In this Newsletter
- Can CIOs Defer Implementing a Better IT Infrastructure
- SOX and PCI-DSS Compliance Can be Hard to Achieve
- Success is achieved by positive actions not budget and staffing cuts
Can CIOs Defer Implementing a Better IT Infrastructure - Current Rules and Regulations Regarding the Protection and Destruction of Confidential and Sensitive Documents require that any person or company that possesses or maintains such information to take reasonable measures to protect against unauthorized access to, or use of the information in connection with its disposal. In addition Sarbanes-Oxley requires that records be retained for all audits and legal proceedings..
IT Infrastructure is a Key to CIO and IT Productivity
Economic realities drive CIOs to get the basics working better
IT Infrastructure is a Key to CIO and IT Productivity -In
many enterprises, CIOs are perceived as mere
technology managers, while in reality they
should be viewed as business leaders. The CIO's
focus should be on reducing costs and improving
profitability through the strategic usage of
IT. It is very important for the Information
Technology organization to get out of a
transactional mode. If the CIO has the right
infrastructure in place, then the CIO can help
in directing the strategy of the enterprise, and
even shape its destiny. The CIO brings his own
perspective, and without IT, you cannot build a
robust and business.
With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology.
The CIO Infrastructure Tool Kit is comprised of a collection of Janco products that CIOs and Directors' of IT can use to create a strategy and manage in the ever changing business environment. The CIO Infrastructure Tool Kit versions each contain some of essential tools that your enterprise needs as it creates budgets and sets priorities. The bundles include the IT Infrastructure, Strategy and Charter Template, Janco's latest IT salary data, the Business Impact and Application Questionnaire, Service Level Policy Template with sample metrics, Functional Specification Template, and the Practical Guide for IT Outsourcing.
Common data encryption rules are a requirement and represent interoperability when developing your backup strategy for your disaster recovery business continuity plan. When enterprise protect data at rest such as when a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it cannot be brought back up and read without first giving a cryptographically-strong password. If you do not have that, the media is a brick and you cannot even sell it on eBay.
For enterprises rolling out security across PCs, laptops and servers, standardized hardware encryption translates into minimum-security configuration at installation, along with higher performance with low overhead. The specifications enable support for strong access control and, once set at the management level, the encryption cannot be turned off by end-users.
The PCI DSS security requirements apply to all "system components." A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.
The PCI-DSS Compliance Kit comes in three versions;
- Silver - Contains the e-Commerce, Wireless, and Internet Job Descriptions in WORD and PDF format, the Security Audit Program in WORD format, and the PCI Audit Program in WORD and PDF format.
- Gold - Contains the e-Commerce, Wireless, and Internet Job Descriptions in WORD and PDF format, the Security Audit Program in WORD format, the PCI Audit Program in WORD and PDF format, and Network Event Viewer - Unlimited which allows you to monitor an unlimited number of PCs Security.
- Platinum - Contains the e-Commerce, Wireless, and Internet Job Descriptions in WORD and PDF format, the Security Audit Program in WORD format, the PCI Audit Program in WORD and PDF format, the Network Event Viewer - Unlimited which allows you to monitor an unlimited number of PCs Security, and the Security Manual Template in WORD format