CIO - Productivity Kit
IT and Internet Job Descriptions
Disaster Recovery Template
IT Service Management Template
Sensitive Information Policy -
Salary Survey - Security Template
The CIO productivity kit Standard edition contains
- 243 job descriptions in MS WORD .docx format
- Current IT Salary Survey for US and Canada (by city) PDF
- IT Infrastructure, Strategy, and Charter Template in MS WORD .docx format
- Disaster Recovery Template which is Sarbanes Oxley compliant in MS WORD .docx format
- Security Template which is Sarbanes Oxley and ISO 27000 compliant in MS WORD .docx format
- IT Service Management Template (Change Management, Help Desk, and Service Requests) in MS WORD .docx format
- Sensitive Information Policy (Protect Credit Card Card and Personal Information) in MS WORD .docx format
The CIO productivity kit Metric edition contains
- Practical Guide for Cloud Outsourcing in MS WORD .docx format
- Metrics for Internet and IT (metric kit) in MS WORD .docx format
- Service Level Policy Agreement Policy Template (metric kit) in MS WORD .docx format
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 239 Internet and IT Position Descriptions are in Word for Windows format (.docx). Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The Service Level Agreement Policy Template is a nine page policy for a single application, It defines specific SLAs and metrics that are both internally and externally focused. The sample contain over 70 possible metrics presented graphically in PDF format.
IT Salary Survey
The Janco Associates, Inc. survey draws on data collected throughout the year (data as of January 2011) by extensive internet-based and completed survey forms sent to businesses throughout the United States and Canada. Our database contains over 85,000 data points.
CIO - CTO - CSO News
Top 10 CIO Staff IssuesJuly 16th, 2014
The top 10 concerns of CIOs in staffing are:
- Retaining existing staff
- Improving employee morale
- Adding new technical skills to staff
- Providing competitive compensation
- Maintaining and improving existing productivity and service levels
- Providing competitive benefits
- Reducing employee burn-out
- Managing organization culture
- Providing viable career path
- Utilizing social networking in the recruiting process
Top 5 Firewall Management Best PracticesJuly 11th, 2014
Top 5 best practices to address some of the most common firewall challenges that lead to misconfigurations or other problems that cause firewalls to fail in their crucial missions.
- Keep the enterprise security policy manager or compliance manager in the loop on firewall changes.
- Clean up unused rules.
- Eliminate conflicting rules.
- Follow a consistent workflow for requesting and implementing firewall changes.
- Get application developers or the dev ops team on the same page with the firewall administrator.
2014 Mid-Year IT Salary Survey Now AvailableJuly 5th, 2014
T Salaries up less than 1%
IT Pros see little improvement in pay according to Janco's Mid-Year 2014 IT Salary Survey
The Mid-Year 2014 Salary Survey, just released by Janco Associates and eJobDescription.com, is not good news for IT Professionals. The survey shows that hiring and salaries has not significantly improved for IT professionals in most North American metropolitan areas.more info
Top 5 issues CIOs need to addressJune 23rd, 2014
Top 5 issues that are causing friction between business users and CIOs are:
- Gaps in customer satisfaction and the perceived value of services
- Excessive bureauacy in dealings with IT by users
- Slowness in adapting and implementing new technology solutions
- Dissatisfaction with chargeback systems that are arbitrary and do not reflect business value
- Inadequate IT support, which decreases productivity and revenue
Business Continuity Disaster Recovery Planning GuideJune 9th, 2014
HandiGuide - Business Continuity Disaster Recovery Planning Guide
Janco's HandiGuide offers a business perspective on what is often mistakenly considered a technological issue.
The most crucial disaster recovery considerations are determined more by business needs than IT requirements. The most important disaster recovery decisions are not about technology, but are about the business demands that drive technology choices.
This document looks at the following topics:
- Assess Your Business Needs
- Disaster Recovery vs Business Continuity
- Compliance Requirements
- Going Beyond Business Impact Analysis
- Review Your Options
- Match Your Service Level Agreements to Your Priority
- Set Your Expectations
- A Dive into Data Replication
- Test Your Plan
Insiders cause over 35% of all data breachesMay 6th, 2014
Research shows that more than 35% of data breaches were perpetrated by an insider, including employees, contractors and trusted business partners. On average, an attack by an insider is likely to cost an average of $412K per incident.
The intentions of these insiders can be sabotage, fraud, intellectual property theft or espionage. However, in many cases, patterns of detectable behavior and network activity emerge that provide indicators of risk, assist in early detection and in speeding up response time of an actual incident.- more infoSecurity Policies - Procedures - Audit Tools
- Security Manual Template (Policies and Procedures) (ISO Compliant)
- Security Manual Template and Audit Program
- Security Manual Template and Disaster Recovery Business Continuity Template Bundle
- Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
- Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
- Payment Card Industry (PCI) Data Security Audit Program
- Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
- Security Audit Program
- Patriot Act Security Bundle
- Compliance with HIPAA Standards
- Compliance with FIPS 199
- Threat and Vulnerability Assessment
- Threat Risk Assessment Extended Service
SEC systems fall short on security according to GAOApril 23rd, 2014
The General Accounting Office (GAO) found significant weakness in both the security and disaster recovery process at the Securities and Exchange Commission (SEC).
Although the SEC had implemented and made progress in strengthening information security controls, weaknesses limited their effectiveness in protecting the confidentiality, integrity, and availability of a key financial system. For this system's network, servers, applications, and databases, weaknesses in several controls were found, including:
- more info
- Access controls: SEC did not consistently protect its system boundary from possible intrusions; identify and authenticate users; authorize access to resources; encrypt sensitive data; audit and monitor actions taken on the commissions networks, systems, and databases; and restrict physical access to sensitive assets.
- Configuration and patch management: SEC did not securely configure the system at its new data center according to its configuration baseline requirements. In addition, it did not consistently apply software patches intended to fix vulnerabilities to servers and databases in a timely manner.
- Segregation of duties: SEC did not adequately segregate its development and production computing environments. For example, development user accounts were active on the systems production servers.
- Contingency and disaster recovery planning: Although SEC had developed contingency and disaster recovery plans, it did not ensure redundancy of a critical server.
Distaster Plans need to consider impact of solar stormsMarch 31st, 2014
The sun emitted what NASA is calling a "significant" solar flare on Saturday that could affect communications systems on Earth on Wednesday.
The National Weather Service's Space Weather Prediction Center is calling the eruption a radio blackout event. The center reported that the solar flare could affect satellites and cause GPS errors. Electrical power lines could be hit by extra current, and high frequency communications could be blocked when the radiation hits Earth.
Solar flares are powerful bursts of radiation, according to NASA, but the harmful radiation from a flare cannot pass through the Earth's atmosphere to physically hurt humans. However, powerful flares can affect the Earth's atmosphere in the layer where GPS and communication signals travel.- more info
Focus of CIOs IT spending will be mobile computing and BYOD in 2014March 23rd, 2014
Spending on cloud and mobile will dominate technology investments for finance departments this year, but while the potential ROI in those areas is huge, so are the risks. By now most companies have adopted some cloud systems, and the good news is the process of implementing these solutions has gotten easier and more predictable. Unfortunately, for some organizations the process still has unexpected but significant complexities.
Mobile is also on track to reach new productivity heights over the next two years, but CFOs still have concerns, particularly about device security management. While some companies have moved forward with BYOD solutions, others are still trying to make buying mobile devices for their employees a more-coordinated effort. Finance chiefs must also grapple with due diligence prior to rolling out a new company-wide plan, as well as regulatory and compliance issues once that plan is in place.
- Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Mobile Device Access and Use Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Travel and Off-Site Meeting Policy (more info...)
IoE Internet of Everything is the next "hot" thingMarch 17th, 2014
The fast pace of technology is changing our notion of the modern organization. As barriers to market entry are falling, customers, employees, and citizens alike are demanding new ways to interact. This trend is moving us into the next wave of Internet evolution known as the "Internet of Everything" (IoE).
Connecting people, data, processes, and things, IoE is creating a digital disruption with great societal value as everything is coming online. Organizations of all types are realizing the benefit of this increased connectedness through operational efficiency and improved customer and citizen experiences. Many organizations are using IoE connections to run - not just monitor - complex operations in manufacturing, healthcare, financial services, utilities, and the public sector to generate and deliver significant value. Is IT ready for this shift?more info