enhance an organization’s commitment and support of information security
2. Data custodians (aka security administrators) are responsible for enforcing access rights to the data by individuals and applications. However, data owners are responsible for approving such rights
3. More or less, policies and standards are usually fairly static. However, procedures are more likely to change as new versions of software and hardware are released
4. One of the qualifications of a CISO should be that he/she should have the ability to understand an organization’s business needs and enable security technologies to support those needs. An organization’s security must be aligned with that organization’s business requirements
5. An organization’s security architecture must incorporate stakeholder’s requirements and thus advance the interests of the business
6. Information Security is not the same thing as IT Security
7. IT Security is just a subset of Information Security
8. IT security is driven by the chief information officer (CIO) level, while Information security is driven by executive management and supported by the board of directors
9. Only data owners can determine requirements of RPO
10. RPO (recovery point objective) is the point back in time from the occurrence of an incident up to which the data can be recovered effectively. Any data between that point and the incident time is lost and is irrecoverable.
Out of 700 plus axioms
Those who will attend our classes will get the more – 700 plus axioms, plus handouts, plus 5 lectures of 4 hours each, plus sample Q/A, plus attendees can ask questions till the day before the exam.
Best, Jutta.
mailto:jutta.staudach@gmail.com
http://elearnings.jutta-staudach.de/
Webinar Q & A
Question:
What the difference between the IT strategy committee and the steering committee? Is the function same?
Jay:
IT Strategy Committee is a committee of the board (senior management). This committee reports to the board. Their drivers are future business direction, future technology direction, and future regulatory compliance direction. Their time horizon is 2-3 years. They meet on a quarterly basis.
IT Steering Committee is for the IT and Business Units’ representatives. They meet more frequently. It is represented by IT (preferably CIO) and business unit managers or their representatives. Discussions are about areas which are of immediate concern and have a shorter time horizon.
Both are a must for proper IT Governance.
Question:
Does PKI guarantee confidentiality?
Jay:
Only if the encryption technique used is such that the recipients has to use their PRIVATE key to decrypt the message.
Question:
I had done 390 out of 450 on the last CISA exam. I studied the CD Exam many times in order to reach an 88%. Is this enough?
Jay:
More important than getting 88 percent is to know why you were right in 88 percent of the questions and why you were wrong in 12 percent of the questions.
Every repetitive exercise should be such as if you are reading a question for the FIRST time in your life.
In the exam what is important is success; in practicing questions what is important is comprehension.
One of my webinar attendees from June, informed me that she got 737/800. Because every time she was right, she wanted to know why.
Best, Jutta.
If you like this – most likely you want to attend one of our webinars – here those already scheduled and ready for registration
Jay Ranade CISA Axioms
1. DRP increases pre-and post incident operational costs but reduce business impact and recovery costs. However, recovery plan should strive to reduce RTO and recovery costs.
2. Risk assessment (RA) is usually done on an annual basis. After RA is done, the adequacy and effectiveness of the BC plan must be evaluated too.
3. Geographically dispersing resources and processing facilities mitigate vulnerabilities of a regional disaster.
4. Best evidence of the efficacy of DR plan in an organization is the practice of frequent tests and drills
5. Timely availability of hardware is a primary concern for warm site facility
6. An application when reaching the end of its life cycle can be decommissioned but not retired if the data needs to be retained for regulatory purposes
7. Protection of human life is the MOST important factor in any business continuity process. Remember, it is higher than data loss as well any other factor.
8. For email authenticity and confidentiality, it must be first encrypted with sender’s private key and then recipient’s public key.
9. Escorting visitors is the best preventive control for visitor access to a data center.
10. Most common problem with IDS is the detection of false positives (IDS detects events that are not really a security problem).
Out of 700 plus axioms
Those who will attend our classes will get the more – 700 plus axioms, plus handouts, plus 5 lectures of 4 hours each, plus sample Q/A, plus attendees can ask questions till the day before the exam.
Best, Jutta.
mailto:jutta.staudach@gmail.com
http://elearnings.jutta-staudach.de/
Am Montag den 19. März 18:00 fand ein freies Übersichts – Webinar über mögliche ISACA Zertifizierungen statt.
CISA®, CISM®, CRISC® / IT Risikomanagement, CGEIT®
Was ist das? Für wen ist welche Zertifizierung interessant? Welche Karrierechancen bringt welche Zertifizierung für wen?
Hier die Videoaufzeichnung vom 19. März 2012 –
http://www.anymeeting.com/elearnings/EA54D9808147
Handouts findet der geneigte Leser hier –
http://elearnings.jutta-staudach.de/ISACA_Certifications_Overview_v.1%203-19-12.pdf
Des weiteren stehen für folgende Präsenz-Online Klassen Ende der Woche, für alle die voll bezahlt haben im Backend System Lernunterlagen bereit (Folien und Axiome)
Vorbereitungskurs CISA® (Certified Information Systems Auditor) Examen
Kurstermine:
Das CISA® Online Training wird an fünf Terminen im Mai und Juni, jeweils montags in der Zeit von 18-22 Uhr durchgeführt.
Die Termine sind im Einzelnen:
07.05. / 14.05. /21.05. /28.05 sowie 04.06. Englisch
10.05./17.05./24.05./31.05. sowie 07.06. Deutsch
Der Kurs ist als Live Webinar mit 5 Einheiten von jeweils 4 Stunden konzipiert.
Kursleiter: Jay Ranade (CISA, CISM, CISSP, CRISC, CGEIT, CIA, ISSAP, CBCP, MBCP) englisch
Kursleiter Jutta Staudach (CISA, CISM) Deutsch.
Trainings Methoden: Vor-Ort Training mit Kursleiter; oder webbasiert mit Kursleiter
Voraussetzungen:
Der Kurs richtet sich an erfahrene IT Prüfer, Auditoren oder IT Sicherheitsexperten.
Für die Teilnahme an der Examensprüfung gibt es keine bestimmten Bedingungen. Für die Beantragung des Zertifikats müssen allerdings die von ISACA bestimmten Voraussetzungen erfüllt werden.
Ziel des Kurses:
Der Kurs dient den Teilnehmern zur qualifizierten Vorbereitung auf das CISA Examen nach ISACA.
Wer sollte teilnehmen:
IT Experten, die Interesse an der CISA Zertifizierung haben.
Kursmaterial:
Kundenspezifische Handbücher mit den Kursinhalten von ISACA/Jay Ranade – bestehend aus 750 Folien und 786 exklusiven Jay Ranade Axiomen.
Hinweis: CISA Axiome von Jay Ranade sind 786 Lehr – bzw. Leitsätze, die die Kernaussagen der einzelnen Themen für IT Revision zusammenfassen. Allein das Lesen dieser 300 Kernaussagen vermittelt Ihnen einen tiefen Einblick in das Thema IT Revision und erhöht Ihre Chancen auf ein erfolgreiches CISA Examen enorm.
Kursinhalte:
Dieser Kurs richtet sich an Personen, die sich auf das Certified Information Systems Auditor (CISA) Examen vorbereiten. Alle Themeninhalte sind durch die ISACA vorgegeben und an die Berufspraxis angelehnt. Für das CISA Examen sind es folgende 5 Sachgebiete:
1. IS Audit Prozess (14%)
2. Strategieorientierte IT Führung und Organisation (14%)
3. Anschaffung, Entwicklung und Implementierung von Systemen (19%)
4. Betrieb, Wartung und Betreuung von Systemen (23%)
5. Schutz von Informationswerten (30%)
Unterstützung für das Examen: Der Kursleiter Jay wird alle schriftlich formulierten Fragen bis zum Vorabend der Prüfung beantworten. Hierbei ist zu beachten, dass die Antworten auf Fragen Einzelner an ALLE Seminarteilnehmer gesendet werden. Die Identität des Absenders bleibt hierbei verborgen. Jay wird sich vorbehalten, die Frage um zu formulieren, falls es für ein besseres Verständnis nötig ist.
Was unseren Kurs von Anderen unterscheidet sind die Axiome. Dies sind kurz gehaltene Lehr- und Leitsätze aus den Kursinhalten, für alle vier Examen. Im Einzelnen:
CISA – 750 Folien, 786 Axiome
Or order now –
Vorbereitungskurs CISM® (Certified Information Security Manager) Examen
Kurstermine:
Das CISM® Online Training wird an fünf Terminen im Mai und Juni, jeweils mittwochs in der Zeit von 18-22 Uhr durchgeführt.
Die Termine sind im Einzelnen:
09.05. / 16.05. /23.05. /30.05 sowie 06.06.
Der Kurs ist als Live Webinar mit 5 Einheiten von jeweils 4 Stunden konzipiert
Kursleiter: Jay Ranade (CISA, CISM, CISSP, CRISC, CGEIT, CIA, ISSAP, CBCP, MBCP)
Trainings Methoden: Vor-Ort Training mit Kursleiter; oder webbasiert mit Kursleiter
Voraussetzungen:
Der Kurs richtet sich an IT Experten mit Erfahrungen im Bereich IT Sicherheitsmanagement.
Für die Teilnahme an der Examensprüfung gibt es keine bestimmten Bedingungen. Für die Beantragung des Zertifikats müssen allerdings die von ISACA bestimmten Voraussetzungen erfüllt werden.
Ziel des Kurses:
Der Kurs dient den Teilnehmern zur qualifizierten Vorbereitung auf das CISM Examen nach ISACA.
Wer sollte teilnehmen:
IT Experten, die Interesse an der CISM Zertifizierung haben.
Kursmaterial:
Kundenspezifische Handbücher mit den Kursinhalten von ISACA/Jay Ranade – bestehend aus 750 Folien und 540 exklusiven Jay Ranade Axiomen.
Hinweis: CISM Axiome von Jay Ranade sind 540 Lehr – bzw. Leitsätze, die die Kernaussagen der einzelnen Themen für IT Sicherheit zusammenfassen. Allein das Lesen dieser 300 Kernaussagen vermittelt Ihnen einen tiefen Einblick in das Thema IT Sicherheit und erhöht Ihre Chancen auf ein erfolgreiches CISM Examen enorm.
Kursinhalte:
Dieser Kurs richtet sich an Personen, die sich auf das Certified Information Security Manager (CISM) Examen vorbereiten. Alle Themeninhalte sind durch die ISACA vorgegeben und an die Berufspraxis angelehnt. Für das CISM Examen sind es folgende 5 Sachgebiete:
1. Steuerung der Informationssicherheit (24%)
2. Risikomanagement(33%)
3. Entwicklung & Management von IS Programmen (25%)
5. Management von Sicherheitszwischenfällen (18%)
Unterstützung für das Examen: Der Kursleiter Jay Ranade wird alle schriftlich formulierten Fragen bis zum Vorabend der Prüfung beantworten. Hierbei ist zu beachten, dass die Antworten auf Fragen Einzelner an ALLE Seminarteilnehmer gesendet werden. Die Identität des Absenders bleibt hierbei verborgen. Jay wird sich vorbehalten, die Frage um zuformulieren, falls es für ein besseres Verständnis nötig ist.
Was unseren Kurs von anderen unterscheidet sind die Axiome. Dies sind kurz gehaltene Lehr und Leitsätze aus den Kursinhalten, für alle vier Examen. Im Einzelnen:
CISM- 750 Folien, 540 Axiome
Vorbereitungskurs CRISC
(Certified in Risk and Information Systems Control) Examen
Kurstermine:
Das CRISC® Online Training wird an fünf Terminen im Mai und Juni, jeweils dienstags in der Zeit von 18-22 Uhr durchgeführt.
Die Termine sind im Einzelnen:
08.05./15.05./22.05./29.05 sowie 05.06.
Der Kurs ist als Live Webinar mit 5 Einheiten von jeweils 4 Stunden konzipiert.
Kursleiter: Jay Ranade (CISA, CISM, CISSP, CRISC, CGEIT, CIA, ISSAP, CBCP, MBCP)
Trainings Methoden: Vor-Ort Training mit Kursleiter; oder webbasiert mit Kursleiter oder eine Mischung aus Vor-Ort und Webtraining
Voraussetzungen:
Der Kurs richtet sich an erfahrene IT Spezialisten, die in den Bereichen IT Prüfung/Audit, IT Sicherheit oder IT Risikomanagement tätig sind. Für die Teilnahme an der Examensprüfung gibt es keine bestimmten Bedingungen. Für die Beantragung des Zertifikats müssen allerdings die von ISACA bestimmten Voraussetzungen erfüllt werden.
Ziel des Kurses:
Der Kurs dient den Teilnehmern zur qualifizierten Vorbereitung auf das CRISC Examen nach ISACA und vermittelt Fachwissen für IT Risikomanagement.
Wer sollte teilnehmen:
IT Experten, die Interesse an der CRISC Zertifizierung haben und/oder Fachwissen im Bereich IT Risikomanagement erwerben wollen.
Kursmaterial:
Kundenspezifische Handbücher mit den Kursinhalten von ISACA/Jay Ranade – bestehend aus 400 Folien und 300 exklusiven Jay Ranade CRISC Axiomen.
Hinweis: CRISC Axiome von Jay Ranade sind 300 Lehr – bzw. Leitsätze, die die Kernaussagen der einzelnen Themen für IT Risikomanagement zusammenfassen. Allein das Lesen dieser 300 Kernaussagen vermittelt Ihnen einen tiefen Einblick in das Thema IT Risikomanagement und erhöht Ihre Chancen auf ein erfolgreiches CRISC Examen enorm.
Kursinhalte:
Dieser Kurs richtet sich an Personen, die sich auf das Certified in Risk and Information Systems Control (CRISC) Examen vorbereiten. Alle Themeninhalte sind durch die ISACA vorgegeben und an die Berufspraxis angelehnt. Für das CRISC Examen sind es folgende 5 Sachgebiete:
1. Risikoidentifikation, – bewertung und – beurteilung (31%)
2. Risikobewältigung (17%)
3. Risikoüberwachung (17%)
4. Entwicklung und Einführung von IS Kontrollprozessen (17%)
5. Überwachung und Pflege von IS Kontrollprozessen (18%)
Unterstützung für das Examen: Der Kursleiter Jay Ranade wird alle schriftlich formulierten Fragen bis zum Vorabend der Prüfung beantworten. Hierbei ist zu beachten, dass die Antworten auf Fragen Einzelner an ALLE Seminarteilnehmer gesendet werden. Die Identität des Absenders bleibt hierbei verborgen. Jay wird sich vorbehalten, die Frage umzuformulieren, falls es für ein besseres Verständnis nötig ist.
Was unseren Kurs von anderen unterscheidet sind die Axiome. Dies sind kurz gehaltene Lehr und Leitsätze aus den Kursinhalten, für alle vier Examen. Im Einzelnen:
CRISC- 400 Folien, 300 Axiome
Vita / Biographie Jay Ranade:
Biography of Director of Education, Jay Ranade: CISA, CISM, CISSP, ISSAP, CGEIT, CBCP
Jay Ranade, a certified CISA, CISM, CISSP, ISSAP, CGEIT, and CBCP is a New York City-based management consultant and internationally-renowned expert on computers, communications, disaster recovery, IT Security, and IT controls. He has written and published 37 IT-related books covering networks, security, operating systems, languages, systems, and more. He also has an imprint with McGraw-Hill called J. Ranade IBM Series, which includes over 300 titles. His publications have been translated into several languages including: German, Portuguese, Spanish, Korean, Japanese, and Mandarin. He has written and published articles for various computer magazines such as Byte, LAN Magazine, and Enterprise Systems Journal. He is also the author of The New York Times critically-acclaimed book, The Best of Byte. He is currently working on a number of books on various subjects such as Audit, IT Security, Business Continuity, and IT Risk Management. Jay has consulted and worked for Global and Fortune 500 companies in the U.S. and abroad including: American International Group, Time Life, Merrill Lynch, Dreyfus/Mellon Bank, Johnson & Johnson, Unisys, McGraw-Hill, Mobiltel Bulgaria, and Credit Suisse. He was a member of ISACA International’s Publications Committee from 2005 to 2007, and he currently serves as a member and advisor to the New York Metropolitan InfraGard, a partnership between the FBI and private sector institutions to safeguard America’s national infrastructure from hostile attacks. He has been a speaker at the Federal Reserve Bank of New York on Global Financial Infrastructure Protection, and he maintains FBI-certified confidential-level clearance.
Jay also teaches graduate-level classes on Information Security Management, Operational Risk Management, and Ethical Risk Management at New York University, and Accounting Information Systems, IT Auditing, and Internal Auditing at St. John’s Universität.
FRAGEN? email:elearnings@jutta-staudach.de oder +49.171.3833409
Bitte mir in jedem Falle die vollen Kontaktdaten zukommen zu lassen – Zwecks Zugang zum Lernsystem und im Falle eines ISACA Member Discounts / oder Studentenrabatt, damit wir selbige überprüfen können (ISACA Nummer oder Scan des Studentenausweises!)
Terms & Konditions:
Bis 2 Wochen vor dem Kurs kann kostenfrei storniert werden, danach fallen 50% Storno-kosten an. Ausnahme – wer bereits Zugang zum Backend System hatte, kann nicht mehr stornieren, bekommt allerdings im nachgewiesenen Krankheitsfalle einen Teil rückerstattet (Prep Pack charged only).
Beste Grüsse,
Jutta Staudach CISA, CISM
Organizer: Jutta Staudach.
Director of Global Certification seminars
Risk Management Professionals International, German Division
A Case Study or a Project from Hell
Once upon a time, somewhere on earth, there was a Bank doing good business and this Bank was called Good Bank.
But – hey, Good Bank is losing a lot of customers and all of them are now customers of Universal banking Institute Bad Bank.
CEO Alfred NoClue doesn’t have any clue, WHY? Just gotten the actual Quarter Report and figured out that in the area of Private Banking & Consumer Banking he has lost about 30% of his customers.
GOSH!
Immediately he picks up the phone and calls his Business Change Manager Fredi CleverCute and asks him to help in emergency.
Now Fredi CleverCute has a problem – he, himself is already a customer of Universal banking Institute Bad Bank.
Alfred NoClue nearly lost all his patience and wanted to fire Fredi CleverCute without further notice.
Oh NO – STOP!
Fredi Clever Cute is normally a very loyal guy and usually he brings Initiatives after they have been initiated per Top Down Approach, per Bottom up method perfectly “under” all Stakeholders.
That the reason why CEO Alfred NoClue asks Fredi LeverCute, why he raised a Consumer Account at Bad Bank.
Fredi CleverCute thinks about how to declare it for a few moments and afterwards he says “As soon as I raise my account there I can have everything all at once – like Amazon – oneClick – Corporate Banking included everything all at once and the Best not Like Good Bank with old fashioned TAN List if you do not fall asleep before the Website is loaded – BadBank offers ONE TIME Password per Security Token and even the better their Portal System is totally fast! And they offer me that all for free – I haven’t paid a single Cent for it. Of course I have to pay for the transactions, but that’s it! And I have gotten a free Debit Card as a goodie on top – quite favorable for Internet Shopping and for using it at any ATM world wide – I never pay for getting cash – GREAT!”
CEO NoClue has the more, no clue – how they can give their assets away for free?! We don’t have anything to provide our customers for free; we deliver proper customer support and care about our customers!
Fredi CleverCute argued – hence, there are many customers like me – they don’t need support.
And with a big smile Fredi CleverCute tells CEO NoClue Universal banking Institute Bad Bank doesn’t provide anything real for free – with their new fast Online Portal not only Fredi CleverCute is able to order this new superb stocks from Asian Market – for customers with no/less experience in Corporate Banking / Wealth Management they have a lot of ads on their portal for several funds like GrandMa’s Bond Based funds in cooperation with Insurance NeverPay.
CEO NoClue shake his head – “we don’t offer nor Corporate Banking neither Wealth Management, we are a co-operative Bank, but we are able to offer Bond Based Funds through our Partner Insurance SuperSave. Regarding Grandma’s Bond Based funds Universal Banking Institute Bad Bank offers together with Insurance NeverPay – is real somebody buying it? Never minded!”
Fredi CleverCute loud laugh – “now we need a Partner for Corporate Banking and Wealth Management, and we should extend the partnership with Insurance SuperSave; And we build our own brand new shiny Internet Portal. First it costs money, sure, but it will bring us good income afterwards. for the Portal – the 2 Partners should invest in it too, we integrate their IT Systems in ours and the day after tomorrow we are a lot better than Universal Banking Institute Bad Bank IS nowadays. At our place customers can come in as well, or online – everything oneClick at all.
We optimize our Business Processes, because now round about 50% of our customers will do all their stuff from home and we can close about 1/3 of our Branches and make about 30% of our staff redundant. – Super! – what do you guess?”
CEO NoClue likes the idea and he immediately starts the Programme “New Good All Inclusive Bank”
Freddi CleverCute would not be that clever, if he would not have had a superb idea same second – CEO NoClue is only the Programme Executive Sponsor – he needs a Programme Manager immediately, as CleverCute is the Business Change Manager there and he starts same time brining all this good news to all stakeholder involved – well, he forgets the Workers Council – who cares? What is 30% of the staff? Nothing …. More the later 😉
Doesn’t matter CleverCutes best friend Hansi Perfidious knows the former programme manager of Bad Bank Ursel Uppish, he has run the Programme New Portal there and have everything in his pockets – historical files, historical data, lessons learned and everything you need to keep in your mind regarding security matters and data privacy have been within his Projects beyond the Programme – perfect!
End of this story – Ursel Uppish is named via Hansi Perfidious in the name of CEO NoClue Programme Manager of Good Bank and therefore responsible for the daily business and deputy of God (CEO) on earth.
Short after Uppish has gotten the Mandate for Initiating the Programme New good all inclusive Bank from the whole Board. And as the goal, the vision and therefore the objectives are almost clear he starts working same time.
As insurance SuperSave is not running their business in the same country Good Bank resides Uppish initiates a project for Compliance topics, especially cross boarder topics, he gets his friend Ernst DataPrivacy on board. Ernst DataPrivacy worked before a a Data Privacy officer and has a lot of experience there – but to be honest he has no clue about Cross Boarder topics and Compliance.
Anyway he gets a mandate from CEO NoClue as well and starts to build up a project team; therefore his first step is getting the stakeholder identified.
As now the preparation phase of the programme is running, Ursel Uppish needs the Budget approved quite quickly.
Even he should know it the better and only get the budget for the first stage approved, as he has many unknown issues in his basket he in his overestimation in his own capabilities he talked upfront the board with all his power of persuasion to avail. AND? Yeah he gets the whole Budget of 30 Mio € free for usage. Even the bank regulation authorities approve it as all, his PAPERWORK is superb and compliant in place (that he used everything Fritzi CleanEffectiveEthical has written before for Universal Bank Bad Bank – WHO CARES?!)
The more meanwhile Ernst DataPrivacy has serious problems to get access to the customer data in country SunShine approved – Programme Manager Uppish ignore it all at once.
He starts several IT projects all together, as main goal and objective for him is that nerving consumer customers should do everything from home in near future and stop troubling the staff in the branch.
Serveral IT Tecchies are found quickly and inaugurated being Project Managers from now.
That’s the main reason behind not a single one of them not even thinking about involving the user’s means having a senior user within the Project Board and/or Project Team. User? That are this idiots, too stupid, to double click the red button within the branches – puuuhhhhhhhh.
CEO and Programme Executive Sponsor NoClue is totally happy if he gets a weekly report in a Single Side Powerpoint format where all signal lights are green.
Programme Manager Uppish knows this fact and all reports he gets with yellow signal lights he colorize green – he have done this already within Bad Bank and its worked there perfectly!
Meanwhile the projects “New infrastructure Service” and “Portal Development Offshore” are running in parallel.
Sorry to mention – Programme Managemer Uppish has forgotten to tell Project Manager Willi Offshore that Technical Infrastructure Project Manager Bonnie Tecchie exists.
On the other side Bonnie Tecchie wants to save the bucks and won’t like to hear Willi Offshores requirements – her opinion is
– Too much metal is not sane for the intelligence of the programming staff.
Unfortunate, as Freddie CleverCute talks with everybody Willi Offshore gains knowledge about what Bonnie Tecchie plans – the same second he is totally sure this girl is totally MAD. If she is or not Willi Offshore cant verify as Bonnie Tecchie is simple not talking to him – she refuses every communication.
On top it comes Willi Offshore who is project manager of both development projects the frontend system and the backend systems (for the branch) and he is still not thinking about asking the users of they need a pullover or trousers. CEO NoClue his level of incompetence is that high, that he ignores the necessarily to show up commitment in case of Strategic directives internal and external that he assumes – I have shown up the directive – that’s almost enough!
Meanwhile the staff in the branches already have asked the Workers Council – as even 1/3 reduction of branches and 30% of staff is in the PID means the more within the Business Case and main argument of CEO NoClue and Programme Manager Uppish – no one of both thought about this could be a part of interest for the Unions – NOW believe me IT IS J
By the way at least Uppish found a new datacenter – well known datacenter SuperFast and they are fast ineed – all SLA’s (Service Level Agreements) are already defined signed and in place.
Datacenter Director already sent Uppish and his CEO NoClue his SAS 70 report, which proves in this case Compliance and Project Manager Willi Offshore signed an agreement with Good Bank about Software in Escrow.
CEO NoClue is absolutely impressed by his Programme Manager Uppish – so fast so many things done – excellent!
Gosh a bit stupid – except Business Change Manager Freddie CleverCute still nobody speaks to the staff – especially the employees within the branches. And CleverCute – he talks with all his power of persuasion and tells them the new piece of software – you only need to wink with your eyes – OK if you are still allowed to wink in-house and not asking for social security 😉
The more CleverCute explains – no more customers that nervs all the day round – maybe an old grandma once a week … everything else will be done within the new SuperSave Portal.
Project Manager Willi Offshore now uses the requirements list and the work packages which where written within the contract specification Programme Manager Uppish used at Bad Bank
That a Co-operative Bank is not the same than a Universal Bank with Consumer/Corporate and Wealth Management included – hence – BANK IS BANK and I am getting paid to deliver what’s written here and not what users talk about – finite.
And Bonnie Tecchie still has the opinion more metal is something for cowards – who cares about?
He Willi Offshore gets paid for software delivery after successful running through SIT and UAT tests according to the contract – his SDLC is clean till Production (and that it will never ever once in his life running on this production systems Bonnie Tecchie planned – is this real his problem? NO!)
or better software in escrow – perfect!
Bonnie Tecchies opinion is the more she saves on the budget side the better it is for her career
CEO NoClue is so incompetent that he does not even recognize that somebody’s savings drive his bank into bankruptcy.
CIO Harry Value is quite happy that CISO Freddie Save does not bother him, what he does all at once as Harry Values process are totally compliant the more he has to argue at Ernst DataPrivacy Side, as the Cross Boarder Topics with Insurance Co-operation Partner in the Country of SunShine are not clarified or better miles away from being clarified right now.
If he should tell, something about this fact CEO NoClue? Neeee not disturbing him …. Better J
As usual Programme Manager Uppish re-colorize all red traffic lights he gets from Ernst DataPrivacy – all green not necessary, but RED – no never ever – and afterwards he sends it to CEO NoClue.
As CISO save is not reporting to the CEO as it’s best practice he reports to the CTO means the technology officer – hence you cannot do everything best practice – and the more why to bother the CEO with little bit security stuff – not necessary at all!
Project Manager Willi Offshore has already run successful threw Whitebox, Blackbox Testing (OK at the UAT the user haven0t been real amused as the main functions are somewhere in Nirwana – but they are there and working like described in the contract specifications – good enough), functional and regression testing is done and Willi offshore is proud about his clean Software Development Process – CEO NoClue as well – as he has NO CLUE that this piece of software won’t work never even once in his life on the production systems.
Programme Manager Ursel Uppish knows this fact but his self-esteem is not made for Programme or Project failure – he already has bought for tomorrow for himself a flight ticket to the island of alternative lifestyle and plan to stay there till nobody on the whole continent remembers anymore that former times a Co-operative Bank Good Bank exists.
Business Change Manager Fredi CleverCute have had recognized weeks ago that Bad Bank sold their Consumer Business – maybe there was too less demand for GrandMa’s Bond Based funds in cooperation with Insurance NeverPay – means the ROI was not sufficient enough.
Project Manager Bonnie Tecchie has all here paperwork in place, Change Request for the Go-Life and the Changeover, all changes are as well within the CMDB, all licences are bought, the software code is placed in escrow, CEO NoClue is a ALL SMILE – all governance and compliance frameworks are in place, as well with Datacenter SuperFast all SLA’s are in place, pico bello defined, the audit of the state supervision for banking is done – everything at its best J
(well, there is the customer data access in Country SunShine – hence that’s country SunShine – no worry)
DataCenter SuperFast is known for its great service, and they implemented the ITIL framework very efficient AND effective manner, their staff in the Service Desk, in Incident, Problem, Change & Release management is superb and known for high quality – there can’t go anything wrong – can’t?
Tomorrow the New Good All Inclusive Bank will be up and running.
This CEO NoClue is thinking – you most likely know paper never complaints – and Tools/Frameworks are enabler – not replacement for common sense.
Business Change Manager Fredi CleverCute lanced a great champagne via an well-known PR Agency telling everybody that tomorrow the new good all inclusive bank including super-fast portal will be life and already 50% more customers – calculated from the day of Project Mandate.
Problem is Bonnie Tecchie calculated with 60% only from the customers of the day of project mandate – this means a gap of 90% load on the portal ….
And the end of the story?
As after day 21 of the Go-life still nothing is working not even within the branches neither the portal – the branches – no one thought the employees how to handle the new software and they can’t find core functions anymore
Image and reputation of Good Bank is completely ruined and even worse Country of SunShine intervened at the government of country of Good Bank and as a fact afterwards the state supervision of banking wants to close Good Bank.
Beside all of this even the Business Continuity Tests or better disaster recovery tests worked in the theory – high available are Bonnie Tecchies systems – indeed …
Menawhile Bad Bank figured out that they need the consumer Business to have them being customer for coporate and Wealth Management, as well – AND?
They buy Good Bank
The New Bank is called WHITE BANK
CEO NoClue and his Team are meanwhile on the island of alternative lifestyle, too and they are crying bitterly tears
We have had all processes, frameworks, compliance and governance in place – WHY?
Remark: this is a pure fictive story – if it remembers somebody – it’s not wanted.
Best Jutta Staudach
CISA, CISM
http://elearnings.jutta-staudach.de/
A FOOL IN FRONT OF a TOOL, IS still a FOOL
And, if you pay peanuts, you will get monkeys
Liebe Leser,
Ich freue mich verkünden zu dürfen, dass unter anderem ich als (Mit-) Workshop Veranstalter am AIMP Jahresforum 2012 zu gegen sein werde.
Workshops „Interim Manager und heikle Momente im Projekt“ – Untertitel –
Im Freelancer-Jargon: Die schlimmsten Hard-Core-Showstopper, und wie man sie umgehen kann.“
Die Ursprungsidee stammt von mir selbst, welche Jürgen Becker mit meinem „Fiktiven Projekt“ überzeugte, einer wirklichen Horrorstudie mit sehr realem Hintergrund. Hier bereits vorab für die Leserschaft, die selbiges im Juni 2011 überlas –
http://elearnings.jutta-staudach.de/Fallstudie.pdf
Der Workshop findet am Samstagnachmittag zwei Mal hintereinander statt – Save the Date – Samstag 28. April 2012.
Beste Grüsse, Jutta Staudach
CISA, CISM