CIO - Productivity Kit
IT and Internet Job Descriptions
Disaster Recovery Template
IT Service Management Template
Sensitive Information Policy -
Salary Survey - Security Template
The CIO productivity kit Standard edition contains
- 243 job descriptions in MS WORD .docx format
- Current IT Salary Survey for US and Canada (by city) PDF
- IT Infrastructure, Strategy, and Charter Template in MS WORD .docx format
- Disaster Recovery Template which is Sarbanes Oxley compliant in MS WORD .docx format
- Security Template which is Sarbanes Oxley and ISO 27000 compliant in MS WORD .docx format
- IT Service Management Template (Change Management, Help Desk, and Service Requests) in MS WORD .docx format
- Sensitive Information Policy (Protect Credit Card Card and Personal Information) in MS WORD .docx format
The CIO productivity kit Metric edition contains
- Practical Guide for Cloud Outsourcing in MS WORD .docx format
- Metrics for Internet and IT (metric kit) in MS WORD .docx format
- Service Level Policy Agreement Policy Template (metric kit) in MS WORD .docx format
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 239 Internet and IT Position Descriptions are in Word for Windows format (.docx). Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The Service Level Agreement Policy Template is a nine page policy for a single application, It defines specific SLAs and metrics that are both internally and externally focused. The sample contain over 70 possible metrics presented graphically in PDF format.
IT Salary Survey
The Janco Associates, Inc. survey draws on data collected throughout the year (data as of January 2011) by extensive internet-based and completed survey forms sent to businesses throughout the United States and Canada. Our database contains over 85,000 data points.
CIO - CTO - CSO News
Mid-Year 2015 IT Salary Survey Released by JancoJune 22nd, 2015
Mid-Year 2015 IT Salary Survey Released by Janco
2015 Mid-Year Salary Survey Janco Associates, Inc. has just released its 2015 mid-year salary survey. To read about the salary survey go to http://www.e-janco.com/salary.htm.
IT Median Salaries Mid-Year 2014 vs. Mid-Year 2015
Preliminary observations from mid-year IT Salary Survey are publishedJune 10th, 2015
Preliminary observations from mid-year IT Salary Survey are published
Staff and staff retention concerns have emerged as the most pressing issue for CIOs according to Janco's latest survey.
In the mid-year 2015 IT Salary Survey by Janco has found that finding qualified staff or retaining qualified staff now are a the top concern for CIO.
Recruitment is a key issue today and was not during the recession as firms focused more on cost reduction. What Janco is seeing now is a return to a growth environment, which creates new opportunities and challenges for firms.
Succession planning is a concern for every size of firm. That is both for the CIO and his/her direct reports so that a plan in place for key players if they leave.more info
IRS breach of 100,000 plus due to outdated software and poor infrastructureJune 2nd, 2015
IRS breach of 100,000 plus due to outdated software and poor infrastructure
Breach of 100,000 plus individuals was due to the fact that the IRS was running Microsoft software that is over 12 years old and no longer supported by Microsoft. If a private company did the same the CIO and CEO both could be exposed to violations of mandated security requirements.
Not long ago, patch management was barely a blip on the radar screens of most security and IT personnel. 'Install and forget' was a fairly common practice; once deployed, many systems were infrequently or never updated. Obviously, for a number of reasons, this approach is no longer an option.
The rise of widespread worms and malicious code targeting known vulnerabilities on unpatched systems, and the resultant downtime and expense they bring, is probably the biggest reason so many organizations are focusing on patch management. Along with these threats, increasing concern around governance and regulatory compliance (e.g. HIPAA, Sarbanes-Oxley) has pushed enterprises to gain better control and oversight of their information assets. Add in increasingly interconnected partners and customers and the rise of broadband connections and remote workers with BYOD and company issued devices, and you have the perfect storm that has thrust patch management to the forefront of many organizations' list of security priorities.
- more info
2/3rds of CIO and key IT Pros have altered their vactation plans due to workMay 30th, 2015
CIO and key IT Pros are letting work to get in the way of vacations.
Two-thirds (66.9%) of the more than 143 CIO and key IT Pros surveyed online earlier this month said they had postponed or canceled vacation plans in the past year due to demands at work. While 92% said they planned to take at least some days off this year, 48% did not expect to use all of their available vacation days.
Today's CIOs and key IT Pros are under constant pressure to drive growth, hit deadlines, and deliver on the expectations of various business units. The irony is that individuals who take time off are more productive, have higher morale, and are less likely to make critical mistakes.
Most of the individuals said that they had "too much work to do" or an "increased workload once they returned from vacation" as the primary reason why they did not take a vacation. For those who did take some days off, over 80% still connected with work via email or other forms of electronic communication.
Chief Information Officer - Chief Technology Officer
The chief information officer's (CIO) role, responsibilities and influence is growing in today's boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges.- more info
What is the role of the CIO and the IT function in the futureMay 26th, 2015
The role of the CIO and IT in the future is a rapid proactive force joined at the hip with the General Manager to make consistently high-quality business decisions through analytical expertise that produces decision-relevant information.
The CIO role is one that requires multi and cross-functional skills sets to lead and manage change using project management enablers. It is a problem-solving function and is visible throughout the organization, a strong can-do attitude with a balance of being the conscience of the company.
The IT applications have moved away from transaction processing and month-end backward-looking close processes. Instead strategic information processing is used as a tool to improve and grow the business, while managing risk and controls.
Chief Information Officer - Chief Technology Officer
- more info
10 actions that a CIO or CSO can take to protect data assetsMay 7th, 2015
10 actions that a CIO or CSO can take to protect data assets:
- Instill on all employees that they are the first line of defense when it comes to data protection and data security.
- Develop and implement specific policies and procedures regarding the handling of proprietary or sensitive information.
- Validate that the policies and procedures meet all industry and mandate compliance requirements.
- Improve training and require all employees to take.
- Maintain a tight control on all data assets and ensure only the minimum necessary access to the information.
- Require all passwords be changed frequently and not be repeated.
- Communicate, enforce and apply consistent sanctions for information privacy or security violations.
- Monitor employee activity both on PCs and mobile devices.
- Ensure adequate oversight or governance of information security programs.
- Have independent 3rd parties test the data protection and data security compliance practices
Policy and Procedure Manual
Compliance Management Made Easy
ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant
Supports Meaningful Use Compliant Stage Implementation
Includes PCI DSS Audit Program PLUS 24 Electronic Forms that are ready to usemore info
CIO Management and best practices are defined on the Janco blogApril 27th, 2015
CIO concerns are constantly changing but the solutions are always centered around three factors: technology, infrastructure and people
Current CIO Articles and posting on the Janco blog (blog.e-janco.com)
- more info
- Top 10 CIO concerns Top 10 CIO concerns for the New Year Top 10 CIO concerns Janco Associates has just completed an informal survey of 75 CIOs and...
- Top 10 steps to an effective IT organization Top 10 rules of the road for CIOs when creating IT organizations Top 10 rules of the road for CIOs as they build a modern...
- Mobilizing Smartphones is a Challenge Mobilizing Smartphones is a very difficult job according to CIOs Mobilizing applications for employees to use on their Smartphones sure sounds like a fun idea....
- Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
- Top 10 indicators that you are about to be fired Top 10 indicators that you are about to be fired Circumstance often make CIO and It Managers oblivious to the clues they are about to be...
A trick to improve security to software idenitiedApril 24th, 2015
A trick to improve security to software idenitied
A good way to make software more secure is to implement revisions so frequent that attackers dont have time to figure out where the vulnerabilities are before the potential attack surface has morphed to something else.
Also, network defenders need to take advantage of the honeymoon effect, where new software goes unmolested for a period after it is issued while adversaries analyze it for flaws. With frequent revisions, software is never in place long enough to fall prey to exploits and old exploits are less likely to have an impact.
Security Policies - Procedures - Audit Tools
- more info
- Security Manual Template (Policies and Procedures) (ISO Compliant)
- Security Manual Template and Audit Program
- Security Manual Template and Disaster Recovery Business Continuity Template Bundle
- Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
- Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
- Payment Card Industry (PCI) Data Security Audit Program
- Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
- Security Audit Program
- Patriot Act Security Bundle
- Compliance with HIPAA Standards
- Compliance with FIPS 199
- Threat and Vulnerability Assessment
- Threat Risk Assessment Extended Service
Proposed legislation will weaken data security and breach notification lawsApril 16th, 2015
Proposed legislation will weaken data security and breach notification laws
The Data Security and Breach Notification Act, approved by the House Energy and Commerce Committee, would pre-empt stronger breach notification laws in several states and would eliminate data protections of telecom account records.
The bill is weaker than the data security and breach notification standards that consumers currently enjoy under stronger state laws and existing federal law.
The legislation would require businesses across the U.S. to notify affected customers after a data breach is headed toward a vote on the floor of the House of Representatives even though the bill will actually weaken protections for consumers.more info
Many data breaches take over 1 year to fix after the first intrusionApril 14th, 2015
Security Audit Program
ISO 28000, 27001, & ISO 27002 / HIPAA / SOX PCI-DSS Compliant
Severs and coprorate data are breached on a daily basis. While this is happening most companies are unaware that their propritary information is being stolen. Janco has found that over 90% of cybercrime victims find out about the compromise only after a 3rd party notifies them. Then after a cybercriminal gains access to an enterprise's network it takes an average 416 days to detect the intrusion.more info