Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
The Video Migraine: Security, Governance, and Business Continuity- One Step at a Time

The Video Migraine: Security, Governance, and Business Continuity- One Step at a Time

Ratings: (0)|Views: 24|Likes:
If you are leading a high-profile video conference or streaming media event, your susceptible to the headaches that are inherent in such a project, Learn how to properly plan and test your video system without a migraine.
If you are leading a high-profile video conference or streaming media event, your susceptible to the headaches that are inherent in such a project, Learn how to properly plan and test your video system without a migraine.

More info:

Published by: Human Productivity Lab on Jun 18, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





The Video
SecuriTy, GOvernance, and BuSineSScOnTinuiTy—One STep aT a TimeBy
doug howard
igraines are caused by many triggers, and or some people (in reality,many) video has been a clear root cause. I you’re on the hook or a high-prole video conerence or streaming event, your nervous system ispreconditioned or a heightened sense o awareness and stress the day o the event.Your nervous system is likely to go through our stages o change on the route to amigraine: prodrome, aura, attack and postdrome. Here’s how it plays out:
Te early symptom is the stress that pulsates through your body asyou mentally review all the things you and your team did to prepare or anything youcould have missed or that might go wrong. So many things outside o your control. Somany points o ailure. Will the network holdup? Did the rewall get changed? Didanything change since you did the test an hour ago?
S 2012 63
Even i everything goes perectly, your body assumes the worstand orces your nervous system into believing the worst willoccur just as it has so many times beore. Te net result … theVIDEO MIGRAINE.Introducing or expanding video across an enterprise providessignicant business value … but not without risk. Video withinan enterprise, like any application, introduces new considerationsthat have wide-reaching impacts on the business and I alike.Te positive benets to a business that use video are boundless,but video can also be very dangerous i not properly plannedand managed. Video, unlike most applications, introduces bothrequirements and impacts associated with latency and bandwidthto an extreme degree, as well as security and Business Continuity and Disaster Recovery (BCDR) demands. Also, because video ispart o your Unied Communications and Collaboration (UCC)suite, it oen alls under one or more compliance and regulatory requirements. In all cases it alls under U.S. state and internationalprivacy and Personal Identiable Inormation (PII) laws. Videois also a broad term that encompasses Video eleconerencingConerencing (VC), Streaming Video, and Video on Demand(VOD). Endless business applications all under video as well,including desktop, room and telepresence or VC, webcasting,executive and nancial/product broadcast, IPV, processmonitoring and surveillance or live and hybrid streaming, on-demand training, enterprise Youube, compliance archiving, andpublishing all under VOD.Video should be considered a key element to support youroverall corporate BCDR plan, providing a rich communicationsconduit during critical times. Tis doesn’t count all theother supporting categories such as lecture capture, editing,content management/storage, and video intelligence. Onelast complication is video delivery, which includes variablessuch as requency o use, inside/outside the rewall routingand transversal, transmuxing/transcoding, automatic network condition detection and adjusting, and integration with otherbusiness applications that may reside on premise or In theCloud (IC).As with all things revolving around I, it’s oen over-whelming to know where and when to start. We recommendstarting beore the next purchase or add-on order. Aer all,i your network, the Internet, conerence rooms and studios,audio systems, viewer platorms and standards were static andyou never introduced new and add-on devices and applications,you’d never get a video migraine!
Vendor audit and management within the itSecurity diSciPline
Many companies are required by law or their own business needsto perorm vendor oversight, ensuring the vendor has adequateinormation security and data protection incorporated into itsproducts and services. In truth, every organization must secureits environments in the ace o changing technologies, people and
OK, breathe, let’sgure out what happened and make sureit doesn’t happen ever again … assumingI still have a job. How will I recover romthis? Man I have a headache. Where arethe aspirin and how soon can I get a drink or three? I think I’ve aged 50 years.
Te inability to ocus comesquickly as things don’t work as expected.Te call dropped … how hard is it to justreconnect? Why am I the only one thatknows how to do this? Te remote userscan’t join the stream and continue to hitthe connection over, and over, and over,and over again, exacerbating the problem.Is the room spinning? Why is this takingso long? Why is everyone looking at me?
Te pain is in ull efect now.How could this have happened? How could we have missed that? Everythingwas working beore. Tey say it’s not thenetwork. How long will the pain last.You’re the last stop or the blame train.Your head is pounding and you can’tthink straight. What will happen now?
processes. Beore adding an I vendor’s product or service to yourorganization’s operational prole, you must rst set your ownstandards or I security, governance and business continuity. Youmay choose rom a ew primary routes or such a policy:1) Adopt the international series o standards, presently theISO 27000 series2) Adopt the ree written policies used by your country’sgovernment, such as the US NIS standards3) Adopt a uniquely created standard. ISO/IEC 27001ormally species a management system to bring inormationsecurity under explicit management control. A ormalspecication means that it mandates specic requirements soorganizations can be ormally audited and certied compliant.While ISO has expenses or purchasing the standards, it’sglobally recognized and provides a well-developed base outlineor an organization to build unique standards around.Te ISO 2700 series are primarily designed around securingand enterprise, but with a little creativity they can be usedor auditing and evaluating your vendors. Te ISO standardcontains 12 main sections that can be mapped specically to theevaluation o any vendor. Tey include:
1. rs assss
—What is the general risk o doing business with the vendor (i.e. nancial viability, technical solution, deployment options andrequirements, etc.)
2. S p
—What is the vendor’s written security policy 
3. oz f f s
—Governance o inormation security 
4. ass 
—Inventory, classication andprioritization o inormation assets and services
5. h ss s
—Security aspects oremployees joining, moving within and leaving anorganization
6. Ps  v s
—Protection o the physical users’ computers and devices and thedatacenter acilities
7. cs  ps 
Management o technical security controls in systemsand networks
8. ass 
—Restriction o access rights tonetworks, systems, applications, unctions and data
9. if sss qs, vp 
—Building security into applications
10. if s  
Anticipating and responding appropriately toinormation security breaches
11. Bsss  
—Protecting,maintaining and recovering business-critical processesand systems
12. cp
—Ensuring conormance with inormationsecurity policies, standards, laws and regulationsNow the real complication is making sure that all yourstandards meet the ollowing criteria:1) actually make you more secure2) can be supported by your organization and properly managed to the standards you document3) ulll your governance requirements so you can provideproper reporting on all the regulatory and compliancestandards your organization is subject to4) continue to be applicable even when the inevitableadversity strikes and your inrastructure, people, and processescontinue to operate at a minimal level to sustain the businessneeds.In order to properly evaluate a vendor, we recommend a simplethree-staged process in auditing and managing the vendorrelationship ongoing. Ultimately, you can use this snapshot todemonstrate regulatory compliance, contractual complianceand adherence to best practices or inormation security practices:
1. c f
—Issue a detailed questionnaire toyour vendors. Tis should be a contractual commitmentin your Master Service Agreement, and the repliesshould be contractually binding.
2. Vf
—Conduct telephone and on-site visits to veriy the responses to the questionnaire and to identiy othergap areas not mentioned by the vendors.
3. az  rp
—Dra and deliver a nal reportthat identies areas o strengths and weaknesses asmeasured against your organization’s dened standards.We suggest allowing your vendor to review and providecomments to the report.
4. d ap
—You must now judge i theintroduction o the vendor into your operations lets youto maintain your acceptable risk level or the business.
5. m
—Assuming you’re comortable with the vendor, your report provides a point-in-time analysiso the vendor and a risk prole. It should also ulll theollowing:

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->