CIO - Productivity Kit
IT and Internet Job Descriptions
Disaster Recovery Template
IT Service Management Template
Sensitive Information Policy -
Salary Survey - Security Template
The CIO productivity kit Standard edition contains
- 243 job descriptions in MS WORD .docx format
- Current IT Salary Survey for US and Canada (by city) PDF
- IT Infrastructure, Strategy, and Charter Template in MS WORD .docx format
- Disaster Recovery Template which is Sarbanes Oxley compliant in MS WORD .docx format
- Security Template which is Sarbanes Oxley and ISO 27000 compliant in MS WORD .docx format
- IT Service Management Template (Change Management, Help Desk, and Service Requests) in MS WORD .docx format
- Sensitive Information Policy (Protect Credit Card Card and Personal Information) in MS WORD .docx format
The CIO productivity kit Metric edition contains
- Practical Guide for Cloud Outsourcing in MS WORD .docx format
- Metrics for Internet and IT (metric kit) in MS WORD .docx format
- Service Level Policy Agreement Policy Template (metric kit) in MS WORD .docx format
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 239 Internet and IT Position Descriptions are in Word for Windows format (.docx). Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The Service Level Agreement Policy Template is a nine page policy for a single application, It defines specific SLAs and metrics that are both internally and externally focused. The sample contain over 70 possible metrics presented graphically in PDF format.
IT Salary Survey
The Janco Associates, Inc. survey draws on data collected throughout the year (data as of January 2011) by extensive internet-based and completed survey forms sent to businesses throughout the United States and Canada. Our database contains over 85,000 data points.
CIO - CTO - CSO News
Top 10 issues for CIO in 2014December 9th, 2013
- Continuing to move forward with new technology with increasingly constrained budgets
- Continue to allocate sufficient resources to stay current with the social and portable digital revolution
- Manage the mounting pressure on the enterprises IT infrastructure
- Improve the service levels of the IT function and its applications
- Improve IT technologies performance with business operations as the driving force
- Be a transformation agent with the application of technologies that improve the operational and financial performance of the enterprise
- Continue to stay ahead of increasingly complex compliance requirements
- Implement improved business oriented metrics for the technologies used by the company
- Motivate staff to focus on innovation as a priority
- In concert with executive management be the prime mover in the use and application of new technologies
Should CIOs still be able to code?December 4th, 2013
Some CIO's know how to lead, but don't know how to code. Some coders know how to code, but don't know how to lead. Some ideal hands-on leaders know not only how to lead but also how to code, but other know neither. This is an issue of a mix of leadership and hands-on approach. A mix of macro and micro perspective.
At the same time the role of the CIO and CTO is changing as more enterprises more towards a "Value Added" role for the Information Technology function. Those changes are depicted in the detail job descriptions that have been created for all of the functions with IT -- especially for the CIO and CTO. The table below depicts several of those changes.more info
HIPAA Compliance RequirementsNovember 14th, 2013
All HIPAA Covered Entities must update their policies, procedures, and Notices of Privacy Practices to reflect the changes in individual rights. Under the New HIPAA Security Rule's Meaningful Use measures and the Health Information Technology for Economic and Clinical Health (HITECH) Act, you're required to perform a risk analysis to identify possible security breach areas, and if you don't, you could incur a new $10,000-minimum penalty for "Willful Neglect" of compliance.
The latest HIPAA final rule also clarifies a wide range of issues involving the privacy and security of protected health information (PHI), including the extent of privacy and security obligations of business associates, restrictions on the use of patient contact lists, PHI security standards for mobile devices and social networking, updated notice procedures for unauthorized data breaches and how penalties will be assessed for violations. As Office of Civil Rights continues to gear up to enforce the final rule through audits and investigations, covered entities that use electronic health records (EHRs) will also need to meet new access and disclosure rules and all kinds of business associates will need to establish new compliance programs.- more info
CIOs say infrastructure is the key to VirtualizationNovember 13th, 2013
CIOs report multiple levels of experience with virtualization, ranging from small-scale implementations to enterprise-wide deployments encompassing hundreds of virtual servers and vast quantities of storage.
In Interviews with 121 CIOs Janco Associates has found that infrastructure in many IT organizations is hindering the move to new techologies including disaster recovery, security, BYOD and Cloud based computing.
Jancos says, Infrastructure that is frozen in time makes it difficult to implement new techonlogy in over two thirds of all organizations
Comments by CIOs include:
- more info
- Dramatically improved consolidation ratios: Companies that have virtualized at least 60 percent of their environment achieve a consolidation ratio of 16:1 This is double the ratio achieved by companies with 20 percent or less of their operations virtualized
- Increased comfort level in virtualization of applications: CIOs with greater than 40 percent of their environments virtualized are more confident in virtualizing a far wider range of applications
- More effective use of virtualization tools: Compared to fellow CIOs with higher percentages of virtualized environments, respondents with less than 20 percent of their data center virtualized were for the majority less aware of performance-improving best practices and products such as VMwares vSphere APIs for Array Integration (VAAI) technology
- Rise of hybrid storage systems: To meet storage demands of virtual servers heavily randomized I/O operations, for instance CIOs are predominantly employing a hybrid storage approach for both current and planned implementations
32% of all web sites do not work well on SmartPhones and TabletsOctober 29th, 2013
Janco has found that many websites (32% of those sampled) have not made the move to SmartPhone and Tablets. The primary issues that have not been addressed are:
- Dynamic CSS style sheets are not used
- Images are not scalable
- Pages have too much content and are too busy
- Pages take too long to load
- Fonts are too small
- Fonts are not scalable
- Layouts do not adjust according to device the pages are viewed on
- Images do not have alternative text
- Adobe Flash is used and non function on apple devices - iPad and iPhone
- Menuing systems are not conducive to variable size devices
Many CEOs lack vision, leadership on new computer techOctober 8th, 2013
A majority of CEOs are failing to steer their companies towards effective use of new computer technologies, which precludes their organizations from making major business improvements according to a recent study published in the MIT Sloan Management Review based on as survey of more than 1,500 executives and managers worldwide.
Digital transformation is a required goal for companies, and involves the revamping of business processes through the use of social media, mobile, analytics and embedded devices, according to the report.
The survey also found that almost 80 percent of respondents believe that it will be critical for their companies to go through a digital transformation in the next two years. But 63 percent described the pace of technology change in their companies as "too slow," largely due to complacency.
- 15 percent of the companies at the highest level of technology sophistication. These companies' executives share "a strong vision" for the potential of new technologies, invested in and managed these digital technologies quickly and their companies reap the most rewards.
- 6 percent were ranked as the second tier in the rankings. These companies adopt new technologies aggressively but have trouble coordinating their efforts and fine-tuning their digital-business vision.
- 14 percent are shy and reticent towards new technologies, but their executive has a vision and there's an appropriate tech governance structure in place.
- 66 percent -- fell into the "Beginner" level. They use email and the web, along with enterprise software, but they've kept social media, analytics and other tools at arm's length, due to skepticism and a lack of a sense of urgency.
- more info
Top BYOD and wireless risks that CIOs and IT Managers need to considerOctober 4th, 2013
Top BYOD and Wireless Risks
- Misconfiguration - Every time a device or a new access point is added, there is the risk it may be misconfigured.
- Man in the middle attack - This type of attack is where someone presents BYOD or an SSID (network address) that pretends to be something it isnt, e.g. your company wireless name. The attackers intercept the name and password of users who are logging in, and pass them through, so it isnt obvious what they have done.
- Connection by unauthorized users - Unauthorized users may connect to the network. It may be disgruntled ex-employees; it may be through identity theft or through man-in-the-middle attacks.
- Insertion of malicious code or theft of code via a wireless connection
Access directly onto the trusted network creates vulnerability for data stealing programs, as well as for data destruction programs - particularly by disgruntled individuals and ex staff.
- Data-stealing apps on mobile devices - While Apple isnt immune, the problem of malicious apps is particularly pernicious on Android devices.
- Rogue BYODs or access points - Well-meaning employees (and sometimes less well-meaning) can put up additional BYODs without approval or wireless access points to provide wider coverage, without management permission or awareness, creating security risks.
Almost one half of all jobs in the US will be automated according to a university studySeptember 16th, 2013
A study out of Oxford University has grim news for U.S. workers: up to 45% of all jobs will be automated within the next 20 years. But there is little mention of what needs to be done to provide more opportunity.
owners of the means of production will actually thrive as such a shift takes place. Those who rely on 9-to-5 standard employment arrangements for subsistence are likely to suffer the most in the automation wave. As Reber put it: Full employment is not an objective of businesses. Companies strive to keep labor input and other costs at a minimum.
Those who are entrepreneurially minded, and apply creative solutions using automation and technology, are likely to continue to thrive as economic activity becomes increasingly digitized.
Such opportunities arent limited to putting up ones life savings to launch startups, either. With social media and an abundance of cheap cloud-based resources, there are opportunities for current employees as well as freelancers to forge alliances and fill in gaps that traditional corporations cannot fill. For example, there is demand for contract information brokers, data analysts, financial analysts, and app designers and developers. The pages of SmartPlanet are filled with examples of businesses being launched to bring fresh insights via product design, energy reuse, smartphone repair, floating business incubators, new media, forensic portraiture, and sustainable farming. And these examples are just from the last two or three weeks.- more info
Unmanaged devices and BYOD challenge traditional security policiesSeptember 14th, 2013
Leading organizations have created or are considering BYOD initiatives, which encourage people to bring their personal devices to work in order to increase mobility and productivity. BYOD initiatives also free IT from burdens of device ownership and management while giving people the freedom to choose personal devices such as tablets and smartphones to optimize their productivity. A recent Citrix survey showed that the current average number of devices connecting to the corporate network is 5.18 per knowledge worker -- 4.43 devices across all workers -- and predicted to rise to almost six devices by 2020.
BYOD sounds like an attractive solution until you factor in security. Unmanaged devices represent a threat to enterprise networks, including the
potential for security lapses that expose confidential business information or sensitive data -- not to mention possible damage caused by malicious insiders. For this reason, enterprises have long been wary of allowing anyone, outsiders or employees, to plug unknown devices into their networks. Allowing tablets, smartphones and other unmanaged devices onto the network requires a new way of thinking about security. This includes coming to terms with a shift in the concepts of inside and outside. Many people now connect to enterprise systems over networks that are not under enterprise control, such as those in airports, hotels, coffee shops and at home. With people more mobile than ever, organizations need a new concept of data boundaries that transcends traditional network boundaries. The system must seek to establish trust and verification for all sensitive data access, instead of immediately granting access based on whether IT owns the device or whether it is plugged into an internal network. The best way to protect truly sensitive data while supporting the needs of internal and external users is through a trust-but-verify security model where all devices and users are considered as outsiders. The challenge of this model is to provide a seamless user experience in a cost-effective way
- Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Mobile Device Access and Use Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Travel and Off-Site Meeting Policy (more info...)
Facebook an important componet of Disaster Recovery PlanningSeptember 8th, 2013
Facebook now ranks as the third most popular website in the US With so many people spending so much time on Facebook, public relations professionals are using the site more and more to communicate to the public. Now, researchers at the University of Missouri School of Journalism have found that posting public relations information on Facebook during a time of crisis can improve the overall image of the organization that is experiencing the crisis.
A doctoral candidate in the MU School of Journalism, along with co-author, a professor at Rowan University and former doctoral student at MU, created two fictional universities and gave participants news stories about organizational crises each university was experiencing. After the participants read the news stories, she measured their attitudes about each university and how severe they thought the crisis was. She then showed the participants Facebook posts from the universities main Facebook accounts which gave additional information and messages directly from the universities. Hong then measured the participants attitudes a second time and found that following the Facebook posts, attitudes toward the universities were significantly more positive than before participants read the posts. She also found that participants felt the crises were less severe following the Facebook posts. Hong believes these findings show the positive impact Facebook can make in crisis management efforts.- more info