Wednesday, August 26, 2020

Business Process Management Architectures - MyAssignmenthelp.com

Question: Examine about the Business Process Management Enterprise Architectures. Answer: Presentation Business process engineering incorporates a plan for the association that help dissect the key destinations as against the requests that are put across(Weske, 2012). Business engineering empowers improvement of an extension in the undertaking model as against the different functionalities to incorporate the enhanced scope of angles that is obliged by the association objectives. Consequently, this structure consolidates operational, inspirational just as systematic systems that can help broaden a serious structure. The extent of the current business report is for a medium measured business situated in Brisbane in Queensland that has around between 20 to 200 workers. There are 7 formal useful divisions inside the association. The business gives diversion bundles to customers and furthermore discounts them in the event that they are not happy with their services(Jeston, 2014). Despite the fact that the business was working great yet late patterns delineates a descending pattern that may be because of worldwide money related emergency. The business design gave will permit the business to come outside the domain of this test confronted and conquer the circumstance. The report features the significance of business process design to this customer by recognizing potential procedure arrangements. The execution parts of such business forms in upgrading adequacy of the customer association and certain proposals are included in the discussion(Ko, 2009). The recreational business of the firm had been working in a decent way encountering development anyway ongoing patterns have been delineates different difficulties of the business. The association has a few offices comprising of tasks, HR, obtainment, deals, bookkeeping, advertising, examination and development(Choi, 2008). All these different offices is going by the CEO of the association, who has more than 10 years of experience inside the business. Despite the fact that there are isolated offices and portion of errands and duties there is a slack in information and experience of every one of departmental chiefs. Every single departmental heads don't have sufficient aptitudes and duties that can coordinate adequacy to the current structure present. There is a daydream of jobs and duties among administrators and slack in initiative characteristics that have hampered the business and made preoccupations meet its assigned goals(Becker, 2013). The association is at present encountering tremendous serious dangers and weights because of slack in polished methodology and authority characteristics. It is confronting colossal dangers from handling issues relating to conveyance for every divisions to meet assigned objectives. In this way, the proposed arrangement is planned for recommending a fitting business process engineering structure. Business Process Architecture and its viability Globalization alongside innovative appearance has prompted complex structure and broadened clients just as worker bases(Caetano, 2009). The difficulties looked by current business are increasingly mind boggling in nature thus requires more prominent capacities that expect association to embrace a coordinated methodology towards their organizations and clients. Subsequently, the pertinence and significance of Business Architecture. Business engineering presents a perspective on the association with the end goal that all parts of the business can be introduced in a coordinated way. A business procedure design includes an outline for the association to such an extent that key activities can be adjusted to satisfy its needs and goals(Muller, 2008). The extent of the current association includes giving recreation based administrations to its expanded client base, which are its objectives. Hence, its vision is to fulfill customer by giving fitting bundles at satisfactory value levels that permits to perform different functionalities. So as to take into account different functionalities of the business every offices needs to work in a planned way and adjust their procedures likewise. Business process engineering takes into account catching business techniques inside its abilities with the end goal that every single branch of the business can perform different functions(Smart, 2009). Every single such methodology are adjusted to esteem streams with the end goal that information is partaken in a semantic way from clients, provider, requests and criticism also. Inside the authoritative view different jobs, creation and specialty units alongside capacities are caught in a way to such an extent that interior and outer units can be appropriately taken care of. In the business procedure design each portion of the business is all around sectioned to take into account strategical filtration(Ren, 2012). A business system is partitioned and sub isolated into individuals procedures and innovation and the center business forms convey to such an extent that they can meet these differentiated capacities. methodologies are shaped by considering client needs and airs. As the extent of the current business is to convey and take into account recreation exercises, so as to be serious it needs to comprehend and attempt broad rivalry analysis(Schelp, 2007). Client statistical surveying for requests of explicit items can prompt comprehend the decreasing piece of the pie for the Company. Rather than depending on worldwide patterns of diminishing piece of the overall industry, statistical surveying with respect to late patterns in movement and the travel industry can permit productive bits of knowledge. Comprehension of client needs by promoting division wil l help give significant bits of knowledge to the examination group who will have the option to attempt development in comparable lines. At that point deals group can target people as per STP methods. Specific Segmentation Target Positioning strategies will help make progress and produce income with the end goal of the organization(Vom Brocke, 2010). Further operational group can attempt important tie-ups will providers with the end goal that general costs decrease can be effortlessly accomplished. Providers and different sellers of the business can convey cost adequacy by Value Chain Analysis for the business. Tasks can be improved by methods for innovation and procedure reconciliation inside a similar framework. Incentive from the business must be determined as far as coordinated administration led by the business. When all pertinent and separate parts of the business is coordinated then adequacy can without much of a stretch be delivered(Simon, 2014). Consistent correspondence sho uld be kept up inside every parts of the association with the end goal that there are no contentions and one office can work in agreement to another division. Therefore, usage of business process design will take into consideration consumer loyalty and taking into account benefits in a worth based way with the end goal that effectiveness can be set up. Holes in Processes Obliging in business process design can help get higher productivity and the board in existing goals(Pulkkinen, 2007). Business process design considers coordination of business more significant levels procedures into the current structure to infer esteems inside the extents of the business. The current association includes different holes inside its areas of expertise that can keep from pleasing for business process engineering. Different holes in the business forms have just been distinguished previously. Coming up next are a portion of the analyzed holes as ; At the top administration level: Though the current CEO is dealing with the business for a delayed time of years, yet there are different holes in his abilities. The CEO needs initiative abilities and methodologies embraced by him in profoundly serious markets are divided by methods for separated terms(Kurpjuweit, 2009). The Company under his initiative has acknowledged outside key impacts for working which opens up the Company to increasingly vital dangers. Vital objectives of the Company needs to break down outside and interior components to capacities to devise techniques along these lines, there is a hole which should be obliged inside the extent of the association with the end goal that it can make powerful procedures. At administrative levels: there are enormous degrees of holes too blocks that exist at the administrative degrees of the association. In spite of the fact that there is departmentalization inside the association yet there win enormous measures of slacks in abilities of each personnel(Al-Debei, 2010). Offices inside the association comprise of tasks, HR, obtainment, deals, bookkeeping, showcasing and innovative work. Right off the bat Operations director is the main composed office inside the extent of the association, however there are visit clashes that they have with HR administrator. The Operations director oversees obligations of 10 staffs announcing straightforwardly to the CEO, taking care of all important paper works. The usefulness of the activities office is slacking and as the division works effectively it very well may be assigned more prominent obligations to arrange work forms with respect to client appointments and other work aspects(Amit, 2015). The Human Resource Departmental administrator has no related involvements in the field and has obligations in zones of fund. In spite of the fact that the division is answerable for carrying on obligations of enlistment, acceptance, HR authoritative consistence, worker takeoffs yet it only here and there take into account its duties well. Further, there are no functionalities of the office in regard to execution examinations and preparing or other relevant perspectives that can advance representatives and achieve commitment procedure to such an extent that they can add to the business architecture(Myrick, 2007). Obtainment chief is exceptionally wasteful as it can't oblige its obligations and handle provider connections well. Despite the fact that he reports to the Sales Manager such line of power is invalid for the current authoritative degree. As acquirement isn't critical

Saturday, August 22, 2020

The Strike by Hollywood Writers an Example of the Topic Arts Essays by

The Strike by Hollywood Writers On November 5, 2007, an arranged strike of TV, radio and screenplay essayists, who work in the US for Eastern and Western parts of the Writers Guild of America, has begun. This strike was a response on late strategies of the Alliance of Motion Picture and Television Producers in regards to another agreement which must be marked with the Guilds. Fundamentally, the scholars demanded expanding their portions of wages originating from complete sells of motion pictures and TV arrangement, both on DVDs and in Internet. Notwithstanding, the Alliance can't, that is the reason in excess of 12,000 American authors joined the walkout. The Guilds chose to keep striking until the sides of the contention had the option to settle on every single significant issue. Need paper test on The Strike by Hollywood Writers subject? We will compose a custom paper test explicitly for you Continue Understudies Usually Tell EssayLab support: What amount do I need to pay somebody to compose my task today? Pros suggest: Order Papers On Essaylab.Com Great Essay Writing Company Buy An Essay For College Best Essay Writing Service Best Essay Writing Service Reviews Along these lines, all crafted by the Writers Guilds was ended, and now this circumstance genuinely influences creation of most of American TV and radio shows, TV arrangement, and so forth. It will without a doubt bring to a few millions dollars of misfortunes and to certain negative monetary results. An extraordinary number of our mainstream programs, including the shows of Conan O'Brien and Jay Leno, just as numerous different shows which are communicated in our best TV systems, for example, NBC, ABC, CBS or Fox, are right now having issues with discovering great content composing work force. In addition, creation of mainstream TV arrangement (counting Prison Break, 24, Lost, CSI, Desperate Housewives and others) must be ended and delayed. I bolster the situation of the Writers Guilds in light of the fact that making a decent spellbinding content is a key component of making top notch intriguing shows or motion pictures, and when the journalists are not content with the remuneration they get, nothing but bad TV or film items can be made. In this way, such center majority rule an incentive as equity and being reasonable for others must be considered. Plus, as indicated by the data advanced, the scholars have not just money related requests to be met. The combinations consistently attempt to paint us as outlandish and contentious. Our recommendations essentially attempt to guarantee that authors stay aware of the business' development. That is reasonable and sensible. (Writers Guild, East, 2007) References Authors Guild of America, East. (2007). The Official Site of the Guild. Recovered January 4, 2008, from: http://www.wgaeast.org/. Authors Guild of America, West. (2007). The Official Site of the Guild. Recovered January 4, 2008, from http://www.wga.org/.

Friday, August 21, 2020

Its Science! Stand Up For Success - College Essay Advisors Admissions Essay Experts

Its Science! Stand Up For Success - College Essay Advisors Admissions Essay Experts Its Science!: Stand Up For Success Its Science!: Stand Up For Success Even when we talk about how it starts, our students are sedentary.  Youre going to sit down and write that essay.  An article in yesterdays Wall Street Journal suggests that we should all be doing our work standing up, or at the very least, sitting up straight.  The advisors at CEA should take some lessons from this too â€" we dont want to morph into hunchbacks while spell checking your brilliant combinations of nouns and verbs.  Maybe, together, we can work to follow some of the articles most salient tips.  All of us can preserve our posture and maximize breath efficiency by sitting  with our rib cages lifted, our backs not touching our chairs, and both of our feet firmly planted on the floor â€" while incessantly typing, of course.  Maintaining good posture also helps people maintain a positive attitude â€" something we all need when digging into that third hour of drafting and re-drafting.  Its probably also a good idea to kick the whole process off with your weight on both legs; we dont know a single person whose brainstorming sessions didnt benefit from a little walk around the block.  Spine straight! About CEA HQView all posts by CEA HQ »

Its Science! Stand Up For Success - College Essay Advisors Admissions Essay Experts

Its Science! Stand Up For Success - College Essay Advisors Admissions Essay Experts Its Science!: Stand Up For Success Its Science!: Stand Up For Success Even when we talk about how it starts, our students are sedentary.  Youre going to sit down and write that essay.  An article in yesterdays Wall Street Journal suggests that we should all be doing our work standing up, or at the very least, sitting up straight.  The advisors at CEA should take some lessons from this too â€" we dont want to morph into hunchbacks while spell checking your brilliant combinations of nouns and verbs.  Maybe, together, we can work to follow some of the articles most salient tips.  All of us can preserve our posture and maximize breath efficiency by sitting  with our rib cages lifted, our backs not touching our chairs, and both of our feet firmly planted on the floor â€" while incessantly typing, of course.  Maintaining good posture also helps people maintain a positive attitude â€" something we all need when digging into that third hour of drafting and re-drafting.  Its probably also a good idea to kick the whole process off with your weight on both legs; we dont know a single person whose brainstorming sessions didnt benefit from a little walk around the block.  Spine straight! About CEA HQView all posts by CEA HQ »

Sunday, May 24, 2020

Essay about Information Technology Ten Point Code of Ethics

Ten Point Code of Ethics for Information Technology Professionals By James Malveaux, Jr. 1. Has IT professionals use every precaution to prevent given out any access to passwords, personnel identifications or other sensitive information to can be used in the database systems. The importance of this is to keep sensitive information for getting out to the world. There is a lot of hacker software that can penetrate a company’s network and get into the database that contains sensitive material. The one thing to prevent any of this from happening is to get a†¦show more content†¦It is pretty much up to the company on how they should keep inventory of their equipment and if you use the benefits suggests you can keep your IT equipment safe. 3. Has IT professionals we will not download or install unauthorized software on any equipment without consent of the company’s policy. This is extremely important because there a lot of viruses out that can damage a network. Any downloaded software like shareware can be lethal to a network. The best way to keep this from happening is by installing a virus software on the server that will detect anything before it goes through the network. Also each network station should have a virus program as well because many personnel will bring files from home and try to access them at work. Plus have procedures for employees so that if they accidentally open a file that contains a virus they should not do anything further and just take the computer off the network and let an IT professional handle the situation from there. This is especially important on emails as well. Whenever an employee sees a suspicious email with a file attached to it, don’t have them open it but ju st delete it and notify the IT professional immediately. Having these procedures can prevent any damage to the company’s network and help protect sensitive information as well. 4. Has IT professionals we to except responsibilities of our work. Whenever you work on something there are steps and procedures in doing any kindShow MoreRelatedThe Ethics Technique Of Wearable Technology1278 Words   |  6 Pages Assessment 1 – Doing Ethics Technique Wearable Technology Nagur Bhasha Shaik 11614204 ICT506 IT Ethics shaiknagurbhasha@gmail.com Wearable Technology We are as of now appended to (actually and metaphorically) various innovations that screen our practices. The wellbeing taking after excitement has incited the progression of numerous armlets and catch on devices that screen steps taken, activity levels, heart rate, et cetera., likewise the methodology of common equipment that can be layered,Read MoreEssay on Turnitin: Hypocrisy of Its Own1277 Words   |  6 Pagesadvancement in technology has made plagiarizing so much easier, and because of this, many professors have resorted to using software programs which detects any sort of plagiarism. One popular program many professors are enforcing their students to use is Turnitin.com. When a paper is submitted into Turnitin, the program compares it to previous submitted essays saved in its database and the content available on the internet. However, in recent years, there has been much controversy between the ethics of TurnitinRead MoreA Doctors Code of Ethics1765 Words   |  8 Pages A Doctor’s Code of Ethics By: Vanessa White University of Phoenix A Doctor’s Code of Ethics A doctor’s code of ethics is to enrich the wellbeing of the community and town by helping taking care of patients during visits while making progress in a patient’s treatment (Medical Ethics, 2010). These guidelines are put in place for the doctors so that they can attend to any challenges that might arise both ethically and expertly (Medical Ethics, 2010). Medical ethics are guidelines of a physician’sRead MoreMiss1698 Words   |  7 PagesREMOTE DEPOSIT CAPTURE PROJECT – Case Scenario – II (Schwalbe K., 2010, Managing Information Technology Projects 6E, Course Technology, Cengage Learning) Part 5: Project Quality Management The Remote Deposit Capture Project team is working hard to ensure that the new system meets expectations. Even though you have a detailed scope statement, schedule, and so on, you want to be sure that the project will please key stakeholders, in particular Harold, the project sponsor, and Tricia, the VP ofRead MoreThe Virtuous Manager1658 Words   |  7 PagesThe Virtuous Manager Enron was the model for rapid growth in the 1990’s but part of the culture and ethics of Enron was disturbing. Falsified documents, cutthroat competitiveness among employees and accounting schemes that hid the truth of the company’s indebtedness were just a few examples of the lack of business ethics within the organization. Perhaps a more virtuous management team could have saved Enron from collapse. Culture of Enron An Indicator of Corruption Enron’s management style wasRead MoreCode Of Leadership Summary959 Words   |  4 Pagesand timeliness. She accepts constructive feedback with a positive attitude. Ethics and Integrity: Judit continues to treat her peers with respect and courtesy in addition to conducting herself in a manner consistent with the DPS Courtesy policy as set forth in the General Manual (GM) Chapter Five: Doctrines, Policies and Operating Procedures; 05.17.00. She continues to adhere and abide by the Code and Canons of Ethics and the standards of ethical conduct for state employees as set forth in theRead MoreA Summary Of Leadership967 Words   |  4 Pagescontinues to accept direction for improvement in a positive and professional manner. Ethics and Integrity: Carol continues to treat her peers with respect and courtesy in additional to conducting herself in a manner consistent with the DPS Courtesy policy as set forth in the General Manual (GM) Chapter Five: Doctrines, Policies and Operating Procedures; 05.17.00. She continues to adhere to the Code and Canons of Ethics and the standards of ethical conduct for state employees as set forth in the GMRead MoreAcc 4035354 Words   |  22 Pages | |INSTRUCTIONAL MATERIAL - Supporting | |The following resources provide additional background and supporting information for this course. There is no need to purchase these items | |for the course. | | Read MoreThe Nursing Theory And Theorist1199 Words   |  5 Pageschanges in technology that appear to take place on a daily basis. I am constantly learning something new, which means that I am constantly moving through the stages as Benner described them. The role of a registered nurse as a â€Å"caring nurse† is an ever-changing role. We as nurses must find the time to wear several different hats throughout the day, and sometimes even multiple hats at the same time. Nursing theorist Jean Watson defines caring as a humanitarian science, and described ten behaviorsRead MoreMy Role As Webmaster For My School Essay973 Words   |  4 Pagesdesign, accuracy and accessibility of information and the training of other teachers to create their own websites. Through this role I have developed in leadership and I have been directly involved in creating an avenue in which to provide students, teachers and the community with vital information. Over the past ten years, the amount of information available via the Internet has grown exponentially and our school and community have come to rely on the information on our website. Traffic on our web

Wednesday, May 13, 2020

Media s Impact On Society - 920 Words

Introduction The media industry is the state of our actuality. There are several different kind of media; there is the newspaper, radio, and television. Each category has its own different stage that has modeled the media to be as influential as it is in society today. Along with all other forms of media, newspapering has played a huge role in the way society view the industry. Through time many changes have occurred, are occurring, and will continue to develop in the future. The media has an immensely impact on society . Newspapers has been influential for hundreds of years. According to Tim Harrower in the third edition of â€Å"Inside Reporting†, In Caesar’s age, Romans read newspapers handwritten by slaves. Wandering minstrels spread news (and the plague) in the Middle Ages (Harrow 8). Through generations the way the people conduct the news have changed. The news was spread through the newsprint, voices on airwaves, movie newsreels, TV network newscast, media websites, and news apps for smartphones (Harrower 8). Thus, society seeks various ways to spread the news in the world today. The â€Å"penny press† is significant in the history of journalism in the U.S. because it allowed society to be able to afford the newspaper. Throughout colonial times, and actually down to the 1830s, most newspapers were sold through annual subscription, usually $8 to $10 a year (Douglas 3). Although this amount may not seem expensive today, in the 1830s the price of newspapers wereShow MoreRelatedMedia s Impact On Society956 Words   |  4 PagesThe media, or communication outlets, has a huge part in the racial divide, prejudices, oppressions and discriminations in America. These outlets include newspapers, television, internet, and/or radio. Over the recent years, stereotyping and discrimination has been greatly enhanced by media outlets. Even though the media has enhanced these harmful issues, the media can improve all of the factors by making changes to how they portray different races and ethnicities. â€Å"The media can influence peopleRead MoreMedia s Impact On Soc iety1098 Words   |  5 PagesThe media industry is the state of our actuality. Society expects for the news to keep them informed on what is going on around the world. There are several different kinds of media; there is the newspaper, radio, and television. Each category has its own different stage that has modeled the media to be as influential as it is in society today. Along with all other forms of media, newspapering has played a huge role in the way society view the media industry. Through time many changes have occurredRead MoreThe Media s Impact On Society951 Words   |  4 Pagesface because of their gender. The comment section of this video is erratic; the viewers often have conflicting views about the meaning of the video as well as whether or not it was successful in its purpose. One thing is for sure, the video makes an impact by using several rhetorical devices including word choice, pathos and logos; all which separate it from other pro-feminism videos that ex ist. FCKH8.com’s video made an abundance of creative decisions that made each of its viewers have an intenseRead MoreThe Impact Of Media On Society s Society1375 Words   |  6 Pagesto be, a relevant issue in our society. While racism is not as prevalent as it was in the 1860’s, it is not any less significant. The relevance of racism today can partially be blamed on how the media portrays race. Media comes in all forms; print media, broadcast media, social media, etc. Each of these forms play an important role in our society. Media is the main communicator in today’s society. Society looks to media for information. This is a problem because media does not always have the properRead MoreThe Impact Of Media On Society s Society1772 Words   |  8 PagesIntroduction: Media has played an instrumental role in shaping society especially Canadian society. There are many types of stream in media that has allowed Canadians to have a sense of closeness with their community and the country. A type of media that exemplifies this is the news. The news plays a crucial role informing the public about certain events that are happening around individuals’ lives and how these types of news are affecting them. In addition to that, the news also provides an entertainmentRead MoreSocial Media s Impact On Society1515 Words   |  7 Pagestoday’s society not all people welcome social media into their lives and thus restrict their access and or involvement when it comes to the abundances of social media outlets. However, social media has indeed taken the lives of our children, adolescents, and families by the collar. Social media plays a pivotal part affecting everyday life as we know it today. Despite these claims, the advancements in technology have evolved, thus creating a society that thrives on the dependency of social media outletsRead MoreMedia s Impact On The American Society2784 Words   |  12 PagesAmerican society is presented information over a wide range of events that we encounter in life throughout the history of the United States on account of media. Media presents ongoing information within the boundaries of the United States in addition to foreign affairs believed to be significant to the American public. The media has a massive influence and impact on the American society covering certain events that are taking place all over the world. However, sometimes media only covers one sideRead MoreThe Impact Of Media On Women s Society2399 Words   |  10 PagesDissertation – Chapter 1 What impact does the media have on females in todays society? Mass media shapes the world and the ‘perfect’ female is depicted through magazines, TV, music, internet, billboards, toys, movies, commercials etc. on a daily basis, impacting women and girls on how to perceive their own bodies, how to look and how to behave. Beauty standards have changed throughout the decades, even centuries, and has always placed immense pressure on females. From 1400s-1700s, an overweightRead MoreSocial Media s Impact On Society1260 Words   |  6 Pagesmajor key in our society; such as Instagram, Twitter, and Snapchat. These apps were as another form of social media. It had opened a whole new world for people twelve and older; enabling them to share and memories, stories, and updates of their lives to their â€Å"followers†. Moreover, this way of sharing your life with others had brought in keen, automatic listeners. Which inevitably had also spread awareness like wildfire; the good or bad news. Nonetheless, this form of social media had an immense effectRead MoreMedia And Its Impact On Society s Picture Essay1365 Words   |  6 PagesIcon based endorsements are no more confined to customary fight and thus youth commonly change channels amid ads. Games symbol s picture is the significant deciding element that oversees the organization s item advancement and the shopper s buy choice. Sports legends have ended up mindful of their picture in embracing a brand and this thusly has praised their fame in the midst of youth (Brilliant Barry 2010). The social change includes by the administration peculiarities sports symbols that go

Wednesday, May 6, 2020

Log Mgmt Free Essays

string(92) " have been picked up by the log management system or service and reported upon as required\." Log Management in the Cloud: A Comparison of In-House versus Cloud-Based Management of Log Data A SANS Whitepapers – October 2008 Written by: Jerry Sheen Sponsored by Alert Logic Basic Practices Questions for the Cloud Provider Considerations for In-House Log Management Executive Summary In the 2008 SANS Log Management Survey, 20 percent of respondents who were satisfied with their log management systems spent more than one week each month on log analysis. Most of those companies were in the Global 2000. The remaining small- and medium-sized businesses (SMB) and government organizations spent twine a half-day to five days per month on log analysis. We will write a custom essay sample on Log Mgmt or any similar topic only for you Order Now The survey also showed that, because of difficulties in setup and integration, most organizations have only achieved partial automation of their log management and reporting processes. These difficulties have organizations, particularly SMB, wondering if they should turn over log management to an in-cloud provider†one that provides their log management software and log data storage over the Internet. In January, 2008, Stephen Northup, president of the SANS Technology Institute, wrote that there are pitfalls with putting log management in-the-cloud. On the plus side, he adds, â€Å"you will almost certainly save money. In addition, real experts on log analysis are hard to find†¦ † 1 Recently, vendors began offering log management in-the-cloud (otherwise known as Software as a Service or AAAS), as a way to simplify log management because the provider can dedicate the material resources and retain the talented, focused personnel to do a better Job for less money. This particularly makes sense not only for SMB without the dedicated manpower, but also for enterprises whose IT resources are stretched trying to manage multiple distributed Lana. While IT managers agree that log management is difficult, they are leery about handing over their log data to a third party application provider because the data might not be available when they need it, not to mention the sensitive nature of some of the data that shows up in log files. Before deploying or overhauling log management systems, organizations need to weigh the benefits and drawbacks of each model in context of their business requirements. To simplify the process, this paper presents some questions to consider when vetting those business needs against each (and in many cases, both) of these log management models. Www. Sans. Du/resources/leadership/log_logic_interview. PH Log Management in the Cloud Basic Practices When looking at both models of log management (internally or in the cloud), begin with the end in mind by clearly laying out the reasons you want to collect log data. The following are some pre-selection tenets to keep in mind when considering both models of log management: Identify Your Goals One of the keys to any successful project deployment is identifying the goals before starting. Log management needs are different for each business unit staking a claim in the process. The IT group may be interested in the value of log data for problem solution; the security team may be interested in information management or event management tied into an overall SEEM; and the audit and compliance group is most likely interested in tracking what people are doing in regard to sensitive data. Other possible uses for log data include marketing, forensics and HER accounting. As they identify goals, companies would do well to consider the broader advantages of log management and analysis, and look for systems or services that will allow a migration toward a more complete use of log data in the future. Of importance to all groups is the type of reporting supplied by the service or system. Log management systems often have reporting that is geared toward compliance for PC, SOX, HAIFA and other similar standards. Apart from required reports, log management can generate reports that are helpful for system maintenance, security management and many other purposes. Whether log management is handled in-house or in the cloud, reporting and correlation features should be easy to use and able to meet current and future business goals. Locate Resources Critical to the success of any log management initiative is finding the staff needed to implement, manage and maintain the system. This is particularly difficult for SMB and government agencies that can’t afford top dollar for IT talent. Yet, according to a Gardner paper in May of 20082, compliance drivers are pushing organizations with smaller security staffs to acquire log management systems. In these cases, in-cloud services make sense. Larger organizations with dedicated security staffs and advanced log management processes, on the other hand, are more likely to keep log management functions in-house. But even those organizations might use log management services for branches, or as a part of their larger security or network management operations. 2 GO 56945, Mark Nicole and Kelly Savanna’s. SANS Analyst Program Try Before You Buy The computer industry is fraught with solutions that don’t work nearly as well as they purport. So, testing and trial use is critical to determine whether the system or service suits your needs. Put the search interface through its paces to test for functionality and accuracy. Start off with a few devices sending log data, but also set up as many devices as you are allowed to test during the trial period. Some log management systems work very well for a small amount of data; but as the data feed test larger, the performance goes down quickly†and the systems or services can miss events. A good way to test the system or service is to send some suspicious data to a device that is being monitored. Then go look for that particular data to make sure it’s all there in the logs. One way to do this is to use the Kiwi Slog Message Generators to send messages to the target, for example by using an option in the program to send a simple text message followed by a number. This makes it simple to see if any of the test messages have been picked up by the log management system or service and reported upon as required. You read "Log Mgmt" in category "Papers" If there is a security component to the monitoring service (there usually is), try attacking your server and see how the provider responds. The specifics of how you would do this testing will vary with your goals, but logging in as a user and intentionally mistyping the password enough times to lock the account should get a response from the log service or system. I have actively used this testing approach on some appliances that collected security information and never got a response. If you choose to do this kind of testing, start slowly to get an idea of where the response threshold is. In addition to testing for nationality and security, pay attention to the user interface. In most cases, this will be a Web-based front end. Go through all the options and make sure they work. Also, make sure that responses to the GUI are intuitive. If you have a report that you need regularly, you should be able to get that report reasonably easily, even have it e- mailed to a specified account. Custom reports and specialized reports may be more complicated to receive as a test, but the basic flow of the system should make sense. Finally, make sure that the people who will use the service test the interface before decisions are finalized. Www. Sociology. Com/kiwi-slogged-overview Questions for the Cloud Provider Selecting a log management software service provider is more like cementing a partnership than making a purchase. The service provider will have copies of critical log data†at times they may have the only copies of that data. The table below offers a quick snapshot of what to cover in a Service Level Agreement with a log management cloud service provider. Following that are questions to consider before taking the plunge. AAAS availability No more than 2 minutes of downtime a day and no more than 5 minutes per week. Timeliness of log data showing up in system Individual logged events must be available to a search from the customer portal within 90 seconds of the event. Timeliness of log data analysis Regulatory compliance Alerts must be delivered to the client within 30 minutes of a critical event. The AAAS provider must maintain compliance to changing regulations within 30 days of notification of change. New attack vectors should be applied to the processing system within 24 hours of a new attack being identified. The processing system must be upgraded to support changes and modifications to alerting from supported systems when systems are available for mineral release. Prompt upgrades to support new attack vectors Prompt upgrades to support upgrades to hardware and software 4 When considering cloud-based log management applications, organizations should ask the following questions (most of which can also be applied to in-house log management systems): Is It Safe? Many IT managers are concerned with the safety of their log data, and rightly so: Log data can be dangerous if it falls into the wrong hands. Attackers can get valuable information from reading the logs. For example, they can see if their attacks work, been known to show up in logs). Log data as common as Web or e-mail traffic often contains confidential information. Having control of logs can be useful to attackers who, in some cases, will try to clean the log data to remove any traces of their activity. Therefore, it’s important to look at the safety of log data†whether it’s stored on- or off-site. If the log data is stored locally, it’s often kept on each individual computer producing the data. Larger organizations will have log servers that will store the log data in a centralized attached storage device. Those systems are, in an ideal situation, secured and difficult to break into. In the cloud model, this data storage would be handed off to the cloud provider, which relieves the organization of the hardware, security and HER burdens involved with keeping storage in-house. However, as they lose control of that data, organizations must rely on the cloud service to handle their data securely. The issue of whether a service organization is competent is difficult to determine, and is ultimately based on reputation. Cloud providers must create a trust model as they manage collected log data securely and separately in a multi-tenant environment. This creates the need for additional layers of security to operate multiple tenants from one another on a shared server, while also protecting the data stores from attackers. Firewalls, encryption and data loss prevention are all areas of security that apply to sensitive log data stored in the cloud†a cloud that’s increasingly brutalized. Fertilization, in itself, is not necessarily a negative, as long as proper security procedures are followed within the virtual cloud. The same characteristics of fertilization that make it a concern as a hacking agent also provide a hiding technology that has the potential to make user accounts harder for attackers o access. Already security vendors are developing virtual technologies so that their anti-mallard products can’t be detected and overruled by today’s kernel boot- level rootlets. 5 How Is It Transported? Ask the cloud provider for specifics about how the data gets transmitted from your systems to their operations center. Is the data encrypted in transit? What type and strength of encryption is used? Is the encryption proprietary? Be wary of providers that claim their encryption information is confidential or proprietary; instead, look for providers that use proven technologies such as SSL or AES. There are numerous examples of companies that have invested vast amounts of money in creating their own encryption technologies only to find out after release that they missed a critical component. How Are Keys Stored? It would be easier for a log management vendor to use the same encryption secrets client, that attacker can access the accounts of all clients. A different key for each customer account would not only offer better protection against customers accessing one another’s accounts, but also against an attacker cracking a password and getting the keys to the entire kingdom. Logical separation of key storage is also important for the same reasons. How Often Is The Data Transmitted? Most log management systems send data in batch mode. The collection appliance typically waits for either a specified time or amount of data before transmission. In general, a quicker frequency is better because the data is getting processed faster. More frequent transmission minimizes traffic bursts and gives an attacker less time to interrupt or block the transmission of alerts, a technique attackers use in an attempt to avoid detection. What Is The Level Of Compression and Bandwidth Utilization? Bandwidth utilization is a question that you’ll want to keep an eye on as you test your log management service. It is common to get 90 percent compression or better on ASCII (plain text) logs, while binary log compression ratios may be less. If your Internet connection is currently heavily utilized, the log traffic may impede other traffic, and you’ll want to plan for this issue ahead of time. One way to monitor the bandwidth is to capture traffic statistics using Net Flows. If you aren’t monitoring your overall Internet traffic utilization, it’s best to get a handle on that prior to implementing a log management service and use this number as a baseline. What Backup and Redundancy Is Included ? If a cloud provider claims to be set up to handle this type of data correctly, verify that it is, in fact, doing a better Job than you would. The provider should have data stored at multiple locations and secure backups for redundancy. Check, too, with the company that is actually doing storage. In the cloud model, storage could be handed off to another vendor. Ask questions about how stored data is encrypted, how it is transferred, where the tapes or other media are stored, and if there is a process for racking tapes. Find out how long backup data is retained, how it’s destroyed, and what happens to the data if the service is terminated. It will probably be impossible to verify most of this, but the cloud provider should be able to answer questions and provide benchmarks, customer references, service agreements and other documentation. What Are The Responding Options? System. These built-in reports typically cover things like regulatory compliance and common performance and security metrics. Verify that the reports your organization needs are included as overbuilt reports, or that they’re easy enough to customize. Often, reporting is not as straightforward as people would like it to be. Sometimes, the logging application won’t provide the required information directly, but it may be available indirectly. For example, a security manager may want to identify invalid session IDs on a Web site because a high frequency of invalid session IDs may point to an attacker trying to guess a session ID and clone or hijack the session. If the log manager doesn’t report that information directly, it may be possible to get similar information by tracking the number of connections built from any given IP address. How Much Of The Data Is Actively Searchable? In some cases, the most recent data will be more quickly accessible for searching than data that has been removed from an active state. Moving data out of an active part of the database can make databases faster, so some data may be moved into an area that provides slower access. Ask if there are any special requirements to access archived data or whether the only issue is a performance penalty†and request a demonstration. 7 How Much Of The Data Is Stored? If data is moved out of primary storage, is the full log data retained or will recovery of data be limited to searchable data fields and metadata? If some detail is eliminated, determine whether this will cause problems with regulatory compliance, forensics processes and other log management and reporting needs required across your organization. If there are processes that automatically eliminate some data, can those processes be suspended for special circumstances, such as litigation requiring the preservation of data? How long does it take to make such changes? What Log Data Will Be Accepted? What specific devices, operating systems and applications are supported? Several operating systems and hundreds of widely used appliances and devices are critical o today’s diverse organizational IT infrastructures. The number of applications a log manager may be called upon to understand is staggering. Prioritize on all your critical devices and applications. How are they supported by the service provider, and how thorough is that support? How Are Its Instructions For Setting Up Devices? Log management can become more complicated as the number of log-producing for setting up devices, operating systems and applications that need to be monitored. Often, a company will need to deviate from the normal setup procedure, based on the peculiarities of its business that complicate the log data life cycle. As a result, setup instructions should be termed as guidelines, not hard and fast rules. Rules often must be massaged to work with the varying operating systems and applications (including their versions) that an organization needs coverage for. 8 How Are Alerts Determined? If the cloud provider is offering to send alerts for events of interest, find out how they determine what is of interest and compare that to what is of interest to your organization. Are they looking solely at security events or do they include more routine support and maintenance events? If the events of interest include both types f events, how do they distinguish between the two? How much involvement does the log management client have in setting up what alerts are of interest to them? If a drive runs out of space, for example, that can often be Just as big a problem as an attacker compromising a system. Ask, also, if they can correlate related events to give the analysis situational awareness. For example, an administrator logging into a domain controller at 10 a. . And creating a user is quite different from the DNS process starting a command shell and creating a user in the middle of the night. In both cases, a user is being created. In the first instance, the process seems normal; but in the second instance this combination of events could be associated with the RPC DNS exploit as demonstrated in an April, 2007, SANS Webmaster. Cloud (and in- house systems ) should, therefore, include situational awareness to understand when creating a user is a normal event and when, as in the second example, it is not normal. In addition to automated monitoring and alerts, it would be ideal if cloud providers could offer human review of logs as an add-on fee for service. Human review is required under some regulations, and is a good basic best practice for organizations to follow because automated systems don’t catch everything. How Quickly Does Processing Occur? Timing is an important issue with log management that the cloud model is well- suited to address. One typical problem with in-house log management is that events are often found after a problem is noticed. It is, of course, best to detect log events leading up to a critical event in order to avoid the critical event. The question about processing speed encompasses a number of different issues: Once an event has been logged at the local device, how long does it take for that event to show up in the yester? If that event should trigger an alert, how long will it be before the alert is relayed to the client IT department? Is there an option for the vendor to do more than April 24, 2007 Webmaster – www. Sans. Org/websites/show. PH? Beastie=90861 9 How Often Are The Alerts Updated? Operating systems and network devices are constantly coming under new and different attacks requiring new responses. The errors from these devices also change with some upgrades, so it is important for the Log Management provider to conduct regular and timely updates to its system, and respond reasonably when errors occur. How Are System Upgrades Handled? In the cloud, upgrades to the log management system s are handled by the provider, thereby relieving the organization from having to maintain these systems in-house. There is a risk, however, that the upgrades may cause outages in coverage by accidentally introducing new compatibility or protocol problems. It would be a good to ask the cloud provider about how upgrades are handled and how clients are protected during the upgrades. By the same token, how would updates to any internal system log-generating devices affect the cloud provider’s coverage? 10 Considerations for In-House Log Management Many of the same questions that apply to companies offering log management service in the cloud also apply to internally-managed log management systems. The 2008 SANS Annual Log Management survey indicates it is still incredibly difficult to automate log management systems to the degree organizations need. A recent article by Patrick Mueller in Information Week refers to log management as a â€Å"monster. † Just because it’s difficult doesn’t mean log management needs to be outsourced. When weighing in-house log management, consider the following factors: Could A Personal Change Ruin Your Log Management Process? Log management is often the pet project of one person while the rest of the IT staff tries not to get involved. If that person leaves the company, it can be difficult for initiatives. Will Your Staff Monitor The Logs Regularly And Maintain Updates? Log management services have requirements built into their contracts for response time and full-time monitoring. Can your staff live up to those same expectations? One of the issues for log management companies is keeping up with updates to applications, operating systems and regulatory issues. Is your staff able to keep up with the changes? As an example, how did your staff do when Windows Server 2008 changed all its event Ids? At the time, most administrators used a collection of scripts; however, all those scripts, which were working, suddenly became broken. Floggers lashed out about it. For a log administrator who finally has everything working, that sort of a situation can be a demoralizing surprise. Maintaining updates and monitoring logs is complicated by the fact that most companies support a diversity of logging devices. To properly support local log management, an IT group will need to work with different vendors ho use different types of log data. At times, it may be necessary to bring in consultants to assist with tracking down specific issues. Organizations need to consider the associated costs and frustrations of working with multiple vendors and integrators along with the costs of the initial deployment and ongoing internal staffing requirements. 56 www. Informational. Com/story/charities. Jhtml? Articled=208400730 www. ultimate windows security. Com/wick/WindowsServer2008VistaSecurityLog. Sash 11 Roll Your Own Or Buy An Appliance? A big debate in the log management arena is how to deploy log management tools. According to the SANS Log Management survey, the majority of organizations (38 percent) are building home grown solutions through the use of slog servers, custom scripts and applications. The remaining respondents used a combination of commercial software and appliance-based tools or checked â€Å"other. † In either case, organizations are not happy with their level of automated correlation or system coverage, according to the survey. Coverage, automation, correlation and access must all be addressed, maintained and improved upon as needs dictate, regardless of which option is chosen. How to cite Log Mgmt, Papers