The complete list:
# 0 No error
# 1 Usage error
# 2 Attempt to apply a patch that's already been applied
# 3 Effective UID is not root
# 4 Attempt to save original files failed
# 5 pkgadd failed
# 6 Patch is obsoleted
# 7 Invalid package directory
# 8 Attempting to patch a package that is not installed
# 9 Cannot access /usr/sbin/pkgadd (client problem)
# 10 Package validation errors
# 11 Error adding patch to root template
# 12 Patch script terminated due to signal
# 13 Symbolic link included in patch
# 14 NOT USED
# 15 The prepatch script had a return code other than 0.
# 16 The postpatch script had a return code other than 0.
# 17 Mismatch of the -d option between a previous patch
# install and the current one.
# 18 Not enough space in the file systems that are targets
# of the patch.
# 19 $SOFTINFO/INST_RELEASE file not found
# 20 A direct instance patch was required but not found
# 21 The required patches have not been installed on the manager
# 22 A progressive instance patch was required but not found
# 23 A restricted patch is already applied to the package
# 24 An incompatible patch is applied
# 25 A required patch is not applied
# 26 The user specified backout data can't be found
Monday, April 27, 2009
Wednesday, March 25, 2009
vi (aka vim) tutorial, tips, tricks and useful commands
vi (aka vim) tutorial, tips, tricks and useful commands
Where grep came from (RE being Regular Expression):
:g/RE/p
Delete lines 10 to 20 inclusive:
:10,20d
or with marks a and b:
:'a,'bd
Delete lines that contain pattern:
:g/pattern/d
Delete all empty lines:
:g/^$/d
Delete lines in range that contain pattern:
:20,30/pattern/d
or with marks a and b:
:'a,'b/pattern/d
Substitute all lines for first occurance of pattern:
:%s/pattern/new/
:1,$s/pattern/new/
Substitute all lines for pattern globally (more than once on the line):
:%s/pattern/new/g
:1,$s/pattern/new/g
Find all lines containing pattern and then append -new to the end of each line:
:%s/\(.*pattern.*\)/\1-new/g
Substitute range:
:20,30s/pattern/new/g
with marks a and b:
:'a,'bs/pattern/new/g
Swap two patterns on a line:
:s/\(pattern1\)\(pattern2\)/\2\1/
Capitalize the first lowercase character on a line:
:s/\([a-z]\)/\u\1/
more concisely:
:s/[a-z]/\u&/
Capitalize all lowercase characters on a line:
:s/\([a-z]\)/\u\1/g
more concisely:
:s/[a-z]/\u&/g
Capitalize all characters on a line:
:s/\(.*\)/\U\1\E/
Capitalize the first character of all words on a line:
:s/\<[a-z]/\u&/g
Uncapitalize the first character of all words on a line:
:s/\<[A-Z]/\l&/g
Change case of character under cursor:
~
Change case of all characters on line:
g~~
Change case of remaining word from cursor:
g~w
Increment the number under the cursor:
Decrement the number under the cursor:
redraw:
Turn on line numbering:
:set nu
Turn it off:
:set nonu
Number lines (filter the file through a unix command and replace with output):
:%!cat -n
Sort lines:
:%!sort
Sort and uniq:
:%!sort -u
Read output of command into buffer:
:r !ls -l
Refresh file from version on disk:
:e!
Open a new window:
n
Open a new window with the same file (split):
s
Split window vertically:
v
Close current window:
c
:q
Make current window the only window:
o
Cycle to next window:
w
Move to window below current window:
j
Move to window above current window:
k
Move to window left of current window:
h
Move to window right of current window:
l
Set textwidth for automatic line-wrapping as you type:
:set textwidth=80
Turn on syntax highlighting
:syn on
Turn it off:
:syn off
Force the filetype for syntax highlighting:
:set filetype=python
:set filetype=c
:set filetype=php
Use lighter coloring scheme for a dark background:
:set background=dark
Htmlize a file using the current syntax highlighting:
:so $VIMRUNTIME/syntax/2html.vim
Or, htmlize from a command prompt:
in 2html.sh put:
#!/bin/sh
vim -n -c ':so $VIMRUNTIME/syntax/2html.vim' -c ':wqa' $1 > /dev/null 2> /dev/null
Now just run: shell> 2html.sh foo.py
Document originally from http://www.cs.ualberta.ca/~luca/tricks.vim.html
updated and maintained by Greg Lawler
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
var pageTracker = _gat._getTracker("UA-256828-4");
pageTracker._trackPageview();
Where grep came from (RE being Regular Expression):
:g/RE/p
Delete lines 10 to 20 inclusive:
:10,20d
or with marks a and b:
:'a,'bd
Delete lines that contain pattern:
:g/pattern/d
Delete all empty lines:
:g/^$/d
Delete lines in range that contain pattern:
:20,30/pattern/d
or with marks a and b:
:'a,'b/pattern/d
Substitute all lines for first occurance of pattern:
:%s/pattern/new/
:1,$s/pattern/new/
Substitute all lines for pattern globally (more than once on the line):
:%s/pattern/new/g
:1,$s/pattern/new/g
Find all lines containing pattern and then append -new to the end of each line:
:%s/\(.*pattern.*\)/\1-new/g
Substitute range:
:20,30s/pattern/new/g
with marks a and b:
:'a,'bs/pattern/new/g
Swap two patterns on a line:
:s/\(pattern1\)\(pattern2\)/\2\1/
Capitalize the first lowercase character on a line:
:s/\([a-z]\)/\u\1/
more concisely:
:s/[a-z]/\u&/
Capitalize all lowercase characters on a line:
:s/\([a-z]\)/\u\1/g
more concisely:
:s/[a-z]/\u&/g
Capitalize all characters on a line:
:s/\(.*\)/\U\1\E/
Capitalize the first character of all words on a line:
:s/\<[a-z]/\u&/g
Uncapitalize the first character of all words on a line:
:s/\<[A-Z]/\l&/g
Change case of character under cursor:
~
Change case of all characters on line:
g~~
Change case of remaining word from cursor:
g~w
Increment the number under the cursor:
Decrement the number under the cursor:
redraw:
Turn on line numbering:
:set nu
Turn it off:
:set nonu
Number lines (filter the file through a unix command and replace with output):
:%!cat -n
Sort lines:
:%!sort
Sort and uniq:
:%!sort -u
Read output of command into buffer:
:r !ls -l
Refresh file from version on disk:
:e!
Open a new window:
Open a new window with the same file (split):
Split window vertically:
Close current window:
:q
Make current window the only window:
Cycle to next window:
Move to window below current window:
Move to window above current window:
Move to window left of current window:
Move to window right of current window:
Set textwidth for automatic line-wrapping as you type:
:set textwidth=80
Turn on syntax highlighting
:syn on
Turn it off:
:syn off
Force the filetype for syntax highlighting:
:set filetype=python
:set filetype=c
:set filetype=php
Use lighter coloring scheme for a dark background:
:set background=dark
Htmlize a file using the current syntax highlighting:
:so $VIMRUNTIME/syntax/2html.vim
Or, htmlize from a command prompt:
in 2html.sh put:
#!/bin/sh
vim -n -c ':so $VIMRUNTIME/syntax/2html.vim' -c ':wqa' $1 > /dev/null 2> /dev/null
Now just run: shell> 2html.sh foo.py
Document originally from http://www.cs.ualberta.ca/~luca/tricks.vim.html
updated and maintained by Greg Lawler
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
var pageTracker = _gat._getTracker("UA-256828-4");
pageTracker._trackPageview();
Friday, March 20, 2009
Configuring sendmail with STARTTLS and SASL on RedHat Enterprise Linux Server release 5 (Tikanga)
The Required RPMs
If missing any of the above rpms, please use yum or other methods to install.
· sendmail-cf-8.13.8-2.el5
· sendmail-8.13.8-2.el5
· cyrus-sasl-2.1.22-4
· cyrus-sasl-plain-2.1.22-4
· openssl-0.9.8b-8.3.el5
· m4-1.4.5-3.el5.1
The Procedure
1. Back up your configuration files:
#mkdir /etc/mail/SAVE
#cp –p /etc/mail/sendmail.cf /etc/mail/SAVE
#cp –p /etc/mail/sendmail.mc /etc/mail/SAVE
2. Edit sendmail.mc
Please note that m4 doesn't use the # symbol for comments, instead, it starts a line with dnl, which stands for "delete until new line".
The confAUTH_OPTIONS macro allows you to instruct sendmail not to offer plain text authentication until after a secure mechanism such as TLS is active (the p option). We are also prohibiting anonymous logins (the y option). The A option is a workaround for broken MTAs:
define(`confAUTH_OPTIONS', `A y')dnl
Now we define which authentication mechanisms we will trust and use:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnldefine(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
3. Make a pki certificate
#cd /etc/pki/tls/certs#make sendmail.pem
The current certificate is listed below for future reference:
[root@backup1]# ls -l /etc/pki/tls/certs/sendmail.pem
-rw------- 1 root root 2186 Mar 13 16:18 /etc/pki/tls/certs/sendmail.pem
[root@backup1 etc]# keytool -printcert -file /etc/pki/tls/certs/sendmail.pem
Owner: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Issuer: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Serial number: 0
Valid from: Friday March 13, 2009 AD - 9:18:05;367 o'clock PM GMT-04:00
until: Saturday March 13, 2010 AD - 8:18:05;367 o'clock PM GMT-05:00
Certificate fingerprints
MD5: 39:D7:82:93:03:40:98:FF:89:0C:C7:47:CA:45:62:9E
SHA-160: 8B:3B:F6:D4:0D:69:C2:C2:B7:00:87:65:FD:AD:71:A6:93:79:49:E7
[root@backup1 etc]#
4. Start the saslauthd and the sendmail processes
Start saslauthd
[root@backup1]# chkconfig --level 2345 saslauthd on
[root@backup1]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service saslauthd start
[root@backup1]# service saslauthd status
saslauthd (pid 6026 6025 6024 6023 6022) is running...
Start sendmail
[root@backup1]# chkconfig --level 345 sendmail on
[root@backup1]# chkconfig --list sendmail
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@backup1# service sendmail start
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@backup1]# service sendmail status
sendmail (pid 11291 11283) is running...
[root@backup1 mail]#
5. Verify the configuration parameters
NOTE: the compilation options must have “SASLv2” and “STARTTLS”
Also notice that AUTH is offered with the allowed mechanisms (but not STARTTLS, which isn't needed here, as the channel is already encrypted). Authentication takes place, and the message is relayed to its destination.
[root@backup1]# sendmail -d0.10 -bv
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
Canonical name: backup1.markproductions.com
UUCP nodename: backup1.markproductions.com
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = backup1
(canonical domain name) $j = backup1.markproductions.com
(subdomain name) $m = markproductions.com
(node name) $k = backup1.markproductions.com
========================================================
Recipient names must be specified
[root@backup1 ~]#
[root@backup1]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 17:37:25 -0400
EHLO localhost
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
^]
telnet> q
Connection closed.
[root@backup1 ~]
6. Update Linux host based firewall
# /sbin/ iptables -A INPUT -p tcp --dport 25 --syn -j ACCEPT
#service iptables save
# grep 'dport 25' /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 --syn -j ACCEPT
[root@backup1 sysconfig]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@backup1 sysconfig]# service iptables start
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: [ OK ]
[root@backup1 etc]# service iptables status grep "tcp dpt:25"
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02
7. Test with sending an email
[markbao@backup1]# Mail -v markbaoxxx@gmail.com
Subject: test from sendmail smtp gateway to gmail mail
.
Cc:
Null message body; hope that's ok
markbao123@gmail.com... Connecting to [127.0.0.1] via relay...
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 18:15:02 -0400
>>> EHLO backup1.markproductions.com
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From: SIZE=78 AUTH=markbao@backup1.markproductions.com
250 2.1.0... Sender ok
>>> RCPT To:
>>> DATA
250 2.1.5... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 n2KMF2Xa013041 Message accepted for delivery
markbaoxxx@gmail.com... Sent (n2KMF2Xa013041 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 backup1.markproductions.com closing connection
[markbao@backup1 ~]
-----Original Message-----From: markbao@localhost.localdomain [mailto:markbao@localhost.localdomain] Sent: Friday, March 20, 2009 6:18 PMTo: markbaoxxx@gmail.comSubject: test from sendmail smtp gateway to gmail mail
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.11.20/2013 - Release Date: 03/20/09 06:59:00
8. References:
http://sendmail.org/
http://www.whoopis.com/howtos/sendmail-auth-howto.html
http://www.joreybump.com/code/howto/smtpauth.html
http://www.redhat.com/magazine/025nov06/features/email/index.html
http://www.screaming-penguin.com/node/4214
If missing any of the above rpms, please use yum or other methods to install.
· sendmail-cf-8.13.8-2.el5
· sendmail-8.13.8-2.el5
· cyrus-sasl-2.1.22-4
· cyrus-sasl-plain-2.1.22-4
· openssl-0.9.8b-8.3.el5
· m4-1.4.5-3.el5.1
The Procedure
1. Back up your configuration files:
#mkdir /etc/mail/SAVE
#cp –p /etc/mail/sendmail.cf /etc/mail/SAVE
#cp –p /etc/mail/sendmail.mc /etc/mail/SAVE
2. Edit sendmail.mc
Please note that m4 doesn't use the # symbol for comments, instead, it starts a line with dnl, which stands for "delete until new line".
The confAUTH_OPTIONS macro allows you to instruct sendmail not to offer plain text authentication until after a secure mechanism such as TLS is active (the p option). We are also prohibiting anonymous logins (the y option). The A option is a workaround for broken MTAs:
define(`confAUTH_OPTIONS', `A y')dnl
Now we define which authentication mechanisms we will trust and use:
TRUST_AUTH_MECH(`LOGIN PLAIN')dnldefine(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
3. Make a pki certificate
#cd /etc/pki/tls/certs#make sendmail.pem
The current certificate is listed below for future reference:
[root@backup1]# ls -l /etc/pki/tls/certs/sendmail.pem
-rw------- 1 root root 2186 Mar 13 16:18 /etc/pki/tls/certs/sendmail.pem
[root@backup1 etc]# keytool -printcert -file /etc/pki/tls/certs/sendmail.pem
Owner: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Issuer: C=US,ST=FL,L=Tempa,O=markproductions.com,OU=backup1,CN=backup1,1.2.840.113549.1.9.1=markbao123@yahoo.com
Serial number: 0
Valid from: Friday March 13, 2009 AD - 9:18:05;367 o'clock PM GMT-04:00
until: Saturday March 13, 2010 AD - 8:18:05;367 o'clock PM GMT-05:00
Certificate fingerprints
MD5: 39:D7:82:93:03:40:98:FF:89:0C:C7:47:CA:45:62:9E
SHA-160: 8B:3B:F6:D4:0D:69:C2:C2:B7:00:87:65:FD:AD:71:A6:93:79:49:E7
[root@backup1 etc]#
4. Start the saslauthd and the sendmail processes
Start saslauthd
[root@backup1]# chkconfig --level 2345 saslauthd on
[root@backup1]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service saslauthd start
[root@backup1]# service saslauthd status
saslauthd (pid 6026 6025 6024 6023 6022) is running...
Start sendmail
[root@backup1]# chkconfig --level 345 sendmail on
[root@backup1]# chkconfig --list sendmail
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@backup1]# service sendmail stop
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@backup1# service sendmail start
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@backup1]# service sendmail status
sendmail (pid 11291 11283) is running...
[root@backup1 mail]#
5. Verify the configuration parameters
NOTE: the compilation options must have “SASLv2” and “STARTTLS”
Also notice that AUTH is offered with the allowed mechanisms (but not STARTTLS, which isn't needed here, as the channel is already encrypted). Authentication takes place, and the message is relayed to its destination.
[root@backup1]# sendmail -d0.10 -bv
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT
OS Defines: ADDRCONFIG_IS_BROKEN HASFCHOWN HASFCHMOD
HASGETDTABLESIZE HASINITGROUPS HASLSTAT HASNICE HASRANDOM
HASRRESVPORT HASSETREGID HASSETREUID HASSETRLIMIT HASSETSID
HASSETVBUF HASURANDOMDEV HASSTRERROR HASUNAME HASUNSETENV
HASWAITPID IDENTPROTO NEEDSGETIPNODE REQUIRES_DIR_FSYNC
USE_DOUBLE_FORK USE_SIGLONGJMP
Kernel symbols: /boot/vmlinux
Conf file: /etc/mail/submit.cf (default for MSP)
Conf file: /etc/mail/sendmail.cf (default for MTA)
Pid file: /var/run/sendmail.pid (default)
Canonical name: backup1.markproductions.com
UUCP nodename: backup1.markproductions.com
Conf file: /etc/mail/sendmail.cf (selected)
Pid file: /var/run/sendmail.pid (selected)
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = backup1
(canonical domain name) $j = backup1.markproductions.com
(subdomain name) $m = markproductions.com
(node name) $k = backup1.markproductions.com
========================================================
Recipient names must be specified
[root@backup1 ~]#
[root@backup1]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 17:37:25 -0400
EHLO localhost
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
^]
telnet> q
Connection closed.
[root@backup1 ~]
6. Update Linux host based firewall
# /sbin/ iptables -A INPUT -p tcp --dport 25 --syn -j ACCEPT
#service iptables save
# grep 'dport 25' /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 --syn -j ACCEPT
[root@backup1 sysconfig]# service iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[root@backup1 sysconfig]# service iptables start
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: [ OK ]
[root@backup1 etc]# service iptables status grep "tcp dpt:25"
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 flags:0x17/0x02
7. Test with sending an email
[markbao@backup1]# Mail -v markbaoxxx@gmail.com
Subject: test from sendmail smtp gateway to gmail mail
.
Cc:
Null message body; hope that's ok
markbao123@gmail.com... Connecting to [127.0.0.1] via relay...
220 backup1.markproductions.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 18:15:02 -0400
>>> EHLO backup1.markproductions.com
250-backup1.markproductions.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> MAIL From:
250 2.1.0
>>> RCPT To:
>>> DATA
250 2.1.5
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 n2KMF2Xa013041 Message accepted for delivery
markbaoxxx@gmail.com... Sent (n2KMF2Xa013041 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 backup1.markproductions.com closing connection
[markbao@backup1 ~]
-----Original Message-----From: markbao@localhost.localdomain [mailto:markbao@localhost.localdomain] Sent: Friday, March 20, 2009 6:18 PMTo: markbaoxxx@gmail.comSubject: test from sendmail smtp gateway to gmail mail
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.11.20/2013 - Release Date: 03/20/09 06:59:00
8. References:
http://sendmail.org/
http://www.whoopis.com/howtos/sendmail-auth-howto.html
http://www.joreybump.com/code/howto/smtpauth.html
http://www.redhat.com/magazine/025nov06/features/email/index.html
http://www.screaming-penguin.com/node/4214
Thursday, March 19, 2009
Solstice Disksuite: Recovering the quorum after a disk failure on the system start-up
In a scenario where we lost one disk during the boot, the system start-up couldn't be finalised due to loss of the quorum. So the system will prompt to enter in single user Enter in single user and type the following.
# metadb -i
This will list all meta databases. The replicas that have problems would be flagged with “M”.
So, would be necessary to remove all the replicas from the meta database in order to get the correct
quorum for the mirror to work.
Example
flags first blk block count
M 16 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 M 1050 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 a m p luo 16 16 /dev/dsk/c1t1d0s7 a p luo 1050 1034 /dev/dsk/c1t1d0s7 # metadb -d /dev/dsk/c1t0d0s7 Ignore the messages saying cannot change the file “read-only file-system” # reboot The system will boot from the mirrored disk and this time without quorum issues. Reconnecting the disk0 after bootable mirror test Assuming that you are doing a full test, and the previous Troubleshooting procedure was followed, then issue the following commands: # metadb -a -f -c2 /dev/dsk/c1t0d0s7 The above command will recreate the meta database on the disk0 and once that done, and since it was not a disk failure/corruption. So, the meta structure remains in the disk, the SDS immediately starts the synchronization in all file-systems. # metastat or # metastat grep “%” Disabling the Quorum Rule # echo “set md:mirrored_root_flag=1” >> /etc/system
# metadb -i
This will list all meta databases. The replicas that have problems would be flagged with “M”.
So, would be necessary to remove all the replicas from the meta database in order to get the correct
quorum for the mirror to work.
Example
flags first blk block count
M 16 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 M 1050 1034 /dev/dsk/c1t0d0s7 <-- failed disk0 a m p luo 16 16 /dev/dsk/c1t1d0s7 a p luo 1050 1034 /dev/dsk/c1t1d0s7 # metadb -d /dev/dsk/c1t0d0s7 Ignore the messages saying cannot change the file “read-only file-system” # reboot The system will boot from the mirrored disk and this time without quorum issues. Reconnecting the disk0 after bootable mirror test Assuming that you are doing a full test, and the previous Troubleshooting procedure was followed, then issue the following commands: # metadb -a -f -c2 /dev/dsk/c1t0d0s7 The above command will recreate the meta database on the disk0 and once that done, and since it was not a disk failure/corruption. So, the meta structure remains in the disk, the SDS immediately starts the synchronization in all file-systems. # metastat or # metastat grep “%” Disabling the Quorum Rule # echo “set md:mirrored_root_flag=1” >> /etc/system
Wednesday, March 18, 2009
A Legal Distortion
=============================================
ISR News: Heartland Class Action Lawsuit
Posted: 18 Mar 2009 10:05 AM PDT
Excerpts From ComputerWeekly.com An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland's shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.
=============================================
Sure, the security breach of Heartland is shameful. After reading many news and blogger articles, I still have no clue of what kind of spyware could have caused 100 million credit card information to be exposed. I have just taken a security training class. It would have taken a huge amount negligence on the IT management to have allowed a disaster of this magnitude. But business is governed by rule of laws. If having violated any, Heartland will receive its due penalties. Last Friday, for example, PCI council put Hearland's PCI DSS certification on probation. For those lawyers who proposed this class action, I can imagine a motion picture as follows: in the wild safari of Africa, when an elephant is wounded and fell on the ground, a group vultures begin hanging low.
ISR News: Heartland Class Action Lawsuit
Posted: 18 Mar 2009 10:05 AM PDT
Excerpts From ComputerWeekly.com An investor has filed a proposed class action in the US district court of New Jersey on behalf of all other investors in Heartland between August 2008 and February 2009. The complaint alleges that Heartland issued false or misleading statements and failed to disclose material adverse facts about its business, operations and prospects during that period. Heartland's shares during that period also declined from $21.84 per share, or approximately 80%, from its high of $27.19 per share in September 2008.
=============================================
Sure, the security breach of Heartland is shameful. After reading many news and blogger articles, I still have no clue of what kind of spyware could have caused 100 million credit card information to be exposed. I have just taken a security training class. It would have taken a huge amount negligence on the IT management to have allowed a disaster of this magnitude. But business is governed by rule of laws. If having violated any, Heartland will receive its due penalties. Last Friday, for example, PCI council put Hearland's PCI DSS certification on probation. For those lawyers who proposed this class action, I can imagine a motion picture as follows: in the wild safari of Africa, when an elephant is wounded and fell on the ground, a group vultures begin hanging low.
Friday, February 27, 2009
Linux SAN disk migration plan using disk Raid mirroring method
I. General Purpose: SAN Data migration between Linux hosts
1. Operational risks: during the migration, the current production server will experience single point of failure on the SAN disks.
2. Other risks involve failure in cooperation among UNIX system adiministrators , DBAs, Fibre cable technicians and Storage Operators.
3. Roll back, if following this document step by step, we should be able to roll back at any point of this operation
4. The scope of this exercise is limited to using Linux native raidtool as the data migration method. Other possible methods are not explored. They may include, EMC SRDF/BCV/Snapshot, Veritas Volume Manager Mirroring, Veritas Datamovers, LINUX LVM and copying data via network or optical media etc.
II. Target Server Preparation
*Note, outputs in this document are for illustration only. They are not actual screen shots.
1. Identify, build and test the target server according to current company standards.
2. Make sure raidtool is installed:
targethost# rpm –qa|grep raid
If rpm has not been installed, download from vendor site and install.
Redhat example: http://people.redhat.com/mingo/raidtools/
Please follow vendor instruction on to build and install a kernel. In the end, you should make sure you have the following options set in your kernel configuration:
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_MD_RAID1=y
CONFIG_BLK_DEV_LVM=y
You'll also need initial ramdisk (initrd) support, and it's recommended to compile in the loop block device:
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_DEV_LOOP=y
Additionally, you should build in support for the filesystems you intend to use.
CONFIG_EXT3_FS=y
3. Host Bus Adapter Configurations (HBAs)
Verify /etc/modules.conf contains qla2300 alias:
alias scsi_hostadapter2_qla2300
Verify /etc/modules.conf contains qla2300 options (assuming using qla drivers. If not, please check for other corresponding HBA entries. )
options qla2300 ql2xfailover=0 MaxRetriesPerPath=0 MaxRetriesPerIo=0 ql2xmaxqdepth=16
Load HBA driver if necessary
targethost# modprobe –a qla2300
Collect the HBA WWN on the target server and save for the next SAN disk provision section.
targethost# cat /proc/scsi/qla2300/[1234] | grep port
II. SAN Disk Provisioning
1. Using the EMC SAN control center, do the disk provisioning. During the migration, the target Linux host will have visibility to both the new and old Claiion Disks.
2. The SAN typer disks on the source and target storage devices should be identical.
III. Source Server operations
1. On the source host, verify SAN disks are mirrored:
sourcehost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hda1[0] hdc1[1]
125376 blocks [2/2] [UU]
2. Let’s say “/dev/hdc” is the disk we want to use as the swing disk,
sourcehost# raidsetfaulty /dev/md1 /dev/hdc1
3. Verify “/dev/hdc” is no longer engaged,
sourcehost# cat /proc/mdstat
md2 : active raid1 hda2[0] hdc2[1](F)
9644928 blocks [2/1] [U_]
4. Move the fibre cable from sourchost’s second HBA port and attach it to the targethost’s second HBA port
IV. Target Server operations
1. Discover the new disk by doing a system reboot.
If rebooting is not possible, you may alternately use the following
For logic:
Do one at a time
targethost#echo scsi-qlascan > /proc/scsi/qla2xxx/
targethost#cat to see new device at the end
For Emulex:
targethost#echo 1 > /sys/class/scsi_host/host/issue_lip
targethost#rescan-scsi-bus.sh -l -w -c
Do one path at a time
targethost#echo - - - > /sys/class/scsi_host/host/scan
Check for new sd devices:
targethost#fdisk -l | grep Disk
Verifying Storage and Paths
1. After new provisioning reload qla2300 driver.
targethost# rmmod qla2300
targethost# modprobe –a qla2300
2. Verify storage and paths:
Example output: (not real output)
targethost# inq.linux
------------------------------------------------------------------
DEVICE :VEND :PROD :REV :SER NUM :CAP(kb)
------------------------------------------------------------------
…
/dev/sdc :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sdd :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sde :EMC :Claiion_Old :5670 :74302000 :17677440
…
3. Partitioning the New Disk
Run fdisk on the new unused disk to give the same partition as the original source disk on the source server
:
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdc
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdd
4. Update /etc/raidtab
The first step is to set up /etc/raidtab. This file serves as the configuration file for the mkraid command. We need to set up a stanza for both partitions, and declare any partitions on hdd as a "failed-disk" for now. This will keep the md driver from trying to use them at this time.
raiddev /dev/md1
raid-level 1
nr-raid-disks 2
nr-spare-disks 0
persistent-superblock 1
device /dev/hdc1
raid-disk 0
# this is our old disk, mark as failed for now
device /dev/hdd1
failed-disk 1
5. Converting the Partitions into RAID Devices
# mkraid /dev/md1
handling MD device /dev/md1
analyzing super-block
disk 0: /dev/hdd1, failed
disk 1: /dev/hdc1, 125464kB, raid superblock at 125376kB
6. Update fstab
Once this step is done, edit /newdisk/etc/fstab and set it up to mount the new LVM volumes in place of the old partitions, and to mount the /boot partition. We would change it to the following on the example machine:
#
…
/dev/md1 /NewSanDisk ext3 defaults 1 1
…
7. Reboot and Start Mirroring
targethost# reboot
Alternatively, you may start raid without rebooting:
targethost# raidstop /dev/md1; raidstart /dev/md1
Once the server is online, attach the SAN disk from the sourcehost to the mirror:
targethost# raidhotadd /dev/md1 /dev/hde1
Verify the mirroring is in progress:
targethost# cat /proc/mdstat
md1 : active raid1 hde1[2] hdc1[1]
9644928 blocks [2/1] [_U]
[>....................] recovery = 0.1% (11696/9644928) \
finish=13.7min speed=11696K/sec
unused devices:
Verify the mirroring has been completed:
targethost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hdc1[0] hdd1[1]
125376 blocks [2/2] [UU]
You may perform additional data integrity testing by mounting the filesystem, by starting database servers etc.
8. Reboot and Start Mirroring
Once all tests are completed successfully, you now may remove the disk from sourcehost from the Raid:
targethost# raidhotremove /dev/md1 /dev/sde2
Verify that sde is no longer engaged:
targethost# cat /proc/mdstat,
Then add a second mirror pair from the target server:
targethost# raidhotadd /dev/md1 /dev/hde1
The verification process will be the same as the immediate preceding section.
V. Cleaning Up
1. Make the targethost take on the personality of the sourcehost by changing its hostname, IP address etc.
2. Shutdown and decommission and old sourcehost.
3. On EMC control center, decommission un-used disks Hyper devices.
1. Operational risks: during the migration, the current production server will experience single point of failure on the SAN disks.
2. Other risks involve failure in cooperation among UNIX system adiministrators , DBAs, Fibre cable technicians and Storage Operators.
3. Roll back, if following this document step by step, we should be able to roll back at any point of this operation
4. The scope of this exercise is limited to using Linux native raidtool as the data migration method. Other possible methods are not explored. They may include, EMC SRDF/BCV/Snapshot, Veritas Volume Manager Mirroring, Veritas Datamovers, LINUX LVM and copying data via network or optical media etc.
II. Target Server Preparation
*Note, outputs in this document are for illustration only. They are not actual screen shots.
1. Identify, build and test the target server according to current company standards.
2. Make sure raidtool is installed:
targethost# rpm –qa|grep raid
If rpm has not been installed, download from vendor site and install.
Redhat example: http://people.redhat.com/mingo/raidtools/
Please follow vendor instruction on to build and install a kernel. In the end, you should make sure you have the following options set in your kernel configuration:
CONFIG_MD=y
CONFIG_BLK_DEV_MD=y
CONFIG_MD_RAID1=y
CONFIG_BLK_DEV_LVM=y
You'll also need initial ramdisk (initrd) support, and it's recommended to compile in the loop block device:
CONFIG_BLK_DEV_RAM=y
CONFIG_BLK_DEV_RAM_SIZE=4096
CONFIG_BLK_DEV_INITRD=y
CONFIG_BLK_DEV_LOOP=y
Additionally, you should build in support for the filesystems you intend to use.
CONFIG_EXT3_FS=y
3. Host Bus Adapter Configurations (HBAs)
Verify /etc/modules.conf contains qla2300 alias:
alias scsi_hostadapter2_qla2300
Verify /etc/modules.conf contains qla2300 options (assuming using qla drivers. If not, please check for other corresponding HBA entries. )
options qla2300 ql2xfailover=0 MaxRetriesPerPath=0 MaxRetriesPerIo=0 ql2xmaxqdepth=16
Load HBA driver if necessary
targethost# modprobe –a qla2300
Collect the HBA WWN on the target server and save for the next SAN disk provision section.
targethost# cat /proc/scsi/qla2300/[1234] | grep port
II. SAN Disk Provisioning
1. Using the EMC SAN control center, do the disk provisioning. During the migration, the target Linux host will have visibility to both the new and old Claiion Disks.
2. The SAN typer disks on the source and target storage devices should be identical.
III. Source Server operations
1. On the source host, verify SAN disks are mirrored:
sourcehost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hda1[0] hdc1[1]
125376 blocks [2/2] [UU]
2. Let’s say “/dev/hdc” is the disk we want to use as the swing disk,
sourcehost# raidsetfaulty /dev/md1 /dev/hdc1
3. Verify “/dev/hdc” is no longer engaged,
sourcehost# cat /proc/mdstat
md2 : active raid1 hda2[0] hdc2[1](F)
9644928 blocks [2/1] [U_]
4. Move the fibre cable from sourchost’s second HBA port and attach it to the targethost’s second HBA port
IV. Target Server operations
1. Discover the new disk by doing a system reboot.
If rebooting is not possible, you may alternately use the following
For logic:
Do one at a time
targethost#echo scsi-qlascan > /proc/scsi/qla2xxx/
targethost#cat
For Emulex:
targethost#echo 1 > /sys/class/scsi_host/host
targethost#rescan-scsi-bus.sh -l -w -c
Do one path at a time
targethost#echo - - - > /sys/class/scsi_host/host
Check for new sd devices:
targethost#fdisk -l | grep Disk
Verifying Storage and Paths
1. After new provisioning reload qla2300 driver.
targethost# rmmod qla2300
targethost# modprobe –a qla2300
2. Verify storage and paths:
Example output: (not real output)
targethost# inq.linux
------------------------------------------------------------------
DEVICE :VEND :PROD :REV :SER NUM :CAP(kb)
------------------------------------------------------------------
…
/dev/sdc :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sdd :EMC :Claiion_New :5670 :74302000 :17677440
/dev/sde :EMC :Claiion_Old :5670 :74302000 :17677440
…
3. Partitioning the New Disk
Run fdisk on the new unused disk to give the same partition as the original source disk on the source server
:
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdc
targethost# sfdisk -d /dev/hde | sfdisk /dev/hdd
4. Update /etc/raidtab
The first step is to set up /etc/raidtab. This file serves as the configuration file for the mkraid command. We need to set up a stanza for both partitions, and declare any partitions on hdd as a "failed-disk" for now. This will keep the md driver from trying to use them at this time.
raiddev /dev/md1
raid-level 1
nr-raid-disks 2
nr-spare-disks 0
persistent-superblock 1
device /dev/hdc1
raid-disk 0
# this is our old disk, mark as failed for now
device /dev/hdd1
failed-disk 1
5. Converting the Partitions into RAID Devices
# mkraid /dev/md1
handling MD device /dev/md1
analyzing super-block
disk 0: /dev/hdd1, failed
disk 1: /dev/hdc1, 125464kB, raid superblock at 125376kB
6. Update fstab
Once this step is done, edit /newdisk/etc/fstab and set it up to mount the new LVM volumes in place of the old partitions, and to mount the /boot partition. We would change it to the following on the example machine:
#
…
/dev/md1 /NewSanDisk ext3 defaults 1 1
…
7. Reboot and Start Mirroring
targethost# reboot
Alternatively, you may start raid without rebooting:
targethost# raidstop /dev/md1; raidstart /dev/md1
Once the server is online, attach the SAN disk from the sourcehost to the mirror:
targethost# raidhotadd /dev/md1 /dev/hde1
Verify the mirroring is in progress:
targethost# cat /proc/mdstat
md1 : active raid1 hde1[2] hdc1[1]
9644928 blocks [2/1] [_U]
[>....................] recovery = 0.1% (11696/9644928) \
finish=13.7min speed=11696K/sec
unused devices:
Verify the mirroring has been completed:
targethost# cat /proc/mdstat
Personalities : [raid1]
read_ahead 1024 sectors
md1 : active raid1 hdc1[0] hdd1[1]
125376 blocks [2/2] [UU]
You may perform additional data integrity testing by mounting the filesystem, by starting database servers etc.
8. Reboot and Start Mirroring
Once all tests are completed successfully, you now may remove the disk from sourcehost from the Raid:
targethost# raidhotremove /dev/md1 /dev/sde2
Verify that sde is no longer engaged:
targethost# cat /proc/mdstat,
Then add a second mirror pair from the target server:
targethost# raidhotadd /dev/md1 /dev/hde1
The verification process will be the same as the immediate preceding section.
V. Cleaning Up
1. Make the targethost take on the personality of the sourcehost by changing its hostname, IP address etc.
2. Shutdown and decommission and old sourcehost.
3. On EMC control center, decommission un-used disks Hyper devices.
Monday, January 26, 2009
emc powerpath powermt cheatsheet
powermt in a shutshell
Usage:
powermt [class=]
powermt check [force] [hba=|all] [dev=|all]
powermt check_registration
powermt config
powermt display [ports] [dev=|all] [every=]
powermt display options
powermt display paths [every=]
powermt display unmanaged
powermt manage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt unmanage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt load [file=]
powermt release
powermt remove [force] hba=|all | dev=|all
powermt restore [hba=|all] [dev=|all]
powermt save [file=]
powermt set mode=active|standby [hba=|all] [dev=|all]
powermt set periodic_autorestore=on|off
powermt set policy={ad|bf|co|lb|li|nr|re|rr|so} [dev=|all]
powermt set priority= [dev=|all]
powermt update lun_names
powermt version
usage examples:
powermt display dev=all
powermt check_registration
powermt watch
An advance usage is as follows:
powermt set policy=policy [class={symm|clariion|hitachi|hpxp|ess|all}]
[dev=device|all]
powermt set policy sets the load balancing and failover
policy for PowerPath devices.
Arguments
policy=policy
Sets the load balancing and failover policy to one
of the following values:
ad Adaptive. I/O requests are assigned to paths
based on an algorithm that takes into account
path load and logical device priority. This
policy is valid only for Hitachi Lightning,
HP xp, and IBM ESS storage systems and is the
default policy for them on platforms with a
valid PowerPath license.
bf Basic failover. Load balancing is not in
effect. I/O routing on failure is limited to
one HBA and one port on each storage
processor. When a host boots, it designates
one path (through one interface) for all I/O.
If an I/O is issued to a logical device that
cannot be reached via that path (that is, the
I/O cannot reach that logical device through
the device's assigned interface), a trespass
is performed: the logical device is assigned
to the other interface.
SunOS 5.8 Last change: January, 2004 25
User Commands powermt(1)
This policy protects against SP and back-end
failures and allows non-disruptive upgrades
to work when running PowerPath without a
license key. It does not protect against HBA
or host loop failures.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms without a valid PowerPath
license.
co CLARiiON optimization (listed in powermt
display output as CLAROpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
lb Least blocks. Load balance is based on the
number of blocks in the pending I/Os. I/O
requests are assigned to the path with the
smallest burden in terms of blocks,
regardless of the number of requests
involved.
li Least I/Os. Load balance is based on the
number of pending I/Os. I/O requests are
assigned to the path with the smallest number
of requests, regardless of total block
volume.
nr No redirect. Neither load balancing nor
failover is in effect. If nr is set on a
failed path and a native device is used, I/O
errors will occur when I/O is directed to
that path. If one or more paths is failed and
nr is set, data I/O errors can occur.
This policy is valid only for Symmetrix,
Hitachi Lightning, HP xp, and IBM ESS storage
systems and is the default policy for them on
platforms without a valid PowerPath license.
re Request. For native devices, uses the path
that would have been used if PowerPath were
not installed. For pseudo devices, uses one
arbitrary path for all I/O. For all devices,
failover is in effect, but load balancing is
SunOS 5.8 Last change: January, 2004 26
User Commands powermt(1)
not.
rr Round robin. I/O requests are assigned to
each available path in rotation.
so Symmetrix optimization (listed in powermt
display output as SymmOpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for Symmetrix
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
Usage:
powermt [class=]
powermt check [force] [hba=|all] [dev=|all]
powermt check_registration
powermt config
powermt display [ports] [dev=|all] [every=]
powermt display options
powermt display paths [every=]
powermt display unmanaged
powermt manage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt unmanage {dev= | class={invista | hitachi | hpxp | ess | hphsx}}
powermt load [file=]
powermt release
powermt remove [force] hba=|all | dev=|all
powermt restore [hba=|all] [dev=|all]
powermt save [file=]
powermt set mode=active|standby [hba=|all] [dev=|all]
powermt set periodic_autorestore=on|off
powermt set policy={ad|bf|co|lb|li|nr|re|rr|so} [dev=|all]
powermt set priority= [dev=|all]
powermt update lun_names
powermt version
usage examples:
powermt display dev=all
powermt check_registration
powermt watch
An advance usage is as follows:
powermt set policy=policy [class={symm|clariion|hitachi|hpxp|ess|all}]
[dev=device|all]
powermt set policy sets the load balancing and failover
policy for PowerPath devices.
Arguments
policy=policy
Sets the load balancing and failover policy to one
of the following values:
ad Adaptive. I/O requests are assigned to paths
based on an algorithm that takes into account
path load and logical device priority. This
policy is valid only for Hitachi Lightning,
HP xp, and IBM ESS storage systems and is the
default policy for them on platforms with a
valid PowerPath license.
bf Basic failover. Load balancing is not in
effect. I/O routing on failure is limited to
one HBA and one port on each storage
processor. When a host boots, it designates
one path (through one interface) for all I/O.
If an I/O is issued to a logical device that
cannot be reached via that path (that is, the
I/O cannot reach that logical device through
the device's assigned interface), a trespass
is performed: the logical device is assigned
to the other interface.
SunOS 5.8 Last change: January, 2004 25
User Commands powermt(1)
This policy protects against SP and back-end
failures and allows non-disruptive upgrades
to work when running PowerPath without a
license key. It does not protect against HBA
or host loop failures.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms without a valid PowerPath
license.
co CLARiiON optimization (listed in powermt
display output as CLAROpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for CLARiiON
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
lb Least blocks. Load balance is based on the
number of blocks in the pending I/Os. I/O
requests are assigned to the path with the
smallest burden in terms of blocks,
regardless of the number of requests
involved.
li Least I/Os. Load balance is based on the
number of pending I/Os. I/O requests are
assigned to the path with the smallest number
of requests, regardless of total block
volume.
nr No redirect. Neither load balancing nor
failover is in effect. If nr is set on a
failed path and a native device is used, I/O
errors will occur when I/O is directed to
that path. If one or more paths is failed and
nr is set, data I/O errors can occur.
This policy is valid only for Symmetrix,
Hitachi Lightning, HP xp, and IBM ESS storage
systems and is the default policy for them on
platforms without a valid PowerPath license.
re Request. For native devices, uses the path
that would have been used if PowerPath were
not installed. For pseudo devices, uses one
arbitrary path for all I/O. For all devices,
failover is in effect, but load balancing is
SunOS 5.8 Last change: January, 2004 26
User Commands powermt(1)
not.
rr Round robin. I/O requests are assigned to
each available path in rotation.
so Symmetrix optimization (listed in powermt
display output as SymmOpt). I/O requests are
assigned to paths based on an algorithm that
takes into account path load and the priority
you set with powermt set policy.
This policy is valid only for Symmetrix
storage systems and is the default policy for
them on platforms with a valid PowerPath
license.
Thursday, January 1, 2009
IT Governance Resources - December 2008
Posted by: "Dan Swanson" dswanson_2008@yahoo.ca dswanson_2008
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever you have available time. http://www.governan/cetools.com/home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew.co.uk/index.cfm?route=122444
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte.com/dtt/ article/0,1002,sid= 36692&cid=151800,00.html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conference-board.org/utilities/pressDetail.cfm?press_ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb.ca/index.cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkworld.com/whitepapers/nww/pdf/Tripwire_Unplanned_Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica.ca/index.cfm/ci_id/ 1000/la_id/1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu-managing-change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business.com/press/enewsarticle/enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovernance.co.uk/news_detail.aspx?news_id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov.mb.ca/chc/ leg-lib/net1206.html
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT:
The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte.com/dtt/article/0,1002,sid=26562,cid=132853,00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
ACI/KPMG resources on Risk Management
http://www.kpmg.com/aci/risk_mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States, having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 and February 2006.
http://www.conference-board.org/publications/describe.cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonline.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovernance.co.uk/products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew.co.uk/index.cfm?route=144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada, 2006).
http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470837306.html,
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia.org/doc_d=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri.org/about/center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonline.org/members/ dmx/dmxtra_0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonline.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonline.org/nacd/enron.asp?user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac.org/Store/Category.tmpl?Category=ProfessionalAccountantsinBusiness& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia.org/periodicals/newsletters/ tone-at-the-top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri.org/about/ mission.cfm
About TheCorporateCounsel.net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorporatecounsel.net/home.asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business.com/press/enewsarticle/enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg.gov/creativityfringes.shtml
Directors and Boards
http://www.directorsandboards.com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcompliance.com/buy_now/the_language_of_compliance.html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view. http://www.itcinsti tute.com/ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditintegrity.com/ index.php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditintegrity.com/upload/iblock/9a0/Audit_Integrity_20070326_Top100List.pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
Leading best practice guidance on various management practices - http://www.gao.gov/aac.html
Leading IT and IM guidance - http://www.gao.gov/special.pubs/cit.html
Posted by: "Dan Swanson" dswanson_2008@yahoo.ca dswanson_2008
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever your have available time. http://www.governan cetools.com/ home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew. co.uk/index. cfm?route= 122444
What drives Toyota ? The presumption of imperfection— and a refusal to accept it.
It's the story of Toyota 's genius: an insatiable competitiveness that would seem un-American were it not for all the Americans making it happen. Toyota 's competitiveness is quiet, internal, self-critical. It is rooted in an institutional obsession with improvement that Toyota manages to instill in each one of its workers, a pervasive lack of complacency with whatever was accomplished yesterday.
Editor’s note – how much focus does your organization place on competitiveness?
http://www.fastcomp any.com/magazine /111/open_ no-satisfaction. html
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
Information Technology and the Board - "An Insightful Resource".
http://www.deloitte .com/dtt/ article/0% 2C1002%2Ccid% 25253D152626% 2C00.html
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte .com/dtt/ article/0, 1002,sid= 36692&cid=151800, 00. html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conferen ce-board. org/utilities/ pressDetail. cfm?press_ ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb. ca/index. cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkw orld.com/ whitepapers/ nww/pdf/Tripwire _Unplanned_ Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica. ca/index. cfm/ci_id/ 1000/la_id/ 1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu- managing- change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business. com/press/ enewsarticle/ enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovern ance.co.uk/ news_detail. aspx?news_ id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov. mb.ca/chc/ leg-lib/net1206. html
FMEA - Failure Mode and Effects Analysis ( Information Center )
Everything you want to know about Failure Mode and Effect Analysis.
http://www.isixsigm a.com/offsite. asp?A=Fr&Url=http://www. fmeainfocentre. com
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT: The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte .com/dtt/ article/0, 1002,sid% 3D26562%26cid% 3D132853, 00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert. org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.. Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
Information Security Oversight: Essential Board Practices, from the National Association of Corporate Directors (NACD).
Learn four steps each board should adopt to avoid the hazards of leaving information inadequately protected from cyber criminals. Review the questions each board should ask to determine inherent risks. Discover the potential liabilities and other woes that might befall corporate boards and management who show too little involvement in safeguarding the security and privacy of corporate-held information. Lessons include identifying vulnerabilities, mitigating damages, establishing controls, educating officers and employees, and resolving issues. Sponsored by KPMG's Audit Committee Institute and published in collaboration with the Institute of Internal Auditors and the Critical Infrastructure Assurance Office of the U.S. Department of Commerce..
http://www.nacdonli ne.org/publicati ons/pubDetails. asp?pubID= 138&user=D0888270C5 AF46 508BEC8472906F87 C3
ACI/KPMG resources on Risk Management
http://www.kpmg. com/aci/risk_ mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States , having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 through February 2006.
http://www.conferen ce-board. org/publications /describe. cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonli ne.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovern ance.co.uk/ products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew. co.uk/index. cfm?route= 144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada , 2006).
http://www.wiley. com/WileyCDA/ WileyTitle/ productCd- 0470837306. html
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia. org/?doc_ id=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri. org/about/ center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonli ne.org/members/ dmx/dmxtra_ 0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonli ne.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonli ne.org/nacd/ enron.asp? user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac. org/Store/ Category. tmpl?Category= Professional% 20Accountants% 20in%20Business& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia. org/periodicals/ newsletters/ tone-at-the- top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri. org/about/ mission.cfm
About TheCorporateCounsel .net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorpo ratecounsel. net/home. asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This
collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business. com/press/ enewsarticle/ enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg. gov/creativity_ fringes.shtml
Directors and Boards
http://www.director sandboards. com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcomplianc e.com/buy_ now/the_language _of_compliance. html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view.
http://www.itcinsti tute.com/ ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditint egrity.com/ index..php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditint egrity.com/ upload/iblock/ 9a0/Audit_ Integrity_ 20070326_ Top100List. pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
www.gao.gov
Leading best practice guidance on various management practices - http://www.. gao. gov/aac.html
Leading IT and IM guidance - http://www.gao. gov/special. pubs/cit. html
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associat ed risks and recommended practices.
http://www.theiia. org/guidance/ technology/ gtag/
Board Governance – Deloitte’s Governance Repository
https://www. corpgov.deloitte .com/site/ us/menuitem. 88e49625b72277a9 8f220ce36cdf8a0c /;jsessionid= Cy7kGJSZVYbhbSRy qVXsz1s12ykvs3v6 hSKpkxHzLbVqlNkt Ttv9!-377936133! -608783955
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpar tnership. org/init- governance. html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saigloba l.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia .org/wiki/ Information_ technology_ governance
..
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.
http://www.theiia.org/guidance/ technology/gtag/
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpartnership.org/init-governance.html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saiglobal.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia.org/wiki/Information_technology_governance
..
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever you have available time. http://www.governan/cetools.com/home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew.co.uk/index.cfm?route=122444
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte.com/dtt/ article/0,1002,sid= 36692&cid=151800,00.html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conference-board.org/utilities/pressDetail.cfm?press_ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb.ca/index.cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkworld.com/whitepapers/nww/pdf/Tripwire_Unplanned_Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica.ca/index.cfm/ci_id/ 1000/la_id/1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu-managing-change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business.com/press/enewsarticle/enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovernance.co.uk/news_detail.aspx?news_id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov.mb.ca/chc/ leg-lib/net1206.html
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT:
The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte.com/dtt/article/0,1002,sid=26562,cid=132853,00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert.org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
ACI/KPMG resources on Risk Management
http://www.kpmg.com/aci/risk_mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States, having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 and February 2006.
http://www.conference-board.org/publications/describe.cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonline.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovernance.co.uk/products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew.co.uk/index.cfm?route=144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada, 2006).
http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470837306.html,
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia.org/doc_d=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri.org/about/center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonline.org/members/ dmx/dmxtra_0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonline.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonline.org/nacd/enron.asp?user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac.org/Store/Category.tmpl?Category=ProfessionalAccountantsinBusiness& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia.org/periodicals/newsletters/ tone-at-the-top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri.org/about/ mission.cfm
About TheCorporateCounsel.net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorporatecounsel.net/home.asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business.com/press/enewsarticle/enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg.gov/creativityfringes.shtml
Directors and Boards
http://www.directorsandboards.com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcompliance.com/buy_now/the_language_of_compliance.html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view. http://www.itcinsti tute.com/ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditintegrity.com/ index.php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditintegrity.com/upload/iblock/9a0/Audit_Integrity_20070326_Top100List.pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
Leading best practice guidance on various management practices - http://www.gao.gov/aac.html
Leading IT and IM guidance - http://www.gao.gov/special.pubs/cit.html
Posted by: "Dan Swanson" dswanson_2008@yahoo.ca dswanson_2008
Wed Dec 31, 2008 5:25 pm (PST)
The last resource email for 2008 is focused on providing leading
Governance resources from around the world.
Enjoy -- please share with your colleagues as well.
All the best in 2009 - May it be your best year ever!
Dan Swanson
Roadmap to Being an Effective Director
This website is dedicated to speeding up learning for new directors and removing some of the mystery from the process. It's a roadmap to the basic risk management skills used by boards. It ramps-up the learning curve so new directors can be effective at the board table more quickly and participate with confidence. Sounds promising–but how do you do that – in practical terms? How can an independent Director, who attends a four-hour meeting six times a year, learn to supervise full time management? That's what this site is all about. Developed over the past five years, GovernanceTools© explains risk management, the biggest part of a director's job. It provides relevant information in timely, need-to-know chunks. And learning can occur prior to your board meeting, whenever your have available time. http://www.governan cetools.com/ home.asp
An overview of corporate governance – (by ICAEW)
What is corporate governance? - Corporate governance is commonly referred to as a system by which organizations are directed and controlled. It is the process by which company objectives are established, achieved and monitored. Corporate governance is concerned with the relationships and responsibilities between the board, management, shareholders and other relevant stakeholders within a legal and regulatory framework.
http://www.icaew. co.uk/index. cfm?route= 122444
What drives Toyota ? The presumption of imperfection— and a refusal to accept it.
It's the story of Toyota 's genius: an insatiable competitiveness that would seem un-American were it not for all the Americans making it happen. Toyota 's competitiveness is quiet, internal, self-critical. It is rooted in an institutional obsession with improvement that Toyota manages to instill in each one of its workers, a pervasive lack of complacency with whatever was accomplished yesterday.
Editor’s note – how much focus does your organization place on competitiveness?
http://www.fastcomp any.com/magazine /111/open_ no-satisfaction. html
Most organizations today understand the importance of Ethics, Leadership, and Values-Based Business Practices. And those that actually turn their good intentions into action – those that “walk the talk” – are able to: Attract and retain the very best people; Deliver high-quality products and services; Build and maintain customer loyalty; and Achieve long-term, sustained results.
Editor’s note - that one extra degree of effort may be all you need; enjoy this inspirational movie.
http://www.the212mo vie.com/
Information Technology and the Board - "An Insightful Resource".
http://www.deloitte .com/dtt/ article/0% 2C1002%2Ccid% 25253D152626% 2C00.html
What the Board Needs to Know About IT: Phase II Findings
Maximizing performance through IT strategy
http://www.deloitte .com/dtt/ article/0, 1002,sid= 36692&cid=151800, 00. html
Corporate Directors May Not Be Providing Sufficiently Robust Enterprise Risk Oversight The "Executive Summary" of this new Conference Board report is available at:
http://www.conferen ce-board. org/utilities/ pressDetail. cfm?press_ ID=2893
CICA’s Risk Management and Governance Collection
20 Questions Directors Should Ask – (on various important topics).
Consider just obtaining their CD, i.e. with all this guidance combined into one place.
http://www.rmgb. ca/index. cfm/ciid/ 3083/laid/ 1.htm
Unplanned Work: The Silent Killer
Find out how unplanned work - those activities not mapped to any project, procedure or change request - is undermining the effectiveness of your IT efforts.
http://www.networkw orld.com/ whitepapers/ nww/pdf/Tripwire _Unplanned_ Work_Management_ Paper.pdf
20 Questions Directors Should Ask About IT (Revised April 2004)
Information technology is a critical part of an organization' s internal control and management information system. Ensuring its integrity is an important responsibility for board members. ITAC has compiled 20 key questions about IT that should be asked about: strategic planning and technology, performance and personnel issues, internal control issues, risk and security, information privacy, e-business, availability policies, and legal issue.
http://www.cica. ca/index. cfm/ci_id/ 1000/la_id/ 1
Managing Change
There is no management activity more misunderstood, abused and ignored than the act of implementing Change. Some have even suggested that the phrase "Change Management" is an oxymoron. The articles available below have a single purpose, to transform the act of Managing Change from something we dread, to something we approach with skill, insight, wisdom and an increased chance of success.
http://www.technobi lity.com/ docs/menu- managing- change.htm
The Favoritism Test
Learn to avoid the pitfalls of rewarding sycophants in the workplace.
http://www.strategy -business. com/press/ enewsarticle/ enews022707
ISO 27001 CERTIFICATION GUIDES LAUNCHED
IT Governance Ltd has launched the world’s first practical guides to help company directors and IT project managers understand and achieve certification to ISO 27001, the newly published global certification standard for information security management (replaces BS7799 and complements ISO 17799). In the modern corporate governance climate, ISO 27001 certification will increasingly become a prerequisite for winning new business, thereby accelerating the transfer of IT security issues from the data room to the boardroom.
http://www.itgovern ance.co.uk/ news_detail. aspx?news_ id=25
Featured Internet Sites - Knowledge Management
An interesting collection of web sites focused on knowledge management that is maintained by the legislative library of the Manitoba provincial government.
http://www.gov. mb.ca/chc/ leg-lib/net1206. html
FMEA - Failure Mode and Effects Analysis ( Information Center )
Everything you want to know about Failure Mode and Effect Analysis.
http://www.isixsigm a.com/offsite. asp?A=Fr&Url=http://www. fmeainfocentre. com
What the Board Needs to Know About IT (The board’s role in leveraging technology as a strategic resource)
In 2006, Deloitte Consulting LLP began a research initiative to explore how boards of directors are approaching information technology (IT). Phase I of this research represents the findings of more than 30 interviews with directors and senior executives. The findings from the Phase I interviews have been captured in the point of view: "What the Board Needs to Know About IT: The Board's Role in Leveraging Technology as a Strategic Resource."
You can also download "Bringing IT Into the Boardroom," which appeared as a supplement to the Fall 2006 issue of Corporate Board Member magazine. Finally, you can learn about the upcoming Phase II research results on the topic of the board and IT by downloading a preview of the survey results, entitled: “Big Conundrum: Phase II Preliminary Findings.”
For more info on the Deloitte initiative, all the above mentioned documents, and “more”, visit: http://www.deloitte .com/dtt/ article/0, 1002,sid% 3D26562%26cid% 3D132853, 00.html
CERT Launches Podcast Series
The CERT® Program is pleased to announce the launch of its first podcast series, "Security for Business Leaders," available at http://www.cert. org/podcast. The series will provide both general principles and specific starting points for business leaders who want to launch enterprise-wide security efforts, or who want to ensure that their organizations' existing security program is as effective as possible. New podcasts will be available every two weeks.
The newest podcast features Rich Pethia, Director of the CERT Program. Other podcast topics include "Why Leaders Should Care about Security," "The ROI of Security," "Proactive Remedies for Rising Threat," and "Compliance vs.. Buy-in." Podcasters can listen to entire conversations, download PDF transcripts, and investigate additional references in show notes.
"Security for Business Leaders" is the first podcast series for the SEI.
Information Security Oversight: Essential Board Practices, from the National Association of Corporate Directors (NACD).
Learn four steps each board should adopt to avoid the hazards of leaving information inadequately protected from cyber criminals. Review the questions each board should ask to determine inherent risks. Discover the potential liabilities and other woes that might befall corporate boards and management who show too little involvement in safeguarding the security and privacy of corporate-held information. Lessons include identifying vulnerabilities, mitigating damages, establishing controls, educating officers and employees, and resolving issues. Sponsored by KPMG's Audit Committee Institute and published in collaboration with the Institute of Internal Auditors and the Critical Infrastructure Assurance Office of the U.S. Department of Commerce..
http://www.nacdonli ne.org/publicati ons/pubDetails. asp?pubID= 138&user=D0888270C5 AF46 508BEC8472906F87 C3
ACI/KPMG resources on Risk Management
http://www.kpmg. com/aci/risk_ mgmt.asp
The Role of U.S. Corporate Boards in Enterprise Risk Management
Boards of Directors in the United States , having focused heavily on Sarbanes-Oxley requirements and more rigorous governance and compliance standards, are now beginning to assess their evolving role in providing oversight in the area of enterprise risk management (ERM). In view of the rapidly developing state of ERM in U.S. corporations, boards face a particularly challenging set of issues in responding to the need for improved oversight of risk management. The Conference Board with McKinsey & Company and KPMG's Audit Committee Institute conducted research on the role of U.S. corporate boards in Enterprise Risk Management between October 2005 through February 2006.
http://www.conferen ce-board. org/publications /describe. cfm?id=1190
Frequently Asked Questions in Corporate Governance (FAQs)
As directors, officers, and advisors work to safeguard and build the value of corporations, they often encounter new corporate governance issues and turn to NACD for answers. Below are some of the questions that our members and others have asked us in recent times, along with some brief answers and links to our current resources.
http://www.nacdonli ne.org/FAQ/
Tottel’s Corporate Governance Handbook, Third Edition
Tottel’s Corporate Governance Handbook provides invaluable, practical guidance to help you ensure your company functions legally and ethically. Corporate governance is playing an increasing part not just in how companies are run but also how they appear to be run from the outside. The new edition of Tottel’s Corporate Governance Handbook has been brought right up-to-date to provide practical and readable advice on how to ensure your company meets the required standards.
The NEW, fully updated edition includes:
Checklist for implementing the 2003 Combined Code
Assessing board and director performance
The on-going review of the Turnbull Report by the Flint Committee
HM Treasury policy on audit committees and governance of pension schemes
European corporate governance developments and NYSE corporate governance rules
And much more.
http://www.itgovern ance.co.uk/ products/ 453
Dialogue in corporate governance
The Dialogue in corporate governance initiative aims to facilitate better understanding of pressure and opportunities that arise in increasingly international capital markets. It encourages dialogue around business, investment accountancy and policy issues relating to corporate governance through publications, roundtables and face-to-face meetings.
Dialogue in corporate governance is convened by the ICAEW and its purpose is to: 1) challenge commonly held assumptions, 2) identify fundamental questions; and 3) set challenges for future research. http://www.icaew. co.uk/index. cfm?route= 144872
Tougher Boards for Tougher Times: Corporate Governance in the Post-Enron Era (John Wiley & Sons Canada , 2006).
http://www.wiley. com/WileyCDA/ WileyTitle/ productCd- 0470837306. html
The IIA's position statement regarding Organizational Governance.
In my view this is one of the most important papers that the IIA has issued in the past six to seven years. This position paper (it is the first item on the list) is available at:
http://www.theiia. org/?doc_ id=126
NACD Blue Ribbon Commission (BRC) reports.
www.nacdonline. org
1. The NACD BRC on Board Evaluation - 2005 Edition
2. The NACD BRC on Board Leadership
3. The NACD BRC on Director Compensation
4. The NACD BRC on Audit Committees
5. The NACD BRC on Director Professionalism
6. The NACD BRC on Role of the Board in Corporate Strategy
7. The NACD BRC on Risk Oversight
The Center for Strategic communication is to serve as an advocate for an integrated-communic ation approach to investor relations and corporate communication. World-class communication is a goal of any organization, and one of the most difficult challenges to CEOs is sending a clear and consistent message to highly divergent constituents. The Center would treat world-class communication as the “end goal” and will become the primary source for leading-edge and implementable strategies for any organization to reach that goal.
http://www.niri. org/about/ center.cfm
DM Extra is an electronic publication published by NACD. It is designed to provide you with immediate, up-to-date information regarding current events in the corporate governance arena. http://www.nacdonli ne.org/dm/ xtra.asp
I like this publication because it provides thoughtful, timeless, board level "perspectives" .
Three "classics" I strongly recommend you review include: (note - there are many more).
a. The Rise and Fall of Enron: Principles for Director Focus
http://www.nacdonli ne.org/members/ dmx/dmxtra_ 0202.pdf
b. Worldcom: Six Questions for Directors
http://www.nacdonli ne.org/dm/ NACD-Jul02- DMX-RE.pdf
c. Rise and Fall of Enron
http://www.nacdonli ne.org/nacd/ enron.asp? user
Business Planning Guide: Practical Application for SMEs
The Professional Accountants in Business Committee identified a practical business planning guide as a very useful tool for management, principally but not exclusively, operating in the small and medium entities (SMEs) area of the market. This information paper provides practical guidance that will help SMEs to understand their own business and industry, enabling them to better evaluate the business potentials and their associated risks. It will also be useful to small and medium-sized practitioners that are providing professional accounting services to SMEs.
http://www.ifac. org/Store/ Category. tmpl?Category= Professional% 20Accountants% 20in%20Business& Cart=11717418193 382 247
A Question of Trust
The latest issue of Tone at the Top, “Stakeholder Trust Remains a Hot Topic,” looks at seven things directors should consider in regard to rebuilding the trust of stakeholders. If your executive management and audit committee members are not already receiving Tone at the Top, please provide their mailing and e-mail information to pr@theiia.org. Many, many past issues are also accessible - go to: http://www.theiia. org/periodicals/ newsletters/ tone-at-the- top/
Definition of Investor Relations
Investor relations is a strategic management responsibility that integrates finance, communication, marketing and securities law compliance to enable the most effective two-way communication between a company, the financial community, and other constituencies, which ultimately contributes to a company's securities achieving fair valuation. http://www.niri. org/about/ mission.cfm
About TheCorporateCounsel .net
Following the long-standing tradition of The Corporate Counsel and The Corporate Executive, TheCorporateCounsel .net is an educational service that provides practical guidance on legal issues involving corporate and securities regulation and corporate governance practices - as well as many other areas impacting today's corporate practitioner. The Editor is Broc Romanek and the Associate Editor is Julie Hoffman, who are assisted by Jesse Brill, Mike Gettelman, and Alan Dye, among many others at Executive Press.
http://www.thecorpo ratecounsel. net/home. asp
"It Takes A Lot More Than Attitude...To Lead a Stellar Organization" - By Stever Robbins.Become a better leader in a Fun, Provocative Read! Looking for new ideas you can implement immediately to be a more effective leader? Pick up 'It Takes a Lot More than Attitude ... to Lead a Stellar Organization. . ' This
collection of essays explores with what it takes to be a great leader, in an engaging, no-nonsense conversation that keeps you turning the pages. It also makes a perfect gift for the person with the leadership title who just doesn't get it. Buy it at www.alotmorethanatt itude.com (The only book on leadership that starts by discussing the responsibilities of leadership, and goes on to reveal all the secrets the great leadership pundits never discuss. Like when and why you can wear a feather boa to staff
meetings...)
Purpose -- The Starting Point of Great Companies
The latest strategy & business (s&b) newsletter is out and this issue is regarding “Purpose and Innovation”. Consider checking out their web site too – (its amazing).
http://www.strategy -business. com/press/ enewsarticle/ enews102606
Creativity Fringes
Is your organization innovative? The Creativity Fringes newsletter is one of the best sources of thinking outside your box, and encourages creativity, innovation, etc., in everything we do in a light and educational manner. A truly great monthly read, past issues are available below.
http://www.fcg. gov/creativity_ fringes.shtml
Directors and Boards
http://www.director sandboards. com/
The Language of Compliance
The Language of Compliance is the biggest (3,500+ entries) resource for acronyms, terms, and extended definitions. Authored by Dorian Cougias and Marcelo Halpern it covers the terms found in HIPAA, SOX, GLB, CobiT, ISO 17799 and 27001, BCI, BSI, ISSF, and over 100 other regulatory bodies and standards agencies.
http://glossary. unifiedcomplianc e.com/buy_ now/the_language _of_compliance. html
Unified Compliance Project (UCP)
ITCi's Unified Compliance Project (UCP) is an independent initiative focused on supporting IT compliance management. The UCP parses and reconstructs complex corporate regulations into a holistic IT compliance view.
http://www.itcinsti tute.com/ ucp/
Audit Integrity
Audit Integrity research services support risk management practices that help investors, insurers and others lower risk and improve performance with objective ratings and reports. The Audit Integrity Accounting and Governance Risk (AGR®) rating is a measure of the overall risk related to corporate accounting and governance practices.
http://www.auditint egrity.com/ index..php
Audit Integrity Salutes Top 100 Firms for Excellence in Accounting and Governance http://www.auditint egrity.com/ upload/iblock/ 9a0/Audit_ Integrity_ 20070326_ Top100List. pdf
The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive.
www.gao.gov
Leading best practice guidance on various management practices - http://www.. gao. gov/aac.html
Leading IT and IM guidance - http://www.gao. gov/special. pubs/cit. html
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associat ed risks and recommended practices.
http://www.theiia. org/guidance/ technology/ gtag/
Board Governance – Deloitte’s Governance Repository
https://www. corpgov.deloitte .com/site/ us/menuitem. 88e49625b72277a9 8f220ce36cdf8a0c /;jsessionid= Cy7kGJSZVYbhbSRy qVXsz1s12ykvs3v6 hSKpkxHzLbVqlNkt Ttv9!-377936133! -608783955
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpar tnership. org/init- governance. html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saigloba l.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia .org/wiki/ Information_ technology_ governance
..
Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.
http://www.theiia.org/guidance/ technology/gtag/
Corporate Governance
This CEO-led task force has identified cyber security roles and responsibilities within the corporate management structure, referencing and combining best practices and metrics that bring accountability to three key elements of a cyber security system: people, process and technology.
http://www.cyberpartnership.org/init-governance.html
Australia has Corporate Governance Standards, the AS 8000 series at:
The AU Governance series has five main parts:
I. Good governance principles
II. Fraud and corruption control
III. Organizational codes of conduct
IV. Corporate social responsibility
V. Whistleblower protection programs for entities
http://www.saiglobal.com/
Information technology governance - From Wikipedia, (the free encyclopedia)
Information technology governance, IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley ( USA ) and Basel II ( Europe )), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.
http://en.wikipedia.org/wiki/Information_technology_governance
..
Subscribe to:
Posts (Atom)
