tag:blogger.com,1999:blog-23855896710781183152024-03-18T20:29:05.476-07:00Software Application Development CompanyiFour Consultancy is a Software Application Development Company. This Blog shall provide useful and beneficial posts related to software development companies.
http://www.ifour-consultancy.com
http://www.ifourtechnolab.com
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.comBlogger32125tag:blogger.com,1999:blog-2385589671078118315.post-77538463889916270482017-08-09T03:07:00.000-07:002017-08-09T03:07:14.533-07:00What are the top software companies in India to work for?<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
The company which not only provides the best software solutions to clients but also has the great culture, could be a choice to work for. There are bunch of companies in India considering start-ups to big giants, but the company with the help of which we can relate our study, we can get chance for good industry exposure and flexibility of ideas to convert into the work is the best company to work for. </div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="http://www.ifourtechnolab.com/" border="0" data-original-height="440" data-original-width="660" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihoLg1HU4ChuJez0lDeEQ8udzrLq1E8xlYL2Qy33hMz67V5PbuGOa36BzbFBY8oCn1Hunfza3H-4yCrr2mfVNEMjHYmj5UXhSHRaEWfHwxN-TjqMyjjPGr-3VELcIv76DXW0p3GtlGJUVh/s1600/test.png" title="asp.net software development company in india" width="570" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
I have been working at iFour Technolab Pvt. Ltd. an <a href="http://www.ifourtechnolab.com/" target="_blank">asp.net software development company in india</a> since a long and it has covered all the aspects of mine in terms of work satisfaction. There some pillars to identify the work culture in any company. Let me get to you to those pillars in our company.</div>
<div style="text-align: justify;">
<br />
Company hires the best people which can suit with the culture of the company. Starting from interns to senior developer all are selected with best talent in particular domain. </div>
<div style="text-align: justify;">
<br />
Company makes sure that all the employees know the vision and mission of company. If an employee doesn’t know about the vision it becomes just another job which doesn’t help in productivity at individual as well as organizational level. <br />
<br />
Company very well knows that best decisions can come from anywhere. So company allows everyone to speak and understands the perspectives of all in order to take any crucial decision. Company has developed culture in such a way that all the employees can directly communicate with senior management for any silly doubts. The freedom of ideas and creativity is the key to create the exceptional product which can differentiate company from others. At usual times company engages a meeting where brainstorming activity happens among the employees.</div>
<div style="text-align: justify;">
<br />
Here all the employees work as a team not as a bunch of individuals. It becomes very essential thing for every employee to understand his contribution in a team towards a project assigned to him. Whenever he starts assuming himself as an individual in a team he starts breaking coordination which leads to imperfect product. </div>
<div style="text-align: justify;">
<br />
Last but not the least, every employees here are given good incentives which motivates them to enhance their productivity every day.<br />
<br />
Take a look at our portfolio where we display some of our work and case study on <a href="http://www.ifourtechnolab.com/HIPAA-Compliant-Enterprise-Resource-Planning-System-for-Hospitals" target="_blank">custom software development.</a></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-26459306624329020592017-04-19T05:06:00.000-07:002017-04-26T05:02:54.220-07:00IT Audit & Types of IT Audit<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<style type="text/css">p { margin-bottom: 0.25cm; direction: ltr; line-height: 120%; text-align: left; }a:link { color: rgb(247, 182, 21); }</style>
</div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="Software Application Development Company" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWyhGUmo0mzwaxpRq7ptgbgDElxmHuMPgndnHITzINdl9J-fRiGndKaJLxs4xoVo6NUN0ZX9ArJPGmqREWfV6D5AIakclvRlnmV_sSnu32YRvE2dkBKO2JVIodOJ97DPw53YjRiQEsxjvS/s1600/it+Audit.jpg" title="Software Application Development Company" width="570" /></a></div>
<br />
<span style="font-size: small;">The
word ‘</span><span style="font-size: small;"><u><b>Audit</b></u></span><span style="font-size: small;">’
coined from the Latin word ‘audire’ which means ‘to hear’</span><span style="font-size: small;"><span lang="en-IN">.
</span></span><span style="font-size: small;">From the time of
ancient Egyptians, Greeks and Romans, the practice of accounting and
auditing existed.</span><span style="font-size: small;"><span lang="en-IN">
</span></span><span style="font-size: small;">Auditing was
executed in ancient India. Kautilya’s ‘Arthashastra’ existed in
4</span><sup><span style="font-size: small;">th</span></sup><span style="font-size: small;">
century BC in Mauryan period and carries great importance. He stated
that the head of finance and audit should independently and
individually report the king. </span>
</div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<a href="https://www.blogger.com/null" name="_GoBack"></a>
<span style="font-size: small;">The </span><span style="font-size: small;">Comptroller
and Auditor General Of India</span><span style="font-size: small;"> was
formerly called the </span><span style="font-size: small;">Accountant
General </span><span style="font-size: small;">to the
Government of India in 1858 and later labelled as the Auditor General
of India in 1860.</span><span style="font-size: small;"><span lang="en-IN">
</span></span><span style="font-size: small;">The Constitution
Act, 1950, re-designated the Auditor General as </span><span style="font-size: small;">Comptroller
and Auditor General</span><span style="font-size: small;">. It
is understood that the first practice of a computerized accounting
system was at General Electric in 1954. The industry soon
recognized that they needed to develop their own software and
the first of the generalized audit software (GAS) was developed.
Information Technology Auditing (IT auditing) began as Electronic
Data Process (EDP) Auditing and developed basically as a result of
the rise in technology in accounting systems.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<span style="font-size: small;">In
1977, the first edition of Control Objectives was issued. This
publication is now identified as Control Objectives for Information
and related Technology (CobiT). CobiT is the set of commonly accepted
IT control objectives for IT auditors. In 1994, Electronic Data
Processing Auditors Association (EDPAA) reformed its name to
Information Systems Audit and Control Association.</span></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<span style="font-size: small;">IT
Audit is defined as the </span><span style="font-size: small;">procedure
of collecting and evaluating evidence </span><span style="font-size: small;">to
decide whether a computer system </span><span style="font-size: small;">safeguards
assets, maintains data integrity, allows organizational goals</span><span style="font-size: small;">
to be achieved </span><span style="font-size: small;">effectively</span><span style="font-size: small;">
and </span><span style="font-size: small;">uses resources
efficiently.</span></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<span style="font-size: small;">Let’s
look at various types of IT audit that are conducted in <a href="http://www.ifour-consultancy.com/">software
companies in India</a>:</span></div>
<div style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 115%; margin-bottom: 0cm;">
<b><span style="font-size: small;">Financial audits</span></b></div>
</li>
</ul>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.3cm; text-align: justify;">
<span style="font-size: small;">A third-party inspection of a
company's financial records and reporting initiates. Its objective is
to review the financial statements; and to state whether these
statements offer factual view of transactions performed by an
organization.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<br /></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 115%; margin-bottom: 0cm;">
<b><span style="font-size: small;">Operational audits</span></b></div>
</li>
</ul>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<span style="font-size: small;">A future-oriented, systematic,
and independent assessment of organizational activities of <a href="http://www.ifour-consultancy.com/microsoft-technology.aspx">asp.net
software companies in India</a>. Financial data may be used, but the
key sources of evidence are the operational policies and
accomplishments related to organizational objectives. Internal
controls and efficiencies may be assessed during this type of review.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 115%; margin-bottom: 0cm;">
<b><span style="font-size: small;">Integrated</span><span style="font-size: small;">
</span><span style="font-size: small;">Audit</span></b></div>
</li>
</ul>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<span style="font-size: small;">This is a grouping of an
operational audit, department review, and IS audit application
controls review.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 115%; margin-bottom: 0cm;">
<b><span style="font-size: small;">Forensic audits</span></b></div>
</li>
</ul>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<span style="font-size: small;">An investigation and
evaluation of a firm's or individual's financial facts for use as
evidence in court. A </span><span style="font-size: small;"><b>forensic
audit</b></span><span style="font-size: small;"> can be
conducted in order to accuse a party for fraud, misuse or other
financial claims.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 115%; margin-bottom: 0cm;">
<b><span style="font-size: small;">Investigative audits</span></b></div>
</li>
</ul>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<span style="font-size: small;">This is an audit that takes
place as a consequence of a report of unusual or doubtful activity on
the part of an individual or a department of <a href="http://www.ifour-consultancy.com/microsoft-technology.aspx">c#
software company in India</a>. It is usually engrossed on specific
aspects of the work of a department or individual.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 115%; margin-bottom: 0cm;">
<b><span style="font-size: small;">Compliance audit</span></b></div>
</li>
</ul>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 1.27cm; text-align: justify;">
<span style="font-size: small;">A </span><span style="font-size: small;"><b>compliance
audit</b></span><span style="font-size: small;"> is an
all-inclusive review of an organization's adherence to regulatory
guidelines. Independent accounting, security or IT consultants assess
the strength and thoroughness of </span><span style="font-size: small;"><b>compliance.
</b></span><span style="font-size: small;">For example, you
may decide whether the business is complying with U.S. Environmental
Protection Agency (EPA) standards on the clearance of toxic waste. Or
you may look at whether a credit card company is ensuing federal law
with regards to charging its cardholders permissible fees and
interest.</span></div>
<div lang="en-IN" style="line-height: 115%; margin-bottom: 0cm; text-align: justify;">
<br /></div>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 0.64cm; text-align: justify;">
<span style="font-size: small;">IT Audit helps <a href="http://www.ifour-consultancy.com/microsoft-technology.aspx">ASP
DOT NET software companies in India</a> in numerous was such as:</span></div>
<div style="line-height: 115%; margin-bottom: 0cm; margin-left: 0.64cm; text-align: justify;">
<br /></div>
<ul style="text-align: justify;">
<li>
<div style="line-height: 100%; margin-bottom: 0cm;">
<span style="font-size: medium;"><span style="font-size: small;">Protecting
assets-h/w, s/w, people, files</span></span></div>
</li>
<li>
<div style="line-height: 100%; margin-bottom: 0cm;">
<span style="font-size: medium;"><span style="font-size: small;">Preserving
data integrity</span></span></div>
</li>
<li>
<div style="line-height: 100%; margin-bottom: 0cm;">
<span style="font-size: medium;"><span style="font-size: small;">Letting
organizational goal to be accomplished effectively and using
resources efficiently </span></span>
</div>
</li>
<li>
<div style="line-height: 100%; margin-bottom: 0cm;">
<span style="font-size: medium;"><span style="font-size: small;">Obeying
the Compliances of Regulatory and Legal requirement </span></span>
</div>
</li>
<li>
<div style="line-height: 100%; margin-bottom: 0cm;">
<span style="font-size: medium;"><span style="font-size: small;">Nonstop
improvement</span></span></div>
</li>
</ul>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-41504945889212513922017-04-19T04:50:00.000-07:002017-04-26T05:12:48.213-07:00Important terminologies used in IT Audit<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="Software Application Development Company " border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguMnYpMJE5f-MxG0T4o4gLKkyGNuD8F-kJZNYJa6X7czli-M7dAykiWIQydm0zj7lQnzZOESuL5LRV-9vhVJKpJUPlG7N6-uxh0P0zxTaMa_NBTwy4hXVm_SE_kbLIaYRu7zqFfaT5Vm93/s1600/Important+terminologies+used+in+IT+Audit.jpg" title="Software Application Development Company " width="570" /></a></div>
<br />
IT Audit is defined as the procedure of collecting and evaluating evidence to decide whether a computer system defends assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently.<br />
<br />
Here are important terminologies used in IT Audit by majority of <a href="http://www.ifourtechnolab.com/" target="_blank"><b>software companies in India</b></a>:<br />
<br />
<b>Audit</b> - An audit is an evidence collecting process. Audit evidence is used to assess how well audit criteria are being met. Audits must be objective, unbiased, and independent, and the audit process must be both systematic and documented.<br />
<br />
<b>Auditee</b> - An auditee is an organization (or section of an organization) that is being audited. Organizations can comprise companies, corporations, enterprises, firms, charities, associations, and institutions. Organizations can be either incorporated or unincorporated and can be privately or publicly possessed.<br />
<br />
<b>Auditor</b> - An auditor is a person who conducts the audits. Auditors gather evidence in order to evaluate how well audit criteria are being met. They must be objective, unbiased, independent, and proficient.<br />
<br />
<b>Audit client </b>- An audit client is any person or organization that appeals for an audit. Internal audit clients can be either the auditee or audit program leader whereas external audit clients can include regulators or customers or any other stakeholders that have a legitimate or contractual right or responsibility to carry out an audit.<br />
<b><br />Audit criteria</b> - Audit criteria comprise policies, procedures, and requirements. Audit evidence is used to decide how well audit criteria are being fulfilled. Audit evidence is used to decide how well policies are being implemented, how well procedures are being executed, and how well requirements are being charted.<br />
<b><br />Audit evidence</b> - Audit evidence includes records, actual statements, and other certifiable information that is related to the audit criteria being used. Audit criteria contain policies, procedures, and requirements.<br />
<br />
<b>Audit findings </b>- Audit findings are outcome from a process that evaluates audit evidence and equates it against audit criteria. Audit findings can demonstrate that audit criteria are being fulfilled (conformity) or that they are not being fulfilled (nonconformity). <br />
<br />
<b>Assertion </b>- Assertions or management assertions in audit or auditing purely means what management claims. For example, if a management declares that internal controls are effective then it is an entitlement or assertion made by management.<br />
<br />
<b>Confirmations</b> - The acceptance of a documented or verbal response from an independent third party.<br />
<b><br />Reperformance </b>- Reperformance involves rechecking a sample of the computations and transfers of data. Rechecking of computations comprises testing mathematical accuracy.<br />
<br />
<b>Audit charter</b> – It refers to a document arranged by an organization for internal control and audit, which clearly states the management’s responsibility, authority and accountability for IS audit. An audit charter is a charter that institutes an internal audit department for an existing <a href="http://www.ifourtechnolab.com/" target="_blank"><b>software company in India</b></a>. <br />
<br />
<b>Responsibility covers : </b></div>
<ul style="text-align: justify;">
<li>Mission</li>
<li>scope</li>
<li>Independence</li>
<li>Auditee’s necessity</li>
</ul>
<div style="text-align: justify;">
<br />
<b>Authority covers:</b></div>
<ul style="text-align: justify;">
<li>Right of access to information, personnel, locations and systems applicable to the performance of audits </li>
<li>Functions to be audited </li>
<li>Organizational structure, including reporting positions to board and senior management </li>
</ul>
<div style="text-align: justify;">
<b><br />Accountability addresses :</b></div>
<ul style="text-align: justify;">
<li>Designated/intended recipients of the report</li>
<li>Assessment of compliance with standards</li>
<li>Agreed completion dates</li>
<li>Agreed budgets</li>
<li>Agreed actions e.g. penalties when either party fails to carry out its responsibility.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Follow-up</b> - Review of verdicts i.e. actions taken to resolve internal audit findings. They may be tested to ensure that preferred results were achieved.<br />
<br />
Nowadays, IT auditing has become an integral part of almost any <a href="http://www.ifourtechnolab.com/" target="_blank"><b>software company in India</b></a>. This has created a mandate to know the implication of important terminologies that are used in IT audit.<br />
<br />
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-34256391344923922972017-03-10T03:00:00.001-08:002017-04-26T05:36:24.194-07:00ITIL Service Operations<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="Software Application Development Company " border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFLob3WGhiCNwHS0xkmeFWwZwpDpPvHzgWCxhFp9Jx_29Ec3wVJYzxGlGcDrtANzqdWZqI1Xx8wBRL9YvSE3zNLaKdRhSL8Lwl_pF_YiWTYPq5iUya5X_eDYVm_luipn8RvYZQqZk7pRMX/s1600/ITIL+Service+Operations.png" title="Software Application Development Company " width="570" /></a></div>
<br />
<b>Service Operation<span id="goog_760320977"></span><a href="https://www.blogger.com/"></a><span id="goog_760320978"></span></b></div>
<div style="text-align: justify;">
<br />
The ITIL Service Operation ensures that IT services like fulfilling the user requests, carrying out the daily operational activities, resolving or fixing the service problems, are taken into account and delivered in an effective way.</div>
<div style="text-align: justify;">
<br />
<b>The Service Operation includes different phases, namely :</b></div>
<ul style="text-align: justify;">
<li>Service Desk</li>
<li>Incident Management</li>
<li>Event Management</li>
<li>Request Fulfillment</li>
<li>Access Management</li>
<li>Problem Management </li>
<li>Technical Management</li>
<li>IT Operations Management</li>
<li>Application Management</li>
</ul>
<div style="text-align: left;">
<br /></div>
<div style="text-align: justify;">
<b>SERVICE DESK</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Service Desk includes :</b></div>
<ul style="text-align: justify;">
<li>To serve as FIRST Point of Contact (FPOC) </li>
<li>Play a vital role in achieving Customer Satisfaction</li>
<li>First Level Fix (FLF) and First Level Diagnosis (FLD)</li>
<li>To coordinate the activities between End User and IT Service Provision Teams</li>
<li>To OWN the Logged Request and ensure the Closure.</li>
<li>Escalate as appropriate</li>
<li>To support other IT Provision Activities on need basis</li>
</ul>
<div style="text-align: left;">
<br /></div>
<div style="text-align: justify;">
<b>Types of Service Desk :</b></div>
<ul style="text-align: justify;">
<li>Central Service Desk</li>
<li>Local or Distributed Local Service Desk</li>
<li>Virtual Service Desk</li>
<li>The Sun Model</li>
<li>Specialized Service Desk</li>
</ul>
<div style="text-align: left;">
<br /></div>
<div style="text-align: justify;">
<b>INCIDENT MANAGEMENT</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Incident Management includes :</b></div>
<ul style="text-align: justify;">
<li>To restore the Normal service operation as fast as possible for the process continuation</li>
<li>To keep the track and log of the incidents wherever applicable</li>
<li>To deal with all incidents consistently</li>
<li>To assist Problem Management team as required</li>
<li>To assist Service Desk for any kind of RFCs</li>
</ul>
<div style="text-align: justify;">
<b>Activities :</b></div>
<ul style="text-align: justify;">
<li>Incident Management Support</li>
<li>Incident Categorization</li>
<li>Immediate resolution of the Incident by 1st Level Support</li>
<li>Incident Resolution by 2nd Level Support</li>
<li>Handling of the Major Incidents taking place</li>
<li>Incident Monitoring</li>
<li>Incident Management Reporting</li>
</ul>
<br />
<div style="text-align: justify;">
<b>EVENT HANDLING</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Event Handling includes :</b></div>
<ul style="text-align: justify;">
<li>Detect Events, Analyze them and take the appropriate action</li>
<li>Monitor, Record and filter the relevant events</li>
<li>To do trend Analysis as a part of Proactive Measure</li>
<li>Contributes to maintain SLAs.</li>
</ul>
<div style="text-align: left;">
<br /></div>
<div style="text-align: justify;">
<b>REQUEST FULFILLEMENT</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Request Fulfillment includes :</b></div>
<ul style="text-align: justify;">
<li>To communicate the information regarding existing Standard services and the procedures</li>
<li>To provide channel and mechanism for users to avail the standard IT services</li>
<li>To provide the standard services to users</li>
</ul>
<div style="text-align: justify;">
<b>Activities :</b></div>
<ul style="text-align: justify;">
<li>Request Fulfillment Support</li>
<li>Request Log and Categorization</li>
<li>Request Model Execution</li>
<li>Request Monitoring</li>
<li>Request Closure and Evaluation</li>
</ul>
<div style="text-align: left;">
<br /></div>
<div style="text-align: justify;">
<b>ACCESS MANAGEMENT</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Access Management includes :</b></div>
<ul style="text-align: justify;">
<li>Granting authorized users the access to their Required services</li>
<li>Ensure that the Right level of access is provided</li>
<li>To revoke the access after getting approvals</li>
<li>To prevent the non-authorized access</li>
</ul>
<div style="text-align: justify;">
<b>PROBLEM MANAGEMENT</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Problem Management includes :</b></div>
<ul style="text-align: justify;">
<li>To ensure that problems are identified and resolved</li>
<li>To eliminate incidents taking place continuously</li>
<li>To minimize the impact of the incidents or problems that cannot be prevented</li>
</ul>
<div style="text-align: justify;">
<b>IT OPERATIONS MANAGEMENT</b><br />
<br />
<b>The objective of the IT Operations Management includes :</b></div>
<ul style="text-align: justify;">
<li>Ensure the Infrastructure Stability by performing basic level jobs</li>
<li>Support day to day operational activities</li>
<li>To improve overall operational performance and saving costs</li>
<li>Initial level diagnosis of operational incidents</li>
</ul>
<div style="text-align: justify;">
<b>Activities :</b></div>
<ul style="text-align: justify;">
<li>Backup and Restore jobs, Tape Management</li>
<li>On call (telephone) or Remote Control resolution</li>
<li>Facilities Management (e.g. Printer management)</li>
<li>Basic H/W and S/W installations/configurations</li>
</ul>
<br />
<div style="text-align: justify;">
<b>TECHNICAL MANAGEMENT</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the Technical Management includes :</b></div>
<ul style="text-align: justify;">
<li>Design of efficient, resilient and cost-effective IT Infrastructure for the organization</li>
<li>Maintain Technical Knowledge and Expertise as required to manage this IT Infrastructure</li>
<li>Availability of actual technical resources during failure</li>
<li>To provide all the necessary technical resources for complete lifecycle</li>
</ul>
<div style="text-align: justify;">
<b>Activities :</b></div>
<ul style="text-align: justify;">
<li>Manage the complete lifecycle of Organization's IT Infrastructure </li>
<li>Constantly update Technical expertise</li>
</ul>
<br />
<div style="text-align: justify;">
<b>APPLICATION MANAGEMENT</b></div>
<div style="text-align: justify;">
<br />
<b>The objective of the IT Operations Management includes :</b></div>
<ul style="text-align: justify;">
<li>Identify the requirement of Applications</li>
<li>Design efficient, resilient and cost effective applications for managing IT Infrastructure</li>
<li>To ensure security of the applications</li>
<li>Maintain day-to-day activities operational applications</li>
<li>Provide support during Application Failures</li>
<li>Efficiently improving the functionality of applications as per organization’s needs</li>
</ul>
<div style="text-align: justify;">
<b>Activities :</b></div>
<ul style="text-align: justify;">
<li>Manage applications throughout their lifecycle</li>
<li>Assist Design, Build, Test and implement applications</li>
<li>Maintain knowledge and expertise for Managing the applications</li>
<li>Make Application resources available whenever required</li>
</ul>
<br />
<div style="text-align: justify;">
<b>Conclusion: </b>Thus, each and every custom and software development company should implement the service operation and perform necessary activities, taking into consideration the objectives, to reach the best possible outcome. This will ease up the workflow of an IT organization with the effective and efficient outcomes and maintain the positive customer relationship.<b></b></div>
<div style="text-align: justify;">
<b></b></div>
<div style="text-align: justify;">
<b></b></div>
<div style="text-align: justify;">
<b></b></div>
<div style="text-align: justify;">
<b></b></div>
<div style="text-align: justify;">
<b></b></div>
<div style="text-align: justify;">
<b><br />References :</b><br />
http://wiki.en.it-processmaps.com/index.php/ITIL_Service_Operation</div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-7096744884604111122017-02-08T05:11:00.002-08:002017-02-14T23:25:27.919-08:00Steganography<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="asp.net software companies in India" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7kTmBIsDkIXHrKl5QRAHwwLyvnCW_WV01-emDGKrLwXBwJzCxaevAUipxKa5KHVyGI27xnQwMivRhnQciqXyQ9-_F3-jt1r0tKCBn4suGnc8dUCn2Mj6bZOPdXoLdlAV3PhNTh3mNAjr6/s1600/Steganography.jpg" title="asp.net software companies in India" width="570" /></a><br />
Steganography is the art of protected or hidden writing. The purpose of steganography is covert communication to hide the presence of a message from a third party <a href="http://www.ifourtechnolab.com/" target="_blank"><b>asp.net software companies in India</b></a>. </div>
<div style="text-align: justify;">
<br />
<b>Steganography methods:</b></div>
<div style="text-align: justify;">
<br />
Substitution Methods (Spatial-Domain): A secured robust approach of information security is planned. It presents two module based <a href="https://en.wikipedia.org/wiki/Least_significant_bit" target="_blank">LSB</a> (Least Significant Bit) methods for inserting secret data in the LSB’s of blue mechanisms and partial green components of random pixel places in the edges of images for the <a href="http://www.ifourtechnolab.com/" target="_blank"><b>software companies in India</b></a>. An adaptive LSB based steganography is planned for embedding data based on data available in MSB’s of red, green, and blue components of arbitrarily selected pixels across plane areas. It is more robust as it is linked with an Advanced Encryption Standard (AES). A new high capacity Steganography scheme using 3D geometric models is projected. The algorithm re-triangulates a part of a triangular mesh and inserts the secret information into newly added position of triangular meshes. </div>
<div style="text-align: justify;">
<br />
<b>Transform Domain Methods:</b> A method that customs two gray scale images of size 128 x 128 that are used in <a href="http://www.ifourtechnolab.com/" target="_blank"><b>software companies India</b></a> as surreptitious images and inserting is done in RGB and YCbCr domains. The quality of stego images are decent in RGB domain by comparing the PSNR values. It uses Integer Wavelet Transform (IWT) to hide secret images in the color cover image. It compared the PSNR values and image quality when inserting is done in the RGB and YCbCr domains. <a href="http://www.eurasip.org/Proceedings/Ext/NSIP99/Nsip99/papers/82.pdf" target="_blank">Integer Wavelet Transform</a> (IWT) have been recommended to hide multiple secret images and keys in a color cover image which is more effective. The cover image is categorized in the YCbCr color space. Two keys are found, encrypted and hidden in the cover image using IWT.</div>
<div style="text-align: justify;">
<br />
<b>Statistical Methods:</b> A practical methodology for minimizing additive distortion in steganography with general implanting operation which is more flexible and easy. <a href="http://dde.binghamton.edu/download/syndrome/" target="_blank">Syndrome-Trellis Codes</a> (STC) are used to increase the safety of the system. STC divides the samples into various bins (binning) which is a public tool used for resolving many information-theoretic and also data-hiding problems. The planned method can be used in both spatial & transform domain. A proper distortion function is selected which makes statistical detection difficult. Once the stenographer specifies the distortion function, the planned framework provides all tools for constructing practical embedding schemes. The distortion method or the embedding operations need not be shared with the receiver.</div>
<div style="text-align: justify;">
<br />
<b>Distortion Methods:</b> The method referred to as matrix encoding needs the sender and recipient to agree in advance on a parity check matrix H. The cover medium is processed to extract an order of symbols ѵ, which is changed into s to embed the message m, s is sometimes called the stegodata, and alterations on s are translated on the cover-medium to obtain the stego-medium. The image is blurred before hiding the message copy using special point spread function and arbitrarily generated key. Successive LSB embedding in the R plane is done in this project. The quantity of rows and columns of the message image is encrypted in the first row of the cover copy. Before inserting, the original message image is blurred using the specific PSF. The parameters used for blurring with PSF are cast-off as keys during deblurring. The secret key values are directed through a secure channel (Tunneling). The secret image is enhanced using the two keys and a third key, which is arbitrarily generated and depends on the content of the hiding message.</div>
<div style="text-align: justify;">
<br />
Steganography hides the covert message but not the detail that two parties are communicating with each other. The steganography process usually involves placing a hidden communication in some transport medium, called the carrier. The secret message is entrenched in the carrier to form the steganography standard. The use of a steganography key may be working for encryption of the hidden message and/or for randomization in the steganography system.</div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-79468641290439451102017-01-10T02:12:00.001-08:002017-01-13T03:26:04.251-08:00Some success stories of information systems integration during merger and acquisition<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiQOZdshGrWwt0F3NzuZUXNsjlPo2CQrhSWAhboj-vULgPUKJKsAO_f67o3s4vwHF7yzrm2pnwr22DCA-HPaKgkpPxh75Ww8BHO57VoMFPH0v8nMS1rmPXl2oM6x_bUz9KX6qqh0gLb88m/s1600/Some+success+stories+of+information+systems+integration+during+merger+and+acquisition.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img alt="software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiQOZdshGrWwt0F3NzuZUXNsjlPo2CQrhSWAhboj-vULgPUKJKsAO_f67o3s4vwHF7yzrm2pnwr22DCA-HPaKgkpPxh75Ww8BHO57VoMFPH0v8nMS1rmPXl2oM6x_bUz9KX6qqh0gLb88m/s1600/Some+success+stories+of+information+systems+integration+during+merger+and+acquisition.png" title="software development companies" width="570px" /></a></div>
<b><br /></b>
<b>1. Introduction</b><br />
<br />
The evolution of the merger and acquisition is interesting to know over the last 100 years. Economists and historians primarily refer to 6 waves in the mergers and acquisitions activities. <br />
<br />
These 6 waves are as follows : </div>
<ul style="text-align: left;">
<li>First Wave (late 1800’s): Horizontal groupings and consolidations of several industries. </li>
<li>Second Wave (early 1900’s): Mainly horizontal pacts, but also many vertical pacts. </li>
<li>Third Wave (mid 1900’s): The conglomerate era involving acquisition of companies in different industries. </li>
<li>Fourth Wave (late 1900’s): The period of corporate raider, financed by junk bonds. </li>
<li>Fifth Wave (early 2000’s): larger mega mergers. </li>
<li>Sixth Wave (till date): More strategic mergers designed to complement company strategy. Focus on post-merger integration.</li>
</ul>
<div style="text-align: justify;">
<br />
<b>2. Factors of Successful Integration</b><br />
<br />
Following are the key points of integration process:<br />
<br />
<b>2.1. Integration Planning: Business and IT Strategy Alignment</b><br />
<br />
IT has a major impact on the complexity, cost, and time required to complete merger and acquisition planning and execution. Companies, especially <a href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a>, must keep a check on the complexity, cost and time.<br />
<br />
Accenture research has found that those companies that involved IT in the pre-deal planning for the M&A not only did better in term of financial results, but also reported the overall merger integration as a success.<br />
<br />
<b>2.2. Integration Planning: Perform an IT due diligence</b><br />
<br />
An IT due diligence should be performed before the deal is signed. Due diligence is an investigation or audit of a potential investment. IT due-diligence should be thorough.<br />
<br />
J.P. Morgan Chase, Procter & Gamble confirmed the importance of IT due diligence.<br />
<br />
<b>2.3. Speed of Integration</b><br />
<br />
Speed of integration is always mentioned as one of key successful factors of the M&A. The variability of the IT system can make the compliance effort very costly. Companies have to act quickly to identify the compliance list to address the same as fast as they can.<br />
<br />
<a href="http://www.ifourtechnolab.com/" target="_blank">Software development companies</a> can always adopt this success factor i.e., speed of integration, as they already have expertise about software and systems.<br />
<br />
<b>2.4. Effective Communication</b><br />
<br />
The Culture issue has been a common concern in mergers and acquisitions integration. But if IT cultural issues are addressed properly, the success of the integration can be greatly boosted.<br />
<br />
KPMG's surveys (KPMG 1999, KPMG 2001) found that 26% of companies had better-than-average success if they focused on resolving cultural issues and 13% more likely than average to have a successful deal when they gave priority to communications.<br />
<br />
<b>2.5. Application Selection</b><br />
<br />
Swift and comprehensive integration of IT systems greatly enhances the chances of overall <a href="https://en.wikipedia.org/wiki/Mergers_and_acquisitions" target="_blank">merger and acquisition</a> success. The selection of applications is not based on individual applications, but on a group of similar applications, which is known as an application cluster.<br />
<br />
<b>2.6. Organization and HR: IT Organizational Fit</b><br />
<br />
The IT integration of M&A includes the following components: <br />
1. Integration of Information System that supports business units<br />
2. Integration of IT organization itself</div>
<div style="text-align: justify;">
<br />
The success of the M&A depends on the above mentioned factors. Adopting one or more of the factors will let the organization realize the M&A success rapidly.</div>
<div style="text-align: justify;">
<br />
<b>3. The Cisco Case Study</b><br />
<br />
Mergers and acquisitions expert Cisco Systems, that has acquired more than 125 firms in the past 15 years, takes culture into consideration with acquiring smaller firms. They evaluate the culture of the target, making sure there is some chemistry between Cisco and the target. <br />
<br />
A prime example of Cisco’s philosophy in action is their acquisition of networking star Linksys in 2004. While Cisco engineers and manufactures configurable products for the enterprise, Linksys outsourced many of its functions and sold its products through retail channels to consumers. Cisco being a Business-focused firm differed from Linksys’s culture that was consumer-focused. <br />
<br />
Cisco staff worked with Linksys employees to determine those areas in which Cisco would more fully integrate with Linksys, as well as those areas that would remain distinct and separate, a process called “<b>selective integration.</b>”<br />
<br />
Ultimately, they found little commonality in application needs but were able to integrate fully in many other areas, such as sharing data-center space, productivity software, and HR functions.<br />
<br />
Sometimes, Cisco acquires companies with different <a href="http://www.computerweekly.com/feature/Analysts-criticise-Net-business-model" target="_blank">business models</a>. This way they learn in an area where they don’t have a history of operating.<br />
<br />
This is how Cisco leverages advantages of other companies and also lets other companies take benefit of its uniqueness of its operations and business model.<br />
<br />
Cisco has also acquired software development companies in India. Pawaa Software, a Bengaluru based company, is one of the Indian company that Cisco has acquired. <br />
<br />
<b>4. Conclusion</b><br />
<br />
The complete article can be concluded by dotting down the factors that each company should keep in mind at the time of their merger or acquisition. They are: <br />
<br />
1. Early involvement of IT <br />
2. Alignment of IT strategy with business strategy of the company, which includes the notion that business strategy, determines the integration approach<br />
3. Know what you are buying. Conduct due diligence before the merger is closed <br />
4. Detail planning of the integration <br />
5. Effective communication to all the stakeholders (including its employees) <br />
6. Perform fast integration where it matters and is feasible<br />
7. Effective employment of application selection so as to reduce IT integration complexity<br />
8. IT organization fit is crucial<br />
<br />
<b>5. Reference</b><br />
<br />
http://www.tgcpinc.com/SiteData/doc/MergersAcquisitions-MBrenner-071409/976ceba14c4fae75a4bbcb514bb34762/MergersAcquisitions-MBrenner-071409.pdf<br />
http://www.cio.com/article/2440630/mergers-acquisitions/success-factors-for-integrating-it-systems-after-a-merger.html<br />
https://dspace.mit.edu/bitstream/handle/1721.1/35101/71356376-MIT.pdf?sequence=2<br />
http://www.ibmsystemsmag.com/power/businessstrategy/migration/mergers_acquisitions/?page=1<br />
http://www.itbusinessedge.com/cm/blogs/lawson/four-lessons-for-it-integration-after-a-merger-and-acquisition/?cs=34380<br />
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-71175472656368838442016-12-05T05:05:00.000-08:002016-12-05T05:47:55.332-08:00Getting Insights on IOT : Internet Of Things<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<b>Introduction</b></div>
<div style="text-align: justify;">
The Internet of Things can transform almost every industry to change the way one lives and works. Organizations across industries face challenges to form infrastructures that meet the changing requirements of data management, scalability, regulations, and are highly safe and practical. <a href="http://www.ifourtechnolab.com/" target="_blank">Software development companies</a> are taking special initiatives to adopt IOT platform. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
IOT tailors solutions for various industries such as manufacturing, healthcare, travel, utilities, and mining. It plays a very crucial role in development of Smart cities. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Internet of Things : IoT</b></div>
<div style="text-align: justify;">
<b>(Microsoft, 2016)</b> defines <a href="https://en.wikipedia.org/wiki/Internet_of_things" target="_blank">IoT</a> as: The IoT, Internet of Things, starts with organization’s things, the things that matter utmost to their business. IoT is all about making the things and the ways the data comes together in new ways. Tap into data and uncover actionable intelligence. And modernize how to do the business. This is what Internet of Things is all about.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As per <b>(WIPRO)</b>, following are the key differentiators that IoT platform offers :</div>
<ul style="text-align: justify;">
<li>Pay As You Grow with innovative as well as flexible service models</li>
<li>Experiment and Refine Your Strategy</li>
<li>Reduce Your costs with the rich streamlining and optimization expertise</li>
<li>Accelerated Time to Market using proven, ready to use tools</li>
<li>Ability to support a wide variety of devices through multiple communication channels</li>
</ul>
<div style="text-align: justify;">
<b>Steps to start with your own IoT Solution</b></div>
<div style="text-align: justify;">
<b>(HCL)</b> summarizes the implementation if IoT for any organization in following few steps :</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Connect and scale with efficiency</b></div>
<div style="text-align: justify;">
Connect any asset that’s important to your organization— with confidence – from robotics to various low-power devices, across any platform or operating system.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Easily scale from a few devices to a few million.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Analyze and act on untouched data</b></div>
<div style="text-align: justify;">
Capture alarms and alerts from all of your connected assets spread around the world. Identify issues before they become operational problems.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Take advantage of advanced analytics and machine learning to increase reliability and availability of your processes. Decrease costly outages and expensive repairs with prescriptive maintenance. And, take pre-emptive actions instead of understanding just the “what” and “why” behind a prediction.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Visualize what’s important</b></div>
<div style="text-align: justify;">
Create rich reports and dashboards to show anything from high level performance KPIs to the details of an individual asset. Customizing visualization so the right people have access to the metrics that matter to them, updated in real-time.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Accessing data and reports from any device, anywhere; and publish reports to your organization.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Integrate with your business processes</b></div>
<div style="text-align: justify;">
Automate formerly manual processes by integrating <a href="http://go.sap.com/india/solution/internet-of-things.html" target="_blank">IoT</a> data with your existing business systems such as CRM, ERP, and supply SCM.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
For example, if a product goes down at a customer site, a service ticket will auto-generate in CRM, from which numerous courses of actions can be assigned, such as notifying technician to fix problems, diverting the product, or shipping a replacement for your customer.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Conclusion</b></div>
<div style="text-align: justify;">
While the subject of IoT is broad and incorporates many trends and new technology developments, <a href="http://www.ifourtechnolab.com/" target="_blank">Software development companies in India</a> are keeping pace with the global market by adopting IoT platform. It becomes essential for organizations to cope with and also handle Big Data in a cost-effective way. IoT platform helps operator and enterprise customers to capture value from business. It also demands to create massive amount of devices, sensors and connections and on other hand it will create enormous business value.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Bibliography</b></div>
<div style="text-align: justify;">
HCL. (n.d.). Internet of Things (IoT) Platform. Retrieved 04 27, 2016, from IoT Works: http://www.hcltech.com/Internet-of-Things-IoT/</div>
<div style="text-align: justify;">
Microsoft. (2016). What is the Internet of Things. Retrieved 04 27, 2016, from Internet of Things: http://www.microsoft.com/en-in/server-cloud/internet-of-things/overview.aspx</div>
<div style="text-align: justify;">
WIPRO. (n.d.). WIPRO - Capabilities - Internet of Things. Retrieved 04 27, 2016, from Internet of Things: http://www.wipro.com/services/product-engineering/capabilities/internet-of-things/</div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-66903635917169088472016-11-03T06:57:00.003-07:002016-11-03T06:57:48.342-07:00ITIL Continual Service Improvement<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPy4kE8OOPa7He4EyXXW8dOkcgiPjaqYbn14Jq1rwQTmrHxVSZrCYmzk4b8GLEhbB3I5N-unn3HMZNHabl0OVOaZkg8YreR4ZzhDnLbEGgORhVOFdJH6grvlxICdHRORQGxtgZgnM2uN0a/s1600/ITIL+Continual+Service+Improvement.jpg" title="software development companies" width="570px" /></a></div>
<b><br /></b>
<b>ITIL Continual Service Improvement<span class="Apple-tab-span" style="white-space: pre;"> </span></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The ITIL Continual Service Improvement process focuses on quality management. The continual improvement process intends to continually improving the efficiency of IT processes and IT services, carried out in <a href="http://www.ifourtechnolab.com/" target="_blank">custom software development companies,</a> in an effective way , as per the standard adopted of continual improvement adopted in ISO 20000</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>The objective of the ITIL Continual Service Improvement includes :</b></div>
<ul style="text-align: left;">
<li style="text-align: justify;">To review and analyze improvement opportunities in each phase of the continuous lifecycle</li>
<li style="text-align: justify;">To review and analyze results of the Service Level achievement</li>
<li style="text-align: justify;">To improve cost of delivering IT services effectively without sacrificing the satisfaction of customer</li>
<li style="text-align: justify;">To identify and implement individual activities to improve the quality of IT services</li>
<li style="text-align: justify;">To ensures that the appropriate quality management processes and methods are used to support the activities carried out for the continual improvement in a <a href="http://www.ifourtechnolab.com/" target="_blank">software development organization.</a></li>
</ul>
<div style="text-align: justify;">
<b><br /></b>
<b>The activities of ITIL Continual Service Improvement includes :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li>Reviewing that the <a href="https://en.wikipedia.org/wiki/IT_service_management" target="_blank">ITSM</a> processes achieve the desired and qualitative results</li>
<li>Periodically demonstrate areas of improvement</li>
<li>Conducting internal audits verifying employees and process compliance</li>
<li>Reviewing existing deliverables for relevance</li>
<li>Conducting external and internal service to identify CSI opportunities</li>
<li>Review management information and trend to ensure services are meeting the SLAs.</li>
<li>Periodically proposing recommendations for improvement opportunities</li>
<li>Periodically conducting customer satisfaction surveys</li>
<li>Conducting service reviews i.e both internal as well as external ,to identify CSI opportunities</li>
</ul>
<br />
<div style="text-align: justify;">
<b>There are 7 steps followed in the ITIL Continual Service Improvement process.</b></div>
<div style="text-align: justify;">
<b>They are as follows :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li>To define what data you should measure</li>
<li>To define what data you can measure</li>
<li>To gather the relevant data need for the continuous improvement</li>
<li>To process and filter the appropriate data</li>
<li>Analyze the data by choosing the relevant methods</li>
<li>To present/assess the data</li>
<li>To implement corrective actions for getting the quality information and improved data</li>
</ul>
<br />
<div style="text-align: justify;">
<b>The processes of ITIL Continual Service Improvement includes :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li><b>Service Review</b></li>
<li><b>Process Evaluation</b></li>
<li><b>Definition of CSI Initiatives</b></li>
<li><b>Monitoring of CSI Initiatives</b></li>
</ul>
<br />
<div style="text-align: justify;">
<b>Service Review</b></div>
<div style="text-align: justify;">
<b>The objective of service review includes :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li>To review business and IT services and infrastructure services on a regular basis.</li>
<li>To improve the quality of the IT services where necessary</li>
<li>To identify more efficient and economical ways of providing IT service where possible.</li>
</ul>
<br />
<div style="text-align: justify;">
<b>Process Evaluation</b></div>
<div style="text-align: justify;">
<b>The objective of Process Evaluation includes :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li>To evaluate processes on a regular basis.</li>
<li>To identify those areas where the targeted process metrics are not reached,</li>
<li>Holding regular benchmarking, audits, maturity assessments and reviews.</li>
</ul>
<br />
<div style="text-align: justify;">
<b>Definition of CSI Initiatives</b></div>
<div style="text-align: justify;">
<b>The objective of Definition of CSI Initiatives includes :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li>To define specific initiatives which focuses on improving services and processes, based on the results of service reviews and process evaluations.</li>
</ul>
<br />
<div style="text-align: justify;">
<b>Monitoring of CSI Initiatives</b></div>
<div style="text-align: justify;">
<b>The objective of Monitoring of CSI Initiatives includes :</b></div>
<div style="text-align: justify;">
</div>
<ul>
<li>To verify and monitor improvement initiatives whether they are proceeding according to plan or not</li>
<li>To introduce and take corrective measures where necessary during the lifecycle.</li>
</ul>
<br />
<div style="text-align: justify;">
<b>TARGET AUDIENCE</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
ITIL Continual Service Improvement is relevant to organizations involved in the development, delivery or support of services, including:</div>
<div style="text-align: justify;">
</div>
<ul>
<li>Various Service providers – Internal providers and External providers</li>
<li><a href="http://www.ifourtechnolab.com/" target="_blank">Software development Organizations </a>that target to improve services through the effective application of service management to improve their service quality</li>
<li><a href="http://www.ifourtechnolab.com/" target="_blank">Software development Organizations</a> that require a consistent managed approach across all service providers in a supply chain or value network</li>
<li><a href="http://www.ifourtechnolab.com/" target="_blank">Software development Organizations </a>that are going out to tender for their services.</li>
</ul>
<br />
<div style="text-align: justify;">
<b>Conclusion :</b></div>
<div style="text-align: justify;">
Thus, the <a href="http://www.ifourtechnolab.com/" target="_blank">IT software development companies</a> should use and implement the Continuous Service Improvement to improve and monitor IT service as a part of <a href="https://www.axelos.com/certifications/itil.../itil...level/continual-service-improvement" target="_blank">ITIL</a> processes for increasing quality of the services and thereby increasing the value plus customer satisfaction.</div>
<div style="text-align: justify;">
<br /></div>
<div align="justify" style="line-height: 115%; margin-bottom: 0cm; margin-top: 0.42cm;">
<span style="font-size: small;"><b>References:</b></span></div>
<div style="text-align: justify;">
</div>
<ul>
<li>
<div align="justify" style="line-height: 100%; margin-bottom: 0cm; margin-top: 0.42cm;">
<span style="color: #80865a;"><span style="font-size: 16pt;"><a href="http://wiki.en.it-processmaps.com/index.php/ITIL_CSI_-_Continual_Service_Improvement"><span style="font-size: 12pt;"><b>http://wiki.en.it-processmaps.com/index.php/ITIL_CSI_-_Continual_Service_Improvement</b></span></a></span></span></div>
</li>
</ul>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-2840396521691200502016-10-04T01:30:00.002-07:002016-10-04T01:30:27.945-07:00Determining factors affecting Cloud Computing as Outsourcing<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="Software development company in india" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLdsEhbemQTRpU3OBBQ9MZQ43pgWdXFMDxvFK9ct1AUiV1BSP1ca-i7Ij01KQp_AUTWAC-lOfRduP4JLeeOue1R1ZsqKyiZFe71ef_Jc2LjspmIrc8JzM367f3lr8A-6snk3WVCi_bbaT4/s1600/cloud_data.png" title="Software development company in india" width="570" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Cloud computing (CC) is an emerging usage of IT outsourcing (ITO) that needs <b><a href="http://www.ifourtechnolab.com/" target="_blank">software companies in India</a></b> to <b>fine-tune their sourcing procedures</b>. Although <b><a href="http://www.ifourtechnolab.com/" target="_blank">software companies in India</a></b> have recognized an extensive knowledge based on the basis that drive sourcing choices from numerous theoretical standpoints. The mainstream of cloud-sourcing decisions concentrates on technological aspects. The most determinant factors of sourcing decisions in the ITO context persist valid for the CC context. Stillthe findings for some factors (i.e. asset specificity, client firm IT abilities, institutional influences, client firm size and uncertainty) are indecisive for the ITO and CC contexts. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Cloud computing (CC) influences how organizations cope and manages their IT landscape, challenges outdated IT governance approaches, and requires organizations to fine-tune their sourcing processes. With cloud computing, organizations can achieve on-demand network access to a common pool of managed and scalable IT resources, such as storage, applications and servers. Since IT sourcing decisions require substantial economic and strategic risks, <b><a href="http://www.ifourtechnolab.com/" target="_blank">Software outsourcing companies in India</a> </b>should have broad judgment and insight regarding organizational structures, organization processes, inter dependencies and routines to thoroughly comprehend decision substitutes and the set of required structural selections.</div>
<div style="text-align: justify;">
width="570"
</div>
<div style="text-align: justify;">
Following are the factors that software companies in India, can consider for organizations willing to adopt cloud computing.</div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Asset characteristics</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Asset specificity is used in reference to three key categories of assets: <b>physical asset specificity(similarly referred to as technical specificity), site specificity and human asset specificity.</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The increased network reliance of cloud computing increases the risks that disturb site specificity, such as the risk of service breakdowns because of probable network outages, which may result in a momentary loss of data accessibility. Therefore, site specificity requires precise consideration for assets that are required on a day-to-day basis (e.g. a customer relationship management system – CRM System). </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Technical specificity may however generate transaction charges when applications are run remotely but these increased transaction costs do not surpass cost savings rising from economies of scale. Thus, these cost savings may humbly outweigh issues related to technical specificity. Furthermore, the impact of technical specificity is expected to vary with organization size and other parameters. However, SaaS (Software as a Service) solutions are restricted in terms of their customizability, which limits the exclusivity of assets that are outsourced via cloud computing. So assets with low technical specificity might be more appropriate for SaaS-based sourcing and applications. High technically specific assets that surpass the configuration and customization limits of SaaS solutions may nevertheless be contenders for outsourcing the underlying infrastructure or PaaS solutions.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Human asset specificity yields inconsistent results.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Client firm characteristics</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The impact of a client firm’s internal IT capabilities on sourcing decisions vary between the cloud computing (inconsistent influence) and ITO (consistent negative influence) contexts. Partial support for internal information technology capabilities is observed because there is ‘a plentiful supply of IT personnel with suitable technical expertise’; so, gaps in internal IT capabilities can be effortlessly filled. Organizations started considering to outsource their IT activities because of a deficiency of trained and skilled IT personnel to <b><a href="http://www.ifourtechnolab.com/" target="_blank">software outsourcing companies in India</a></b>, whereas companies believe for internal IT capabilities as a criterion for integrating cloud services into an organization’s IT landscape.A deficiency of internal IT capabilities can be addressed either by acquisitioning competencies (e.g., hiring experts, training existing personnel) or by giving IT tasks to external providers (i.e., outsourcing). Thus, the aspiration to hire IT personnel may be an indication of a lack of IT capabilities.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Environmental characteristics</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Uncertainty denotes the degree of complexity, unpredictability and imperfect information that is natural to a transaction. Two types of uncertainty persist: <b>behavioural uncertainty and environmental uncertainty. </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Environmental uncertainty requires further consideration as a determinant of cloud-sourcing decisions, and we specifically differentiate between demand uncertainty as a driving factor and product uncertainty as an inhibiting factor.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The contractual mode of cloud services with short-term contracts permits clients to switch between providers for standardized, commodity-type services at a little cost, thus increasing the client’s inclination to switch vendors if the client is not pleased with the outsourcing arrangement. Still, low-cost switching relates only to standardized services (e.g., low technical specificity) with numerous available provider options. Highly specialized services, which are challenging to replace and lack open interfaces, might be tougher to source via CC. So, the nature of asset and the interference of other factors may play a part in the impact of behavioural uncertainty on sourcing decisions.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Determinant factors of cloud-sourcing decisions assist as a basis for practitioner-oriented guidelines and best practices about how to select and offer cloud services. Also, <b><a href="http://www.ifourtechnolab.com/" target="_blank">software companies in India </a></b>may use the set of determinant factors to lead their procurement procedures and to identify challenges that may stand up during the adoption, acquisition, or integration of cloud services.</div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-56355265412623982312016-09-26T00:18:00.000-07:002016-09-28T07:01:44.823-07:00Choosing between SaaS and On-Premise for a Software Outsourcing Company in India<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="custom application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjGoj-RF3ydKZMKeaQjUVJkApnDLznNJwE_5OdXaRN1DW4YKXsPa9ZVuQBif-BVX-BiCLK8tNpJLaEjV6NtLbgKxgF0qnrrfW7RPrVXXltgE7QANv9YpFas55Jin3oOhjMaZqOyNCK60nI/s1600/dfgsg.png" title="custom application development companies" width="570" /></a></div>
<br />
<a href="https://en.wikipedia.org/wiki/Software_as_a_service" target="_blank">Software as a Service (SaaS)</a> is a software delivery model for <b><a href="http://www.ifourtechnolab.com/" target="_blank">software outsourcing companies</a></b>, in which vendors host the applications centrally and charge on a levered basis. These applications are available to the users via Internet. This software delivery model is in line with terms like ‘On-demand’, ‘Off-premises’ and ‘Application Service Provider (ASP)’. E.g. <a href="https://www.office.com/" target="_blank">Microsoft Office 365</a></div>
<div style="text-align: justify;">
On-Premise is a software delivery model in which a client, installs and works on the software in-house. Organization’s own resources are used and it needs to obtain a software license for using the software for each server. On-premise software is commonly referred as ‘ShrinkWrap’ and ‘Software as a Product’.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The need for web servers is one of the main reasons for the companies for migrating from On-premise to SaaS.</div>
<div style="text-align: justify;">
The decision of going with SaaS or staying with On-premise, involves multiple steps:</div>
<ul style="text-align: left;">
<li style="text-align: justify;">Determine whether there are any SaaS providers for the software you need and are they trustworthy.</li>
<li style="text-align: justify;">Some of the important concerns while making this decision are Cost (this being the primary one), Security, Customization, Control, Compliance and Infrastructure.</li>
<li style="text-align: justify;">Get an understanding of business needs of <b><a href="http://www.ifourtechnolab.com/" target="_blank">outsourcing companies</a></b> and baseline them.</li>
<li style="text-align: justify;">Obtain a free trial from both vendors (On-Premise vendors and SaaS vendors) and then analyze and evaluate.</li>
<li style="text-align: justify;">Suitability check of applications should be performed for SaaS or On-Premise.</li>
<li style="text-align: justify;">Obtain the knowledge of vendor relationship difference between SaaS and On-Premise.</li>
<li style="text-align: justify;">With SaaS vendors, the benefits of multitenancy are realized. Multitenancy is allowing multiple users to share a single application instance at the same time retaining their own separate information.</li>
</ul>
<div style="text-align: justify;">
The comparison of On-premise and SaaS is done to make the decision easy:</div>
<div style="text-align: justify;">
<br /></div>
<table border="1" bordercolor="#000001" cellpadding="7" cellspacing="0" style="text-align: justify; width: 100%px;">
<colgroup><col width="75*"></col>
<col width="103*"></col>
<col width="78*"></col>
</colgroup><tbody>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><b>Parameters</b></span></div>
</td>
<td width="40%"><div style="text-align: center;">
<span style="font-size: small;"><b>SaaS</b></span></div>
</td>
<td width="30%"><div style="text-align: center;">
<span style="font-size: small;"><b>On-Premise</b></span></div>
</td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Implementation</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Faster to implement because convenient and already
built platform is available.</span></td>
<td width="30%"><span style="font-size: small;">Takes longer duration to get implemented as
personnel and equipment are needed to set up an environment.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Infrastructure</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">No purchase of software or hardware needed.</span></td>
<td width="30%"><span style="font-size: small;">Extra hardware and software need to be purchased.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Customization</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Customization is difficult as multitenancy is
given the focus.</span></td>
<td width="30%"><span style="font-size: small;">Highly flexible for customization.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Support & Maintenance</i></span></div>
</td>
<td width="40%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">Very low dependency for
maintaining the application.</span></div>
<span style="font-size: small;">Control is in the hands of vendor.</span></td>
<td width="30%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">Your responsibility to
maintain the application.</span></div>
<span style="font-size: small;">Control is in your hands and ownership is yours.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Mobile Access</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Accessible through browser on mobile devices.</span></td>
<td width="30%"><span style="font-size: small;">Minimal access through mobile devices.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Upgrade Cycles</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Upgrades are iterative with very less involvement
of IT.</span></td>
<td width="30%"><span style="font-size: small;">Upgrade is your responsibility which is costly and
takes a lot of productive time.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Cost</i></span></div>
</td>
<td width="40%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">Pay per use & entry
costs are low.</span></div>
<div style="margin-bottom: 0in;">
<span style="font-size: small;">High annual
maintenance.</span></div>
<span style="font-size: small;">Internal resources required are less.</span></td>
<td width="30%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">No flexible pricing
option and entry high costs are high.</span></div>
<div style="margin-bottom: 0in;">
<span style="font-size: small;">Low annual maintenance
comparatively.</span></div>
<span style="font-size: small;">Lot of internal resources such as tangible
hardware assets are needed.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Security</i></span></div>
</td>
<td width="40%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">Security risks are
higher as applications are accessed via Internet.</span></div>
<span style="font-size: small;">Server and Network security experts are needed.</span></td>
<td width="30%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">Lower security risks as
applications are accessed in-house.</span></div>
<span style="font-size: small;">No specific security experts needed.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Validation for regulatory
compliance</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Vendor does the baseline review.</span></td>
<td width="30%"><div style="margin-bottom: 0in;">
<span style="font-size: small;">Validation is your
responsibility.</span></div>
<span style="font-size: small;">Enforcing these requirements is comparatively easy
as control is in your hand.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Integration</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Complex as it’s difficult to integrate with
existing as well as new processes.</span></td>
<td width="30%"><span style="font-size: small;">Simpler to integrate with existing and new
processes.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Scalability</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Scale up and scale down of solutions is easier.</span></td>
<td width="30%"><span style="font-size: small;">Difficult to scale solutions easily, as it
requires a lot of effort and commitment.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Redundancy</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Redundancy is a bigger concern as to what happens
if the solution provider fails.</span></td>
<td width="30%"><span style="font-size: small;">As the data lies in-house it’s easier to store
backup of the data and so redundancy is a lesser concern.</span></td>
</tr>
<tr valign="TOP">
<td width="29%"><div style="text-align: center;">
<span style="font-size: small;"><i>Availability</i></span></div>
</td>
<td width="40%"><span style="font-size: small;">Resolution of cloud outage makes you dependent on
vendor.</span></td>
<td width="30%"><span style="font-size: small;">Outages resolution is your responsibility.</span></td>
</tr>
</tbody></table>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
After comparing the two options based on these parameters, cost benefit analysis is performed for each of the vendors offering the solutions. The results of the analysis are compared and evaluated to make the right decision for a <b><a href="http://www.ifourtechnolab.com/" target="_blank">software outsourcing company</a></b>.</div>
<div style="text-align: justify;">
To choose the deployment model that will suit the <b><a href="http://www.ifourtechnolab.com/" target="_blank">outsourcing company</a></b>’s business, depends on factors including:</div>
<ul style="text-align: left;">
<li style="text-align: justify;">Resource’s availability during each phase of the project.</li>
<li style="text-align: justify;">Data’s criticality.</li>
<li style="text-align: justify;">Size & culture of the organization.</li>
<li style="text-align: justify;">Organization’s requirements for integration.</li>
<li style="text-align: justify;">Control over customized environments.</li>
<li style="text-align: justify;">Annual Budget and Investment constraints.</li>
<li style="text-align: justify;">Regulatory commitments.</li>
</ul>
<div style="text-align: justify;">
Conclusion: Thus a <b><a href="http://www.ifourtechnolab.com/" target="_blank">software outsourcing company in India</a></b> should choose the option that suits the best, after analyzing and comparing the insights derived from this comparison.</div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-70328486715301845332016-09-12T02:16:00.002-07:002016-09-13T05:09:18.998-07:00Business – IT Strategic alignment<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="custom application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX0C2JIjbKj_FsXc2shkUzpqTlDqYeImXnZev80QJXAgU0qTvLb-d7rKH29C4zBoCEqoGE1Z6Fgbas1L44pTMC1W9WzVG2X01UZ6G0kl0jXf79rx9wk-r0x2HdfzO_5wlFpDnxINQfZbwV/s1600/BUSINESS+-+IT.png" title="custom application development companies" width="570" /></a></div>
<b><br /></b>
<b>Introduction</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>(Wikipedia t. f.) </b>defines Business-IT alignment as a dynamic state in which a business organization is able to utilize information technology (IT) effectively to achieve business objectives - typically improved financial performance or <a href="https://www.microsoftstore.com/store/msusa/en_US/cat/Microsoft-Store-Marketplace/categoryID.66237500" target="_blank">marketplace</a> competitiveness. <b><a href="http://www.ifourtechnolab.com/" target="_blank">Software development companies</a></b> are implementing IT strategies at a rapid pace that aligns with their business model which brings in elevation in overall performance of the companies.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>(Rouse, What is business-IT alignment?, 2006)</b> enlightens the role of executives in Business – IT alignment. Business-IT alignment involves optimizing communication between executives who take the business decisions and IT managers who oversee the technical operations. The employment of flexible business plans and IT architectures, as well as effective cost allocation, are critical components of any business-IT alignment implementation. Technical department managers can formulate and submit proposals that can be designed to ensure the optimum return on investment (ROI). Business executives can attend IT department meetings and seminars to elevate their understanding of the technical capabilities and limitations of the enterprise.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Purpose of Business – IT Alignment</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is important for all the <b><a href="http://www.ifourtechnolab.com/" target="_blank">software development companies in India</a></b> to understand the purpose of Business – IT alignment. The purpose of Business – IT Alignment is to optimize the value that IT contributes to the enterprise. As such, in order to successfully design a strategic IT roadmap, it is important to start here. It is said that an organization has successfully aligned IT strategy to business strategy when there is:</div>
<br />
<ul style="text-align: left;">
<li style="text-align: justify;">A shared understanding of how IT applications, services and technologies will contribute to business objectives – today and in the future.</li>
<li style="text-align: justify;">A shared focus on where to consume scarce resources, time and money; the trade-offs the enterprise is prepared to make.</li>
<li style="text-align: justify;">A credible working relation between the IT organization and the rest of the business evidenced by reliable daily operations, reactive problem management and predictable, innovative solution delivery.</li>
</ul>
<br />
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Steps to achieve Business – IT Alignment</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
(Group) gives four major steps to achieve Business – IT Alignment is achieved :</div>
<br />
<ul style="text-align: left;">
<li style="text-align: justify;">Set Conditions to Achieve Alignment</li>
<li style="text-align: justify;">Scan for Hypothetical Enabling Technologies</li>
<li style="text-align: justify;">Determine IT Value Imperatives</li>
<li style="text-align: justify;">Develop IT Vision and Mission</li>
</ul>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Advantages of implementing Business – IT Alignment </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When the Business – IT Alignment program is completed successfully, following are the advantages that the organizations will get:</div>
<br />
<ul style="text-align: left;">
<li style="text-align: justify;">Support from key executives to participate in developing the IT Strategy.</li>
<li style="text-align: justify;">A better understanding of how emerging technologies, applications and trends can or will impact your enterprise and your IT organization.</li>
<li style="text-align: justify;">A clear expectation of how IT will contribute to reaching the company’s business goals and objectives.</li>
<li style="text-align: justify;">A well-defined articulation of IT’s role in, and value to, the enterprise for the strategic horizon.</li>
</ul>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Issues in absence of Business – IT alignment </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Following are concerns that organizations often face when they lack Business – IT alignment :</div>
<br />
<ul style="text-align: left;">
<li style="text-align: justify;">IT driven projects do not meet deadlines and budget constraints</li>
<li style="text-align: justify;">IT investment do not pay-off</li>
<li style="text-align: justify;">Ambiguity whether IT strategy and principles are appropriate</li>
<li style="text-align: justify;">Unclear outsourcing strategy</li>
<li style="text-align: justify;">Insufficient implementation of security controls</li>
<li style="text-align: justify;">Financial reports not available in time and accurate manner</li>
<li style="text-align: justify;">Optimization of IT budget utilization not possible</li>
</ul>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Conclusion</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
While the area of IT strategy is broad and incorporates many trends and new technology developments, <b><a href="http://www.ifourtechnolab.com/" target="_blank">Software development companies in India</a></b> are keeping pace with the global market by adopting IT Strategy aligning to individual business model. Business-IT alignment is the correspondence between the business objectives and the Information Technology requirements of an enterprise. These two factors often seem to contradict, but many technical and economic experts agree that alignment between them, maintained over time, is crucial to the success of an enterprise.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Bibliography</b></div>
<br />
<ul style="text-align: left;">
<li style="text-align: justify;">Group, I.-R. (n.d.). OptimizeIT | Info-Tech Research Group . Retrieved 05 04, 2016, from Business - IT Strategic Alignment: <a href="https://www.infotech.com/optimizeit/business-it-strategic-alignment">https://www.infotech.com/optimizeit/business-it-strategic-alignment</a></li>
<li style="text-align: justify;">Rouse, M. (2006, 05). What is business-IT alignment? Retrieved 05 04, 2016, from business-IT alignment: <a href="http://whatis.techtarget.com/definition/business-IT-alignment">http://whatis.techtarget.com/definition/business-IT-alignment</a></li>
<li style="text-align: justify;">Wikipedia, t. f. (n.d.). Business-IT alignment. Retrieved 05 04, 2016, from Business-IT alignment: https://en.wikipedia.org/wiki/Business-IT_alignmentxof IT Strategy: <a href="http://panorama-consulting.com/the-importance-of-it-strategy/">http://panorama-consulting.com/the-importance-of-it-strategy/</a></li>
</ul>
<br />
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-23499358576303535142016-08-24T05:22:00.001-07:002016-09-01T23:38:48.621-07:00ITIL Continual Service Improvement<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="custom software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZjQJiEu33ok6blnnzycyS4PXJCYEdIC596X3x-MLGgPYI9bNKdNMKPAmnvCZN4h1edUoqWmizJOUfDKVHBa0tzBT8Uy8UQh_TdFzfc9oO5mSPmRsFarwQDryoBfMknAAUj92oHuPHQK1-/s1600/ITIL.png" title="custom software development companies" width="570" /></a></div>
<b><br /></b>
<b><br /></b><br />
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b><br /></b>
<b>ITIL Continual Service Improvement</b></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
The <a href="http://www.bmcsoftware.in/guides/itil-continual-service-improvement.html" target="_blank">ITIL Continual Service Improvement process</a> focuses on quality management. The continual improvement process intends to continually improving the efficiency of IT processes and IT services, carried out in <b><a href="http://www.ifourtechnolab.com/" target="_blank">custom software development companies</a></b>, in an effective way , as per the standard adopted of continual improvement adopted in ISO 20000</div>
<br />
<div style="text-align: justify;">
<span style="font-weight: bold;"><br /></span></div>
<div style="text-align: justify;">
<b>The objective of the ITIL Continual Service Improvement includes :</b></div>
<br />
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">To review and analyze improvement opportunities in each phase of the continuous lifecycle</li>
<li style="text-align: justify;">To review and analyze results of the Service Level achievement</li>
<li style="text-align: justify;">To improve cost of delivering IT services effectively without sacrificing the satisfaction of customer</li>
<li style="text-align: justify;">To identify and implement individual activities to improve the quality of IT services</li>
<li style="text-align: justify;">To ensures that the appropriate quality management processes and methods are used to support the activities carried out for the continual improvement in a <b><a href="http://www.ifourtechnolab.com/" target="_blank">software development organization</a>.</b></li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>The activities of ITIL Continual Service Improvement includes :</b></div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">Reviewing that the ITSM processes achieve the desired and qualitative results</li>
<li style="text-align: justify;">Periodically demonstrate areas of improvement </li>
<li style="text-align: justify;">Conducting internal audits verifying employees and process compliance</li>
<li style="text-align: justify;">Reviewing existing deliverables for relevance</li>
<li style="text-align: justify;">Conducting external and internal service to identify CSI opportunities</li>
<li style="text-align: justify;">Review management information and trend to ensure services are meeting the SLAs.</li>
<li style="text-align: justify;">Periodically proposing recommendations for improvement opportunities</li>
<li style="text-align: justify;">Periodically conducting customer satisfaction surveys</li>
<li style="text-align: justify;">Conducting service reviews i.e both internal as well as external ,to identify CSI opportunities</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>There are 7 steps followed in the ITIL Continual Service Improvement process.</b></div>
<div style="text-align: justify;">
<b>They are as follows :</b></div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">To define what data you should measure</li>
<li style="text-align: justify;">To define what data you can measure</li>
<li style="text-align: justify;">To gather the relevant data need for the continuous improvement</li>
<li style="text-align: justify;">To process and filter the appropriate data</li>
<li style="text-align: justify;">Analyze the data by choosing the relevant methods</li>
<li style="text-align: justify;">To present/assess the data</li>
<li style="text-align: justify;">To implement corrective actions for getting the quality information and improved data</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>The processes of ITIL Continual Service Improvement includes :</b></div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;"><b>Service Review</b></li>
<li style="text-align: justify;"><b>Process Evaluation</b></li>
<li style="text-align: justify;"><b>Definition of CSI Initiatives</b></li>
<li style="text-align: justify;"><b>Monitoring of CSI Initiatives</b></li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Service Review</b></div>
<div style="text-align: justify;">
<b>The objective of service review includes :</b></div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">To review business and IT services and infrastructure services on a regular basis.</li>
<li style="text-align: justify;">To improve the quality of the IT services where necessary</li>
<li style="text-align: justify;">To identify more efficient and economical ways of providing IT service where possible.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Process Evaluation</b></div>
<div style="text-align: justify;">
<b>The objective of Process Evaluation includes :</b></div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">To evaluate processes on a regular basis. </li>
<li style="text-align: justify;">To identify those areas where the targeted process metrics are not reached, </li>
<li style="text-align: justify;">Holding regular benchmarking, audits, maturity assessments and reviews.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Definition of CSI Initiatives</b></div>
<div style="text-align: justify;">
<b>The objective of Definition of CSI Initiatives includes :</b></div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">To define specific initiatives which focuses on improving services and processes, based on the results of service reviews and process evaluations.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Monitoring of CSI Initiatives</b></div>
<div style="text-align: justify;">
<b>The objective of Monitoring of CSI Initiatives includes :</b></div>
<div style="text-align: justify;">
<b><br /></b>
</div>
<div style="text-align: left;">
</div>
<ul style="text-align: left;">
<li style="text-align: justify;">To verify and monitor improvement initiatives whether they are proceeding according to plan or not</li>
<li style="text-align: justify;">To introduce and take corrective measures where necessary during the lifecycle.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>TARGET AUDIENCE</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
ITIL Continual Service Improvement is relevant to organizations involved in the development, delivery or support of services, including:</div>
<div style="text-align: justify;">
<br /></div>
<ul style="text-align: left;">
<li style="text-align: justify;">Various Service providers – Internal providers and External providers</li>
<li style="text-align: justify;"><b>Software development Organizations</b> that target to improve services through the effective application of service management to improve their service quality</li>
<li style="text-align: justify;"><b>Software development Organizations</b> that require a consistent managed approach across all service providers in a supply chain or value network</li>
<li style="text-align: justify;"><b><a href="http://www.ifourtechnolab.com/" target="_blank">Software development Organizations</a></b> that are going out to tender for their services.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Conclusion :</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Thus, the <b><a href="http://www.ifourtechnolab.com/" target="_blank">IT software development companies</a></b> should use and implement the Continuous Service Improvement to improve and monitor IT service as a part of ITIL processes for increasing quality of the services and thereby increasing the value plus customer satisfaction.</div>
<br />
<div style="text-align: justify;">
<span style="font-weight: bold;"><br /></span></div>
<div style="text-align: justify;">
<b>References:</b></div>
<br />
<div style="text-align: justify;">
•<span class="Apple-tab-span" style="white-space: pre;"> </span><a href="http://wiki.en.it-processmaps.com/index.php/ITIL_CSI_-_Continual_Service_Improvement">http://wiki.en.it-processmaps.com/index.php/ITIL_CSI_-_Continual_Service_Improvement</a></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-4960693419739005012016-04-25T02:16:00.001-07:002016-09-01T23:41:54.935-07:00Firewall Design: Strengths & Weakness<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="software application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj39XDDmT0CNGrNdDpLqmkLC04feGS62vGM6hq2M15PK1xfoyJrQ9F3DlulECyjpUAT8LefGSwJ1r49FsKpkI8EkcX-6kOUstC7NU0vKP8eyee94j4Bh9uV6leaS9__1O-fQUdJ6XDco2oZ/s1600/fdsw.png" title="software application development companies" width="570" /></a></div>
<b><br /></b>
<b>Introduction</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Firewalls may be software based or, more commonly, purpose-built appliances. Sometimes the firewalling functions are actually provided by a collection of several different devices. The specific features of the firewall platform and the design of the network where the firewall lives are key components of securing a network. It is important for <b><a alt="ecommerce solution provider in india" href="http://www.ifourtechnolab.com/" target="_blank">software application development companies</a></b> to have a proper placement of firewall. To be effective, firewalls must be placed in the right locations on the network, and configured effectively. Best practices include:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;">All communications must pass through the firewall. The effectiveness of the firewall is greatly reduced if an alternative network routing path is available; unauthorized traffic can be sent through a different network path, bypassing the control of the firewall. Think of the firewall in terms of a lock on your front door. It can be the best lock in the world, but if the back door is unlocked, intruders don’t have to break the lock on the front door—they can go around it. The door lock is relied upon to prevent unauthorized access through the door, and a firewall is similarly relied upon to prevent access to your network. </li>
<li style="text-align: justify;">The firewall permits only traffic that is authorized. If the firewall cannot be relied upon to differentiate between authorized and unauthorized traffic, or if it is configured to permit dangerous or unneeded communications, its usefulness is also diminished. </li>
<li style="text-align: justify;">In a failure or overload situation, a firewall must always fail into a “Deny” or closed state, under the principle that it is better to interrupt communications than to leave systems unprotected. </li>
<li style="text-align: justify;">The firewall must be designed and configured to withstand attacks upon itself. Because the firewall is relied upon to stop attacks, and nothing else is deployed to protect the firewall itself against such attacks, it must be hardened and capable of withstanding attacks directly upon itself.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Firewall Strengths and Weaknesses</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
A firewall is just one component of an overall security architecture. Its strengths and weaknesses should be taken into consideration when designing network security at various <b><a alt="ecommerce solution provider in india" href="http://www.ifourtechnolab.com/" target="_blank">software application development companies in India</a></b>. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Firewall Strengths </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Consider the following firewall strengths when designing network security:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;">Firewalls are excellent at enforcing security policies. They should be configured to restrict communications to what management has determined and agreed with the business to be acceptable. </li>
<li style="text-align: justify;">Firewalls are used to restrict access to specific services. </li>
<li style="text-align: justify;">Firewalls are transparent on the network—no software is needed on end-user workstations. </li>
<li style="text-align: justify;">Firewalls can provide auditing. Given plenty of disk space or remote logging capabilities, they can log interesting traffic that passes through them. </li>
<li style="text-align: justify;">Firewalls can alert appropriate people of specified events.</li>
</ul>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Firewall Weaknesses </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
You must also consider the following firewall weaknesses when designing network security:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;">Firewalls are only as effective as the rules they are configured to enforce. An overly permissive rule set will diminish the effectiveness of the firewall. </li>
<li style="text-align: justify;">Firewalls cannot stop social engineering attacks or an authorized user intentionally using their access for malicious purposes. </li>
<li style="text-align: justify;">Firewalls cannot enforce security policies that are absent or undefined. </li>
<li style="text-align: justify;">Firewalls cannot stop attacks if the traffic does not pass through them.</li>
</ul>
<div>
<div style="text-align: justify;">
<br /></div>
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Firewall Placement </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A firewall is usually located at the network perimeter, directly between the network and any external connections. However, additional firewall systems can be located inside the network perimeter to provide more specific protection to particular hosts with higher security requirements. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Firewall Configuration </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When building a rule set on a firewall, consider the following practices:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
</div>
<ul>
<li style="text-align: justify;">Build rules from most to least specific. Most firewalls process their rule sets from top to bottom and stop processing once a match is made. Putting more specific rules on top prevents a general rule from hiding a specific rule further down the rule set. </li>
<li style="text-align: justify;">Place the most active rules near the top of the rule set. Screening packets is a processor-intensive operation, and as mentioned earlier, a firewall will stop processing the packet after matching it to a rule. Placing your popular rules first or second, instead of 30th or 31st, will save the processor from going through over 30 rules for every packet. In situations where millions of packets are being processed and rule sets can be thousands of entries in length, CPU savings could be considerable. </li>
<li style="text-align: justify;">Configure all firewalls to drop “Impossible” or “Unroutable” packets from the Internet such as those from an outside interface with source addresses matching the internal network, RFC 1918 “private” IP addresses, and broadcast packets. None of these would be expected from the Internet, so if they are seen, they represent unwanted traffic such as that produced by attackers. The <b><a alt="ecommerce solution provider in india" href="http://www.ifourtechnolab.com/" target="_blank">software development compani<span id="goog_1440098469"></span><span id="goog_1440098470"></span>es</a> </b>must keep a check on such unwanted traffic produced by attackers.</li>
</ul>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author
Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Sanika
Taori</span></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-32171576145740679352016-04-23T10:21:00.002-07:002016-09-01T23:44:15.530-07:00Issues in Mobile Application Development<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a alt="Software development company india" href="http://www.ifourtechnolab.com/" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW7nSYjTigGW8sLC8peWWYjB3i6cZWHxLkY-n6pR0L1opJS2Zcrt9-dhiUYKHs0W43fFYtK6r_A-O0ulNmyc-LrPvAAy0PpFcTgneSgZRBCRhT9MLip5WgTUI4Z9kiQgYfuicu4Gd-TWVb/s1600/mobile-apps-banner-final1.png" width="570" /></a></div>
<b><br /></b>
<b>1. Introduction</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
While application development for mobile devices goes back at least 10 years, there has been exponential growth in mobile application development since the iPhone AppStore opened in July, 2008. Since then, device makers have created outlets for other mobile devices, including Android, BlackBerry, Nokia Ovi, Windows Phone, and more. Industry analysts estimate that there are more than 250,000 applications available through the various stores and marketplaces, some of which are available for multiple types of devices. We have recently conducted a small survey of mobile developers, using available mobile developer forums to solicit respondents. A key goal of the survey was to gain a better understanding of development practices for mobile applications for <b><a alt="Software development company india" href="http://www.ifourtechnolab.com/" target="_blank">custom application development companies</a></b>. Our conclusions included the following points: </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
1) most of the applications were relatively small, averaging several thousand lines of source code, with one or two developers responsible for conceiving, designing, and implementing the application; </div>
<div style="text-align: justify;">
2) there was a sharp divide between “native” applications, those that run entirely on the mobile device, and web applications, which have a small device-based client with execution occurring on a remote server.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
There are numerous comprehensive programming environments available for the major mobile platforms. <a href="https://developer.apple.com/" target="_blank">Apple’s iOS Dev Center</a> offers the Xcode package, which includes an Interface Builder, an iPhone emulator, and a complete development environment that can be used across all Apple products. For Android, developers can use the <a href="https://developer.android.com/studio/index.html" target="_blank">Android Development Tools</a> plug-in for the Eclipse programming environment. For Windows Phone, developers can use a specialized version of Microsoft’s Visual Studio environment. Similarly, there are application development tools for BlackBerry, Symbian, and other platforms. In addition, there are now some cross-platform development tools, such as RhoMobile’s Rhodes, MoSync, and <a href="http://phonegap.com/" target="_blank">PhoneGap</a>, which can be used to create native applications on various brands of Smartphones. Along the same lines, Netbiscuits, Appcelerator, Kyte, and other companies provides tools and frameworks to support the creation of mobile web and hybrid sites using their SDK or one of the previously mentioned environments. These powerful development tools and frameworks greatly simplify the task of implementing a mobile application. However, they are predominantly focused on the individual developer who is trying to create an application as quickly as possible. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Considering <b><a alt="Software development provider in india" href="http://www.ifourtechnolab.com/" target="_blank">custom application development companies</a></b>, for small and medium-sized mobile applications that can be built (and easily updated) by a single developer, they represent a vast improvement on the previous generations of tools, and encourage developers to adhere to the important principles of abstraction and modularity that are built into the platform architectures. However, as mobile applications become more complex, moving beyond inexpensive recreational applications to more business- critical uses, it will be essential to apply software engineering processes to assure the development of secure, high-quality mobile applications. While many “classic” software engineering techniques will transfer easily to the mobile application domain, there are other areas for new research and development. The remainder of this paper identifies some of these areas.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2.1 What Makes Mobile Different? </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In many respects, developing mobile applications is similar to software engineering for other embedded applications. Common issues include integration with device hardware, as well as traditional issues of security, performance, reliability, and storage limitations. However, mobile applications present some additional requirements that are less commonly found with traditional software applications, including: </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>1) Potential interaction with other applications</b> – most embedded devices only have factory-installed software, but mobile devices may have numerous applications from varied sources, with the possibility of interactions among them; </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2) Sensor handling</b> – most modern mobile devices, e.g., “smartphones”, include an accelerometer that responds to device movement, a touch screen that responds to numerous gestures, along with real and/or virtual keyboards, a global positioning system, a microphone usable by applications other than voice calls, one or more cameras, and multiple networking protocols; </div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>3) Native and hybrid (mobile web) applications</b> – most embedded devices use only software installed directly on the device, but mobile devices often include applications that invoke services over the telephone network or the Internet via a web browser and affect data and displays on the device; </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>4) Families of hardware and software platforms</b> – most embedded devices execute code that is custom-built for the properties of that device, but mobile devices may have to support applications that were written for all of the varied devices supporting the operating system, and also for different versions of the operating system. An Android developer, for example, must decide whether to build a single application or multiple versions to run on the broad range of Android devices and operating system releases </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>5) Security</b> – most embedded devices are “closed”, in the sense that there is no straightforward way to attack the embedded software and affect its operation, but mobile platforms are open, allowing the installation of new “malware” applications that can affect the overall operation of the device, including the surreptitious transmission of local data by such an application. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>6) User interfaces</b> – with a custom -built embedded application, the developer can control all aspects of the user experience, but a mobile application must share common elements of the user interface with other applications and must adhere to externally developed user interface guidelines, many of which are implemented in the software development kits (SDKs) that are part of the platform. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>7) Complexity of testing</b> – while native applications can be tested in a traditional manner or via a PC-based emulator, mobile web applications are particularly challenging to test. Not only do <b><a alt="Software development company in india" href="http://www.ifourtechnolab.com/" target="_blank">web application development companies</a></b> have many of the same issues found in testing web applications, but they have the added issues associated with transmission through gateways and the telephone network </div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>8) Power consumption</b> – many aspects of an application affect its use of the device’s power and thus the battery life of the device. Dedicated devices can be optimized for maximum battery life, but mobile applications may inadvertently make extensive use of battery-draining resources.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-31271974089057676562016-04-21T07:40:00.003-07:002016-09-01T23:53:36.095-07:00Trends in Mobile Application Development - Part 2<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuUZ30D0f0cSGaaZ8eJS3PHcgktThX4bwwE35ms4rRU-pxQ3AGOKP_zxS1bbahcNdusy8qrHx5Kbt4oqQ5jnyrP7gxjHZBIad1RFw9IKAQe7jVtx4f9rQ1aQtdwYKVQvuCMoxAfiSRTXHO/s1600/Mobile-Apps-Development.jpg" title="software development companies" width="570" /></a></div>
<b><br /></b>
<b>4. Implications for Developers</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Hereafter we analyze the implication for developers of the three market trends presented in the previous section. In fact, the centralization of portal changes the way developers can distribute their application and reach a mass-market of consumers. The technological openness implies that developers at <b><a alt="eCommerce solution providers india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b> would use different standards to develop their application and somehow work in a more collaborative mode. Then, highly-integrated platforms offer more possibilities to develop more sophisticated applications and services. These trends can be seen as opportunities but also threats for developers. Therefore, it is crucial that developers have a good understanding of the possible implications of each trend. They need to be able to choose the platform for which they want to develop knowing all the implications.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>4.1 Implications of portal centralization</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Portal centralization is a major shift for developers. It allows them to reach all potential customers through one shop, which takes care of the administrative tasks, such as billing and advertising. On top of these deployment facilities comes the fact that platforms providing centralized portals count on application sales to increase their revenue and therefore heavily promote application downloads and thus widely increasing the pool of potential consumers. This promotion is mostly done through advertising, but more importantly through greatly enhanced user interfaces. Before the emergence of centralized portals it took a expert user to download and install third-party applications, usually involving an internet search and a credit card payment, on a personal computer and then a file transfer via Bluetooth. Now it has become a “one-click” operation directly executable on the mobile device. Moreover, platforms can leverage on user communities which also promote applications using the reviewing features of the shops. A negative side of strong centralization for developers is that they might have to conform to certain rules defined by the portal provider. This problem can be observed with Apple’s AppStore, which rules over which applications will be sold and which will be banned based on non-transparent criteria. To overcome these restrictions, the developer community has built alternative portals (Installer, Cydia) where developers can publish their applications. Unfortunately, only tech-savvy customers shop on such black markets, since phones must undergo a “jailbreak” procedure before they can access them.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>4.2 Implications of technological openness</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is important for <b><a alt="eCommerce solution provider india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b> to know the implications of a move towards open source software offers two kinds of opportunities for application developers. First, as mentioned previously, moving towards open technology allows platform providers to reduce development costs and possibly increase the number of consumers. A greater number of platform consumers imply a greater number of potential application consumers for developers. Second, an open source project can provide career opportunities for developers willing to contribute to the platform development.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>4.3 Implications of platform integration</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The emergence of fully integrated end-to-end ecosystems, where the same people sell applications, manufacture devices and create their operating system, creates a coherent end-to-end approach, which makes it easier for applications to be developed, published, purchased, and used. There is less compatibility issues, which is a major problem in heterogeneous systems, where applications have to be fine-tune for specific devices with different display size for example. A drawback of high integration is the lack of alternatives if the solutions proposed by the platform do not suit the developer.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>5. Conclusion </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In this paper, we described the implications that different market and technology trends have on the mobile and <b><a alt="eCommerce solution provider in india" href="http://www.ifourtechnolab.com/" target="_blank">custom application development companies</a></b>. The current evolutions show that the game for the developers has changed dramatically. There are many new opportunities for them to develop, distribute, and generate significant revenues with the emerging mobile application portals. Since the mobile application development landscape has substantially changed over the past several years, mobile development platforms have become more integrated and generally play the role of application portal, device manufacturer or both. As discussed in the paper, application portals tend to become more centralized, facilitating the link between developers and consumers. Moreover, several new platforms entered the open source community to lower their costs and possibly extend their consumer market by lowering prices and as a consequence increase their developer pool. In this changing environment, choosing for which platform to develop reveals to be challenging and we proposed three simple criteria: market size and accessibility, career opportunities, and creative freedom.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-41876979906365807412016-04-21T07:35:00.002-07:002016-09-01T23:57:05.494-07:00Trends in Mobile Application Development - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="custom application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCzznZc-97Snrb3NT8qDDgek27YYGUwxlU_SDEJDiKazIejV5qQBZefVnGDyZ-SFDONCwzrrdKFje5shjkjuThJUJ4Dq-R9JsfXO0pIwH4TjuI9Ild9gG9mXw6kkP7dzDcRlYGy6MnFZWk/s1600/MOB1.png" width="570" title="custom application development companies" /></a></div>
<br />
Over the past few years, we have observed that the relatively stable market has evolved in three distinct directions. First, there seems to be a strong trend towards portal centralization. Second, there is increased number of actors providing open source technology. Third, platforms are moving towards a higher level of integration. It is important for <b><a alt="mobile application development company in india" href="http://www.ifourtechnolab.com/" target="_blank">custom application development companies</a></b> to be aware of the trends in mobile application development. Following explains the same :</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>1. Towards portal centralization</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Prior to the introduction of <a href="https://itunes.apple.com/" target="_blank">Apple’s AppStore</a> and more recently <a href="https://play.google.com/store?hl=en" target="_blank">Google’s Android Market</a>, platforms did not have a central portal. With the introduction of its AppStore, Apple has proven that a mobile application market should not be underestimated and can represent an important revenue stream. According to CEO Steve Jobs, the AppStore has generated revenue of a million dollars a day in its first month of existence. There are currently 15000 applications on the portal, which have been downloaded a total of 500 million times. Note that these figures grew by 50% in the last month. Following Apple’s lead; traditional platforms like Nokia, RIM and Microsoft seem to be moving in this direction. Nokia is pushing its OVI portal and RIM has developed its own Application Center. Microsoft is also planning to launch its own version of the AppStore called Sky Market with the next version of Windows Mobile (WM7)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2. Towards technological openness</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Among the major mobile platforms, LiMo used to be the only player in the open source field. Nokia has moved in this direction after acquiring Symbian OS. Google has also followed this trend. The transition phase from a closed to an open architecture will be critical for the future success of the platform. The shift, depicted in Figure 4, of this major player towards openness means that from a situation with mostly closed systems, we have moved to a situation with a small majority of devices running an open source system. Nevertheless, this shift does not indicate that other platforms will follow. Among the closed platforms, RIM is probably the only one that might go open source, since Microsoft and Apple are strong advocates of proprietary software. So far, it is still hard to evaluate what impact open-source software might have on the current mobile application developments. The successful model that Apple established does not suffer from the proprietary software clauses. The other platforms hope that the open-source option could help them to better compete in the platform war.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>3. Towards full integration</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Another trend is the emergence of more integrated platforms. Before the introduction of Apple’s platform, there was no fully integrated mobile platform. Moreover, there was no platform with portal integration before the introduction of Google’s platform. Symbian OS is an example of the trend towards integration since it started as a platform with no integration, before it was integrated by Nokia to become a device integrated platform and finally by launching OVI, it became fully integrated. RIM is also expected to soon become fully integrated with the introduction of its Application Center. Furthermore, with Microsoft moving towards portal integration there will be no major platform left without integration. Some leading <b><a alt="alt=" application="" company="" development="" href="http://www.ifourtechnolab.com/" in="" india="" mobile="" target="_blank">software application development companies</a> </b>have also hinted that an intermediary could play an integrating role in the mobile development industry. The more surprising observation is the fact that mainly phone manufacturer companies and software development companies have played this integration role and not so much MNOs as was the intuition of most of these scholars.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-54775957513200629952016-04-20T10:08:00.002-07:002016-09-02T01:27:28.403-07:00Empowering People in Safety - Part 2<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="Software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEibkR44FWXluc4W8D1XygSun2WNcreAp0lyzQjarYL88vvpbxF_4Dy1AIz09ClgTX1kYxm5EfK_OWmblIuBluxc4BOd96OSbw97p6-sHGxC68xdLcEDgjpw95GZncJk72SgzGmc5qWK_T2T/s1600/safety.jpg" title="Software development companies" width="570" /></a></div>
<b><br /></b>
<b>Principle 4. Focus on Positive Consequences to Motivate Behavior. </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Control by negative consequences reduces perceptions of personal freedom and responsibility. Think about it. Do you feel freer or empowered when you are working to avoid an unpleasant consequence or working to achieve a pleasant consequence? Unfortunately, the common metric used to rank companies on their safety performance is “total recordable injury rate” (or an analogous count of losses) which puts people in a reactive mindset of “avoiding failure” rather than “achieving success.” PBS provides proactive measures employees can achieve in order to prevent occupational injury. These days, <b><a alt="eCommerce solution providers in india" href="http://www.ifourtechnolab.com/" target="_blank">Software development companies</a></b> are focusing on <a href="http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.577.8982&rep=rep1&type=pdf" target="_blank">People-Based Safety</a> (PBS) as well.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We can often intervene to increase people’s perceptions that they are working to achieve success rather than working to avoid failure. Even our verbal behavior directed toward another person, perhaps as a statement of genuine approval or appreciation for a task well done, can influence motivation in ways that increase perceptions of personal freedom and empowerment. Of course, we can’t be sure our intervention will have the effect we intended unless we measure the impact of our intervention procedures. Hence, the next basic premise of PBS. </div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Principle 5. Apply the Scientific Method to Improve Intervention. </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
People’s actions can be objectively observed and measured before and after an intervention process is implemented. This application of the scientific method provides critical feedback upon which to build improvement. The acronym “DO IT” says it all: D = Define the target action to increase or decrease; O = Observe the target action during a pre-intervention baseline period to identify natural environmental and interpersonal factors influencing it (see Principle 1), and to set improvement goals; I = Intervene to change the target action in desired directions; and T = Test the impact of the intervention procedure by continuing to observe and record the target action during and after the intervention program. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The systematic evaluation of a number of DO IT processes can lead to a body of knowledge worthy of integration into a theory. This is reflected in the next principle. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Principle 6. Use Theory to Integrate Information. </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
After applying the DO IT process a number of times, you will see distinct consistencies. Certain intervention techniques will work better in some situations than others, by some individuals than others, or with some work practices than others. You should summarize relationships between intervention impact and specific interpersonal or contextual characteristics. The outcome will be a research-based theory of what is most cost-effective under given circumstances. By doing this you are using theory to integrate information gained from systematic behavioral observation. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Principle 7. Consider the Internal Feelings and Attitudes of Others. </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Feelings and attitudes are influenced by the type of intervention procedure implemented, and such relationships require careful consideration by those who develop and deliver the intervention. This is the essence of empathic leadership taught by <a href="http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.577.8982&rep=rep1&type=pdf" target="_blank">PBS</a>. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The rationale for using more positive than negative consequences to motivate behavior (Principle 4) is based on the different feeling states resulting from using positive versus negative consequences to motivate behavior. Likewise, the way an intervention process is introduced and delivered can increase or decrease perceptions of empowerment, build or destroy interpersonal trust, and facilitate or inhibit an interdependent teamwork. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Conclusion:</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The PBS principles reviewed here provide a perspective that improves how people view injury prevention and talk about this challenge to themselves and to others. Besides providing a paradigm that improves the quality and increases the quantity of safety conversations, PBS provides specific tools and methods, which <b><a alt="eCommerce solution providers india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b> are using extensively, for increasing safe behaviors, decreasing at-risk behaviors, and motivating participation in safety-related activities. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-8026183761142717852016-04-20T09:59:00.001-07:002016-09-02T01:28:44.738-07:00Empowering People in Safety - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="Software development companies in India" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglK7sMZ45HWmmNLvAgQTS9UWTeIs0qCFyJyCZHr7MvhRqtbhPGyNI_4GO8riX5mg7TXSxtSN2mQ5uaBdGEf4a-BYViRRn9RlRXu4DtxpxHARe6hImAEzH7gSuo1SRbXpeTalfCqgzqn0dU/s1600/Empowering+People+in+Safety.jpg" title="Software development companies in India" width="570" /></a></div>
<b><br /></b>
<b>Introduction</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Behavior modification… safety management…. attitude adjustment… behavior based safety… culture change… cognitive alignment… person-based safety… human engineering… social influence. All these terms used to address the human dynamics of injury prevention. Each of these can be linked to a set of principles, procedures, or a consultant’s service which defines a particular approach to managing the human side of occupational safety. <b><a alt="eCommerce solution providers in india" href="http://www.ifourtechnolab.com/" target="_blank">Software development companies in India</a></b> are implementing these set of principles in order to manage the human side of occupational safety. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
All of these terms, and most of the accompanying materials, are insufficient. They are either too narrow and restricting, or too broad and nondirective. Some focus entirely on behavior change, while others attempt to target vague and unobservable aspects of other people, like attitudes and thoughts. Still others have the grand notion of directly targeting culture change. </div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
All of these approaches are well-intentioned and none are entirely wrong. The human dynamics of an organization include behaviors, attitudes, cognitions, and the context (or culture) in which these aspects of people occur. However, some of these approaches are too equivocal or ambiguous to be practical, while others may be practical but are not sufficiently comprehensive. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Systematic evaluations of our implementations have enabled successive refinements of procedures, as well as the discovery of guidelines for increasing effectiveness and the long-term impact of our interventions. We also developed research based and practical support materials for the behavior-change and culture-enrichment process. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Today we call this approach “<a href="http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.577.8982&rep=rep1&type=pdf" target="_blank">People-Based Safety</a>” (PBS). It strategically integrates the best of behavior-based and person-based safety in order to enrich the culture in which people work, thereby improving job satisfaction, work quality and production, interpersonal relationships, and occupational safety and health. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This article is the first of a five-part series in which I explain the essential principles and procedures of PBS. Here are the seven underlying principles of PBS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Seven Basics of People-Based Safety </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Principle 1: Start with Observable Behavior. </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Like behavior-based safety, PBS focuses on what people do, analyzes why they do it, and then applies a research-supported intervention strategy to improve what people do. The improvement of others results from acting people into thinking differently rather than targeting internal awareness or attitudes so as to think people into acting differently. However, unlike behavior-based safety, PBS considers that people can observe their own thoughts and attitudes. Thus, people can think themselves into safer actions. In other words, self-management requires self-dialogue or thinking as well as self-directed behavior. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Principle 2. Look for External and Internal Factors to Improve Behavior. </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We do what we do because of factors in both our external and internal worlds. While behavior-based safety deals with only external factors, PBS teaches people how to address their internal thoughts, perceptions, and attitudes related to injury prevention. A behavioral analysis of work practices can pinpoint many external factors that encourage at-risk behavior and hinder safe behavior. But, it’s also possible for individuals to conduct a self-evaluation of their own self-talk and selective perception regarding safety related behavior, and choose to make appropriate adjustments. Safety is of utmost importance for all the <b><a alt="eCommerce solution provider in india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b> and hence they attempt to identify external and internal factors to improve behavior.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Principle 3. Direct with Activators and Motivate with Consequences. </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Activators (or signals preceding behavior) are only as powerful as the consequences supporting the behavior. In other words, activators tell us what to do in order to receive a pleasant consequence or avoid an unpleasant consequence. This reflects the ABC model, with “A” for activator, “B” for behavior, and “C” for consequence. This principle is used to design interventions for improving behavior at individual, group, and organizational levels. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-38574939060373818122016-04-19T02:56:00.002-07:002016-09-02T02:03:52.081-07:00Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 - Part 2<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbZL-xPWBOUD3b8M1eD8XZw1051LOO2vhvV5ki-kU-RfqA2tdVV3bTHDGmBImlqczBt4viIk4-cM0y8nwnh44gwiF-kbSsZw0IfBuMp35T-1-LDFRMzMNRacEFaqwQ6f4B9xeMWJcgi-QA/s1600/Moving.png" title="software development companies" width="570" /></a></div>
<b><br /></b>
<b>Clause 4: Context of the organization</b> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This is a new clause that in part addresses the depreciated concept of preventive action and in part establishes the context for the ISMS. It meets these objectives by drawing together relevant external and internal issues (i.e. those that affect the organization’s ability to achieve the intended outcome(s) of its ISMS) with the requirements of interested parties to determine the scope of the ISMS. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It should be noted that the term ‘issue’ covers not only problems, which would have been the subject of preventive action in the previous standard, but also important topics for the ISMS to address, such as any market assurance and governance goals that the organization might set for the ISMS. Further guidance is given in Clause 5.3 of <a href="http://www.iso.org/iso/home/standards/iso31000.htm" target="_blank">ISO 31000:2009</a>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Note that the term ‘requirement’ is a ‘need or expectation that is stated, generally implied or obligatory’. Combined with Clause 4.2, this in itself can be thought of as a governance requirement, as strictly speaking an ISMS that did not conform to generally-accepted public expectations could now be ruled nonconforming with the standard.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The final requirement (Clause 4.4) is to establish, implement, maintain and continually improve the ISMS in accordance with the requirements the standard.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 5: Leadership</b> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This clause places requirements on ‘top management’ which is the person or group of people who directs and controls the organization at the highest level. Note that if the organization that is the subject of the ISMS is part of a larger organization, then the term ‘top management’ refers to the smaller organization. The purpose of these requirements is to demonstrate leadership and commitment by leading from the top. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A particular responsibility of top management is to establish the information security policy, and the standard defines the characteristics and properties that the policy is to include. This is important for <b><a alt="" company="" development="" ecommerce="" gujarat="" href="http://www.ifourtechnolab.com/" in="" software="" target="_blank">software development companies</a></b>.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Finally, the clause places requirements on top management to assign information security relevant responsibilities and authorities, highlighting two particular roles concerning ISMS conformance to ISO/IEC 27001 and reporting on ISMS performance.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 6: Planning</b> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 6.1.1, General:</b> This clause works with Clauses 4.1 and 4.2 to complete the new way of dealing with preventive actions. The first part of this clause (i.e. down to and including 6.1.1 c)) concerns risk assessment whilst Clause 6.1.1 d) concerns risk treatment. As the assessment and treatment of information security risk is dealt with in Clauses 6.1.2 and 6.1.3, then organizations could use this clause to consider ISMS risks and opportunities.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 6.1.2, Information security risk assessment:</b> This clause specifically concerns the assessment of information security risk. In aligning with the principles and guidance given in ISO 31000, this clause removes the identification of assets, threats and vulnerabilities as a prerequisite to risk identification. This widens the choice of risk assessment methods that an organization may use and still conforms to the standard. The clause also refers to ‘risk assessment acceptance criteria’, which allows criteria other than just a single level of risk. Risk acceptance criteria can now be expressed in terms other than levels, for example, the types of control used to treat risk.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The clause refers to ‘risk owners’ rather than ‘asset owners’ and later (in Clause 6.1.3 f)) requires their approval of the risk treatment plan and residual risks.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In other ways the clause closely resembles its counterpart in ISO/IEC 27001:2005 by requiring organizations to assess consequence, likelihood and levels of risk. Assessment of consequences, likelihood and levels of risk is essential for <b><a alt="Ecommerce software development company in india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b>.</div>
<div style="text-align: justify;">
<b>Clause 6.1.3, Information security risk treatment: </b>This clause concerns the treatment of information security risk. It is similar to its counterpart in ISO/IEC 27001:2005, however, it refers to the ‘determination’ of necessary controls rather than selecting controls from Annex A. Nevertheless, the standard retains the use of Annex A as a cross-check to make sure that no necessary control has been overlooked, and organizations are still required to produce a <a href="http://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/" target="_blank">Statement of Applicability</a> (SOA). The formulation and approval of the risk treatment plan is now part of this clause.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 6.2, Information security objectives and planning to achieve them: </b>This clause concerns information security objectives. It uses the phrase “relevant functions and levels”, where here, the term ‘function’ refers to the functions of the organization, and the term ‘level’, its levels of management, of which ‘top management’ is the highest. The clause defines the properties that an organization’s information security objectives must possess. This lets <b><a alt="Ecommerce software development providers in india" href="http://www.ifourtechnolab.com/" target="_blank">software application development companies</a></b> to move from ISO 27001:2005 to ISO 27001:2013.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-19099781466104227082016-04-19T02:50:00.001-07:002016-09-02T02:11:54.496-07:00Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013 - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifour-consultancy.com/" target="_blank"><img alt="software application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjEH41gjk5VV8wGWNbnGMOM_O8SnBh8b7njDpHKzXIPAguvPQO3WpS5_Cf5VwNxmOhmO4T6DvajJKqNYX9becfspv6kyBd3kaLRycEA9UMgmvOTSsOmUq06RT0_V4zfQhkK3bhP9Cv1gRlQ/s1600/moving-1.png" width="570" title="software application development companies" /></a></div>
<br />
ISO/IEC 27001:2013 is the first revision of ISO/IEC 27001. First and foremost, the revision has taken account of practical experience of using the standard: there are now over 17,000 registrations worldwide. However, there have been two other major influences on the revision. The first is an ISO requirement that all new and revised management system standards must conform to the high level structure and identical core text defined in Annex SL to Part 1 of the ISO/IEC Directives. Conformance to these requirements will have a tendency to make all management system standards look the same, with the intention that management system requirements that are not discipline-specific are identically worded in all management system standards. This is good news for <b><a href="http://www.ifour-consultancy.com/" target="_blank">software application development companies</a></b> that operate integrated management systems, i.e. management systems that conform to several standards, such as ISO 9001 (quality), ISO 22301 (business continuity) as well as ISO/IEC 27001. The second influence was a decision to align ISO/IEC 27001 with the principles and guidance given in ISO 31000 (<a href="http://www.iso.org/iso/iso_31000_for_smes.pdf" target="_blank">risk management</a>). Again, this is good news for integrated management systems as now an organization may apply the same risk assessment methodology across several disciplines.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The result is that structurally ISO/IEC 27001:2013 looks very different to ISO/IEC 27001:2005.In addition, there are no duplicate requirements, and the requirements are phrased in a way, which allows greater freedom of choice on how to implement them. A good example of this is that the identification of assets, threats and vulnerabilities is no longer a prerequisite for the identification of information security risks. The standard now makes it clearer that controls are not to be selected from Annex A, but are determined through the process of risk treatment. Nevertheless, Annex A continues to serve as a cross-check to help ensure that no necessary controls have been overlooked.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 0: Introduction </b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This is a much shorter clause than its predecessor. In particular the section on the PDCA model has been removed. The reason for this is that the requirement is for continual improvement (see Clause 10) and PDCA is just one approach to meeting that requirement. There are other approaches, and organizations are now free to use them if they wish. Many <b><a href="http://www.ifour-consultancy.com/" target="_blank">software application development companies</a></b> are adopting such approaches.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The introduction also draws attention to the order in which requirements are presented, stating that the order does not reflect their importance or imply the order in which they are to be implemented. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 1: Scope</b> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This, too, is a much shorter clause. In particular there is no reference to the exclusion of controls in Annex A.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 2: Normative references</b> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The only normative reference is to ISO/IEC 27000, Information technology — Security techniques — Information security management systems — Overview and vocabulary.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Clause 3: Terms and definitions</b> </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
There are no longer any terms or definitions in <a href="https://en.wikipedia.org/wiki/ISO/IEC_27001:2013" target="_blank">ISO/IEC 27001:2013</a>. Instead, readers are referred to ISO/IEC 27000. However, please ensure that you use a version of ISO/IEC 27000 that was published after ISO/IEC 27001:2013 otherwise it will not contain the correct terms or definitions. This is an important document to read. Many definitions, for example ‘management system’ and ‘control’ have been changed and now conform to the definitions given in the new ISO directives and ISO 31000. If a term is not defined in ISO/IEC 27000, please use the definition given in the Oxford English Dictionary. This is important, otherwise confusion and misunderstanding may be the result.<br />
<br />
<br />
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-52871926718633191542016-04-18T06:42:00.001-07:002016-09-02T02:23:16.820-07:00Security System Development Lifecycle<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" target="_blank"><img alt="software development companies in India" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjrw8DoHeBRHiDpgv-JuhLLdrO_xuNbbU5PesLcFLFHGuM5TCe50ls3VmfCuZmxfvSXHtkivjLMgDbDCklnoeT-pih_Q4MsIka3ExbFSthHQ9aG0O8jqJUSqxauwUxfB60_MwlpHZbZxJid/s1600/SSDLF.jpg" title="software development companies in India" width="570" /></a></div>
<b><br /></b>
<b>The Systems Development Life Cycle </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Information security must be managed in a manner similar to any other major system implemented in an organization. The one approach for implementing an information security system in an organization with little or no formal security in place is to use a variation of the systems development life cycle (SDLC): the <a href="https://www.ready.gov/document/information-security-system-development-life-cycle" target="_blank">security systems development life cycle</a> (SecSDLC). Many <b><a alt="ecommerce development company in india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies in India</a></b> are implementing security systems development life cycle (SecSDLC). Also to understand a security systems development life cycle, we must first understand the basics of the method upon which it is based.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Methodology and Phases </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The systems development life cycle (SDLC) is a methodology for the design and implementation of an information system. A methodology is a formal approach to solving a problem by means of a structured sequence of procedures. Also using a methodology ensures a rigorous process with a clearly defined goal and increases the probability of success. Once a methodology has been adopted, the key milestones are established and a team of individuals is selected and made accountable for accomplishing the project goals. The traditional SDLC consists of six general phases. If you have taken a system analysis and design course, you may have been exposed to a model consisting of a different number of phases. The SDLC models range from having three to twelve phases, all of which have been mapped into the six presented here. At the end of each phase comes a structured review or reality check, during which the team determines if the project should be continued, discontinued, outsourced, postponed, or returned to an earlier phase depending on whether the project is proceeding as expected and on the need for additional expertise, organizational knowledge, or other resources. Once the system is implemented, it is maintained (and modified) over the remainder of its operational life. Any information systems implementation may have multiple iterations as the cycle is repeated over time. Only by means of constant examination and renewal can any system, especially an information security program, perform up to expectations in the constantly changing environment in which it is placed. The following sections describe each phase of the traditional <a href="https://www.ready.gov/document/information-security-system-development-life-cycle" target="_blank">SDLC.20</a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The first phase, investigation, is the most important. What problem is the system being developed to solve? The investigation phase begins with an examination of the event or plan that initiates the process. During the investigation phase, the objectives, constraints, and scope of the project are specified. A preliminary cost-benefit analysis evaluates the perceived benefits and the appropriate levels of cost for those benefits. At the conclusion of this phase, and at every phase following, a feasibility analysis assesses the economic, technical, and behavioral feasibility of the process and ensures that implementation is worth the organization’s time and effort.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Analysis </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The analysis phase begins with the information gained during the investigation phase. This phase consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems. Analysts begin by determining what the new system is expected to do and how it will interact with existing systems. This phase ends with the documentation of the findings and an update of the feasibility analysis.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Logical Design </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
In the logical design phase, the information gained from the analysis phase is used to begin creating a systems solution for a business problem. In any systems solution implemented at any <b><a alt="ecommerce development company in india" href="http://www.ifourtechnolab.com/" target="_blank">software development company</a></b>, it is imperative that the first and driving factor is the business need. Based on the business need, applications are selected to provide needed services, and then data support and structures capable of providing the needed inputs are chosen. Finally, based on all of the above, specific technologies to implement the physical solution are delineated. The logical design is, therefore, the blueprint for the desired solution. The logical design is implementation independent, meaning that it contains no reference to specific technologies, vendors, or products. It addresses, instead, how the proposed system will solve the problem at hand. In this stage, analysts generate a number of alternative solutions, each with corresponding strengths and weaknesses, and costs and benefits, allowing for a general comparison of available options. At the end of this phase, another feasibility analysis is performed.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Physical Design </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
During the physical design phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design. The selected components are evaluated based on a make-or-buy decision (develop the components in-house or purchase them from a vendor). Final designs integrate various components and technologies. After yet another feasibility analysis, the entire solution is presented to the organizational management for approval.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Implementation </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
In the implementation phase, any needed software is created. Components are ordered, received, and tested. Afterward, users are trained and supporting documentation created. Once all components are tested individually, they are installed and tested as a system. Again a feasibility analysis is prepared, and the sponsors are then presented with the system for a performance review and acceptance test.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Maintenance and Change </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The maintenance and change phase is the longest and most expensive phase of the process. This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle. Even though formal development may conclude during this phase, the life cycle of the project continues until it is determined that the process should begin again from the investigation phase. At periodic points, the system is tested for compliance, and the feasibility of continuance versus discontinuance is evaluated. Upgrades, updates, and patches are managed. As the needs of the organization change, the systems that support the organization must also change. It is imperative that those who manage the systems, as well as those who support them, continually monitor the effectiveness of the systems in relation to the organization’s environment. When a current system can no longer support the evolving mission of the organization, the project is terminated and a new project is implemented.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Securing the SDLC </b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Each of the phases of the SDLC should include consideration of the security of the system being assembled as well as the information it uses. Whether the system is custom and built from scratch, is purchased and then customized, or is commercial off-the-shelf software (COTS), the implementing organization such as <b><a alt="ecommerce development company in india" href="http://www.ifourtechnolab.com/" target="_blank">software development company</a></b> is responsible for ensuring it is used securely. This means that each implementation of a system is secure and does not risk compromising the confidentiality, integrity, and availability of the organization’s information assets. The following section, adapted from NIST Special Publication 800-64, rev. 1, provides an overview of the security considerations for each phase of the SDLC.</div>
<div style="text-align: justify;">
<br />
<br />
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-55927506093955446482016-04-14T22:54:00.000-07:002016-09-02T04:28:14.436-07:00Implementing ISO 27001 - Part 2<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="Software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjnB6nemUJbNIwQXJXSJWC69QmfQYUUDCZ39lTWwJCeEzO2LtmhfbGM3C3OOTJRyTl8-EY51ssxMKl9XSrNLjT0-FBVK0Exg7_eDGPxwM_aenWAewf7PLUttNIfn15DQjrKnmgL2JdqkEPd/s1600/ISO-27001-Implementation.png" title="Software development companies" width="570" /></a></div>
<b><br /></b>
<b>Implementation Phases</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
An organization needs to have the detailed understanding of PDCA implementation phases to manage the costs of the project. <b><a alt="custom ecommerce developers" href="http://www.ifourtechnolab.com/" target="_blank">Software development companies</a></b> adopt PDCA cycle to implement international standards. Cycle of the PDCA is consistent with all auditable international standards: ISO 18001, 9001 and 14001. ISO/IEC 27001:2005 gives the following PDCA steps for an organization to follow:</div>
<div style="text-align: justify;">
</div>
<ul>
<li>Define an ISMS policy.</li>
<li>Define the scope of the ISMS.</li>
<li>Perform a security risk assessment.</li>
<li>Manage the identified risk.</li>
<li>Select the controls to be implemented and applied.</li>
<li>Prepare an SOA.</li>
</ul>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phase 5—Prepare an Inventory of Information Assets to Protect, and the Rank Assets According to the Risk Classification Based on Risk Assessment</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The various companies, such as <b><a alt="custom ecommerce developers in india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b>, needs to create a list of information assets to be protected. The following are suggested steps:</div>
<div style="text-align: justify;">
</div>
<ul>
<li>For the assets classify the key CIA impact levels: high, medium and low.</li>
<li>Identify the risks, and also classify them according to their severity and vulnerability.</li>
<li>After complete identification of the risks and the levels of CIA, do assign the values to the risks.</li>
</ul>
<br />
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
<b>Phase 6—Manage the Risks, and Create a Risk Treatment Plan</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
To control the impact associated with risk, the organization must accept and avoid and transfer or reduce the risk to an acceptable level using risk mitigating controls. Then the next stage is performing the gap analysis with the controls provided in the standard to create an RTP and an SOA and it is also important to obtain management approval of the proposed residual risks.</div>
<div style="text-align: justify;">
The RTP also provides:</div>
<div style="text-align: justify;">
</div>
<ul>
<li>Acceptable risk treatment (accept, transfer, reduce, avoid)</li>
<li>Identification of operational controls and additional proposed controls with the help of gap analysis</li>
</ul>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phase 7—Set Up the Policies and Procedures to Control Risks</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
For the controls adopted, shown in the SOA the organization will require the statements of policy or a detailed procedure and responsibility document to identify user roles for consistent and effective implementation of policies and procedures. And the documentation of policies and procedures is a requirement of <a href="http://www.iso.org/iso/iso27001" target="_blank">ISO/IEC 27001</a>. Also the list of applicable policies and procedures depends on the organization’s structure, the locations and the assets.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phase 8—Allocate Resources, and Train the Staff</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The ISMS process highlights one of the important commitments for the management: sufficient resources to manage, develop, maintain and implement the ISMS. And also it is very essential to document the training for audit.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phase 9—Monitoring the Implementation of the ISMS</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The periodic internal audit is a must for monitoring and review. The internal audit review consists of testing of controls and identifying corrective/preventive actions. In order to complete the PDCA cycle all the gaps identified in the internal audit must be addressed by identifying the corrective and preventive controls needed and the company’s compliance based on a gap analysis.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Also to be effective, the ISMS need to be reviewed by management at periodic and planned intervals. This review follows the changes and improvements to the policies, procedures, the controls and staffing decisions. It is a very important step in the process is project management review. Thus the results of audits and periodic reviews are documented and maintained.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phase 10—Preparation for the Certification Audit</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
In order for the organizations, such as <b><a alt="custom ecommerce developer" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b>, to be certified it is very essential that it conduct a full cycle of internal audits and management reviews and activities in the PDCA process and that it retains evidence of the responses taken as a result of those reviews and audits. The ISMS management should review risk assessments, the RTP, the SOA, and the policies and procedures at least annually.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
An external auditor will first examine the ISMS documents to determine the scope and content of the ISMS and the objective of the review and audit is to have sufficient evidence and review/audit documents sent to an auditor for review. Thus the evidence and documents will demonstrate the efficiency and effectiveness of the implemented ISMS in the organization and its business units.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Phase 11—Conducting Periodic Reassessment Audits</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The follow-up reviews or periodic audits confirm that the organization remains in compliance with the standard.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The certification maintenance requires periodic reassessment audits to confirm that the ISMS continue to operate as specified and intended. Thus with any other ISO standard the ISO 27001 follows the PDCA cycle and assists ISMS management in knowing how far and how well the enterprise has progressed along this cycle. It directly influences the time and cost estimates related to achieving compliance.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Conclusion</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The true success of ISO 27001 is its alignment with the business objectives and effectiveness in realizing those objectives. For <b><a alt="custom ecommerce developer in inda" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b> the IT and other departments play an important role in implementing ISO 27001. Implementing ISO 27001 is an exercise toward better understanding an existing inventory of IT initiatives, information availability and ISMS implementation phases. An organization also needs to have the detailed understanding of PDCA implementation phases. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Without a well-defined and well-developed <a href="http://certificationeurope.com/benefits-of-iso-27001" target="_blank">ISO 27001</a> project plan, implementing ISO 27001 would be a time- and cost-consuming exercise. To achieve the planned return on investment (ROI), the implementation plan has to be developed with an end goal in mind. Training and internal audit are major parts of ISO 27001 implementation. ISO 27001 certification should help assure most business partners of an organization’s status with respect to information security without the necessity of conducting their own security reviews. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-38159908795842784892016-04-14T09:51:00.001-07:002016-09-02T04:54:57.025-07:00Implementing ISO 27001 - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="Software development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZSRzCwcHgac7WVLRftjeyEZac5mGFLDCB-q196XcQgX-nZAKSbhYpK-9UbYThjAl0SWULpB6yZiMCiXdCzcTVEs7GCy3Mhm_Wi75G5UxkAGJ7EXQWJ_fNIkOybEIs0FNuqZAqTdquWoCU/s1600/impliment.jpg" title="Software development companies" width="570" /></a></div>
<b><br /></b>
<b>Implementation Phases</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
An organization needs to have the detailed understanding of PDCA implementation phases to manage the costs of the project. <b><a href="http://www.ifourtechnolab.com/" target="_blank">Software development companies</a></b> adopt PDCA cycle to implement international standards. Cycle of the PDCA is consistent with all auditable international standards: ISO 18001, 9001 and 14001. ISO/IEC 27001:2005 gives the following PDCA steps for an organization to follow:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
<ul>
<li>Define an ISMS policy</li>
<li>Define the scope of the ISMS</li>
<li>Perform a security risk assessment</li>
<li>Manage the identified risk</li>
<li>Select the controls to be implemented and applied</li>
<li>Prepare an SOA</li>
</ul>
</div>
<div style="text-align: justify;">
<br />
<br /></div>
<div style="text-align: justify;">
<b>Phase 1—Identify Business Objectives</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Stakeholders must buy in; identifying and prioritizing objectives is the step that will gain management support. The primary objectives can be derived from the company’s mission, the strategic plan and IT goals. The objectives are:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
<ul>
<li>Increased marketing potential</li>
<li>Complete assurance to the business partners of the organization’s status with respect to information security</li>
<li>Both Increased revenue and profitability by providing the highest level of security for customers’ sensitive data</li>
<li>Identification of the information assets & effective risk assessments</li>
<li>Compliance with industry regulations</li>
</ul>
</div>
<div style="text-align: justify;">
<br />
<br /></div>
<div style="text-align: justify;">
<b>Phase 2—Obtain Management Support</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
Management must make a commitment to the establishment, planning, the implementation, the operation, monitoring, review, improvement and maintenance of the ISMS. The commitment must also include activities such as ensuring that the proper resources are available to work on the ISMS and that all employees affected by the ISMS have the proper training, competency and also awareness. The following activities/initiatives show management support:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
<ul>
<li>An information security policy</li>
<li>The information security objectives & the plans</li>
<li>The roles & responsibilities for the information security or a segregation of duties (SoD) matrix that shows the list of the roles related to information security</li>
<li>Sufficient resources for managing, developing, maintaining and implementing the ISMS</li>
<li>The determination of acceptable level of risk</li>
<li>The management reviews of the ISMS at planned intervals</li>
<li>Assurance that personnel affected is also affected by the ISMS are provided with training</li>
<li>Appointment of the competent people for the roles and responsibilities that they are assigned to fulfill</li>
</ul>
</div>
<div style="text-align: justify;">
<br />
<br /></div>
<div style="text-align: justify;">
<b>Phase 3—Select Proper Scope of Implementation</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
ISO 27001 states that any scope of implementation may cover all or part of an organization. According to it for the <b><a href="http://www.ifourtechnolab.com/" target="_blank">software company</a></b> or any other company the scope of the ISMS, the processes, business units, external vendors or contractors falling within the scope of implementation must be specified for certification to occur.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The standard also thus requires companies to list any scope exclusions and the reasons why they were excluded.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Identifying the scope of implementation can save the organization time, money. The following points should be considered:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
<ul>
<li>Selected scope helps to achieve all the identified business objectives.</li>
<li>The organization’s over all scale of operations is an integral parameter needed to determine the compliance process’s complexity level.</li>
<li>To find out appropriate scale of operations, organizations need to consider the number of employees, business processes, work locations, and products or services offered.</li>
</ul>
</div>
<div style="text-align: justify;">
<br />
<br /></div>
<div style="text-align: justify;">
<b>Phase 4—Define the appropriate Method of Risk Assessment</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
To meet the requirements of <a href="http://www.iso.org/iso/iso27001" target="_blank">ISO/IEC 27001</a>, the companies need to define & document the method of risk assessment. The ISO/IEC 27001 standards do not specify the risk assessment method that can be used. The following all points should be considered:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
<ul>
<li>The method that can be used that can assess the risk to identified information assets</li>
<li>Which risks are intolerable therefore, that need to be mitigated</li>
<li>Managing the residual risks through carefully considered policies, the procedures and controls</li>
<li>Choosing a risk assessment method is one of the most important parts of establishing the ISMS and use of the following will be helpful:</li>
<li>NIST Special Publication (SP) 800-30 Risk Management Guide for Information Technology Systems</li>
<li>Sarbanes-Oxley IT risk assessment</li>
<li>Asset classification, data classification documents (determined by the organization)</li>
<li>ISO 27001 needs risk evaluations based on levels of confidentiality, integrity and availability (CIA):</li>
<ul>
<li>Confidentiality—Clause 3.3: Ensuring that information is accessible only to those authorized to have access</li>
<li>Integrity—Clause 3.8: Safeguarding the accuracy and completeness of information and processing methods</li>
<li>Availability—Clause 3.9: Ensuring that authorized users have access to information and associated assets when required</li>
</ul>
</ul>
</div>
<div style="text-align: justify;">
<br />
<br /></div>
<div style="text-align: justify;">
<b>Conclusion</b></div>
<div style="text-align: justify;">
<b><br /></b></div>
<div style="text-align: justify;">
The true success of ISO 27001 is its alignment with the business objectives and effectiveness in realizing those objectives. For any <b><a href="http://www.ifourtechnolab.com/" target="_blank">software development company</a></b>, IT & the other departments play an important role in implementing the ISO 27001. Implementation of ISO 27001 is an exercise toward better understanding an existing inventory of IT initiatives & the information availability and ISMS implementation phases. The organization also needs to have the detailed understanding of PDCA implementation phases. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Without a well-defined and well-developed ISO 27001 project plan & implementing ISO 27001 would be a time- and cost-consuming exercise & to achieve the planned return on investment (ROI), the implementation plan has to be developed with an end goal in mind. Training and internal audit are major parts of ISO 27001 implementation. ISO 27001 certification should help assure most business partners of an organization’s status with respect to information security without the necessity of conducting their own security reviews. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></div>
<div style="text-align: justify;">
<br /></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-71707608264248124772016-04-13T03:52:00.001-07:002016-09-02T04:15:54.933-07:00Planning for ISO 27001 - Part 2<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="Software application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHCKcFSA63ZqO_D92waFwOn9XQAgehsBLIHD6LpmUqw0et8Mrq99tSkjMfGre3yDwRUt2M464jWgGBL7kiT3CUZ3wtLCTZeqWYZg94Pmjd92Dg52L3LV-_QL3rswUF9zDCVsbJifwP_SoA/s1600/planning-iso.jpg" width="570" title="Software application development companies" /></a></div>
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;"><br /></span></b>
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">ISMS—Planning
for ISO<o:p></o:p></span></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">ISO/IEC
27001 has detail 133 security measures, which are then organized into 11
sections and 39 control objectives. These sections specify the best practices
for:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Business continuity planning<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
System access control<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
System acquisition, development and maintenance<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Physical and environmental security<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Compliance<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Information security incident management<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Personnel security<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Security organization<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Communications and operation management<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Asset classification and control<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">•
Security policies<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">The
ISMS may be certified as compliant with <a href="http://www.iso.org/iso/iso27001" target="_blank">ISO/IEC 27001</a> by a number of accredited
registrars worldwide. Also the ISO/IEC 27001 certification, similar to other
ISO management system certifications, that usually involves a three-stage audit
process:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">• <b>Stage
1</b>—The Informal review of the ISMS that includes checking the existence and
completeness of key documents such as the: – Organization’s security policy and
the Risk treatment plan (RTP) and
Statement of applicability (SOA)<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">• <b>Stage
2</b>—Independent tests of the ISMS against the requirements specified in
ISO/IEC 27001. The certification audits are conducted by ISO/IEC 27001 lead
auditors.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">• <b>Stage
3</b>—Follow-up reviews or periodic audits to confirm that the organization
(eg. <b><a alt="custom online shop developers" href="http://www.ifourtechnolab.com/" target="_blank">Software application development companies</a></b>)
remains in compliance with the given standard. And the certification
maintenance requires periodic reassessment audits to confirm that the ISMS
continue to operate as specified and intended. Independent assessment
necessarily brings some rigor and formality to the implementation process, and
it also must be approved by management. The ISO/IEC 27001 certification helps
to assure most business partners of the organization’s status regarding
information security without the business partners having to conduct their own
security reviews.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">Planning<o:p></o:p></span></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">As
in all compliance and the certification initiatives, and the consideration of
the organization’s size, nature of its business, and the maturity of the
process in implementing ISO 27001 and commitment of senior management are
essential. Most important departments and activities that will be vital to the<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">success
of the project include:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">• <b>Internal
audit</b>—In the initial planning phase, the input from internal audit will be
useful in developing an implementation strategy, and early involvement of
internal auditors will be useful during the later stages of certification that
require review by management.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">• <b>IT</b>—The
IT department will have to dedicate resources and time to the activities
associated with the <a href="http://www.iso.org/iso/iso27001" target="_blank">ISO 27001</a> initiatives. The inventory of existing IT
compliance initiatives, the procedures and the policies, and maturity of
existing IT processes and controls will be useful to gain an understanding of
how the existing processes align with ISO 27001 requirements.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">Although
implementation of policies and procedures at <b><a alt="custom online shop developers in india" href="http://www.ifourtechnolab.com/" target="_blank">software companies</a></b> is largely perceived as an IT activity, the
other departments play a very important role in the implementation. For e.g.,
facilities management is largely responsible for physical security and access
controls.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">Decision
Making<o:p></o:p></span></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">The
decision of when and how to implement the standard may be influenced by a
number of factors such as:<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Business
objectives and priorities<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Existing IT
maturity levels<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">User
acceptability and awareness<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Internal
audit capability<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Contractual
obligations<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Customer
requirements<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">The firm’s
ability to adapt to change<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Adherence to
internal processes<o:p></o:p></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">The existing
compliance efforts and legal requirements</span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<!--[if !supportLists]--><span lang="EN-US">•<span style="font-stretch: normal;">
</span></span><!--[endif]--><span lang="EN-US" style="font-family: "arial" , sans-serif;">Existing
training programs</span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<span lang="EN-US" style="font-family: "arial" , sans-serif;"><br /></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<span lang="EN-US" style="font-family: "arial" , sans-serif;"><br /></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<span lang="EN-US" style="font-family: "arial" , sans-serif;"><br /></span></div>
<div class="MsoListParagraph" style="margin-bottom: .0001pt; margin-bottom: 0cm; margin-left: 36.0pt; margin-right: 0cm; margin-top: 0cm; mso-layout-grid-align: none; mso-list: l0 level1 lfo1; text-align: justify; text-autospace: none; text-indent: -18.0pt;">
<span lang="EN-US" style="font-family: "arial" , sans-serif;"><b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></span></div>
</div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0tag:blogger.com,1999:blog-2385589671078118315.post-59101207323937767572016-04-13T03:46:00.002-07:002016-09-02T04:11:56.878-07:00Planning for ISO 27001 - Part 1<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.ifourtechnolab.com/" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;" target="_blank"><img alt="web application development companies" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKg63twUHHANRsNakzbXRT_yXIef3tt8ScAtlkQolU07qaNHCvVl0TgNcDKK_FIYuNhGwzQN-9I7bzwgy4Pws-zROcMJ4dmKai8WJphHkP_Xx4MC9ePAgnFnHFGNOAs7WJueubslQ3tSST/s1600/timetoplan+iso+27001.jpg" title="web application development companies" width="570" /></a></div>
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;"><br /></span></b>
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">Introduction<o:p></o:p></span></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">ISO/IEC
27001:2005 <i>Information Technology— Security techniques—Information security
management systems—Requirements </i>is an<i> </i>information security
management system (ISMS)<i> </i>standard published in October 2005 by the<i> </i><a href="http://www.iso.org/" target="_blank">InternationalOrganization for Standardization (ISO)</a> and International Electro
technical<i> </i>Commission (IEC).The potential benefits<i> </i>of implementing
ISO 27001 and obtaining<i> </i>certification are numerous also implementing<i> </i>ISO
27001 enables enterprises to benchmark<i> </i>against competitors and to provide
relevant<i> </i>information about IT security to vendors and<i> </i>customers,
it enables management to<i> </i>demonstrate due diligence. And it also can
foster efficient<i> </i>security cost management, and compliance with<i> </i>laws
& regulations, a comfortable level<i> </i>of interoperability due to a
common set of<i> </i>guidelines followed by the partner organization.<i> </i>It
also helps in improving IT information security system<i> </i>quality assurance
(QA) and increase security<i> </i>awareness among the employees, customers and<i>
</i>the<i> </i>vendors, etc.,
and it can also increase IT and business<i> </i>alignment. And it also provides
a process framework for<i> </i>IT security implementation and can also assist<i>
</i>in determining the status of information security<i> </i>and the degree of
compliance with the security<i> </i>policies, the directives and standards.
Many <b><a alt="eCommerce solution provider india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a>,
<a alt="eCommerce solution providers india" href="http://www.ifourtechnolab.com/" target="_blank">custom application development companies</a>, <a alt="eCommerce solution providers in india" href="http://www.ifourtechnolab.com/" target="_blank">web application development companies</a></b>
etc are leveraging benefits of implementing ISO 27001.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<b><span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">Costs
of Implementation<o:p></o:p></span></b></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">Before
implementing <a href="http://www.iso.org/iso/iso27001" target="_blank">ISO 27001</a>, one needs to consider the costs and project length all
of which are further influenced by the detailed understanding of the
implementation phases. Also in today’s cloud computing environment, the
organizations that want to reduce costs without compromising information
security are looking at ISO 27001 certification as a promising means to provide
knowledge about their IT security. Implementation costs are driven by the
perception of risk and how much risk an organization is prepared to accept. Companies
such as <b><a alt="eCommerce solution providers in india" href="http://www.ifourtechnolab.com/" target="_blank">software development companies</a></b>
incur various costs while implementation. In total four costs need to be
considered when implementing this type of project:<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">1. <b>Internal
resources</b>—The system covers a wide range of business functions which
include management, human resources (HR), IT, facilities and security. All
these resources will be required during the implementation of the ISMS.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">2. <b>External
resources</b>—Experienced consultants will save a huge amount of time and cost.
Also they will prove useful during internal audits and ensure a smooth
transition toward certification.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">3. <b>Certification</b>—Only
a few approved certification agencies currently assess companies against ISO
27001, although fees are not much more than against other standards.<o:p></o:p></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0cm; mso-layout-grid-align: none; text-align: justify; text-autospace: none;">
<br /></div>
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;">4. <b>Implementation</b>—These
costs depend largely on the health of IT within the organization. Thus if, as a
result of a risk assessment or audit, a gap appears, then the implementation
costs are bound to go up based on the solution implemented.</span><br />
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;"><br /></span>
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;"><br /></span>
<span lang="EN-US" style="font-family: "arial" , sans-serif; line-height: 115%;"><b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">Author Signature</span></b><span lang="EN-US" style="font-family: "calibri" , "sans-serif"; font-size: 11.0pt; line-height: 115%;">: Shreyans Agrawal
(ifour.shreyans.agrawal@gmail.com)</span></span></div>
iFour Ankita Lachhwanihttp://www.blogger.com/profile/07116586188471171434noreply@blogger.com0