In times when Cloud Computing, Internet of Things, mobile devices (including environments BYOD) are an increasingly widespread reality (and unstoppable future), thereby opening backdoors to our corporate network (and their respective threats), which place touches the IT security officer to manage an increasingly large number of hits and risks? Where is our corporate perimeter? Block accesses can talk or we have only to settle for being resilient to attacks due to a lack of control visibility and access control? Many doubts are raised, the market has responded and there are technological and non-technological solutions that seek to remedy the growing risk are suffering the organizations withRead More →

IT Governance or Corporate governance of information technology is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization’s strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. I created a presentation where I explain in details this topic, you can see my presentation here: IT Governance & ISO 38500 from Ramiro Cid  Read More →

Lean IT is an extension of Lean manufacturing and Lean services principles to the development and management of information technology (IT) products and services. Lean concept and principles are not new because they were developed by Toyota some decades ago, but the use of Lean on IT is new. Lean IT central concern, applied in the context of IT, is the elimination of waste (or fat), where waste is work that adds no value to a product or service developed/delivered by the company. The approach is a way of thinking and acting, focussing heavily on organizational culture. Lean IT is associated with the development andRead More →

IT Governance has an ISO, it is the ISO/IEC 38500:2008 “Corporate governance of information technology”. This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.). This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. In essence, all that this proposed rule can be summarized into three main purposes: a) Ensure that, if the rule is followedRead More →