CIO - Productivity Kit
IT and Internet Job Descriptions
Disaster Recovery Template
IT Service Management Template
Sensitive Information Policy -
Salary Survey - Security Template
The CIO productivity kit Standard edition contains
- 243 job descriptions in MS WORD .docx format
- Current IT Salary Survey for US and Canada (by city) PDF
- IT Infrastructure, Strategy, and Charter Template in MS WORD .docx format
- Disaster Recovery Template which is Sarbanes Oxley compliant in MS WORD .docx format
- Security Template which is Sarbanes Oxley and ISO 27000 compliant in MS WORD .docx format
- IT Service Management Template (Change Management, Help Desk, and Service Requests) in MS WORD .docx format
- Sensitive Information Policy (Protect Credit Card Card and Personal Information) in MS WORD .docx format
The CIO productivity kit Metric edition contains
- Practical Guide for Cloud Outsourcing in MS WORD .docx format
- Metrics for Internet and IT (metric kit) in MS WORD .docx format
- Service Level Policy Agreement Policy Template (metric kit) in MS WORD .docx format
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 239 Internet and IT Position Descriptions are in Word for Windows format (.docx). Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The Service Level Agreement Policy Template is a nine page policy for a single application, It defines specific SLAs and metrics that are both internally and externally focused. The sample contain over 70 possible metrics presented graphically in PDF format.
IT Salary Survey
The Janco Associates, Inc. survey draws on data collected throughout the year (data as of January 2011) by extensive internet-based and completed survey forms sent to businesses throughout the United States and Canada. Our database contains over 85,000 data points.
CIO - CTO - CSO News
Many data breaches take over 1 year to fix after the first intrusionJuly 28th, 2014
Security Audit Program
ISO 28000, 27001, & ISO 27002 / HIPAA / SOX PCI-DSS Compliant
Severs and coprorate data are breached on a daily basis. While this is happening most companies are unaware that their propritary information is being stolen. Janco has found that over 90% of cybercrime victims find out about the compromise only after a 3rd party notifies them. Then after a cybercriminal gains access to an enterprise's network it takes an average 416 days to detect the intrusion.more info
Policies are critical for mobile computingJuly 25th, 2014
Telecommuting, BYOD, and other mobile technologies have revolutionized the way millions of people do their jobs. Employees now have the flexibility to work anytime from anywhere. For enterprises, the increase in employee productivity does often translate into faster response time, more revenue and higher margins.
Mobility Policy Bundle(more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
- BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
- Mobile Device Access and Use Policy (more info...)
- Record Management, Retention, and Destruction Policy (more info...)
- Social Networking Policy (more info...) Includes electronic form
- Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
- Travel and Off-Site Meeting Policy (more info...)
Top 10 CIO Staff IssuesJuly 16th, 2014
The top 10 concerns of CIOs in staffing are:
- Retaining existing staff
- Improving employee morale
- Adding new technical skills to staff
- Providing competitive compensation
- Maintaining and improving existing productivity and service levels
- Providing competitive benefits
- Reducing employee burn-out
- Managing organization culture
- Providing viable career path
- Utilizing social networking in the recruiting process
Top 5 Firewall Management Best PracticesJuly 11th, 2014
Top 5 best practices to address some of the most common firewall challenges that lead to misconfigurations or other problems that cause firewalls to fail in their crucial missions.
- Keep the enterprise security policy manager or compliance manager in the loop on firewall changes.
- Clean up unused rules.
- Eliminate conflicting rules.
- Follow a consistent workflow for requesting and implementing firewall changes.
- Get application developers or the dev ops team on the same page with the firewall administrator.
2014 Mid-Year IT Salary Survey Now AvailableJuly 5th, 2014
T Salaries up less than 1%
IT Pros see little improvement in pay according to Janco's Mid-Year 2014 IT Salary Survey
The Mid-Year 2014 Salary Survey, just released by Janco Associates and eJobDescription.com, is not good news for IT Professionals. The survey shows that hiring and salaries has not significantly improved for IT professionals in most North American metropolitan areas.more info
Top 5 issues CIOs need to addressJune 23rd, 2014
Top 5 issues that are causing friction between business users and CIOs are:
- Gaps in customer satisfaction and the perceived value of services
- Excessive bureauacy in dealings with IT by users
- Slowness in adapting and implementing new technology solutions
- Dissatisfaction with chargeback systems that are arbitrary and do not reflect business value
- Inadequate IT support, which decreases productivity and revenue
Business Continuity Disaster Recovery Planning GuideJune 9th, 2014
HandiGuide - Business Continuity Disaster Recovery Planning Guide
Janco's HandiGuide offers a business perspective on what is often mistakenly considered a technological issue.
The most crucial disaster recovery considerations are determined more by business needs than IT requirements. The most important disaster recovery decisions are not about technology, but are about the business demands that drive technology choices.
This document looks at the following topics:
- Assess Your Business Needs
- Disaster Recovery vs Business Continuity
- Compliance Requirements
- Going Beyond Business Impact Analysis
- Review Your Options
- Match Your Service Level Agreements to Your Priority
- Set Your Expectations
- A Dive into Data Replication
- Test Your Plan
Insiders cause over 35% of all data breachesMay 6th, 2014
Research shows that more than 35% of data breaches were perpetrated by an insider, including employees, contractors and trusted business partners. On average, an attack by an insider is likely to cost an average of $412K per incident.
The intentions of these insiders can be sabotage, fraud, intellectual property theft or espionage. However, in many cases, patterns of detectable behavior and network activity emerge that provide indicators of risk, assist in early detection and in speeding up response time of an actual incident.- more infoSecurity Policies - Procedures - Audit Tools
- Security Manual Template (Policies and Procedures) (ISO Compliant)
- Security Manual Template and Audit Program
- Security Manual Template and Disaster Recovery Business Continuity Template Bundle
- Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
- Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
- Payment Card Industry (PCI) Data Security Audit Program
- Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
- Security Audit Program
- Patriot Act Security Bundle
- Compliance with HIPAA Standards
- Compliance with FIPS 199
- Threat and Vulnerability Assessment
- Threat Risk Assessment Extended Service
SEC systems fall short on security according to GAOApril 23rd, 2014
The General Accounting Office (GAO) found significant weakness in both the security and disaster recovery process at the Securities and Exchange Commission (SEC).
Although the SEC had implemented and made progress in strengthening information security controls, weaknesses limited their effectiveness in protecting the confidentiality, integrity, and availability of a key financial system. For this system's network, servers, applications, and databases, weaknesses in several controls were found, including:
- more info
- Access controls: SEC did not consistently protect its system boundary from possible intrusions; identify and authenticate users; authorize access to resources; encrypt sensitive data; audit and monitor actions taken on the commissions networks, systems, and databases; and restrict physical access to sensitive assets.
- Configuration and patch management: SEC did not securely configure the system at its new data center according to its configuration baseline requirements. In addition, it did not consistently apply software patches intended to fix vulnerabilities to servers and databases in a timely manner.
- Segregation of duties: SEC did not adequately segregate its development and production computing environments. For example, development user accounts were active on the systems production servers.
- Contingency and disaster recovery planning: Although SEC had developed contingency and disaster recovery plans, it did not ensure redundancy of a critical server.
Distaster Plans need to consider impact of solar stormsMarch 31st, 2014
The sun emitted what NASA is calling a "significant" solar flare on Saturday that could affect communications systems on Earth on Wednesday.
The National Weather Service's Space Weather Prediction Center is calling the eruption a radio blackout event. The center reported that the solar flare could affect satellites and cause GPS errors. Electrical power lines could be hit by extra current, and high frequency communications could be blocked when the radiation hits Earth.
Solar flares are powerful bursts of radiation, according to NASA, but the harmful radiation from a flare cannot pass through the Earth's atmosphere to physically hurt humans. However, powerful flares can affect the Earth's atmosphere in the layer where GPS and communication signals travel.- more info