Business & Finance
Commentary
11/26/2003
12:39 AM
Commentary
Commentary
Commentary
50%
50%

SmartAdvice: How To Develop An IT Strategic Plan

Developing an IT strategy will help better-align your department with the business, The Advisory Council suggests. It also identifies three key leadership responsibilities and offers tips to protect your servers from hacker attacks.

Define The Road Map
The IT strategy plan is a decision document for investment and for ongoing expenses. Once all the data has been collected, it must be collated into a master project list that includes each project's funding requirements. Prioritize according to:

  • Project classification, based on such characteristics as return on investment, opportunity costs, alignment with objectives, and other variables of the business and environment;


  • Performance measures, and;


  • Resource management.


Related Links

IEEE (Institute of Electrical and Electronics Engineers) Computer Society

Information systems strategy and implementation: a case study of a building society

Microsoft Business and Technology Center

Federal Enterprise Architecture Framework


As some projects may span years, future resource allocation and performance measures need to be clearly defined.

It's also important that your road map isn't just about new projects, but also about managing technology. If there's a constant shift in priorities, a process that can manage these changes needs to be defined. Your Current Technology Usage, IT Resource Allocation, and Technology Architecture pieces should quickly become guiding documents for your current as well as future strategy.

Be sure to follow up quarterly with reviews that assess implementation, the projects' impact on business, and performance measures. All of these will enhance the value of your company's technology use, and help in making IT a strategic partner in business objectives.

Driving Business Value
The whole point of aligning IT with the business is to provide value by using technology in a way most profitable to the organization. Some of your work may be reactive (to market conditions and competitors' uses of technology); some may be collaborative (working with the business to define solutions to business problems); and some, at its best, will be innovative (to advance new business objectives).

Advancing Your Career
The business world loves people who think strategically. Add the ability to innovate and execute and your career will get a high-octane boost. Putting together an IT strategic plan and helping the business build (or at least think about) its strategy will enhance your value and accelerate your career. Modeling strategic planning in your department may even nudge the company toward its own, comprehensive strategic plan!

-- Humayun Beg

Topic B: How can we protect our servers from the continuing waves of hacker attacks?

Our advice: Have you checked your firewall logs recently? Mostly likely there has been a constant stream of automated probes. No one is immune to hacking, because so many attacks are random, automated doorknob rattling. The question becomes not whether are you going to be attacked, but when and how you can minimize the impact.

Related Links

CERT Coordination Center

2600: The Hacker Quarterly



In October 2002, a group of hackers from South Korea and the U.S. flooded the 13 domain-name root servers using a common distributed denial-of-service attack. Even these extremely over-engineered systems couldn't completely withstand a full frontal assault. So while you might not be able to stop a concerted attack on your servers without spending large amounts of money and resources, keep in mind that simpler, commonsense precautions are all that are necessary for the majority of companies.

There's no doubt that the hacker community is getting more sophisticated about how to infiltrate and attack systems, but their laziness and automation works in your favor. You can set your systems to block all the well-known forms of attack. By implementing the following Server Security Checklist, you will stop all but the most determined hacker:

  1. Consider hosting your externally facing servers in an outsourced, secure data center. The hosting company has far more resources dedicated to preventing attacks than you do.


  2. Remove all unessential services and applications from your servers. This minimizes the likelihood that, when a new security hole is discovered, a hacker will be able to exploit it because you simply forgot you were running that service.


  3. Make sure all your systems are automatically updated with all the latest patches. Minimizing the server's applications also makes it easier to maintain, since you can focus on ensuring that patches are current on all the services it does provide.


  4. Never keep the manufacturer's default security settings. The hackers know these holes better than you do, so don't make it easy for them.

Fortunately, once you've implemented these steps, and unless you are a high-profile hacker target, you can prevent the vast majority of security breaches and Web-site defacements.

-- Beth Cohen

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.