IT Service Management (ITSM) Policy Template
Service-Oriented Architecture (SOA)
Change Control - Help Desk - Service Requests
Blog - Personal Web Site - Sensitive Information
Incident and Problem Management
Your company can't afford to waste any IT infrastructure investment, but you probably can't afford to hire expensive consultants to develop an IT infrastructure to fully support your Service-Oriented Architecture efforts either. Fortunately, you can now use proven ITSM best practices while developing your own infrastructure. The IT Service Management for SOA is a best practices methodology from Janco Associates that provides predefined standards, policies, and procedures for an enterprise to support its efforts as it begins the implementation of a Service-Orient Architecture.
The Template come in following versions:
- Standard Edition - ITSM Service-Oriented Architecture Template (WORD) - ITIL and ISO 20000 compliant
- Silver Edition - ITSM Service-Oriented Architecture Template (WORD) and 14 key Job Descriptions (WORD)
- Gold Edition - ITSM Service-Oriented Architecture Template (WORD) and 230 plus Internet and IT Job Descriptions (WORD).
- Platinum Edition - ITSM Service-Oriented Architecture Template (WORD), 230 plus Internet and IT Job Descriptions (WORD), Internet and IT Positions Descriptions HandiGuide (639 pages PDF format), PLUS up to 5 custom job descriptions when Job Content forms are provided to us within 30 days of purchase.
The IT Service Management SOA Policy Template is a 126 page document that contains policies, standards, procedures and metrics that comply with the ITIL Standard. Included in the template are:
- Service Requests Policy
- Service Request Standard
- Help Desk Policy
- Help Desk Standards
- Help Desk Procedures
- Help Desk Service Level Agreement
- Change Control Standard
- Change Control Quality Assurance Standard
- Change Control Management Workbook
- Documentation Standard
- Application Version Control Standard
- Version Control Standard
- Internet, e-Mail and Electronic Communication Policy
- Blog & Personal Web Site Policy
- Travel and Off-Site Meeting
- Sensitive Information Policy
- Sample Service Level Agreement with Metrics
In addition, the ITSM SOA template includes the Business and IT Impact Questionnaire, a Change Control Request Form and an Internet Use Approval Form. The document conforms with ITIL and has been updated to focus on supporting the the development, implementation and operation of a Service-Oriented Architecture.
The template can be purchased by itself or with supporting job descriptions. We do provide an update service for the template as it is modified. You can see a full table of contents and some sample pages by clicking on the link below.
The ITSM Silver Edition contain the following 14 job descriptions in MS Word format:
1. Director Sarbanes-Oxley Compliance
2. Manager Change Control
3. Manager Customer Service Center
4. Manager Help Desk Support
5. Manager Metrics
6. Manager Quality Control
7. Manager Service Level Reporting
8. Manager User Support
9. Capacity Planning Supervisor
10. Change Control Analyst
11. Change Control Supervisor
12. Help Desk Analyst
13. Metrics Measurement Analyst
14. Quality Measurement Analyst
The Information Technology Service Template comes in Word and PDF Formats. In addition the Silver version include the 14 job descriptions listed above (PDF and Word format), the Gold version includes the 230 plus jobs from our Internet and IT Position Descriptions HandiGuide, and the Platinum Edition contain the PDF (over 635 pages) Internet and IT Position Description HandiGuide - 2008 Edition.
The table below provides more data on each kit.
|
IT Service Management Template Versions |
||||
| Standard | Silver | Gold | Platinum | ||
| IT Service Management Template | X | X | X | X | |
| IT Service Management 14 detail job descriptions - Word Format | X | X | X | ||
| Internet & IT Job Descriptions (Over 230 job descriptions) - Word Files - 1 per job description Includes all 14 IT Service Management positions - For a list of jobs click here | X* | X* | |||
| Internet & IT Job Descriptions HandiGuide® - PDF | X | ||||
*Note: The 14 ITSM positions are included in the Internet and IT Job Description HandiGuide® and in the individual job description word files.
Latest News for CIOs - CTOs - CSOs
USB flash drives a major security risk
According to the Washington Post, a top Defense Department official is speaking publicly a successful, high-profile infiltration of a computer network belonging to the US military's Central Command.
Deputy Defense Secretary William J. Lynn III describes the attack in an article to be published today in Foreign Affairs. The incident occurred in 2008 at a post in the middle east and was performed by means of a USB flash drive which installed malware. "That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," according to Lynn. In 2008, the Los Angeles Times reported, citing anonymous Defense officials, that the incursion might have originated in Russia.
"Operation Buckshot Yankee," which countered the attack, was a turning point for military computer security. Part of the response was a temporary ban on the use of flash drives in military computers. That ban has since been modified. The broad outlines of the attack have been reported over time, but the details had heretofore been kept secret.
The Post suggests that Lynn's article is aimed in part at raising awareness of the problem and of DoD's actions in response, particularly "active defense" which seeks out intruders on the network. It is also an exercise in public lobbying for DoD to have a role in national cyberdefense. Current legislative proposals generally give the Department of Homeland Security primary responsibility.
- more info
IE continues to lose market share
Microsoft Continues to Lose Browser Market Share!!!
Vista Dead In Its Tracks - Windows 7 Does Better?
The summary findings in Janco's Browser and OS Market Share White Paper are:
- Firefox challenged Microsoft as no other competitor has done in quite some time but Microsoft seems to have addressed this
- The SmartPhone market has taken off and users no longer have to depend on a PC to access the Internet
- Users are staying current with the latest versions of IE, and Firefox via the automatic update feature.
- Googles Chrome is disappointing and has captured only a little over 5% of the browser market since its introduction.
- Internet Explorers market share continues to fall.
- Attacks on browsers are moving many users to the automatic update feature to get the latest versions of the browsers.
- The door was open for Google with both Desktop and Chrome it is not clear that the current offering by Microsofts competitors can do more damage to Microsoft browser market share. However Microsoft must address the SmartPhone market to maintain its leadership position.
- more info
Blackberry under attack again...
India's government is the latest in a long list of national governments that have recently threatened to shut down BlackBerry services over security issues. The United Arab Emirates has said it will halt Blackberry Messenger, e-mail, and Web browsing starting October 11. Indonesia and Saudi Arabia also threatened to block BlackBerry Messenger service. Saudi Arabia reached a deal with RIM over the weekend, and a ban that was to go into effect starting Monday was lifted.
Meanwhile, countries in Europe, such as Germany, are also putting pressure on RIM to loosen its security enough so that communications can be monitored. The German government has urged staffers not to use the BlackBerry, and several ministries have banned them, Reuters reported. And last week, the European Commission rejected the BlackBerry as a handset for its employees, opting instead for Apple's iPhone and HTC smartphones.
India's decision followed a meeting that Home Secretary G.K. Pillai had with officials from India's Department of Telecommunications as well as other federal security agencies, according to Reuters.
Governments say the BlackBerry's tight security is a concern as they try to combat terrorist attacks and other illegal activities. India, for instance, is trying to keep a lid on fighting by insurgents in Kashmir as well as potential threats from Pakistani militants.
Of RIM's 46 million users worldwide, about 1.1 million are in India. India is among the fastest-growing markets for the BlackBerry. This is an important factor given that the North American market, RIM's stronghold, is becoming saturated. RIM and other phone makers need to look to developing countries, such as India and nations in the Middle East, for growth.
If RIM is unable to satisfy India's security demands, the services that would be shut down are the BlackBerry e-mail service and instant messaging.
- more info
IT infrastructure is complex
Todays IT infrastructure is complex. The number of IT assets in the infrastructure that an enterprise level organisation must manage can be overwhelming - different platforms, devices, servers, applications databases and more. And the sheer volume of activity that occurs in this infrastructure is almost too large to imagine. Many organisations have technology located in different places around the world. In the retail and hospitality industries for example, these organizations have corporate data centers plus thousands of tills and point of sale (POS) devices in stores and hotels that introduce potential risk.
In addition, to drive down costs, organisations have turned to potential cost-savings technology such as virtualisation. But such actions introduce new complications. Virtualisation may provide cost-savings, but managing these highly dynamic virtual machines introduces a new layer of risk and requires greater visibility into the activities on these systems.
- more info
Security infrastructure definition key to productivity
Complex security policies can be difficult for employees to follow, it is unrealistic to leave security in the hands of mobile employees. An effective enterprise security
- more info
- Protect systems: Asset tags can help simplify asset management by identifying individual devices. When used in conjunction with server-side asset management toolssoftware, these tags can give IT organizations the ability to monitor internal system components. In addition, dedicated security locks can help prevent theft. Visual deterrent labels and company logos offer an additional layer of protection against common theft because they can prevent an easy resale.
- Protect data: When physical protection fails and a mobile device is lost, stolen, or damaged, it is critical that organizations retain the ability to protect sensitive enterprise data on the system. Data protection is linked to efficient access management. If authentication is not well managed, data protection can be difficult - especially if it is not centrally controlled. With a central security management solution a server-side application that interacts with the client-side software for central management IT departments can maintain control over key client security features and link them back.
- Prevent unauthorized access: Security policies must strike the correct balance between providing the right people with access to the right level of information and blocking access for improper users. Authentication is key to enabling secure data access because it focuses on identifying the user. Authentication methods can include smart cards with PIN access, contactless cards, or unique biometric verifiers such as Federal Information Processing Standards (FIPS) - certified embedded fingerprint readers. Multi-factor authentication is the combination of these technologies into one strong authentication process, whereby any end user may be asked for more than one form of authentication.
- Prevent malicious attacks: Network security should focuses on antivirus deployment and securityappliances, targeting three lines of
defense: endpoint protection, which relies on software designed to safeguard mobile devices; network traffic monitoring, which uses appliances to watch for unusual data traffic patterns on enterprise networks; and Internet gateway appliances, which serve as filters and firewalls that selectively identify and block potentially dangerous data.
Government employees continue to breach privacy of individuals
According to Gazette.net, a Maryland Department of Human Resources employee has been fired for posting about 3,000 names, Social Security numbers and other personal information on his personal website.
The information, which belonged to department clients who use food stamps, housing programs and other social services provided by the state, had been posted on the employee's website since April 27. The site has since been removed and there is no indication that the information has been misused.
The Baltimore Sun reports that a DHR spokeswoman, says it is unclear why he used the data in an unauthorized way.
The incident is still under investigation and no decision has been made yet about whether criminal charges will be filed.
- more info
Record Management Needs to Include Email
As the importance of IT, the Internet, SmartPhones, and email has grown, its legal status has changed with far-reaching consequences. A variety of laws and regulations have been extended to cover all business records, including email and all communications in both public and private sectors. Sarbanes-Oxley (SOX) and other mandates requirements touch almost every facet of paper and electronic data.
Among other provisions, SOX requires companies to maintain all audit or review work papers for at least five years. For registered public accounting firms, the period is at least seven years. Penalties for noncompliance include severe fines and even imprisonment, and intentionally altering or destroying records can bring even more serious consequences.
Consider that most work papers and records are created as emails and may never exist in physical form. An email can be deleted in violation of SOX at the click of a mouse. Key considerations for ensuring your company meets SOX record-keeping requirements include:
- more info
- Can employees reliably distinguish ordinary emails from protected business records?
- Are you be certain that employees are storing the protected emails for the required time period?
- Is there a process in place for storing physical copies of every protected business records and emails?
- Are you certain that no one is hacking into your email system and maliciously changing records?
Wi-Fi needs to be secure
You can secure your wireless network in little time with these 5 simple rules:
- more info
- Secure your access point administration interface: The default passwords of most standard devices are already known to most hackers. So, when you set up your router through the web interface, change the default password and write it down somewhere safe.
- Stop broadcasting your SSID: Your wireless router continuously transmits your SSID (Service Set Identifier). While this is useful in an office where many people are going to connect to your network, at home this is certainly not needed. Turn SSID transmission off as soon as you can. Wireless LAN "sniffers" will still be able to detect your network, but other than that, your network will mostly be shrouded from outsiders.
- Use MAC address filtering: Turn on MAC address filtering on your wireless router configuration utility. By doing so, you can add the MAC addresses of all of your networking devices to the address pool of the router. This way, no one outside your home network will be able to access your network.
- Reduce the power of transmission: Reduce the power of your wireless transmitter to such a degree that the signal does not reach outside your faciltiy or home. This will keep most outsiders at bay.
- Disable remote administration tool: Your remote administration utility is seldom used. So, keeping it on exposes your network to outsiders. Turn it off for enhance your network security.
Feds to spend billion on cybersecurity research
As the Obama administration and Congress propose various measures to improve the nations cybersecurity, the Office of the Director of National Intelligence is planning to spend "multiple billions of dollars" on cybersecurity research.
The deputy director of national intelligence for acquisition and technology, said at a recent cybersecurity summit sponsored by Defense Daily that her office, together with the White House Office of Science and Technology, will be sponsoring "innovative" research addressing three areas, the Washington Post reported:
- more info
- Multiple security levels for government and non-government organizations.
- Security systems that change constantly to create moving targets for hackers.
- Methods to motivate individuals to improve their cybersecurity practices.
Disaster Recovery / Business Continuity is Not the Place to Cut Costs
In today's business environment, many enterprises are looking for way to reduce their expenses by cutting overhead. Often this takes the form of reducing headcount, particularly in areas that are regarded as ancillary or non-core components of the enterprise.
Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.
Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.
Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.
- more info
