CIO, CTO, CSO, IT Service Management, IT Job Description, Sarbanes Oxley, and IT Salary News

CIO - CTO - CSO News

Internet of Everthing - a reality

The fast pace of technology is changing our notion of the modern organization. As barriers to market entry are falling, customers, employees, and citizens alike are demanding new ways to interact. This trend is moving us into the next wave of Internet evolution known as the "Internet of Everything" (IoE). Connecting people, data, processes, and things, IoE is creating a digital disruption with great societal value as everything is coming online.

Organizations of all types are realizing the benefit of this increased connectedness through operational efficiency and improved customer and citizen experiences. Many organizations are using IoE connections to run- not just monitor - complex operations in manufacturing, healthcare, financial services, utilities, and the public sector to generate and deliver significant value.

CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

Backup and Backup Retention Policy (more info...)

Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form

BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form

Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form

Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path

Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy

Mobile Device Access and Use Policy (more info...)

Patch Management Policy (more info...)

Outsourcing Policy (more info...)

Physical and Virtual Security Policy (more info...)

Record Management, Retention, and Destruction Policy (more info...)

Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form

Service Level Agreement (SLA) Policy Template with Metrics (more info...)

Social Networking Policy (more info...) Includes electronic form

Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff

Text Messaging Sensitive and Confidential Information (more Info...)

Travel and Off-Site Meeting Policy (more info...)

IT Infrastructure Electronic Forms (more info...)

- more info

IT Pros can advance in general company management

Because technology touches so many aspects of most organizations, an IT background can be an advantage, a steppingstone to other areas of your business. To advance, look at change as an opportunity to grow. Sure, change means stepping out of your comfort zone, but you'll likely be glad you altered your career mindset.

Once you become known as an able business chameleon, you'll have a good shot at being offered new opportunities. What's more, there's no better training to be a CIO -- if that's even your goal -- than to work in many areas of business.

Understanding the business goals of different branches of an organization is the most important nontechnical skill a senior IT leader can master.

If you follow this kind of career path, look for experienced mentors to help you along the way.
- more info

How Compliance Impacts Backup Strategy

Given the concurrent explosion of digital information and compliance requirements, having a sound, workable backup and restore policy is essential. When a disaster occurs whether that be a terrorist attack, hurricane, or just human error having and enforcing a backup strategy can get you quickly back in business.

- more info

Target breach described in detail

According to Krebs, sources close to the investigation said the attackers first gained access to Target's network on Nov. 15, 2013 with a username and password stolen from Fazio Mechanical Services, a Sharpsburg, Pa.-based company that specializes in providing refrigeration and HVAC systems for companies like Target.

Fazio apparently had access rights to Target's network for carrying out tasks like remotely monitoring energy consumption and temperatures at various stores.

The attackers leveraged the access provided by the Fazio credentials to move about undetected on Target's network and upload malware programs on the company's Point of Sale (POS) systems.

The hackers first tested the data-stealing malware on a small number of cash registers and then, after determining that the software worked, uploaded it to a majority of Target's POS systems. Between Nov. 27 and Dec. 15, 2013, the attackers used the malware to steal data on about 40 million debit and credit cards. U.S., Brazil and Russia.

- more info

Social Media Digest - Current Articles

Social Media Digest - Current Articles

Include Social Media in Your Business Continuity Plans 6 Ways to Utilize Social Media Before a Disaster Strikes by Adam Crowe When creating a disaster recovery plan include social media. Simple things like...

Social media policy needed to meet internal audit requirements Social Media Policy is Missing in Over 50% of all Organizations Internal audit has never been easy, and a recent survey shows that 43% of...

CIO challenge how to manage the social media risks CIO challenge how to manage the social media risks CIOs are faced with new social media risks. Analysts are predicting that by 2016 as...

10 steps to jump start your business continuity planning business continuity planning 10 steps to jump start your BCP Business Continuity For many businesses there is some technology component that allows them...

10 best practices in managing social networks and relationships 10 Best Practices in Managing Social Networks and Social Relationship Social networks provide an opportunity to communicate electronically with both personal and business associates. Done...

- more info

Some say IT spending to rise in 2014

Global spending on information technology is expected to rise 3.1% to $3.8 trillion in 2014, up from growth of just 0.4% last year according to one research firm.

The enterprise software group is expected to show the fastest growth, with sales rising 6.8% to $324 billion, a plus for industry leaders that include Oracle (ORCL) and Salesforce.com (CRM).

The increased spending on enterprise software is coming partly from the growth in Big Data, a term used to describe how companies are using software and related services to better comprehend massive inflows of digital information from numerous sources.

- more info

Compliance is driven from the top down

Compliance is driven from the top down. Executive Management is the prime mover.

The tone at the top is vital with communication from top management into the middle management team. Some best practices that can periodically reinforce compliance of various policies include middle management facilitating a short time of staff meeting to discuss a specific policy relative to actual business behavior. Training is great yet people need to know what compliant behavior looks to their daily work.

- more info

Anonymous moves from net to physical space

Hundreds of protests around the world sparked up on in what the hacking collective Anonymous called the "Million Mask March." Donning Guy Fawkes masks, the demonstrators' goal was to "defend humanity."

The protests were scheduled for 450 cities and towns worldwide -- from Tampa, Fla., to Amsterdam to Mumbai. According to the group's Facebook page, the demonstrations were meant to help people "remember who your enemies are: billionaires who own banks and corporations who corrupt politicians who enslave the people in injustice."

In Washington, D.C., demonstrators chanted "Obama. Come out. We've got some **** to talk about," according to NBC News. In Chicago, police and protesters exchanged hugs. While in Denver, a handful of arrests were made after it was reported that a building was being vandalized, according to the Denver Post.

In promoting the march, Anonymous said that violence would not be tolerated. The group even published an "advance disclaimer" saying, "Anonymous is a peaceful movement and is not affiliated with the rogue DC Citizen's Action to take the United States President, Congress, and US Supreme Court Justices Hostage."

Despite a few arrests here and there, it appears the protests have stayed relatively peaceful.
- more info

SLA is key to transforming IT Infrastructure

Midmarket organizations are transforming their IT infrastructure to better accommodate the needs of the business. Two major pieces of this transformation are virtualization and cloud computing, which rely heavily on network performance to ensure success. However, in many cases, these organizations lack the tools to properly monitor virtualized environments in order to meet SLAs.

In many organizations less than 10% of the IT budget is actually spent on initiatives and IT Service Management (ITSM) that bring value to the enterprise.

It is not a question of how much is invested in computer systems but the effectiveness of the spending and the service levels provided.

Focusing the ways that IT is measured (Metrics) on an enterprises value drivers improves competitiveness.

ROI/TCO type measurements should not be used in isolation because they ignore elements such as service levels provided, risk and IT capability.

IT investment must be measured not only at the inception of initiatives but also throughout the project life cycle and service delivery process.

Delivering quality IT service and measuring IT's performance cost effectively is a difficult and time consuming exercise. Many enterprises believe that they do not have the time, money, or resources to initiate and monitor the necessary processes. However, enterprises cannot determine how much something is worth unless its value can be quantified.
- more info

CIO Challenges

In the face of rapidly and unpredictably changing technologies, success in IT is driven by leadership and delivery skills that take full advantage of these changes. Big data, cloud, mobility and the consumerization of IT are just current examples of this technological change.

IT has been caricaturized as being slow, expensive, operationally obsessed and rabid-dog opposed to experimentation. The IT mind it is said flees from change, loathes ambiguity, delights in absolutes and insists on .999 certainties. This is wrong! CIOs are uniquely situated to create value in a world defined by uncertainties, business model disruption and frequent Black Swan events.

To thrive in a dynamic industry you must keep learning. Since organizations learn when their teams learn, the real action is in the team. How does a healthcare CIO lead a learning organization and what are the first steps?

Federal healthcare reform laws oblige hospitals, clinics, insurance companies and employers to adopt uncertain business models. And in an industry where the person receiving the service is not the one paying for it, determining a working model for the future is fraught with alligators. Health system executives across the country are taking up the challenge with serious deliberation and urgency.

- more info

Near Field Communications (NFC) vs Touch ID

Apple has chosen to implement a unique new fingerprint sensor, the Touch ID, which allows a simple touch of a finger to unlock the phone or to make purchases from the App Store and the iTunes and iBooks retail sites. It's faster than typing a password.

Leaving out near field communication (NFC) technology in the newest iPhone also creates challenges for Google Wallet and Isis, a consortium of wireless carriers that are trying to roll out an NFC mobile payment system nationally.

Apple has once again dismissed the mobile wallet and data-sharing capabilities of NFC technology. Meanwhile, NFC is being used in dozens of new Android phones, such as the Samsung Galaxy S4, and in phones running the BlackBerry and Windows Phone operating systems.

Apple's decision is clearly the result of a long-term competitive strategy based on a projection of how the mobile payments business will evolve. The move serves to benefit Apple most of all, analysts said.

Touch ID will help push purchases to Apple's content stores and the company's decision to use that technology says that Apple has decided that fingers are better than near field radios for ensuring that transactions are secure.

- more info

CIO - Planning and Productivity

When a CIO or an IT Executive takes over a new job one of the greatest challenges is to quickly validate that the infrastructure that is in place. Would it not be nice to have some tools that could be use to quickly put proven world class policies in place with minimal effort. That is what the CIO IT Infrastructure Policy Bundle does.

CIOs are under more pressure to do more things, do them faster, and do them with less money than ever before. This has made the IT budget process increasingly stressful and often contentious, as demand for IT continues to increase while many IT budgets are held flat (or even decreased).

- more info

Reading on CIO Challenges

Readings on CIO Challenges:

IT Hiring Challenge Number of IT graduates is down IT hiring faces a new challenge as the number of college graduates who have IT degrees is down according to CareerBuilder. Using labor market and...

Cybersecurity IT Pros are in short supply IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...

IT hiring CIOs have mixed feelings on Fourteen percent of U.S. chief information officers (CIOs) surveyed recently plan to expand their IT teams in the second quarter of 2013, according to a...

Top 10 CIO Productivity and Budgeting Issues CIO - Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...

BYOD security issues need to be addressed Seven BYOD security solutions As the use of BYOD increases, security is more of an issue and needs to be revisited frequently. Some of the...

The role of the CIO and CTO is changing as more enterprises more towards a "Value Added" role for the Information Technology function. Those changes are depicted in the detail job descriptions that have been created for all of the functions with IT -- especially for the CIO and CTO. The table below depicts several of those changes.

- more info

Cost and Security Briefs

Cost and Security Briefs

Internet Costs Are Too High Internet Costs are Too High Open Market Makes US Costs Highest in the World In his new book which covers communication and Internet costs,...

Disaster Planning Business Continuity Cost of No Plan Cost of no Plan CIO and the organizations they manage need to place a high value on being prepared for disasters of any kind because...

Anatomy of a Chinese Cyber Attack Cyber Attack How the Chinese do it A Chinese cyber Attack (a Stuxnet-style attack) frequently makes its first entry into a companys secure network...

Rebalancing Strategies For The Real-Time Enterprise Re-balancing Strategies Converging forces in Mobility, Big Data, Social Media, & Cloud Computing & their disruptive impact to the global IT ecosystem The amount of...

Security Ethics Collide Security Ethics are a growing concern for many According to a new report by Symantec CIOs need to be concerned about security and ethics, half...

Securing a typical business network and IT infrastructure demands an end-to-end approach with a firm grasp of vulnerabilities and associated protective measures. While such knowledge cannot stop all attempts at network incursion or system attack, it can empower IT professionals to eliminate general problems, greatly reduce potential damages, and quickly detect breaches.

With the ever-increasing number and complexity of attacks, vigilant approaches to security in both large and small enterprises are a must. The Security Manual Template meets that requirement.
- more info

Record retention for 50 years -- a requirement?

A recent study revealed that 80% of companies say they're required to keep data archived for 50 years. 68% say they're required to for 100 years. Predictions say that by 2015, the total amount of digital information in archives will exceed 300 Exabytes.

All business are required by law to keep confidential client information, as well as employee or company data for a minimum amount of time - in essence they need a Record Management Policy.

There are numerous business records that should be held on to for a minimum of seven years, which can include employee agreements, business loan documentation, litigation records, as well as general expense reports and records including overhead expenses and professional consultation fees.

- more info

Top 10 CIO Lists

Top 10 lists for CIOs

Top 10 CIO Productivity and Budgeting Issues CIO Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...

Top 10 Things a CIO Needs to Add Value Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist? There are many strategies...

10 ways a CIO can get ahead 10 Ways a CIO can get promoted The role of the CIO and CTO is changing as more enterprises more towards a Value Added role...

10 findings in 2013 IT Salary Survey by Janco 2013 IT Salary Survey Released -10 major findings Janco has just released its 2013 IT Salary Survey and had ten (10) major findings. You can...

10 reasons why organizations need a Chief Mobility Officer (CMoO) Chief Mobility Officer (CMoO) business case Here are ten reasons your company needs a chief mobility officer: To deliver mobility solutions for the enterprise to...

- more info

Former employee breaches systems - causes damage

A system manager man was arrested for allegedly disrupting his former employer's network after he was passed over for promotions, leading him to quit his job and take revenge. The manager who worked for a company that manufactures high-voltage power supplies, allegedly caused the company over $90,000 in damages.

The specialized in developing and customizing software used by the company to run its business operations. He was one of two employees responsible for ensuring that the software ran smoothly in order to keep production planning, purchasing and inventory control operating efficiently. This role gave the employee high-level access to the company's network.

After being passed over for promotions he allegedly expressed his displeasure and resigned. After his network access was terminated, ex-employee found a way to launch a three-week campaign to cause damage to his former employer after getting unauthorized access to the network.

He allegedly hacked into the company's network, stole former co-workers security credentials, via a program to capture log-in names and passwords. The information was then used to remotely access the company's network using a virtual private network to corrupt the company's network from another location.

Additional articles:

Fraud is on the rise CIOs need to address fraud issues with better security For the last three years it has been reported that estimated fraud losses that are doubling...

Cyber war breaks out slows Internet Cyber war pushes need for more security The recent cyber war between Spamhaus and Cyberbunker with commercial Denial of Service Attack (DDoS) pushed the Internet...

CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found that cyber security tops chief information officers concerns, with 84...

Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...

Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are not considered spam. Below is a sample of a letter...
- more info

Recent Disaster Recovery Business Continuity postings

Recent Disaster Recovery Business Continuity blog posting:

Finding Disaster Recovery Tools Adobe falls short Adobe is not a good source for Disaster Recovery tool development Janco has just updated it Threat Vulnerability Assessment tool as it updates it Disaster...

Top 10 concerns of disaster recovery pros Disasters Happen Business Continuity Disaster Recovery How do you balance the business continuity disaster recovery risk and investment equation? Is the potential risk greater...

Should Disaster Recovery Plans Depend on SSD Storage Can Disaster Recovery Plans depend on SSD storage Disaster Recovery depends on stable storage of data and modern storage technology (SSDs, No-SQL databases, commoditized RAID...

Disaster Recovery High Risk Users Disaster Recovery High Risk Users There are three types of high risk users in disaster recovery and business continuity planning. They are: People who do...

Best of Breed Disaster Recovery Business Continuity Best of Breed solutions for disaster recovery and business continuity has four key components: High Availability Best of breed requires service that have high...

- more info

Top 10 List recap

Compliance posts for CIOs

5 Corporate Compliance Errors Executives Are Making 5 Corporate Compliance Errors many executives are making Compliance is never easy and even the best make mistakes on occasion. But we can learn from...

10 Compliance Best Practices 10 Corporate Compliance Best Practices Compliance is a major issue that organizations of all sizes need to address. In the information technology field they range...

Top 10 Reasons Compliance of Business Continuity Fails Testing is key to business continuity compliance with ISO 22301 Compliance and business continuity management are closely inter-related ISO 22301 is just one of...

10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...

Disaster Recovery Misconceptions Disaster Recovery What are the major misconceptions when a disaster occurs with IT systems? Can your systems can not support your companys day-to-day operations?...

CIOs and CSOs are now under a great deal of scrutiny not only from their executive management but also from a range of governmental and industry regulatory bodies. Janco has created a ten step program that helps them address compliance issues directly. The program, when used in concert with Janco's Compliance Management products gets them in front of the issue.

- more info

Rebalancing Strategies For The Real-Time Enterprise

The amount of digital information in our world has been exploding while the speed of business is accelerating. There is an unprecedented convergence in the ability to collect and work with big data, simulate, model and predict with game changing fidelity, and previously unimaginable access to information and markets with billions of people communicating and trading through mobility and social media channels. As enterprises attempt to capture and take action on trillions of bytes of data real-time about their customers, suppliers, and operations from millions of people, devices, and embedded sensors which are now connected by digital networks throughout the physical world, the result is a convergence of technology forces that is disrupting the global IT ecosystem. Like other critical components of production such as hard assets and human capital, todays economic activity, innovation, and growth could not take place without the information provided by these persistent and converging forces in mobility, big data, social media and cloud computing.

The business and economic opportunities created by each of these forces are significant, but so are the complexities associated with the global deployment of scarce IT resources. Many executives responsible for these visible initiatives are reassessing their global IT sourcing strategies in order to achieve the right balance of knowledge, quality, risk management, and time to market.

- more info