CIO - Productivity Kit
IT and Internet Job Descriptions
Disaster Recovery Template
IT Service Management Template
Sensitive Information Policy -
Salary Survey - Security Template
The CIO productivity kit Standard edition contains
- 243 job descriptions in MS WORD .docx format
- Current IT Salary Survey for US and Canada (by city) PDF
- IT Infrastructure, Strategy, and Charter Template in MS WORD .docx format
- Disaster Recovery Template which is Sarbanes Oxley compliant in MS WORD .docx format
- Security Template which is Sarbanes Oxley and ISO 27000 compliant in MS WORD .docx format
- IT Service Management Template (Change Management, Help Desk, and Service Requests) in MS WORD .docx format
- Sensitive Information Policy (Protect Credit Card Card and Personal Information) in MS WORD .docx format
The CIO productivity kit Metric edition contains
- Practical Guide for Cloud Outsourcing in MS WORD .docx format
- Metrics for Internet and IT (metric kit) in MS WORD .docx format
- Service Level Policy Agreement Policy Template (metric kit) in MS WORD .docx format
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 239 Internet and IT Position Descriptions are in Word for Windows format (.docx). Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The Service Level Agreement Policy Template is a nine page policy for a single application, It defines specific SLAs and metrics that are both internally and externally focused. The sample contain over 70 possible metrics presented graphically in PDF format.
IT Salary Survey
The Janco Associates, Inc. survey draws on data collected throughout the year (data as of January 2011) by extensive internet-based and completed survey forms sent to businesses throughout the United States and Canada. Our database contains over 85,000 data points.
CIO - CTO - CSO News
10 actions that a CIO or CSO can take to protect data assetsMay 7th, 2015
10 actions that a CIO or CSO can take to protect data assets:
- Instill on all employees that they are the first line of defense when it comes to data protection and data security.
- Develop and implement specific policies and procedures regarding the handling of proprietary or sensitive information.
- Validate that the policies and procedures meet all industry and mandate compliance requirements.
- Improve training and require all employees to take.
- Maintain a tight control on all data assets and ensure only the minimum necessary access to the information.
- Require all passwords be changed frequently and not be repeated.
- Communicate, enforce and apply consistent sanctions for information privacy or security violations.
- Monitor employee activity both on PCs and mobile devices.
- Ensure adequate oversight or governance of information security programs.
- Have independent 3rd parties test the data protection and data security compliance practices
Policy and Procedure Manual
Compliance Management Made Easy
ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant
Supports Meaningful Use Compliant Stage Implementation
Includes PCI DSS Audit Program PLUS 24 Electronic Forms that are ready to usemore info
CIO Management and best practices are defined on the Janco blogApril 27th, 2015
CIO concerns are constantly changing but the solutions are always centered around three factors: technology, infrastructure and people
Current CIO Articles and posting on the Janco blog (blog.e-janco.com)
- more info
- Top 10 CIO concerns Top 10 CIO concerns for the New Year Top 10 CIO concerns Janco Associates has just completed an informal survey of 75 CIOs and...
- Top 10 steps to an effective IT organization Top 10 rules of the road for CIOs when creating IT organizations Top 10 rules of the road for CIOs as they build a modern...
- Mobilizing Smartphones is a Challenge Mobilizing Smartphones is a very difficult job according to CIOs Mobilizing applications for employees to use on their Smartphones sure sounds like a fun idea....
- Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
- Top 10 indicators that you are about to be fired Top 10 indicators that you are about to be fired Circumstance often make CIO and It Managers oblivious to the clues they are about to be...
A trick to improve security to software idenitiedApril 24th, 2015
A trick to improve security to software idenitied
A good way to make software more secure is to implement revisions so frequent that attackers dont have time to figure out where the vulnerabilities are before the potential attack surface has morphed to something else.
Also, network defenders need to take advantage of the honeymoon effect, where new software goes unmolested for a period after it is issued while adversaries analyze it for flaws. With frequent revisions, software is never in place long enough to fall prey to exploits and old exploits are less likely to have an impact.
Security Policies - Procedures - Audit Tools
- more info
- Security Manual Template (Policies and Procedures) (ISO Compliant)
- Security Manual Template and Audit Program
- Security Manual Template and Disaster Recovery Business Continuity Template Bundle
- Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
- Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
- Payment Card Industry (PCI) Data Security Audit Program
- Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
- Security Audit Program
- Patriot Act Security Bundle
- Compliance with HIPAA Standards
- Compliance with FIPS 199
- Threat and Vulnerability Assessment
- Threat Risk Assessment Extended Service
Proposed legislation will weaken data security and breach notification lawsApril 16th, 2015
Proposed legislation will weaken data security and breach notification laws
The Data Security and Breach Notification Act, approved by the House Energy and Commerce Committee, would pre-empt stronger breach notification laws in several states and would eliminate data protections of telecom account records.
The bill is weaker than the data security and breach notification standards that consumers currently enjoy under stronger state laws and existing federal law.
The legislation would require businesses across the U.S. to notify affected customers after a data breach is headed toward a vote on the floor of the House of Representatives even though the bill will actually weaken protections for consumers.more info
Many data breaches take over 1 year to fix after the first intrusionApril 14th, 2015
Security Audit Program
ISO 28000, 27001, & ISO 27002 / HIPAA / SOX PCI-DSS Compliant
Severs and coprorate data are breached on a daily basis. While this is happening most companies are unaware that their propritary information is being stolen. Janco has found that over 90% of cybercrime victims find out about the compromise only after a 3rd party notifies them. Then after a cybercriminal gains access to an enterprise's network it takes an average 416 days to detect the intrusion.more info
5 Must do task to become a world class CIOApril 6th, 2015
5 must do tasks that World Class CIO all complete
- Align IT efforts around the overall organizations strategy
- Provide value added solutions and transform models for IT applications accordingly
- Establish metrics to manage and measure performance
- Embrace new technologies as they become available
- Develop Advanced IT Technology Capabilities
Other Must Read CIO Articles
- - more info
What do all of the major system breaches have in common?March 6th, 2015
All of the major data breaches in the news have in common -- there is total lack of timely detection. In fact, most of the victims had no idea they were breached until the U.S. governments three-letter-agency watchdogs notifies them.
Typically the attackers operate undiscovered for months before they were discovered. A good security information and event management would have alerted those organizations to the attackers activities. That would include phishing, malware exploits, unauthorized remote access and data exfiltration.
Other security articles and postings
How to Justify Security Spending- more info
How to Implement Security
ISO Domains & Security Manual Template
HITECH Meaningful Use Implications
Top 10 Security Myths
Top 10 Best Practices for Data Security
Top 10 Security Management Best Practices
Security Issue Trends
BYOD Security Best Practices
Common User Passwords
User Security Holes
Malware Impact On Security
IT Related Fraud
Steps to Detect and Prevent Security Breaches
Insider Data Security Issues
What is HIPAA
SmartPhone & Tablet Security
Digital Copier Risk
Mobile Device Security
ID Badges and NFC
Staff Management Best Practices IT Pros Should FollowMarch 2nd, 2015
Staff Management Best Practices IT Pros Should Follow - Articles
- Best Practices 5 keys on how to harness employee creativity Best Practices CIOs need to harness employees creativity. Here are five ways they can do that Best practices to harness creativity include these 5...
- Top 10 Manager Best Practices Top 10 Manager Best Practices Top 10 Manager Best Practices In order to be a successful manager and supervisro there are some core best...
- IT Job Families are being reviewed by many CIOs IT Job Families are being reviewed by many CIOs IT Job Families As the economy starts to turn around CIOs are beginning to look...
- 10 Best Practices for Staffing 10 Best Practices to Staff Hire and Retain World Class Creative IT Professionals 10 Best Practices Janco Associates has found the top ten...
- Top 10 best practices for effective risk and reputational management Top 10 Best Practices Best Practices Reputational risk is the exposure that your company will lose potential or existing business because its trustworthiness has...
Top 10 Best Practices to meet IT governance and compliance requirementsFebruary 13th, 2015
Top 10 Best Practices to meet IT governance and compliance requirements
- Understand all existing and proposed regulation and compliance requirement
- Have clear definition of duties (job descriptions) that meet all infrastructure, security and compliance requirements
- Continually assess the internal controls of IT that are in place
- Establish a baseline of IT internal controls include a definition of baseline policies and procedures that need to be in place in IT function
- Audit compliance to baseline of IT internal controls and governance requirements
- Track access to all protected and confidential data
- Preserve audit data in secure long term storage
- Establish and enforce separation of duties
- Implement metrics that support the alignment of IT with enterprise requirements
- Implement a function which focuses on implications of new technology on infrastructure and governance of IT
Disaster Recovery and Business Continuity best practices for CIOsFebruary 10th, 2015
Disaster Recovery and Business Continuity best practices for CIOs lastes articles that are a must read
- Top 10 Disaster Recovery Best Practices As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
- 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud 10 Backup best practices supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...
- 10 Points of CIO focus in Disaster Recovery and Business Continuity Planning Top 10 points of CIO focus in planning 10 points of CIO focus that need to be addressed in Disaster Recovery and Business Continuity Planning...
- 10 Commandments of Disaster Recovery and Business Continuity 10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
- Top 10 Predictions for Disaster Recovery and Business Continuity 10 Disaster Recovery Business Continuity Predictions for 2013 Disaster Recovery vs Business Resilience There will be a move from an academic discussion to practical...