Authentication and Access Control

Threats to your data can come from external or internal sources.

  1. There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
  2. There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
  3. Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

  • Work with your key personnel to determine who gets access to what.
  • Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
    • biometric devices
    • Kerberos tickets
    • mobile phones
    • passwords
    • PKI certificates
    • proximity cards
    • smart cards
    • tokens
  • Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

Check our similar posts

Project Management

In a cutthroat market, where the competition is constantly on the attack to break into your market share, implementing a project-based system can give your organisation the necessary tools to be more efficient and agile.

However, rapidly changing consumer demands, technologies and other factors make it ever more difficult to generate a strategic advantage from projects, let alone develop one. Also since a large organisation can easily end up having to manage multiple projects at the same time, the new management paradigm can appear too complex.

What your company really needs is the expertise that can guide you starting from conception and planning, down through procurement and execution in order to maximise whatever resources you have. Each move must be well thought out so that there are clear goals and objectives as well as methods to achieve them.

Programme Management

Are you running multiple projects pointing to an overall strategic direction? Then you’ll need more than just a “scaled-up” version of project management to make sure every component’s work effort is well coordinated to achieve your enterprise’s desired outcomes.

Through our expertise in programme management, we’ll work with your stakeholders, executives and clients to achieve the following:

  • Design a well-articulated management structure and clearly define decision-making roles & responsibilities – This will ensure decisions are made rapidly with zero to minimal overlapping issues and to promote a unified, well-synchronised advance towards the common objective.
  • Set objectives then make sure they are met by guiding your key personnel in coordinating activities across projects.
  • Design or utilise existing financial models such that they adhere to your enterprise’s financial policies.
  • Develop procedures for reporting expenditures specific to the programme.
  • Establish the programme infrastructure, including
    • The appropriate technical environment and tools (e.g. hardware, software, communication, and other IT-related items)
    • IT staff and administrators
  • Evaluate your enterprise’s current IT architecture to determine whether it will suffice to achieve your objectives. If it doesn’t, propose options you can take to meet what is required.
  • Plan out activities that should take place in different levels in the organisation.
  • Implement a periodic review of the programme progress as well as of interim results to ensure everything is aligned with the strategic outcome.

Programme and Project Reviews

Whether we’ve helped you set up your programme or you did it on your own, time will come when you’ll need to know whether everything is going as planned. If it appears like the entire programme is going smoothly, chances are, something’s going awfully wrong somewhere. Remember, even the most well-planned projects and programmes are still under the mercy of unforeseen variables.

We’ve got highly specialised reviews for either projects or an entire programme. We’ll be able to provide you answers to questions like:

  • Are all projects aligned with the programme’s intended direction?
  • Are the people working on your projects as focused with the business rationale as they have been with meeting deadlines and utilising resources?
  • Where are your risks and exposures? How can they be remedied?
  • Is the project viable at all?

We understand how your staff would want to function normally as quickly as possible. Rest assured, our programme and project reviews are conducted swiftly and efficiently so that both interruptions and oversights are brought to a minimum.

After we’re done, you can expect a detailed quantitative assessment of your programme and/or projects’ status.

Basically, we’re not here to find mistakes; we’re here to help you find ways to correct them. If a project rescue is required, we’ll be the first to lend a hand.

Project Rescue

Believe it or not, many of our clients approached us not before or during their project’s planning stages. But rather, after having gone through sloppy execution, when they end up losing control. In other words, we’re usually at the receiving end of the distress signal, after they’ve punched the panic button.

While obviously this isn’t the ideal time to seek the aid of any expert because it means you’ve incurred unnecessary losses already, all is not yet lost. If the appropriate remedial actions are taken in a timely manner, you can still achieve highly acceptable end results.

In fact, in most of our experiences with project rescue operations, we’ve been able to put projects back on track – just the way the planners wanted them to be. We’ll also help you devise airtight strategies to prevent your project from going astray again.

At the end of our project rescue,

  • You’ll regain complete control
  • Milestones will be reached as planned
  • Requirements will be accomplished, and
  • The project will be realigned with ideal business directions

Project Governance Processes

Constructing a firm underlying structure is essential in any organisation. So before we’ll institute project management, we’ll do the following first.

  • Set up a PMO or Project Management Office to ensure, among others, that
    • Utilisation of facilities, budgets, technical support and other resources will be well coordinated
    • Work products can be tracked and reviewed
    • Issues regarding methodology and processes will be given appropriate attention
    • Training can be organised
    • Project management discipline be instilled in the IT department
  • Establish a steering committee to oversee the implementation of IT and business strategies
  • Fill up slots for a project manager, IT executive and a business sponsor and define the roles of each
  • Infuse project management practices to all affected units of the enterprise

Establishing PMOs, steering committees and other management structures is the easy part. Many organisations spend so much in order to create the structures related to project management, only to find out later that the effort has been all for naught. That’s why we won’t end there. Our objectives will therefore include the following:

  • To plant and cultivate an environment appreciative of project governance i.e. one that does not project it as just a bunch of bureaucratic processes and protocols.
  • To establish an organisational culture that starts at the top.
  • To make everyone involved understand that the power of project governance still lies in the hands of those who will ultimately implement it.

A project-driven enterprise is never propelled by a single project. Since multiple projects require a more complex governing structure, you’ll need to understand the intricacies of programme management.

How COBIT helps you achieve SOX Compliance

First released way back in 1996, COBIT has already been around for quite a while. One reason why it never took off was because companies were never compelled to use it ? until now. Today, many CEOs and CIOs are finding it to be a vital tool for achieving SOX compliance in IT.

Thanks to SOX, COBIT (Control Objectives for Information and related Technology) is now one of the most widely accepted source of guidance among companies who have IT integrated with their accounting/financial systems. It has also gained general acceptability with third parties and regulators. But how did this happen?

Role of control frameworks in SOX compliance

You see, the Sarbanes-Oxley Act, despite having clearly manifested the urgency of establishing effective internal controls, does not provide a road map for you to follow nor does it specify a yardstick to help you determine whether an acceptable mileage in the right direction has already been achieved.

In other words, if you were a CIO and you wanted to find guidance on what steps you had to take to achieve compliance, you wouldn’t be able to find the answers in the legislation itself.

That can be a big problem. Two of your main SOX compliance obligations as a CEO or CIO is to assume responsibility in establishing internal controls over financial reporting and to certify their effectiveness. After that, the external auditors are supposed to attest to your assertions. Obviously, there has to be a well-defined basis before you can make such assertions and auditors can attest to anything.

In the language of auditors, this ?well-defined basis? is known as a control framework. Simply put, once you certify the presence of adequate internal controls in your organisation, the external auditor will ask, ?What control framework did you use??

Knowing what control framework you employed will help external auditors determine how to proceed with their evaluations and tests. For your part, a control framework can serve as a guide to help you work towards specific objectives for achieving compliance. Both of you can use it as a common reference point before drawing any conclusions regarding your controls.

But there are many control frameworks out there. What should you use?

How SOX, COSO, and COBIT fit together

Fortunately, despite SOX?s silence regarding control frameworks, you aren’t left entirely to your own devices. You could actually take a hint from the SEC and PCAOB, two of the lead organisations responsible for implementing SOX. SEC and PCAOB point to the adoption of any widely accepted control framework.

In this regard, they both highly endorse COSO, a well-established internal control framework formulated by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). Now, I must tell you, if you’re looking specifically for instructions pertaining to IT controls, you won’t find those in COSO either.

Although COSO is the most established control framework for enterprise governance and risk management you’ll ever find (and in fact, it’s what we recommend for your general accounting processes), it lacks many IT-related details. What is therefore needed for your IT processes is a framework that, in addition to being highly aligned with COSO, also provides more detailed considerations for IT.

This is where COBIT fits the bill.

How COBIT can contribute to your regulatory compliance endeavors

COBIT builds upon and adheres with COSO while providing a finer grain of detail focused on IT. You can even find a mapping between COBIT IT processes and COSO components within the COBIT document itself.

Designed with regulatory compliance in mind, COBIT lays down a clear path for developing policies and good practice for IT control, thus enabling you to bridge the gap between control requirements, technical issues, and business risks.

Some of the components you’ll find in COBIT include:

IT control objectives

These are statements defining specific desired results that, as a whole, characterise a well-managed IT process. They come in two forms for each COBIT-defined IT process: a high-level control objective and a number of detailed control objectives. These objectives will enable you to have a sense of direction by telling you exactly what you need to aim for.

Maturity models

These are used as benchmarks that give you a relative measurement stating where your level of management or control over an IT process or high-level control objective stands. It serves as a basis for setting as-is and to-be positions and enables support for gap analysis, which determines what needs to be done to achieve a chosen level. Basically, if a control objective points you to a direction, then its corresponding maturity model tells you how far in that direction you’ve gone.

RACI charts

These charts tell you who (e.g. CEO, CFO, Head of Operations, Head of IT Administration) should be Responsible, Accountable, Consulted, and Informed for each activity.

Goals and Metrics

These are sets of goals along with the corresponding metrics that allow you to measure against those goals. Goals and metrics are defined in three levels: IT goals and metrics, which define what business expects from IT; process goals and metrics, which define what the IT process should deliver to support It’s objectives; and activity goals and metrics, which measure how well the process is performing.

In addition to those, you’ll also find mappings of each process to the information criteria involved, IT resources that need to be leveraged, and the governance focus areas that are affected.

Everything is presented in a logical and manageable structure, so that you can easily draw connections between IT processes and business goals, which will in turn help you decide what appropriate governance and control is needed. Ultimately, COBIT can equip you with the right tools to maintain a cost-benefit balance as you work towards achieving SOX compliance.

Energy Audit – clearly clear?

An energy audit is an examination of an energy system to ensure that energy is being used efficiently. It is the inspection, survey and analysis of energy flows for energy conservation in a building. Energy audits can be conducted by building managers who examine the energy account of an energy system, checks the way energy is used in its various components, checks for areas of inefficiency or where less energy can be used, and identifies the means for improvement.

An energy audit is often used to identify cost effective ways to improve the comfort and efficiency of buildings. In addition, homes/ enterprises may qualify for energy efficiency grants from central government. Energy audits seek to prioritise the energy uses from the greatest to least cost effective opportunities for energy savings.

An energy audit is an effective energy management tool. By identifying and implementing improvements as identified, savings can be achieved not only on energy bills, but also equipment will be able to attain a longer life under efficient operation. All these mean actual dollar savings.

An energy audit has to be conducted by a competent person with adequate technical knowledge on building services installations, after which he/she comes up with a report recommending plans on the Energy Management Opportunities (EMO) for energy saving.

An energy audit culminates to a written report. This could show energy use for a given time period (for example a year) and the impact of any suggested improvements per year. Energy audit reports are then used to identify cost effective ways to improve the comfort and efficiency of buildings. The energy audit report therefore gives management an understanding of the energy consumption scenario and energy saving plans formulation.
Energy audit reports should always translate into action. No matter how well articulated, the energy management objectives are afterall, an energy audit (EMOs), all the effort will be futile if no action is taken. The link between the audit and action is the audit report. It is therefore important for the audit reports to be understandable for all the target audiences/ readers, all of whom may have diverse needs, hence the reason why they should be clear, concise and comprehensible.

What are the do?s and don’ts when writing energy audit reports?

Avoid technical jargon as much as possible; present information graphically; use different graphics such as pie charts, data tables. Schematics of equipment layouts and digital photos tend to make EMO reports less dry. Some of the energy audit software?s come in handy in the generation of such graphs and charts.
The climax of it all is the recommendations, which should be made very fascinating.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today