Data Center is our focus

We help to build, access and manage your datacenter and server rooms

Structure Cabling

We help structure your cabling, Fiber Optic, UTP, STP and Electrical.

Get ready to the #Cloud

Start your Hyper Converged Infrastructure.

Monitor your infrastructures

Monitor your hardware, software, network (ITOM), maintain your ITSM service .

Our Great People

Great team to support happy customers.

Wednesday, November 05, 2014

When to use tools for ISO 27001/ISO 22301 and when to avoid them

When to use tools for ISO 27001/ISO 22301 and when to avoid them
Posted on 03 November 2014.
If you’re starting to implement complex standards likeISO 27001 or ISO 22301, you’re probably looking for a way to make your job easier. Who wouldn’t? After all, reinventing the wheel doesn’t sound like a very interesting job.

So, you start looking for some tool to help you with these information security and business continuity standards, but beware – not every tool will help you: you might end up with a truck wheel that doesn’t fit the car you’re driving.

Types of tools

Let’s start first with what types of tools you’ll find in the market that are made specifically for ISO 27001 and ISO 22301:

a) Automation tools – these tools help you semi-automate part of your processes – e.g., performing the risk assessment, writing the business continuity plans, managing incidents, keeping your documentation, assisting in measurement, etc.

b) Tools for writing documentation – these tools help you develop policies and procedures – usually, they include documentation templates, tutorials for writing documentation, etc.

Pros and cons of automation tools

Automation tools are generally useful for larger companies – for example, using spreadsheets for assessing risks can be a problem if you have, e.g., 100 departments, because when you have to merge those results this becomes very difficult. Or, if you have 50 different recovery plans and you want to change the same detail in each of them, using a tool is probably much easier.

However, applying such automation tools to smaller companies can prove to be very expensive – most of these tools are not priced with smaller companies in mind, and even worse – training employees for using such tools takes too much time. Therefore, for smaller companies, performing risk assessment using Excel or writing business continuity plans in Word is a very quick and affordable solution.

There are some tools for which I personally see no purpose – for example, tools for keeping ISO documentation. For that purpose, larger companies will use their existing document management system (e.g., SharePoint), while smaller companies can upload the documentation to shared folders with defined access rights – it doesn’t have to be any more sophisticated than that.

Can you automate everything?

One important fact needs to be emphasized here: automation tools cannot help you manage your information security or business continuity. For instance, you cannot automate writing your Access control policy – to finalize such a document, you need to coordinate your CISO, IT department and business side of the organization, and only after you reach an agreement can you write this policy. No automation can do that for you.

Yes, you can semi-automate the measurement of success of particular controls, but again a human needs to interpret those results to understand why the control was performing well or poorly – this part of the process cannot be automated, and neither can the decision on which corrective or preventive actions need to be taken as a result of gained insight.

What to watch out for when looking for documentation writing tools

You won’t need tools for writing your policies, procedures, and plans if you already developed your documentation based on a framework that it similar to ISO 27001 – e.g., COBIT, Cybersecurity Framework, or NFPA 1600. Also, if you hired a consultant, then it will be his duty to write all the documents (see also: 5 criteria for choosing an ISO 22301 / ISO 27001 consultant).

In other cases you will find documentation writing tools (i.e., documentation templates) quite useful because they will speed up writing your policies and procedures. The main question here is how to choose the right ones – here are a couple of tips:
  • Are they appropriate for your company size? If you are a small company and the templates are made for big companies, they will be overkill for you, and vice versa.
  • Which kind of help do you receive for writing documents? Are there any guidelines, tutorials, support, or anything similar that comes with the templates?
  • Experience of the authors? It would be best if the author has experience in both consulting and auditing, so that the templates are practical for daily operations, but also acceptable for the certification audit.
So, to conclude: yes – in most cases tools can help you with your ISO 27001 and ISO 22301 implementation. Since there are many tool providers in the market, make sure you perform thorough research before you decide to use one.

Author: Dejan Kosutic, Expert at 27001Academy, is the author of a documentation tool aimed at small and mid-sized companies: ISO 27001 & ISO 22301 Documentation Toolkit.

Email Archiving menjadi kritikal

Managing risk: Why email archiving is critical

In a fast moving and rapidly evolving business environment, which is undergoing a transformative shift to digital communications - it is increasingly important for businesses to protect themselves against legal, financial, and reputational risks.
Many of these risks will come in the form of existing and new legislation, as regulators and lawmakers strive to keep pace with innovations and developments linked to the use of digital platforms and new data storage capabilities.

One powerful and particularly important example of legislation impacting business practices can be found in the way companies are being required to store and archive emails. Email archiving is the process of capturing, preserving, and making easily searchable all email traffic to and from an organisation. Email archiving solutions capture email content either directly from the email server itself (labelled journaling) or during message transit. The email archive can then be stored on magnetic tape, disk arrays, or more commonly these days, in the cloud.

Legal data records

Few could argue that email has become an essential business tool, yet many companies still fail to recognise that like other information they possess and generate, it requires proper storage and management. Unsurprisingly, digital records are now regarded as functional and legal data records, which means that proficient storage and retention methods must be put in place to secure and accommodate electronic communications. 

One of the primary reasons for the increasing calls for digital information to be securely stored and retained is for evidentiary purposes. Sections 14 and 15 of the Electronic Communications and Transactions Act, for example, touch on the originality, admissibility and evidential weight of data messages, respectively. 

Currently, the standard practice in South Africa is to retain email for three years. There are some exceptions to this rule, such as under the Companies Act, whereby electronic documents may have to be retained for up to seven years. Under the VAT Act, for example, electronically generated tax invoices need to be stored for five years or more. (The Value-Added Tax Act, No 89 of 1991 (VAT Act) requires that an invoice be presented as a 'document'. With regards to the provisions of the ECT Act, a 'document' includes a data message and sending an invoice in electronic form will be acceptable for purposes of the VAT Act, subject to certain requirements - such as storage - being met.

Corporate governance

It is also important for businesses to be aware of the fact that the King Report on Corporate Governance for South Africa states that directors are responsible for risk management and - specifically with regards to IT - that they have a responsibility to ensure that an effective internal control system is in place. 

This underscores the point that electronic document management should be a top priority not just for CIOs and IT departments, but also for executive leaders. Failing to prioritise document management - which naturally includes email and proper email archiving - can put directors at risk of heavy penalties and even, in some cases, imprisonment. 

Stuck in history

For most companies, relying on existing, and in many respects, outdated methods of managing their email, is risky business. Current and impending legislation, which is likely to get even tougher on electronic document management, calls for companies to explore various email archiving solutions. When deciding on the right solution, businesses need to make sure that it complies with the requirements of the Electronic Communications and Transactions Act and associated laws/legal frameworks.*

In short, it is critical to remain compliant and up to date with regards to the retention and storage of all electronic communication - not only from a legal and financial perspective, but also from a purely reputational viewpoint. With effective email archiving, for example, businesses can respond quickly and decisively in the event of complaints against them. Moreover, efficient digital record keeping enables a business to run all the more smoothly, responding to both internal and external requests with ease.

The below checklist provides guidance on this:
  • Emails must be captured and stored in their final form and must be capable of being displayed or presented in this form
  • Emails must not be altered in any way
  • The form in which the emails are stored must allow for them to be viewed to accurately showcase the information generated, sent or received in final form
  • The email archival service must be able to verify and track the lifespan of stored emails as well as any actions taken which may affect the stored emails or their storage environment
  • Information about the email origin must be ascertainable, retained and associated with the emails themselves either in a manner that is consistent with their final form or in a manner that does not undermine the email integrity
  • Emails must be retained in such a manner that the information is accessible
  • The email archival infrastructure must be subject to regular and verifiable checks in order to ensure integrity and proper functioning
  • Emails must be capable of being extracted from their storage environment in a nondestructive manner to preserve the information extracted as evidence as well as the stored versions' and copies' integrity
  • Emails that are extracted from their storage environment for use as evidence should be capable of being verified as having been stored in a compliant archival infrastructure

Business Process Management dalam DMS

Business process management (BPM), as the name suggests, focuses on the various processes that help run the organization. It aims to optimize processes in the best way possible so that the organization is both efficient and cost effective.
Document management is tied in with BPM. Creating a document, storing it or even sending it across to a higher-up are all processes for which most organizations have a dedicated structure which is followed. Dynamic Case Management and Enterprise Content Management are two forms of BPM which heavily rely on a document management system to work.
A document management system (DMS) with workflow features is especially helpful in the execution of a BPM in an organization. GLOBODOX is an eDMS which contains many features that makes it perfect in improving the efficiency of your organization’s processes.
A Single and Safe Repository
GLOBODOX helps you build a single repository which your whole organization has access to. This means one thing –all the files can be accessed from one place.No more do the organization’s receipts just stay with the accounts. It is open to all who have access.
Add in a security-level to every user. Every user id has a security level which deems which folders he can access.
Making a backup of all the files can be very easy. This way, if ever there is a serious loss of data for the organization, it can be easily reconstructed using the backup.
Easily Add Files
Everyday, every employee will be creating new documents. Some of them will be reports, articles, spreadsheets, etc.GLOBODOX’s easy drag and drop feature ensures that it is effortless to add files to the repository.
Additionally, the Capture Folder feature ensures that as a folder is updated with files, they are automatically added to the organization’s repository.
Review the Event Log
A manager can easily review the activities of a person on GLOBODOX through the event log. This way, there is a thread to find out what went wrong in BPM and the problem can be fixed.
Connect with Your Organization’s Workflow
GLOBODOX allows you to create your own custom workflow which fits in with your organization’s process. You can easily route document to users based on the rules of your organization. Integrating your workflow with GLOBODOX is extremely easy.
You can adapt GLOBODOX to send tasks, messages and notifications from your workflow so users know about urgent tasks and documents which need their attention.
Workflow Designer helps you create a compatible workflow that fits in with your organization and GLOBODOX.
Standard Publishing Format
Using GLOBODOX, your organization can set a standard format to publish any document. This way, documents always carry a stamp and signature. This can be done in tandem with the organization’s workflow. This further helps manage multiple teams’ publications in the organization.
All in all, GLOBODOX is an eDMS that can easily be customized to fit to your large organization’s process. It will be convenient, smoother processes, improve productivity and reduced costs.

Sunday, November 02, 2014

Alat sambung Serat Optik

Alat sambung (Fusion Splicer) dan alat ukur Serat Optik  (OTDR) merupakan salah satu perangkat pendukung dalam operasional pengelolaan jaringan access Serat Optik  

Untuk keperluan Operasional dan Maintenance (O&M) Network Element yang beroperasi menggunakan jaringan acccess Serat Optik,  maka sangat penting peranan alat sambung dan alat ukur Serat Optik.
Jaringan access Serat Optik  sebagai media transport untuk layanan broadband maupun narrowband sering mengalami gangguan, yaitu berupa putusnya Kabel serat optik sehingga mengakibatkan terjadinya Perhubungan Putus (PERPU) pada perangkat terminal yang mensupply port maupun data . Maka untuk membantu trouble shooting pada jaringan access Serat Optik  dapat segera dilakukan penanggulangan, baik berupa pencarian (searching) lokasi putusnya kabel  penyambunganm kabel Serat Optik .
Alat Sambung Serat Optik (Fusion Splicer)

Fusion Splicer
Alat sambung Serat Optik  dikenal dengan sebutan FUSION SPLICER yaitu suatu alat yang digunakan untuk menyambung core Serat Optik  yang berbasis kaca yang mengimplementasikan daya listrik yang sudah dirubah menjadi sebuah media sinar berbentuk sinar laser yang berfungsi memanasi kaca yang putus pada core sehingga terhubung kembali secara baik. Alat sambung splicer ini harus memiliki keakuratan tinggi sehingga pada saat penyambungan (splicing) bisa mendekati sempurna, karena proses terjadinya pengelasan media kaca terjadi proses peleburan kaca yang menghasilkan suatu media yang tersambung dengan utuh tanpa adanya celah karena memiliki karakter media yang memiliki senyawa yang sama.  Penyambungan bisa saja tidak utuh,  karena tidak mengikuti prosedur penyambungan yang benar. Bila hal ini terjadi maka proses penyambungan harus diulangi lagi, hingga mendekati redaman yg sekecil-kesilnya (dibawah 0.2 dB)
Penyambungan melalui pengelasan oleh alat sambung harus mengikuti peraturan-peraturan dan kebersihan yang ketat yang harus dipatuhi oleh seorang teknisi karena bila terjadi pelanggaran-pelanggaran yang disengaja untuk memudahkan proses penyambungan maka akan mengakibatkan hasil kerja tidak sempurna karena akan menghasilkan suatu nilai dari alat sambung yang menunjukkan Bit Error Rate ( BER ) yang tinggi bila dipaksakan dipergunakan akan mengakibatkan alur transmisi ke perangkat akan tidak sempurna karena memiliki resistansi.
Alat ukur Serat Optik (OTDR) 

Alat utama atau tools utama yang sangat dibutuhkan dalam melaksanakan trouble shooting untuk gangguan yang terjadi pada jaringan akses Serat Optik   karena tanpa menggunakan alat ukur Serat Optik   tidak bisa melakukan apa-apa terhadap gangguan yang terjadi.
Alat ukur Serat Optik  disebut dengan nama OTDR ( Optical Transmission Digital Reflektometer ) merupakan alat untuk mendeteksi kontinuitas suatu kabel Serat Optik  dalam jarak tertentu sehingga bisa menghasilkan jarak dari dua sisi yang merupakan ukuran gangguan yang terjadi sehingga trouble shooting dapat dilaksanakan dengan baik karena akan dengan mudah menentukan letak lokasi gangguan yang terjadi dengan referensi jarak hasil ukur dari perangkat alat ukur OTDR.

Dalama pelaksanaan Operation & Maintenance jaringan akses Serat Optik  harus mutlak tersedia tools untuk menentukan dan melaksanakan trouble shooting pada gangguan yang terjadi pada jaringan akses Serat Optik  sehingga dengan secepatnya gangguan dapat ditanggulangi dengan waktu yang tidak terlalu lama.
Dan untuk tindak lanjut dalam hasil pelaksanaan trouble shooting maka harus segera disiapkan tools kedua yang merupakan implementasi dari pelaksanaan penyelesaian gangguna yang terjadi dengan menggunakan alat sambung yang bernama Splicer dengan accessories yang lengkap termasuk tools kit pendukung sehingga pelaksanaan penanggulangan gangguan akan ditekan waktunya secepat mungkin

Cara singkat terminasi Fiber Optic

Berikut adalah Cara singkat Instalasi atau Terminasi fiber optik,mudah2an bermanfaat.

1. Pertama2 siapkan fisik dan mental , jangan lupa banyak minum air putih dan tarik nafas dalam-dalam.
2. Siapkan kabel fiber optik yang akan di terminasi dalam hal ini kabel yang masih utuh tanpa di sentuh apapun,sambil di ingat-ingat berapa nih dapetnya.
3. Kupas kulit terluar dalam hal ini pembungkus kabel hitam sepeti gambar dibawah, jangan lupa sisakan kabel yg berwarna biru dan lupakan sejenak rencana traktir2nya.
4. Setelah itu coba oleskan alcohol pada bagian kabel warna biru untuk membersihkan gel yang ada pada permukaan kabel itu, jangan terlalu di hayati yaa.
5. Nah ini dia bagian paling seru, coba kupas kabel warna biru tersebut, caranya bisa menggunakan cutter, hati2 jangan sampai kabel bagian dalam terluka bisa di bilang gak profesional nantinya.
4. Setelah selesai nanti akan kelihatan isinya berupa kabel dengan jumlan 4 helai seperti helai rambut . hati2 bro jangan sampai patah , coba oleskan juga alcohol agar helai itu tidak menyatu, coba pisahkan masing2 helai itu,dimana berupa helai dengan warna : biru,hijau,orange dan coklat, satu lagi jangan di kupas itu jarimu.
5. Nah didalam lapisan helai itu adalagi lapisan kaca tapi belum core/inti fiber nya. untuk itu diperlukan alat pengupas.
6. Kupas perlahan2 kulit pembungkus helai itu dengan alat pengupas.
7. Setelah terkupas anda siapkan lem untuk fiber nya. terdiri dari 2 cairan satunya di oleskan ke fiber nya dan satunya di suntikkan ke konektor nya.kemudian perlahan2 anda masukkan fiber nya ke konektor, ingat jangan sampai terlambat, jika terlambat maka lem nya akan mengering dan fiber tidak bisa di tarik lagi.
8. Kemudian silahkan potong fiber nya menggunakan pemotong yang sudahdisediakan.jika hasil potongannya bagus maka kemungkinan peluang menggosok2 nya tidak lama
9. Sesekali teropong menggunakan microscope untuk melihat hasil potongan/gosokan fiber nya, awas jangan salah teropong.
Seperti kabel lainnya kalau fiber optic patah musti disambung dan nyambungnya harus dari awal, artinya kabel dikupas sampai pada corenya lalu corenya disambung/displice. Ada dua cara splicing/penyambungan yaitu : Mekanical splicing dan Fusion splicing.
Mecanical splicing adalah penyambungan secara manual/mekanis dimana kedua ujung core setelah dikupas/ditelanjangi menggunakan alat penelanjang (stripper)didempetkan dg kerapatan yg ditentukan lalu dijepit dg alat sambung standar pabrikan FO.
Penyambungan mekanis ini biasanya bersifat darurat dg alasan FO yg ada sangat pendek hingga tdk memungkinkan dilakukan fusion splicing, atau alasan lain karena alat sambung lebur/Fusion Splicer tdk ada atau masih menunggu dari tempat lain, sementara FO harus segera disambung.
Penyambungan mekanis ini memerlukan tingkat ketrampilan dan ketelitian yg tinggi karena betul2 manual supaya hasil ukuran lossnya rendah.
Fusion splicing/Peleburan dilakukan dg menggunakan Splicer sudah computerized sehingga pengerjaannya lebih mudah dan hasil splicingnya relatif lebih bagus, dan biasanya ukuran lossnya sangat rendah.
Setelah splicing selesai maka core optik disusun didalam sebuah tray dg rapi dan terikat kuat/tidak goyang lalu dimasukkan ke dalam alat sambung kabel yg namanya Clossure. Clossure inilah yg berfungsi buat melindungi core dari gangguan eksternal, jadi ujung kabel satu dg lainnya dijepit kuat di clossure ini, sedangkan core berada di dalamnya dg aman.
Kalau di liat ada benda warna hitam berbentuk silinder atau yg lain kira2 sepanjang 60 Cm nempel di ujung tiang kabel FO ya itulah Clossure.
Kabel FO bawah tanah juga demikian prosedurnya hanya saja bentuk dan specifikasi clossurenya sedikit beda karena harus lebih tahan lumpur dan air dalam waktu lama.
Kenapa harus memakai clossure segala?, karena FO itu wujudnya sangat kecil/lembut jadi sangat rawan patah sehingga harus betul2 terlindungi dengan kokoh.
Standar FO umumnya sama, wujud kabel sebesar diameter kl. 1 inchi baik yang isinya 6 core hingga 96 core (maaf di atas 96 core saya belum pernah liat).
Setiap 6 core dg pewarnaan berbeda buat pengkodean dimasukkan ke dalam tube/loss tube dg warna yg berbeda pula.
Jadi kalau sebuah kabel FO berisi 96 core maka di dalamnya terdapat 16 loss tube yg berisi nasing2 6 core FO. Kalau satu kabel isinya kurang dari 16 loss tube biasanya diganti dengan plastik dg ukuran yg sama dg loss tube yg biasa disebut filler buat memenuhi isi dari diameter kabel.
Yang umum dipakai di dunia telekomunikasi warna FO ada 12 warna dengan urut-urutan (dalam bhs. Indonesia)sbb:
1 = B > Biru 7 = M > Merah
2 = O > Orange 8 = H > Hitam
3 = H > Hijau 9 = K > Kuning
4 = C > Coklat 10 = U > Ungu
5 = A > Abu-abu 11 = P > Pink
6 = P > Putih 12 = T > Tosca
Agar mudah diingat/mudah dihafal maka warna kabel FO disingkat menjadi: BOHCAPMHKUPT (BOHCAP eM Ha Ka U Pe Te).
Warna ini bukan hanya berlaku bagi Core saja tetapi Loss Tubenya juga, karena bertujuan utk memudahkan urutan kabel itu sendiri bilamana yg dipakai/disambung lebih dari 1 loss tube.
Biasanya untuk Core pewarnaan diulang setiap 1 s/d 6 (BOHCAP), sedangkan Loss Tube setiap 1 s/d 12 (BOHCAPMHKUPT)
Sebagai contoh sebuah kabel berisi 24 core yang terdiri dari 4 tube (masing2 tube isi 6 Core), maka urutannya adalah :
Core nomor 1 = Core warna Biru, Loss Tube warna Biru, core berikutnya urut s/d core warna putih.
Core nomor 7 = Core warna Biru, Loss Tube warna Orange, core berikutnya urut s/d core warna putih.
Core nomor 13 = Core warna Biru, Loss Tube warna Hijau, core berikutnya urut s/d core warna putih.
Core nomor 19 = Core warna Biru, Loss Tube warna Coklat, core berikutmya urut s/d core warna putih.
Untuk menghindari FO patah akibat tekukan/bending, maka ada ketentuan radius minimum yang diperbolehkan dalam menggulung atau menekuk Kabel FO al :
-Bending radius untuk Kabel minimal 20 kali diameter kabel (kl. 80 Cm).
-Bending radius untuk Core minimal 3 Cm