IT Pre-Planning
Information Technology Pre-Planning (based on RFC 2196)
- OBJECTIVE: Identify bottlenecks and assess risks, and ease or eliminate them in a cost-effective manner.
- ASSET IDENTIFICATION
- Physical infrastructure
- Hardware inventory
- Software inventory including proofs of license (serial numbers, etc)
- Data
- During execution
- Stored online
- Archived offline
- Backups
- Audit logs
- Databases
- In transit over communications media
- People
- Administrators
- Users
- Hardware maintainers
- Documentation
- Hardware
- Software
- Administrative procedure
- RISK ASSESSMENT
- Balance safeguards against
- Necessary services provided (what do people need to do?)
- Cost
- Monetary (hardware/software purchasing)
- Performance (protective measures have overhead)
- Ease of use for users and administrators
- Priorities
- Protect human life and safety
- Protect sensitive and/or private data
- Minimize disruption of resources
- Protect other data
- Prevent damage to hardware and software
- Data is more important than hardware or software because it often can't be replaced.
- SOLUTIONS
- Should be largely independent from specific hardware and software (don't advocate any particular solution; use the right tool for the right job)
- Should clearly outline procedures and the people involved
- Should focus on infrastructure before applications