Sarbanes-Oxley (SOX)Resource Compliance Kit
Mandated Requirements
The SOX kit contains all of the tools that are need to comply with the Sarbanes-Oxley legislation. This tool kit has been used successfully by over 500 publicly traded companies.
ITIL and "Best Practices" are no longer sufficient to conform to the Sarbanes Oxley and COBIT requirements. There are many products on the market that claim they can track changes, that they can control/manage changes or that they can audit the use of products and the changes made to systems.
Almost all of the Change Management products are either "Electronic Paper" (i.e. they cannot prevent unauthorized changes from being made) or they react after the event based on cyclic comparisons of the various data sets. The time between the cyclic comparisons is an open door for anyone trying to manipulate the systems, and paper based systems offer no protection at all.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
The tools provided in these kits address not only the needs of Sarbanes-Oxley, COBIT and ISO -- they also provide a vehicle to comply with the IT Governance requirements.
CIO - CTO - CSO News
Hurrican Earl will test many Disaster Recovery and Business Continuity Plans
When Hurricane Earl, now a major hurricane, hits the East Coast of the U.S. later this week many enterprises will find that their Business continuity plans were not adequately tested.
Critical data centers, with backup generators, facilities and fuel supplies, are now built to continue operating during storms. The same can't be said for the computing setups that telecommuters maintain in their homes, and they may be put to the test this year.
Disaster Planning Base for Business Continuity
Last year there were only three hurricanes in U.S. waters last year, and none of them brought hurricane force winds over land in this country. In 2009, there were an average of 236 power outages a month in the U.S. Through July of 2010, the average had increased to 273 a month.
The need for teleworkers to be self-sufficient (and less dependent on coffee shops and local libraries for wireless access) is growing. In a report released last month, the Metropolitan Washington Council of Governments estimated that there as may be as many as 600,000 workers, or about 25% of the region's workforce, who telework at least one day a week. The council also discovered, via a telephone survey of more than 6,000 area workers, that the number of teleworkers could rise by 500,000 over the next few years.
When blizzards early this year prompted a multiday shutdown of federal offices, many federal employees rose to the challenge and continued to work, making good use of telework and other work flexibilities. The question is will Hurricane Earl be as easy on existing Disaster Recovery and Business Continuity Plans.
- more info
Cloud computing capacity planning is complex
The cloud computing model reduces the need for capacity planning at an application level. An application can simply request resources from the cloud and obtain them in less than an hour in accordance with dynamic demand. Thus, it is far less important to correctly predict the capacity requirements for an application than it is in traditional data centers, for which as many as six months might be needed to order and install hardware dedicated to the application.
On the other hand, virtualization makes it harder and more important to plan capacity from the data centers perspective. In the past, data center managers could use the projections from applications, take into account the hardware on order, and thus avoid having to dynamically adjust the capacity of deployed hardware. Traditionally, a data center would just need to make sure that it had the capability to support the hardware planned by individual applications. In a cloud environment, however, many different applications will be installed. It becomes the data center managers responsibility to predict the average or total resource requirement of all the applications and to order enough hardware in advance independently of the input from application owners.
The basis for capacity planning, then, lies in monitoring existing usage and keeping track over historical time periods. Long-term trends can be projected based on previous activity and adjusted without any knowledge of business plans. In a data center-driven cloud, typical capacity planning techniques can be applied for the most part. Since clouds use virtualized resources that share the same physical resources, this makes capacity planning somewhat more complex. In contrast, the capacity planning does not need to consider each individual application, and can simply track and project the overall summation of all applications on the cloud.
- more info
Cloud computing gone wrong
A leading software company in the application development and governance market, made headlines in 2008 when it decided to migrate all of their 600
employees from Microsoft Exchange to Google Apps. After months of user dissatisfaction, content loss and poor support, the company decided to make a full migration off of Google Apps to Microsoft's Business Productivity Online Suite. Since then, user confidence has returned, IT has once again become a trusted partner, and the company can increase their focus on their core business.
The Practical Guided for Cloud Outsourcing Template includes -- Sample Cloud Outsourcing Contract along with a Service Level Agreement and other tools to facilitate the cloud outsourcing process. The template includes Janco's exclusive Business and IT Impact Questionnaire.
The template is delivered electronically in WORD and/or PDF format. Included are two 3 page t job descriptions - Cloud Application Manager and Cloud Computing Architect. Sarbanes-Oxley issues are addressed directly, alond with an ISO 27001 and ISO 27002 audit program.
- more info
Google Desktop is in a World of Hurt
Janco has just released its Browser and Operating System Market Share White Paper. The study shows that in the last 12 months Microsoft's browser market share has continued to erode Microsoft lost over 4% in the last 12 months; Firefox's market share is unchanged for the last 12 months; and Google Desktop and Chrome now have just under 6%. On the operating systems side, Windows 7 is being accepted at a pace is parallel to the way Window XP was in the 90's. The CEO of Janco Associates, Victor Janulaitis said, "The last six months have been a mixed bag for Microsoft. Their browser market share has fallen to level that they back in 1998 with no end in sight. At the same time Windows 7 now has 17% of the OS market in less than 13 months since its availability."
Google Desktop is going the way of Netscape
Google Desktop has not taken off as the emphasis seems to be on Chrome. Based on these trends we belive that unless Google places more emphasis on Desktop, in short order Desktop will no longer be a force in browser market.
- more info
