Disaster Recovery Plan Template

Disaster Recovery Plan (DRP) can be used as a Disaster Planning template for any size of enterprise. The Disaster Recovery template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template comes as both a Word document and a static fully indexed PDF document.

More...

---

Security Manual Template

Security Manual for the Internet and Information Technology is over 220 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA.

More...

---

RSS News Feeds

 - Janco

 - IT Productivity Center

 - ejobdescription

 - psrinc

 - IT Toolkits

 - DRP Template

---

Other News Links

 

---

Security Audit Program

ISO 27001 - ISO 27002 -
Sarbanes Oxley
Patriot Act  - HIPAA
PCI DSS Complaint

 

 

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO 27001 and ISO 27002, Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

• Corporate Security Management
• Systems Development and Maintenance
• Information Access Control Management
• Compliance Management
• Human Resource Security Management
• Information Security Incident Management
• Communications and Operations Management
• Organizational AssetManagement
• Physical and Environmental Security Management
• Security Policy Management
• Disaster Recovery Plan and Business Continuity

IT Toolkits update service is available for the Security Audit program.  The update service is for 12 months from the date of its purchase.  This subscription also provides you with membership in our ELITE SUBSCRIBER SERVICE which provides you with copies of Janco's and IT-Toolkits' White Papers, Surveys, and selected new products before they are released to the general public.

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

• Read me - General instructions on the use of the Excel worksheets
• Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.
• Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.
• Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.
• Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.
• Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.
• Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program.  In the sample above it is easy to see those areas where improvement is need.

 

 

 

 

Security and Auditing News

---

Outsouring impact IT Service Management

Lack of proactive monitoring threatens end-user satisfaction and application performance

To operate a cost-effective business in today’s highly competitive market, an organisation requires an extremely efficient IT infrastructure to link its data centers, business operations and globally distributed customers. All business-critical applications must run smoothly to satisfy end-users’ and customers’ service level expectations. Consequently, an enterprise's IT support services play a vital role. Many international businesses, for example, operate multiple hosted data centers and have communication rooms in many of their overseas locations. These same businesses often outsource some of their IT operations management 

However, executives are concerned about poor visibility of IT infrastructure problems, high levels of service disruption, low end-user satisfaction and the impact on application availability. Visibility of an enterprise's infrastructure’s performance and availability are often inadequate because they have very little monitoring and performance information. Thus, they are a reactive organization. Enterprises must introduce an IT Service Transformation process to improve all aspects of IT Service Management (ITSM) and act as a foundation to monitor the critical business processes, which cover multiple applications and infrastructure integrated incident, problem and asset management.

Key objectives are to manage the infrastructure and applications proactively; generate a centralized system for their outsourced service providers; and link problems to their existing help desk.

- more info

---

Data Breachs Costly

The financial consequences of data breaches can be severe. Many organizations lose customers and revenue because of the violation of trust incurred from a breach. Due to the growing number of state privacy laws, most breaches require that those whose information is compromised must be notified. Most organizations now pay for credit monitoring services for several years for all those impacted by a breach -- these services typically cost about $100 per person per year. And in some cases, organizations are subject to fines for revealing personal information.

Security Policy Manual (policies and procedures template) is over 240 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority and security myths need to addressed.

- more info

---

Dow sinks over 600 points as China and Obama square off

 WASHINGTON-- The Dow skids by over 600 points as the Obama adminsitration squares off with China.  China responds with "no more loans". 

U.S. Internet companies might soon need to find a new strategy for dealing with China.

In announcing that it is now U.S. policy to advocate a free and open Internet around the world, Secretary of State Hillary Rodham Clinton on Thursday essentially dared U.S. companies to follow Google's lead and put an end to their complicit censorship of Internet content. Google has said it will shut down its Chinese search engine if it can't find a way to offer an uncensored version under Chinese law, and while no one else has jumped on that bandwagon, they may soon have little choice.

"We are urging U.S. media companies to take a proactive role in challenging foreign governments' demands for censorship and surveillance. The private sector has a shared responsibility to help safeguard free expression. And when their business dealings threaten to undermine this freedom, they need to consider what's right, not simply what's a quick profit," Clinton said in remarks Thursday at the Newseum, before an audience including members of Congress, representatives from nonprofit groups, and perhaps more than one Internet company executive forced to ponder the meaning of that paragraph.

Clinton stopped short of actually proposing regulations or sanctions on Internet companies that comply with censorship laws. But her tone was clear: it's now the policy of the U.S. government to renounce corporate "engagement," or the belief that by merely being in countries like China, U.S. Internet companies are helping expand access to information.

Will it work? Google, Microsoft, and Yahoo have already formed the Global Network Initiative, a consortium of companies and organizations designed to provide guidelines for operating in countries with authoritarian governments without turning into tools of those governments. Clinton acknowledged the work of the GNI during her speech, but is calling on companies to do more.

- more info

---

Firefox plugs away in a tough market

Mozilla released a second release candidate of Firefox 3.6 browser, a modest upgrade that embodies Mozilla's effort to increase the frequency the open-source browser is developed.

The president of Firefox, announced second Firefox 3.6 release candidate Sunday but didn't share details. The release notes were equally mum, but the update process called the new software a "security and stability update."

        

The software is available from Mozilla's download site. More than 1 million people are testing Firefox 3.6 at present, and more than 300 million overall use Firefox, Mozilla said.

The new version includes Personas to let people customize the browser's appearance; blocks third-party software from encroaching on its file system turf to increase stability; and--perhaps most significantly given the competitive threat from Google Chrome--shortens start-up time and improves responsiveness and JavaScript performance.

- more info

---

Wireless spectrum may be overloaded

The FCC has identified the limited supply of wireless spectrum as one of the factors that could limit the growth of broadband Internet services in the U.S., which could result in slower economic growth and job creation.

Wireless spectrum will be addressed, along with other factors affecting broadband access and services, in a national broadband plan that the FCC is now assembling. The plan was originally due to be completed next month, but the FCC received a 30-day extension from the U.S. Congress.

The wide array of devices on display at CES that rely on wireless broadband underscores the urgency of resolving the spectrum issue, Genachowski said. "The wireless infrastructure in the U.S. will be our platform for ongoing innovation and investment," he said.

With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.

- more info

---

New CTO for Virginia

Virginia Bob McDonnell has nominated Jim Duffey to serve as his secretary of technology, according to announcement today from the Northern Virginia Technology Council.

Duffey, president and chief executive of Duff Consulting, spent 24 years at EDS Corp., where he held a variety of positions in the United States and Europe, including three years as vice president and public-sector general manager, responsible for all of EDS' state and local, federal, civilian, military and Medicare client relationships.

He also is a former vice president and public-sector general manager at Dell.

Duffey has served on NVTC’s board of directors since 2004 and was vice chair from July 2006 to January 2009.

"Jim will bring a strong private-sector perspective to state government and enthusiastically champion the issues and initiatives that are so critical to our regional and statewide technology community," said NVTC Chairwoman, president of U.S., Europe and Asia at CGI.

 

- more info

---

Credit Card Haker Pleads guilty

 (Reuters) - A 28-year-old college dropout pleaded guilty on Tuesday to charges that he stole tens of millions of payment card numbers by breaking into corporate computer systems.

The hacker, Albert Gonzalez, told a federal judge in Boston that he had engineered electronic thefts at companies including the card processor Heartland Payment Systems, the convenience store 7-Eleven and the Hannaford chain of New England grocery stores.

Mr. Gonzalez has previously pleaded guilty to computer break-ins at the retailers TJX Companies, BJ's Wholesale Club and Barnes & Noble.

"You face a considerable amount of time in jail as a result of your plea," Federal District Judge P. Douglas Woodlock told Mr. Gonzalez. "All aspects of your life are to be affected."

A federal court in Boston last week sentenced one of Mr. Gonzalez's conspirators, Stephen Watt of New York, to two years in prison for developing the software used to capture payment card data. It also ordered Mr. Watt to pay $171.5 million in restitution.

- more info

---

Over one third of HR executives ignore unemployment status of employment candidates

Boston - Results from new research released by Veritude, astaffing services provider, indicate a positive sign for the New England economy. All surveyed executives in New England, and across the country, are accepting of the economy as a reason for an extended unemployment when reviewing candidates. Specifically, when it came to examining the acceptable length of time for a candidate to be unemployed, 36 percent of responding executives said they did not believe it mattered how long a candidate was unemployed given the recessionary conditions, with 36 percent indicating that six months or less was their ideal length of unemployment.

The survey also revealed that when making hiring decisions, 44 percent of executives have no preference for a candidate's employment status. In addition, one-third of New England hiring managers and human resources professionals are considering rehiring information technology (IT) employees whom they had laid off.

“According to our survey results, it appears that 2010 will be a better year for IT job seekers in New England,” said a senior vice president of Veritude. “With half of employers looking to hire back a portion of their laid off IT workers either as full time employees or contractors and employers accepting the economic downturn as a reason for an extended unemployment, IT job candidates should take heart that their employment status will not significantly bias a potential employer.”

Although in the minority, 19 percent of those surveyed do prefer candidates who are currently employed as regular, full-time employees. Candidates who are either employed full-time or currently employed as temporary or contract workers are preferred by 22 percent.

Of all hiring executives, 53 percent did not care if a candidate was laid off in a first round as opposed to a subsequent round. While the majority did not have an issue with laid off workers, 17 percent of respondents found it more acceptable if a worker was not one of the first to be laid off.

- more info

---

NASA to release multi-billion dollar IT contracts

NASA says it’s on track to open competition as early as Dec. 4 for the first project in a series of large information technology services contracts that have been estimated to be worth more than $4 billion total.

NASA plans to award five contracts as part of the Information Technology Infrastructure Integration Program (I3P) acquisition to consolidate the agency's IT and data services. Input Inc., a market research firm, has estimated the total value for the five contracts, based on NASA’s draft RFPs, to be $4.3 billion. The services contracts would consolidate current NASA contracts such as the Outsourcing Desktop Initiative for NASA and Unified NASA Information Technology Services.

The agency could release the Web Enterprise Service Technologies (WEST) final request for proposal (RFP) as early as Dec. 4, NASA said on Nov. 20. WEST would be a contract for public Web site hosting, Web content management, messaging and calendar services.

In addition, NASA said on Nov. 25 that it plans to release on or about Dec. 11 a final RFP for the NASA Integrated Communications Services or NICS contract for wide area network services, local area network services, telecommunications services, video services, and data services.

The agency also plans to release a final RFP for the Enterprise Applications Service Technologies or EAST contract for services that involve NASA’s Enterprise Applications Competency Center on or about Dec. 18, the agency said.

- more info

---

Virtualization improves disaster planning and change control

IT has been reported that organizations implementing virtualization often experience less server downtime than organizations not deploying virtualization, and many have taken steps to provide better disaster recovery than they could have in an unvirtualized environment.  Several surveys show  that virtualized environments experience between 35%  to 40% fewer server outage hours per year than unvirtualized environments.

The reasons often given are:

• Simplification - Virtualization allows more OS workloads and more applications per server. This results in fewer servers and more standardization, which results in easier provisioning of new or redeployed applications.
• Independence - Since the OS/application workload does not tie to a specific physical server, IT Management can migrate their workload from server to server thus becoming free a particular server. This facilitates the ability to dynamically migrate  applications from an overused or failing server to a healthy server, avoiding outage.
• Flexibility - Virtualization simplifies the process of initiating an OS/application. This enables IT management to have options for locating the OS/application on a particular physical server.  In that way IT Managers can easily suspend, relocate, and restart applications that are degrading on a server.

• Better Change Management - Virtualization makes it easier for system administrators to set up a replicate test OS image, which makes it easier to fully regression test new configurations (new application releases, new software versions, etc.). Fuller regression testing of new configurations results in fewer defects encountered in production.

- more info

---

Smartphone selection tool has major defects

InfoWorld has put a smartphone selection tool on its web site that excludes several major factors that users need to keep in mind when they select a smartphone and provider.  The calculator does not take into effect the coverage provided, if the phone can be used outside of the US, GPS, Wi-Fi, tethering, and features locked by the provider. 

The selection tool includes only the iPhone, Eris, Droid, Pre, Blackberry Bold and Blackberry Storm.   Whoever created the analysis must live in New York, Boston, or San Francisco.  If they travel to places like Utah, Mexico, Canada, or Europe they would easily see the tool is not really very functional.

When you re-set the tool to InfoWorld’s values you can see they have a basis to the iPhone which is a great phone but one that does not offer the coverage or features necessary to operate outside of big cities that have AT&T 3G services. 

This does not help in setting standards for travel and off-site meeting policy and standards.

 

- more info

---

Job cuts continue

Electronic Arts, the video game company, said it would lay off 1,500 workers and shrink its product lineup, even as it announced that it had acquired Playfish, a start-up that makes online games.  Salaries will stay flat as well.

The company said the new job cuts were equivalent to 17 percent of its work force. It plans to cut its staff and close several offices by March 31. In a conference call with analysts, executives did not say which game titles they would cut, but that games in the bottom third in sales were at risk and that some games in development would be canceled. The cost-cutting plan would save at least $100 million this year, the company said.

- more info

---

Security Policies Required to Stop SPAM

Security policies and audit procedures are required if enterprises look towards stopping spam.  Courts and lawsuits do not help.

For example, spammers allegedly obtained the login credentials for Facebook accounts. The accounts were then used to send spam to those users' friends starting around November 2008. The spam either linked to other phishing sites that sought to collect more Facebook account credentials or linked to other commercial Web sites that paid spammers for referrals.

In May 2008, the same spammer was found guilty of violating the CAN-SPAM act and was ordered to pay $230 million for spamming and phishing on MySpace. The spam led to gambling, ringtone and pornography sites.

Facebook may choose to close the file once the default judgment is entered against the spammer, the court filing said.

- more info

---

Fraud in H-1B Visa Program Shows Huge Gaps In Monitoring

An immigration lawyer in West Covina, Calif., a suburb of Los Angeles, and his business partners have been charged with visa fraud in relation to an elaborate scheme targeting immigrants, according to a report from the U.S. Immigration and Customs Enforcement agency. 

   

IT Salary Survey

According to the ICE, the group is accused of selling the illegally obtained visas, including those in the H-1B category, for prices ranging from $6,000 to over $50,000. With the illegal proceeds from the immigrants, the group allegedly then purchased empty cemetery plots and plaques in Rose Hills Memorial Park, in Whittier, Calif., to hide the funds.

Why empty burial plots? Funeral professionals say these plots are considered investments that can grow at a rate of 10 percent a year, according to the ICE news release. ICE said this may be the first case of money laundering involving cemetery plots in California's history.

In the LA Times - 'It's unique in the sense that we haven't run into this before that an individual seeking to hide proceeds goes out and purchases cemetery plots,' said the ICE assistant special agent in charge. 'There are always new ways in which criminals will try and hide money, but this is by far one of the most unique.'

The question remains whether this case will weaken support for the H-1B visa program and help boost stronger, more proactive audit measures such as those in proposed legislation. 

- more info

---

Preventing Data Breaches

It is critical that organizations are proactive in their approach to mitigating insider threats. Week-after week there are disturbing, déjà vu-like stories of significant data breaches, arrests connected to insider attacks, or investigation reports emphasizing the necessity to control privileged accounts that hold highly sensitive data. With no safeguards in place, insider attacks are often very difficult to detect and block, largely because of excessive privileges granted to users, users sharing common log-ins and accounts, and privileged users such as testers, developers and even DBAs having access to sensitive data.

This Security Manual for the Internet and Information Technology is over 220 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000, PCI DSS, and HIPAA.

- more info

---

The FCC does not have a definition for what broadband is

The FCC has launched a campaign to define exactly what constitutes "broadband" and providers of the high speed service may not like how it is defined and how the FCC views their delivery of broadband.

In a notice the FCC said it is seeking "tailored comment" on broadband in connection with developing a National Broadband Plan as it relates to the American Recovery and Reinvestment Act of 2009.

Consumers have often been bedeviled by service providers claiming features for their broadband services that somehow aren't experienced by the consumers.

"...Advertised throughput rates generally differ from actual rates, are not uniformly measured, and have different constraints over different technologies," the FCC noted in its posting and added that "it is unclear what the end points of the connection are over which throughput is measured or whether the performance of the end point is reflected in the stated throughput."

The FCC wants to develop accurate and uniform definitions for broadband to help in its development of a national broadband plan it expects to submit to Congress in February. The National Broadband Plan Notice of Inquiry has observed that "broadband can be defined in myriad ways."

U.S. broadband rankings have been slipping in recent years to the point that the Organization for Economic Co-operation and Development found the U.S. was in the 19th place in the worldwide rankings with a 9.6 mbps advertised rate. Japan led the 2008 rankings with 92.8 mbps and Korean was second with 80.8 mbps.

- more info

---

Data deduplication an avenue towards cost savings

It is estimated by some that corporate data has grown by 25% in 2009 after several years of increases at two to three times that rate. When you combine this with flat to decreasing IT budgets, something eventually has to give. Companies are now forced to make a choice. They will have to either keep buying more storage - which means other budgeted items go unfunded -and deal with the increased operating costs associated with managing more devices, such as power, cooling, and data center space or reduce the amount of data retained, which could impact compliance, recovery service level agreements, and business intelligence initiatives. Data deduplication approaches offer IT a hybrid alternative, which is to remove redundant content before it is ultimately stored - eliminating most of the downstream negative effects, which capacity would cause.

The gains in capacity savings provide customers with much more optimistic outcomes, such as the ability to retain more "virtual" and true information online for longer periods, dramatically lowering the operating impact of supporting that data and enhancing data protection operations with disk. These outcomes can lead to huge downstream financial benefits, such as moving corporate archives from tape to disk to assist corporate counsels in responding to electronic discovery requests.

For example, in a 2008 survey, approximately 60% of U.S.-based trial attorneys reported having cases that raise electronic discovery issues. Of that group, over 86% have issued or received a discovery request for electronically stored information since the new Federal Rules of Civil Procedure went into effect in December 2006. Corporate counsels need to quickly be able to run searches against centralized online archives in order to facilitate early case preparation and potentially avoid legal expenses because of reaching a settlement prior to trial.

- more info

---

Compliance Impacts IT Productivity - Costs Continue to Rise

Already over-burdened IT and security teams struggle to collect, organize, and disseminate the required data. If administrators spend three to five hours each week supporting audits, that is a 10 percent tax against productivity. Further, more than half of larger organizations manage 10 or more regulations. Multiple regulations compound effort and complicate both policy and control decisions.  System inefficiencies in the compliance  audit process are:

• Policy definition
• Policy implementation and lifecycle management
• Data collection to validate policies and configurations
• Monitoring, issue, and patch management
• Measurement and scoring to document non-compliance
• Waiver management
• Reporting against key mandates and internal policies

- more info

---

How to Identify Gaps in Your Security

Define requirements and gaps. Start by defining the broader problem and document all relevant business, legal, and regulatory requirements.  After defining the requirements, identify the gaps. Where can the current processes and team be improved? What is missing? What is being done right and who is involved? Often, interested parties can be entrusted to improve other processes. Bring in senior leadership, midlevel managers, IT, end-users, and the necessary ancillary departments such as legal and auditing.

Each gap should be threat-modeled and evaluated for security risk. Calculations for security risk need to include real risk, potential incidence of occurrence, and potential damage costs. Gaps with the highest security risk should be closed first. Of course, you cannot forget the political layer. Sometimes you must do a project simply because someone above wants it done.

- more info

---

Hiring the right employee - CIO issue number one

Hiring is the most critical aspect of a CIO's role.  For a CIO it can be fatal of they hire a new employee find out there is a mismatch.

While the new employee looked impressive on paper and interviewed well, your new hire's style, approach, and behavior on the job are simply inconsistent with the values and expectations of your organization. The new employee's modus operand is foreign to their colleagues.  This results in:

• Inadequate capability to perform in the job they were hired for
• Poor relationship with co-workers
• Poor relationship with managers and CIO

   

CIOs need to understand that capability does not necessarily mean an individual is a good fit. Capability refers to the skills, tools and experience that a person needs to successfully perform a job. It is no secret that most candidates exaggerate their abilities on their resumes and job applications.  Things to look for are:

• Skills Definition - Good Job Descriptions - Do you know what skills are needed to perform the job and whether the employee possesses those skills? If they do not possess the necessary skills, how will the CIO help them to acquire them, and how long do you expect that process to take?  It is in everyone's best interest for the CIO to set appropriate expectations for the employee from the beginning. This is especially true if the job requires special technical capabilities.
• Tools Definition - Good IT Infrastructure - Even if an individual has the skills and experience to do the job, do they have the tools to deliver peak performance? For example, a highly skilled and experienced web designer cannot build a website without adequate computer hardware and software. The tools do not have to be the most up-to-date, but a system that crashes can be incredibly frustrating and unproductive, even to the best performer.
• Experience - Just because an employee has the skills to do a job does not mean that they has the experience to apply those skills in his specific position. This is especially true for recent graduates, outside hires from different industries and internal hires from different departments. While the required skills may be similar from one job to the next, differing applications and terminology may require that the new hire take time to learn the nuances of his new position.

- more info

---

Blackberry stubs it toe with Blackberry Tour

The BlackBerry Tour is available to both Verizon Wireless and Sprint customers.  However, there are reports that the Blackberry Tour has return rates of up to 50% due to a defective track ball.

Sprint is telling a much different story. "We experienced a small percentage of early production Blackberry Tour smartphones with trackball issues," a Sprint representative said. "As soon as the issue was identified, we worked closely with our partners at RIM to resolve the problem quickly. Any customer experiencing issues with the Tour should visit a Sprint service and repair center."

The Verizon offering

• The good: The RIM BlackBerry Tour 9630 offers world-roaming capabilities as well as Bluetooth, GPS (VERIZON TOWER TO TOWER -- not real GPS), and a 3.2-megapixel camera. The smartphone offers a design that combines a sharp display and an easy-to-use QWERTY keyboard in a compact size.
• The bad: The smartphone lacks Wi-Fi. The Web browser falls short of the competition, and there's a bit of shutter lag on the camera. You can't save applications to a media card.

RECOMMENDATION -- Buy only if you must have a Blackberry - the iPhone is still better according to Janco Assocaites.

 

- more info

---

Requirements to be a successful CIO

Requirements to be successful CIO are:

• You get joy from the smallest of improvements of others
• You want and can hire and fire people
• You get frustrated when other people make mistakes
• You can escalated issues
• You want to get noticed for everything you do
• You can come in early to cover for your team’s unexpected illnesses
• You can discipline people
• You like rewarding and recognizing people
• You do not have to have all the power and all the control

The characteristics of a CIOs in high growth and low growth companies are	High Growth Companies	Low Growth Companies
Are members of most-senior management team	62%	46%
Integrate business and technology to innovate	64%	33%
Focus  time on enabling the business and corporate vision	28%	15%
Focus your time on providing core technology services	23%	40%
IT team uses collaborative tools	53%	33%
IT team provide collaborative tools across the enterprise	41%	22%
Aggressively turn data into actionable information	58%	36%
Give customers excellent data integrity and transparency	68%	44%
Seek active input from your customers	87%	70%
Co-create business strategy with fellow execs	74%	61%
Co-present business strategy to senior management	66%	53%
Part of the team setting the organization's strategy	62%	46%
Business models unique and hard to imitate	63%	49%
Business models include partnering alternative sourcing	60%	52%
Create IT centers of excellence	44%	26%
Data readily available for relevant users	67%	51%
Data reliable and secure	81%	66%
Manage change successfully	61%	43%

- more info

---

Threat and risk assesment tool

The Threat Vulnerability Assessment Tool is one component of a series of HandiGuide® Tools that have been created by Janco for use by enterprises of all sizes. Some of the drivers behind the Threat, Risk and Vulnerability Assessment Tool are requirements like those mandated by Sarbanes Oxley, HIPAA, ISO, and PCI-DSS.

The objective of IT Risk Assessemsnt is to provide an bridge to business continuity risk management, and be a systematic tool to assess and control business continuity risks.

Tht risk assessment process includes:

• Risk management objectives
• Risk management definition
• Risk management concepts
• Differences between risk management and Business Impact Analysis
• Risk factors
• Threat categories
• Risk exposures
• Management of risk factors
• Qualitative risk measurement method
• Quantitative risk measurement method
• Comparison of qualitative and quantitative methods
• Detailed steps for conducting risk assessment
• Output from each risk assessment step
• Development and implementation of risk controls
• Options for controlling risk
• Risk management phases, milestones, and deliverables
• Application of risk management

- more info

---

Homeland Security requirements for communications interoperability

The Homeland Security requirements for communications interoperability include:

• “…the ability of public safety agencies to talk across disciplines and jurisdictions” via voice, data, image, video, or multimedia that include multiple forms of information.”
• “…the ability to communicate and share information as authorized when it is needed, where it is needed, and in a mode or form that allows the practitioners to effectively use it.”

While voice remains a focus, text data, image, video and multimedia are often an additional mode or form needed for a given situation. Interoperability of data communications has assumed increasing importance.

- more info

---

CIOs and corporate ethics - conflict in budgeting

With IT departments forced to cut budgets and staff, CIOs are finding it difficult to allocate dollars for applications that promote corporate ethics.

The decisions were easier in the days when the economics were favorable, but the choices may have to be more limited now. In today's environment often it they you do not get burned.

Enterprises that moved toward ethical goals before the economic crisis -- whether those goals involved green initiatives or corporate responsibility programs -- may be giving up their gains. If they have implemented the goals, it now is more difficult to allocate the necessary budgetary dollars.

Even when CIOs are committed to designing systems that promote ethical behavior, they usually have to sell the applications by promoting whatever financial benefits the tools can create -- and not on any particular ethical merit.  Many CIOs who had to justify everything by talking about the business's long-term financial interests rather than ethics. In some enterprises, a value-based argument will have some traction; in others, it will be disregarded.

- more info