Tool Kits -- CIO CTO Tools

Disaster Planning

IT-ToolKits.com is the resource site forService Level Agreements Metrics Information Technology management. This site contains the Information Technology and management infrastructure tools that the CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Security AuditDescriptions, IT Service Management,  Change Control, Help Desk, Service Requests, SLAs - Service Level Agreements, and Metrics.  Site includes Browser and Operating System Market Share White Paper and IT Salary Survey Data.

Disaster Recovery Templates are Sarbanes Oxley compliant and the Disaster Recovery Template is included in the Sarbanes Oxley Compliance Kit

IT-Toolkits.com supports a wide range of industries and enterprises of all sizes.  Our clients include over 2,500 premier corporations from around the world, including over 250 of the Fortune 500.

  IT Hiring KitIT Salary Data  IT Job Descriptions


Site Map

Provide Salary Survey Data

 Outsourcing Threat Vulnerability Assessment Business IT Impact - Sarbanes Oxley tool Record Retention and Destruction Policy

Special Offers

IT Service Management
CIO Productivity Bundle
IT Hiring Resource Kit
SOX Compliance Resource Kit
DRP & Security Bundle
Job Description Bundles

Download Salary Survey

NEWS -- The 2015 IT Salary Survey is now available. Study shows that IT salaries have fallen. Companies that participate get a free copy of the next survey when it is released.

Read On..

NEWS - Record Management, Retention, and Destruction Policy Template -  The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

Read on ...

IT Service Management - Service Oriented Architecture  

Follow Us - Get Exclusive
Premium White Papers

Follow Us TwitterFollow Us FacebookFollowu Us Blog Janco RSS Feed


Buffer
Bookmark
Del.icio.usFacebookCIO Daily

Provide Salary Survey Data

Disaster Recovery Plan Template
Security Manual - Sarbanes-Oxley
IT Infrastructure Strategy Charter ISO
IT Internet Metrics


Interesting Articles


Most security breaches are not discovered for over 9 months

Security Breaches - Secrurity BreachesSecurity incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks.

Most companies take over 9 months to discover a breach has occurred, often only when notified by outside parties. Surprisingly, a recent research study showed that more than 90% of successful breaches used only the most basic techniques. Today's advanced breaches can work over weeks or months, sending small, innocuous packets to command-and-control servers while
capturing secure or regulated information from your systems.

Order Security Manual Download Selected Pages 

 

- more info

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

 Order Disaster Plan TemplateDisaster Plan Sample

Following  the 10 commandments of disaster recovery and business contunity are the keys to a successful planning and execution of those plans.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

- more info

Security issues that CIOs need to manage

Security Manual

Security is a critical issues as related in several posts:

Order Security ManualTable of Contents

- more info

SEC requires security threats to be reported in 10-Ks

SEC now requires Companies now have to report cybersecurity risks in their 10-Ks, and asdvises them to include even possible threats whose disclosure are not currently mandated by state breach-notification laws.

The SEC feels that it is better to make disclosures if a company has had a number of incidents, even if they are not individually material.

Security Policies - Procedures - Audit Tools

- more info

GPS puts us closer to 1984 as predicted in Sept 2000 in PSR Reviews

Back in September of 2000, M V Janulaitis in PSR Reviews predicted that we were moving into a period when Orwell’s 1984 would be a reality.  Today with the new legislation for the USA Freedom Act (replacement for the Patriot Act), NSA data gathering, and even TV shows that show how we all can be and are tracked.  Privacy is now a luxury that is only available in areas where there is no cell or wifi coverage.  Two historic issue that you may want to read are:

  • 2000 is Closer to 1984 Than You Think
  • Face Recognition By Computer is a Reality

  • Electronic Sensitive Information Policy

    With identify theft and cyber attacks on the rise, you’re facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
    such as:

    • Implementing an information security program
    • Encrypting data
    • Notifying customers in the event of a security breach that compromises unencrypted personal information
    Order Sensitive Information PolicySensitive Information policy
    - more info