XML FeedJanco Associates 

Subscribe

System Management News   ---  

FREE reports on top business
technology priorities

 

FBI wants to be 1984's big brother

 

Social Networking PolicyTelecommutingThe FBI is in the early stages of designing a complex system for monitoring tweets, Facebook status updates, Google+ posts, and the like in real time, all in the name of identifying and heading off potential security threats.  The FBI is in the process of soliciting information from companies as to the feasibility and cost of building an open source geospatial social media alert, mapping, and analysis Web application portal built on mash-up technology.

The application would have the ability to rapidly assemble critical open source information and intelligence that would allow the FBI to quickly vet, identify, and geolocate breaking events, incidents, and emerging threats according to the FBI's RFI (request for information).

Order PolicySample Policy

The FBI is looking to harvest feeds from Twitter, Facebook, and the like because "social media has become a primary source of intelligence because it has become the premier first response to key events and the primal alert to possible developing situations," according to the RFI. "It has emerged to be the first instance of communication about a crisis, trumping traditional first responders that included police, firefighters, EMT, and journalists."

more information

 

Security breaches that can be easily prevented

 

Security PoliciesMany IT security department invest countless hours and dollars into defending its company's data from infiltration by malicious outsiders, only to hand over a laptop containing highly sensitive information to third-party data recovery outfit that ends up selling the laptop drive's contents for cash.

In a recent study 87 percent who said their organization suffered a data breach in the past two years, 21 percent said the breach occurred when a drive was in the possession of a third-party data recovery service provider.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.

more information

 

2012 Salary Survey shows pay is flat

 

Overall IT compensation has remained flat for the last 12 months.  The total mean compensation for all IT Professionals has increased modestly by 0.81% to $78,229 from $77,604 at the beginning of 2011.  This puts overall compensation back at the levels they were at in January 2008.

IT Salary Survey 2012

Order Salary Survey     Free Salary Survey
more information

 

Unlimited Internet Access With Social Networks Puts Companies at Risk

 

Social Networking PolicyTwitter, Facebook, and UTube Cause Many CIOs Concern... Look at Domiono Pizza where Two Domino's Pizza employees in North Carolina faced felony charges after a video showed them passing gas on salami, stuffing cheese up their nostrils - then using the foul fixins' in the fast food.

When enterprises allow their employees to have uncontrolled free access to the web they run a serious risk that there will be misuse of the web. Web misuse has serious implications for your enterprise and its employees.  The implications are:

  • Reputation risk - Social networking can create opportunities for employees to leak confidential information or spread damaging rumors online. Bad behavior by a single employee can reflect on the reputation of the whole organization.
  • Reduced productivity - If employees spend their time on social networking sites such as Tweeter they are not spending it doing their job.
  • Data Leakage - Confidential and sensitive information could be transmitted to unauthorized individuals and competitors. In addition, data that is covered by mandated privacy and security requirements (HIPAA and PCI-DSS) could be exposed.
  • Security problems - Malware hides on websites and can install itself as users browse infected pages. One company reports that the number of new, malicious websites blocked each day by it nearly doubled (91 percent) in just one month.
  • Legal risks - When users download inappropriate material to their computers, other employees may take serious
  • Wasted bandwidth - Internet connections cost money. If half of an enterprise's bandwidth is taken up with non-work related traffic, the enterprise could be paying than they need to and the enterprise-critical communications could be running at half their speed capacity.
  • Unlicensed software - When users download and install software from the internet, they create a legal risk. If an organization uses unlicensed copies of software, it may face a civil suit and company directors risk criminal penalties.

Order PolicySample Policy

 

more information

 

Mobile device strategy and policy

 

Mobile Device UseNearly 60% of all corporate employees share, access and manage content outside the office – with their iPhone, iPad, Blackberry, Android and more. Indications are that number’s only going to increase.

This makes sense: mobile content management increases user productivity, ramps up customer engagement, enhances customer service, maximizes collaboration and drives more effective business decision-making. What does all this user mobility mean for IT? Simply this -  A modern mobile strategy is no longer a "nice-to-have" Â… it's an absolute business necessity.

more information

 

Social media poses risks for most businesses

 

Social media poses significant risks businesses of all sizes, according to a survey by the Federation of Risk Management Associations in cooperation with the Institute of Risk Management (IRM).

Risk professionals from both organizations were asked which three cyber risks they thought were the greatest threats to business in general and to their own organizations. A total of 186 replied to the online survey.

For business in general, reputation risk from social media was cited as a material risk by nearly 50 percent of respondents and loss of confidential information through social media by 20 percent. These concerns ranked social media along with non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business in the eyes of the risk professionals.

The emphasis shifted somewhat when it came to respondentsÂ’ own organizations. More than half put operational, non-malicious IT risks among the top three, followed by 43 percent who mentioned theft of customer information. However social media risks were next with 42 percent who included them among the biggest exposures to their own organization with 21 percent concerned about loss of confidential information through social media.

In response to additional questions to FERMA members, one-third of 36 responses said they had already been concerned by a denigration attack. One-quarter of the 98 responses said their company had suffered an attack on confidential information.

more information

 

Disaster Plan & Business Continuity Infrastructure

 

IT Infrastructure, Strategy, & Charter TemplateThe key technology elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP) infrastructure are the primary data center, a remote site that duplicates the resources in that primary location and the method used to get files (master and transaction) between the two sites - such as high-bandwidth network connections. The best DRP/BCP strategies follow a "redundant every-thing" philosophy throughout the data center. Multiple mainframes and servers should run in the production and backup data facilities. Then, if a component in the production system encounters problems, it immediately fails over to the local backup as a first line of defense.

Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.

Disaster Recovery Template Sarbanes OxleySecurity Template  Sarbanes OxleyDisaster Planning AuditMetrics Internet IT

more information

 

Being prepared for e-discovery

 

Record Management PolicyBeing prepared to respond responsibly and efficiently to an e-discovery request goes beyond just preserving evidence; it begins with good  information management. To borrow a mantra from  a popular Wall Street investor: "Know what you own." Just as investors should know their portfolios in detail, organizations need to know what information they own, including all electronic data. They need to know where data is stored, who has access and control of it, its value, and, if there is no value, why it is being kept. They also need to determine its retention schedule. A data map and management policy that defines clearly all of these attributes and establishes a foundation for ongoing governance is paramount to being prepared for an e-discovery request.

Companies with no information management programs - or programs that do not sufficiently address the full life-cycle of electronic data - end up creating mountains of legacy data and media. Most of this data has no real business value, is free from any statutory or regulatory retention requirements, and is not subject to any legal preservation obligations.

more information

 

Data loss is an every day occurance

 

A recent survey has found that almost 90 percent of businesses experienced data loss in the last year.

Backup PolicyAs a result of this threat, investment in data protection and recovery continues to rise, with 94 percent of businesses maintaining expenditure on it and 35 percent increasing budgets for it from 2010 to 2011.

The independent survey 'Insights: Data Protection and the Cloud 2011,'also reveals that 41 percent of organizations expect cloud computing to play an increasingly important role in their business continuity plans over the next year.

Of the businesses surveyed, 39 percent have data that resides in the private cloud and 21 percent in the public cloud. Encouragingly, these companies displayed high levels of confidence in the safety of this data. A significant 68 percent of those using private cloud trust that their data and applications are properly protected in the event of a disaster whilst 78 percent of those using public cloud are confident in the data protection SLAs agreed with their provider.

Order PolicySample Policy

88 percent of respondents suffered application and data loss incidents in the last year. These were due to a wide variety of causes. Nearly two thirds (63 percent) of companies had experienced an IT systems failure (e.g. network, storage, software failure) – the most common cause of data loss. Other recurrent causes included employee or human error (40 percent of companies) and external attacks on IT (36 percent).

Although there was a high frequency of data loss across the UK, few businesses have adequate disaster recovery systems in place. Just over a third (34 percent) reported having full and comprehensive disaster recovery plans to protect their data in the event of such an incident. The primary reason given for this lack of DR planning was inadequate training of IT personnel in risk and DR planning (42 percent). Lack of budget was also a significant factor (40 percent).

more information

 

Recovering from disaster

 

Much of the discussion of business continuity has been focused on "silver bullets" in an effort to prevent disasters from occurring in the first place. Truth be told, this is only one of the two goals of continuity planning: to prevent avoidable interruptions. To be successful, planners must also confront the second, and much greater, challenge of what to do about the interruption events that cannot be prevented -the familiar realm of traditional disaster recovery planning.DRP/BCP Security Templates

In disaster recovery, three jobs need to be accomplished quickly:

  • The data associated with critical applications needs to be recovered and placed into a usable form: no small feat given the massive amounts of data involved (though much of it non-essential to recovery).
  • The applications serving critical business functions must be re-hosted on platforms that are adequate to support comparable (though not always identical) workload to what is experienced in normal production environments.
  • Users, suppliers and customers need to be re-connected to the newly-instantiated application platform so that work can continue.
more information

 

Sharing data with partners, vendors and customers is risky

 

Just how risky is it to share data with you partners.  One hospital recently found out. They discovered last month that a contractor had posted a database containing medical records of 20,000 patients to a public homework assistance Website in search of help on how to create bar graphs.

HIPAA Data Breach

Unfortunately, this kind of breach is becoming altogether common as information is shared between partners, customers and contractors to reduce costs and improve services. The idea of protected information staying within the network perimeter is effectively dead.

A data privacy breach at the hospital has resulted in medical records for 20,000 emergency room patients being posted on a public Website for nearly a year. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients.

The spreadsheet originated at one of the hospital's vendors, a billing contractor called Multi-Specialty Collection Services. The spreadsheet appeared on a Website called Student of Fortune, where students pay for assistance with schoolwork. The spreadsheet was part of a question on how to convert the data into a bar graph. Student of Fortune removed the post with the spreadsheet immediately after being contacted by the hospital last month.

more information

 

Simple Disaster Planning Activities

 

Creating a disaster recovery plan  is a complex task; however there are a number of basic steps that you can follow to start thre process

  • Prepare your systems, processes, and people for an organized response to disaster when it strikes.
  • Identify critical IT systems and develop a long-range strategy.
  • Select and train your disaster recovery team.
  • Conduct a Business Impact Analysis.
  • Determine risks to your business from natural or human-made causes.
  • Get management support.
  • Create appropriate plan documents.
  • Test your plan.
more information

 

Denial of Service Attacks Defined

 Security PoliciesA denial-of-service (DoS) attack occurs when traffic is sent from one host to another computer with the intent of disrupting an online application or service. A distributed denial-of-service (DDoS) attack occurs when multiple hosts (such as compromised PCs) are leveraged to carry out and amplify an attack. Attackers usually create the denial-of-service condition by either consuming server bandwidth or by impairing the server itself. Typical targets include Web servers, DNS servers, application servers, routers, fi rewalls, and Internet bandwidth. more information

 

Disaster Recovery Business Continuity for Remote Offices

 

Data residing outside the data center at remote and branch offices (ROBOs) accounts for a significant portion of an enterprise's information store, yet it often either is protected with inefficient backup processes or is not protected at all -- leaving companies at risk on many fronts.

In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.

more information

 

How Reliable is Your Disaster Recovery Plan?

 

Minimize downtime, lower costs and reduce risk: Those are the three goals your disaster recovery plan must meet. But, as the need for "always on" capability and business continuity has increased, so has the complexity and labor intensity of maintaining a reliable disaster recovery plan. The Disaster Recovery Business Continuity Template provides the roadmap you need to address these challenges and help your enterprise meet the key goals of a viable disaster recovery plan.

Disaster Types

Order Disaster PlanDisaster Plan Template

Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive events—whether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot.

more information

 

Future IT staffing requirements

 

Technology, economic and cultural issues are coming  together and are forcing IT organizational change. Rather than being seen as  simply letting that just happen to the IT department, CIOs and IT Managers would  be well advised to be the ones seen as driving those actual changes.

IT Job Descriptions  IT Hiring Kit  IT Salary Survey

Download Salary Survey

A writer Jason Hiner at TechRepublic states that because most workers have used technology for at least a decade and often want to select and set up their own technology, most companies don't need that much in the way of IT staff. His forecast is that three jobs will be in high demand in the future:

  • Consultants: Companies increasingly are farming out traditional IT administration and support functions to outsourcers and third-party consultants. Predictions are that more IT staff will be working instead for the service providers.
  • Project managers: It staff to be working in the business units rather than a centralized IT department.
  • Developers: Someone has to program.
more information

 

Roles in Developing a Disaster Recovery Plan

 

DRP Security TemplateThe disaster recovery policy must be reviewed at least annually to assure its relevance. Just as in the development of such a policy, a planning team that consists of upper management, and personnel from information security, information technology, human resources, or other operations should be assembled to review the disaster policy. Roles and responsibilities of the planning team should be as follows:

  • Perform an initial risk assessment to determine current information systems vulnerabilities.
  • Perform an initial business impact analysis to document and understand the interdependencies among business processes and determine how the business would be affected by an information systems outage.
  • Take an inventory of information systems assets such as computer hardware, software, applications, and data.
  • Identify single points of failure within the information systems infrastructure.
  • Identify critical applications, systems, and data.
  • Prioritize key business functions.

The Disaster Recovery Plan Template has tools that can be used immediately and defined in detail all of these responsiblities and provides a work plan that can be use as is.

more information

 

Many users use common un-lock codes for iPhones

 

iPhone passwordsThe 10 most common passcodes used by iPhone users accounted for 15 percent of all the passwords analyzed. The most common values were: 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998.

"1234" was the most commonly used and the second most common code was "0000". People choosing "1234," "0000" and "1111" as their passcode are doing the equivalent of locking up their cars with a piece of thin string. "0852" and "2580" aren't that much better, as the code is just going up and down the keypad.

more information

 

Malware attacks on the rise

 

Recent headlines concerning attacks on Sony, Citibank and Amazon highlight the growth of criminal malware worldwide. No longer the work of individual hackers out to make mischief, these botnet malware attacks are launched by crime syndicates intent on financial gain. And while studies from numerous experts paint a bleak picture - most say you will be infected - there are critical steps you can take to protect your organization.

Backup PolicySecurity Policies

Security policies and procedures are a must to help set up the first line of defense.

more information

 

Disaster Recovery Planning International Standard Set by Janco

 

Disaster Recovery Business Continuity Template Now Accepted as the International Standard

Update to the Disaster Recovery Business Continuity Template has just been released by Janco Associates..

Park City, UT - The Disaster Recovery Business Continuity Planning template has been sold to enterprise in over 65 countries around the globe.  With the release the latest verison of the template it is in complete compliance with Sarbanes-Oxley, HIPAA, ITIL (Ver 3), ISO 27031, and PCI DSS.

M V Janulaitis the CEO of Janco said, "Our DRP /BCP Template has been accepted by enterprise around the globe as the standard for disaster recovery plan and business continuity plan creation." In response to that need Janco has updated its "Disaster Recovery / Business Continuity Template" by increasing the content of the template as well as updating the entire document to be compliant with Sarbanes-Oxley, HIPAA, ITIL (Ver. 3), ISO 17799, and PCI DSS.

The Disaster Recovery Business Continuity Plan has been purchased for use in over 65 countries around the globe including:

  • Angola
  • Australia
  • Austria
  • Bahamas
  • Barbados
  • Belgium
  • Belize
  • Bermuda
  • Brazil
  • Bulgaria
  • Canada
  • Cayman Islands
  • Columbia
  • Croatia
  • Czech Republic
  • Denmark
  • Egypt
  • Finland
  • France
  • Germany
  • Greece
  • Honduras
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Israel
  • Italy
  • Jamaica
  • Japan
  • Jordan
  • Kenya
  • Lebanon
  • Lithuania
  • Macao
  • Malta
  • Mexico
  • Mozambique
  • Namibia
  • Netherlands
  • New Zealand
  • Nigeria
  • Norway
  • Panama
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Republic of Ireland
  • Romania
  • Russia
  • Saudi Arabia
  • Singapore
  • South Africa
  • South Korea
  • Spain
  • Sri Lanka
  • Swaziland
  • Switzerland
  • Taiwan
  • Thailand
  • Trinidad & Tobago
  • Uganda
  • United Kingdom
  • United States
  • Venezuela
  • Zambia

The Disaster Recovery Business Continuity Plan has been purchased for use in  government, public, and private enterprises in almost all industries including:

  • Federal Government
  • State Governments
  • Local Governments
  • Law Firms
  • Think Tanks
  • Chemical
  • Telecommunication
  • Real Estate
  • Manufacturing
  • Universities
  • School Districts
  • Consulting Firms
  • Banks
  • Financial Service
  • Investment Banks
  • Credit Unions
  • Outsourcers
  • Property Mgt
  • Heavy Industry
  • Light Industry
  • Distribution
  • Retail
  • Hospitality
  • Energy
  • Insurance
  • Medical
  • ISPs
  • Application Development
  • Construction
  • Graphics
  • Entertainment
  • Paper Products
  • Defense
  • Aerospace
  • Media
more information

 

 

Security Template  Sarbanes Oxley
Sensitive Information Policy Personal Data Security
Sarbanes Oxley Compliance Tool Kit
Job Descriptions IT Salary Data
IT Salary Survey

Metrics