|
|
|
Sensitive Information Policy Template released by Janco The Sensitive
Information Policy Template (Version 2.4) has just been released by Janco.
This policy applies to the entire enterprise, its vendors, its suppliers
(including outsourcers), co-location providers, and facilities regardless of the
methods used to store and retrieve sensitive information (e.g. online
processing, outsourced to a third party, Internet, Intranet or swipe
terminals). New with this
version are updates that specifically define the mandates of most
recent federal (Gramm-Leach-Bliley) and state (Massachusetts and
California).
Which skills are in high demand and low demand IT salaries are
determined by the skills that are required. Janco has determined the
following are the skills in high demand and low demand. Skills with a high demand
Skills with a declining demand
IBM outsourcing cost 2,000 US jobs After shrinking its U.S. workforce by as many as 10,000
employees last year, IBM may be on its way to cutting another 2,000
workers. As of last October, IBM employed 105,000 workers in the U.S.,
compared to 115,000 in 2008. In 2007, IBM had 121,000 U.S. employees. It employs
about 400,000 globally. IBM isn't commenting on its latest round of cuts and information
about it comes from the Alliance union which
gathers its data directly from IBM employees. "IBM is clearly offshoring things where they can," said one IBM
employee who received his notice and spoke on the condition of anonymity because
he didn't want to jeopardize his severance. A 10-year veteran and UNIX
administrator, this employee said his customer support team once had 15
U.S.-based workers. That staff was reduced over time to just three workers in
the U.S., with other members of the customer support team now in Brazil,
Argentina and India. The employee said he was not given a good reason for his layoff.
"Higher ups made a decision that a certain percentage had to be cut - it was not
performance-based at all," he said. Although the employee said he's uncertain
about the job market, "my sense is that it is not horrendous but I'll have to
assume that I'll have to take a cut in pay."
Practical Guide for IT Outsourcing Released by Janco Practical
Guide for IT Outsourcing Released - Version 3.0 of the Practical
Guide for IT Outsourcing has just been released. It includes a sample
Outsourcing contract, Service Level Agreement with metrics, Risk Assessment -
Business and IT Impact Questionnaire, and much more. The guide is delivered electronically and is available in MS -
Word and industry standard PDF.
CIOs are looking for more cost savings The recession
is impacting how IT is performing. Budgets for many IT organizations has
been frozen for about two years, and CIO have been on this efficiency kick for
about the same amount of time. IT organizations have virtualized, consolidated
data centers, have cut hiring and outsourced. There is no low-hanging fruit left.
Service level agreements
are set however costs need to be reduced. The only
areas where cost savings can be made are in hardware and software
maintenance.
CIO must protect critical data CIOs need to focus on at least four areas in order to protect
critical data:
CIO and CTO Changing Role In a recent study of over 2,000
CIOs a major firm defined high-growth and low-growth CIOs who
work in organizations with high Profit Before TaxProfit Before Tax growth as
"High-growth CIOs" and to those working in organizations with low Profit Before
Tax as "Low-growth CIOs." The characteristics
of the role played in each type of firm are different. High Growth Companies Low Growth Companies Are members of most-senior management team
62% 46% Integrate business and technology to innovate
64% 33% Focus time on
enabling the business and corporate vision
28% 15% Focus your time on providing core technology services
23% 40% IT team uses collaborative tools 53% 33% IT team provide collaborative tools across the enterprise
41% 22% Aggressively turn data into actionable information
58% 36% Give customers excellent data integrity and transparency
68% 44% Seek active input from your customers
87% 70% Co-create business strategy with fellow execs
74% 61% Co-present business strategy to senior management
66% 53% Part of the team setting the organization's strategy
62% 46% Business models unique and hard to imitate 63% 49% Business models include partnering alternative sourcing
60% 52% Create IT centers of excellence
44% 26% Data readily available for relevant
users 67% 51% Data reliable and secure 81% 66% Manage change successfully 61% 43%
IT Infrasturcture Policy Bundle Released Janco has combined the policies that it has developedin concert with some of
the best IT organizations around the globe into a single package. With this
bundle you get a PDF file that has all of the procedures in a single document
that is over 210 pages long. It would take your staff months to develop these
procedures from scratch. In addition you get a separate MS-Word document for
each procedure which can easily be modified. This bundle contains the following policies:
Blackberrys with car chargers a key component of business continuity Business
interuptions caused by the East Coast blizzard of 2010 show that BlackBerry
are a must have solution. A blizzard with whiteout conditions, warnings to
stay off the roads in the Washington metropolitan area and power interruptions
have proven to be no match for teleworkers with access to a BlackBerry smart
phone and a car charger. Many federal employees were 100 percent on BlackBerrys during the
outage. With power losses to homes car chargers were the only way to keep
the devices charged. This is a strategy that gained attention during the one-two punch of blizzard
conditions and multiple power outages in the Washington area. For three days in
a row, the federal government and many local governments are closed while a
second major snowstorm blew through on the heels of a historic snowfall Feb. 8.
Utility companies in Washington and Baltimore reporting about 17,000 homes
without power in the afternoon. Many federal employees are relying on their BlackBerrys haven't slowed down
one bit.
Feds to increase goverment IT budgets President Barack Obama today requested $79.4 billion in spending
on information technology projects for fiscal 2011, a
1.2 percent increase from what he proposed in fiscal 2010 and a slight decrease
from the $80.6 billion the 2010 budget actually allocated. The Obama administration has proposed increasing the number of
major IT projects. Last fiscal year, the administration proposed handling 781
major IT projects with $40.3 billion. In fiscal 2011, it's proposing 809 major
IT projects at $40.4 billion, according to the budget proposal. Despite modest increases in the budget request, Obama wants IT
efforts related to open government and technology modernization to continue in
2011. For example, work on the General Service AdministrationÂ’s
Citizen Engagement Platform would continue under the 2011 request. Designed to
be a resource for all federal agencies, that platform is a collaboration between
GSA and the Office of Management and Budget. It is intended to increase the
governmentÂ’s ability to interact and collaborate with the public and provide a
cost-effective way for agencies to access tools and guidance related to
engagement.
IT Metrics HandiGuide Released by Janco Janco Associates, Inc. has just released Version 4.0 of its Metrics for the Internet, Information
Technology, and Service Management HandiGuide. New with this version is an
indepth presentation of Service Level Agreements for outsourcing and best
paractices. Janco has developed metrics for enterprises worldwide and is a
leader in the field. The CEO of Janco, Victor Janulaitis said, "With these
difficult times many CIOs and CEOs are asking hard questions about the value
that IT is contributing to the bottom line. Metrics are once of the tools
necessary to answer those questions. The Metirics HandiGuide is
delivered electronically as a PDF document that is fully bookmarked. It is
over 300 pages in lenght and has detail definitions of metrics as well as
example reprorts for over 240 metrics. A full table of contents and
selected pages can be download at http://e-janco.com/metrics.htm.
How companies protect laptops is an issue More than 50% of organizations surveyed have indicated that they
protected sensitive information
with encryption software. A further 43% reported the use of asset tracking
software. Simply knowing where all mobile computers are located is a powerful
security measure, however, traditional IT asset management solutions are
designed to track only those laptops that connect to a local area network (LAN)
or virtual private network (VPN) connection. For a large proportion of laptop
users, returning to head office is an intermittent event - allowing many
laptop computers to remain below the radar of IT. Encryption software is commonly referred to as the computer security fall back. In
the event that a computer protected by organizational policy and physical
deterrents is stolen, sensitive information on the laptop is made unreadable by
encryption. For encryption software to be effective however, laptop users must
consistently and accurately follow company encryption policy. Even more
worrisome is the fact that more than 30% of companies believe employees are
actively involved in the theft of company computers. Armed with the necessary
passwords and encryption keys to access data, disgruntled or dishonest employees
represent a threat that cannot be addressed by encryption alone. The common failing of these laptop security measures is the fact that
they are heavily reliant on the diligent action of laptop-using employees to
remain effective. If a cable lock is not used, an authentication password is
taped to the keyboard for convenience or a regular encryption process not
completed, organizations remain unnecessarily vulnerable to public data breach.
By the same token, complex, expensive and ultimately productivity-dampening
security measures may be effective but greatly reduce the benefits of laptop
computers. Endpoint security solutions complement other security measures by
providing a final, user-independent layer of
protection.
Data breaches continine to be CIO's concern The FBI received a
record number of complaints in 2008, and the associated direct cost of the
frauds carried out with stolen data was $265 million versus $235million in
2007. Adding to this is the
challenge of securing personal information and intellectual property data. Companies are granting access to more
systems and information - bank customers access to account balances; workers
maintain their own 401k and investment accounts; web shoppers place orders and
make purchases with a single click; and business partners work on projects in a
collaborative manner online. To
reduce the risk of a data breach or
theft, organizations must adopt new tactics. In addition, companies must address
e-mail and Web security along with employing a functional data loss and
prevention strategy. The
application of multiple security techniques is required to reduce risk. For
example, there must be a way to control spam and block the downloading of
malicious software from poisoned Web sites. In today's open Web 2.0 and social
networking environments, companies need a way to defend against attacks and
protect secret or sensitive data. At the same time, they must maintain a
flexible and responsive infrastructure to support today's business working
habits. The
Janco Security Manual Template
has helped over 2,000 enterprises world-wide to meet these
requirements.
Pandemic Disaster Recovery Plans At Risk Pandemic disaster recovery
planning should consider the impact the H1N1 flu virus could have on the
Internet if workers and students are forced to stay home because of the pandemic. Officials at
the U.S. Government Accountability Office weighed in on the potential for
clogged networks in a 71 page preport. Although the issue has been raised before by
various ISPs and network carriers, recent worries have focused on securities
firms that depend on third parties to clear trades and process payments over the
Internet, according to the GAO. "Internet congestion during a severe pandemic that
hampers teleworkers is anticipated, but responsible government agencies have not
developed plans to to address such congestion and may lack clear authority to
act," the GAO warned. Internet backbone congestion from a pandemic is not
a major concern. The larger problem may be with the network "edge" or "last
mile" in the residential portion of the Internet. Janco says that work-at-home
strategies for organization may not work as advertized as residential Internet
access may not be sufficient. This is true both from a capacity and
bandwidth at work at home sites. Often many residential DSL users could share a
single DSLAM connection at the carrier's switching office to reach the backbone,
contributing to congestion problems. Last-mile DSL and cable modem networks are
where remote access falls apart. While the network edge impact would vary by
neighborhood, the Centers for Disease Control planning guideline that assumes 40
percent of the workforce might not be in the workplace for an extended period of
time during a pandemic.
Best Practices for CIOs and IT Departments Business continuity
is not just a good business practice - it can mean success or failure if
data and applications on a production server are lost. Disaster recovery
planning ensures organizations have the capability to continue essential
functions across a wide range of situations that could disrupt normal
operations. High availability is the cornerstone for most business continuity
plans and is one of the reasons for evaluating and deploying data protection
solutions. However, traditional data protection strategies focus on just the
data and not the application. CIOs and IT departments design the organization's infrastructure
with continuity of business operations in mind. However, most organizations are
not doing enough to protect mission-critical data, applications and systems
from unexpected disruption and potential loss -- volatilities, such as viruses,
power outages, natural disasters, corruption, human error and media failures
can't always be prevented. Environments today are characterized by rapid data
growth, complexity, stringent business requirements and the increasing
government regulations, making it difficult for organizations to get their arms
around their data protection strategies. In many cases, the focus is on just
protecting data - not necessarily on recovering it. And when there is a focus on
recovery, it usually involves just making data available to an
application.
Audit Fatigue is Setting In for Some (Internet
Research Group) - Regulation is a part of business, regardless of company size,
industry, or geography. In addition, for the most part, the larger the
enterprise, the larger the potential for non-compliance risk. Non-compliance can
mean a number of things - sanctions, fines, legal action, market value
impact, and the cost of remediation may exceed the perceived cost of prevention.
Audit program is required The results are supportive of the term audit
fatigue, that
unmanaged IT Audit efforts within
regulated organizations have a negative business impact on IT resources and
reduce IT efficiency. However, respondents are largely aware of and interested
in tools to automate audit processes and controls as a means of overcoming audit
fatigue and freeing up IT budget and resources for innovation rather than
compliance. This results in the following:
CIOs controlling costs in the new year As CIOs move into the New Year they
are faced with reduced budgets and rising cost. One of the first things
that are doing is establishing standardized metrics to identify and control
costs. Metrics are the
key As that process proceeds Janco suggests that CIO then do the
following to control costs in the new year:
|
    
|
|
Join
Email List
