Sarbanes Oxley Compliance Kit
The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Sarbanes-Oxley Section 404 requires that:
- Enterprises have an enterprise wide security policy;
- Enterprises have enterprise wide classification of data for security, risk, and business impact;
- Enterprises have security related standards and procedures;
- Enterprises have formal security based documentation, auditing, and testing in place;
- Enterprise enforce separation of duties; and
- Enterprises have policies and procedures in place for Change Management, Help Desk, Service Requests, and changes to applications, policies, and procedures.
To meet these needs the Sarbanes Oxley Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold, and Platinum) contains:
- Security Policies (all editions);
- Threat & Vulnerability Assessment Tool (all editions);
- Business & IT Impact Questionnaire Risk Assessment Tool (all editions);
- Safety Program Template (all editions);
- Disaster Recovery Template (all editions);
- Outsourcing guide update to reflect what you vendors need to do (all editions);
- Software tool to monitor key data files (all editions);
- Internet and IT Job Descriptions (Silver, Gold, and Platinum Editions) and;
- IT Service Management Template (Platinum Edition).
The Disaster Recovery Plan template (DRP) can be used for any enterprise. DRP Template is sent to you via e-mail in WORD and/or PDF format. Included is a Business Impact Questionnaire as well as a full Job Description for the Disaster Recovery Manager
The plan is 178 pages and includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement. The electronic document includes proven written text and examples for your security plan.
The 220 Internet and IT Position Descriptions are in Word for Windows format. Includes positions from CIO and CTO to Wireless and Metrics Managers. All of the positions in the book have been created to reflect the technology world of today.
The IT Service Management Template contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. ITSM template also contains several easy to implement forms and conforms with ITIL.
The plan is 60 pages and includes everything needed to customize the Safety Program to fit your specific requirement. The Safety was updated in December of 2004 and reflects the latest issues associated with the most recent legislation (Sarbanes Oxley).
Sarbanes-Oxley Issues and News
Anonymous moves from net to physical spaceNovember 6th, 2013
Hundreds of protests around the world sparked up on in what the hacking collective Anonymous called the "Million Mask March." Donning Guy Fawkes masks, the demonstrators' goal was to "defend humanity."
The protests were scheduled for 450 cities and towns worldwide -- from Tampa, Fla., to Amsterdam to Mumbai. According to the group's Facebook page, the demonstrations were meant to help people "remember who your enemies are: billionaires who own banks and corporations who corrupt politicians who enslave the people in injustice."
In Washington, D.C., demonstrators chanted "Obama. Come out. We've got some **** to talk about," according to NBC News. In Chicago, police and protesters exchanged hugs. While in Denver, a handful of arrests were made after it was reported that a building was being vandalized, according to the Denver Post.
In promoting the march, Anonymous said that violence would not be tolerated. The group even published an "advance disclaimer" saying, "Anonymous is a peaceful movement and is not affiliated with the rogue DC Citizen's Action to take the United States President, Congress, and US Supreme Court Justices Hostage."
Despite a few arrests here and there, it appears the protests have stayed relatively peaceful.- more info
SLA is key to transforming IT InfrastructureOctober 29th, 2013
Midmarket organizations are transforming their IT infrastructure to better accommodate the needs of the business. Two major pieces of this transformation are virtualization and cloud computing, which rely heavily on network performance to ensure success. However, in many cases, these organizations lack the tools to properly monitor virtualized environments in order to meet SLAs.
- In many organizations less than 10% of the IT budget is actually spent on initiatives and IT Service Management (ITSM) that bring value to the enterprise.
- It is not a question of how much is invested in computer systems but the effectiveness of the spending and the service levels provided.
- Focusing the ways that IT is measured (Metrics) on an enterprises value drivers improves competitiveness.
- ROI/TCO type measurements should not be used in isolation because they ignore elements such as service levels provided, risk and IT capability.
- IT investment must be measured not only at the inception of initiatives but also throughout the project life cycle and service delivery process.
Delivering quality IT service and measuring IT's performance cost effectively is a difficult and time consuming exercise. Many enterprises believe that they do not have the time, money, or resources to initiate and monitor the necessary processes. However, enterprises cannot determine how much something is worth unless its value can be quantified.- more info
CIO ChallengesOctober 7th, 2013
In the face of rapidly and unpredictably changing technologies, success in IT is driven by leadership and delivery skills that take full advantage of these changes. Big data, cloud, mobility and the consumerization of IT are just current examples of this technological change.
IT has been caricaturized as being slow, expensive, operationally obsessed and rabid-dog opposed to experimentation. The IT mind it is said flees from change, loathes ambiguity, delights in absolutes and insists on .999 certainties. This is wrong! CIOs are uniquely situated to create value in a world defined by uncertainties, business model disruption and frequent Black Swan events.
To thrive in a dynamic industry you must keep learning. Since organizations learn when their teams learn, the real action is in the team. How does a healthcare CIO lead a learning organization and what are the first steps?
Federal healthcare reform laws oblige hospitals, clinics, insurance companies and employers to adopt uncertain business models. And in an industry where the person receiving the service is not the one paying for it, determining a working model for the future is fraught with alligators. Health system executives across the country are taking up the challenge with serious deliberation and urgency.
- more info
Near Field Communications (NFC) vs Touch IDSeptember 11th, 2013
Apple has chosen to implement a unique new fingerprint sensor, the Touch ID, which allows a simple touch of a finger to unlock the phone or to make purchases from the App Store and the iTunes and iBooks retail sites. It's faster than typing a password.
Leaving out near field communication (NFC) technology in the newest iPhone also creates challenges for Google Wallet and Isis, a consortium of wireless carriers that are trying to roll out an NFC mobile payment system nationally.
Apple has once again dismissed the mobile wallet and data-sharing capabilities of NFC technology. Meanwhile, NFC is being used in dozens of new Android phones, such as the Samsung Galaxy S4, and in phones running the BlackBerry and Windows Phone operating systems.
Apple's decision is clearly the result of a long-term competitive strategy based on a projection of how the mobile payments business will evolve. The move serves to benefit Apple most of all, analysts said.
Touch ID will help push purchases to Apple's content stores and the company's decision to use that technology says that Apple has decided that fingers are better than near field radios for ensuring that transactions are secure.
CIO - Planning and ProductivityAugust 26th, 2013
When a CIO or an IT Executive takes over a new job one of the greatest challenges is to quickly validate that the infrastructure that is in place. Would it not be nice to have some tools that could be use to quickly put proven world class policies in place with minimal effort. That is what the CIO IT Infrastructure Policy Bundle does.
CIOs are under more pressure to do more things, do them faster, and do them with less money than ever before. This has made the IT budget process increasingly stressful and often contentious, as demand for IT continues to increase while many IT budgets are held flat (or even decreased).more info
Reading on CIO ChallengesAugust 5th, 2013
- IT Hiring Challenge Number of IT graduates is down IT hiring faces a new challenge as the number of college graduates who have IT degrees is down according to CareerBuilder. Using labor market and...
- Cybersecurity IT Pros are in short supply IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...
- IT hiring CIOs have mixed feelings on Fourteen percent of U.S. chief information officers (CIOs) surveyed recently plan to expand their IT teams in the second quarter of 2013, according to a...
- Top 10 CIO Productivity and Budgeting Issues CIO - Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
- BYOD security issues need to be addressed Seven BYOD security solutions As the use of BYOD increases, security is more of an issue and needs to be revisited frequently. Some of the...
The role of the CIO and CTO is changing as more enterprises more towards a "Value Added" role for the Information Technology function. Those changes are depicted in the detail job descriptions that have been created for all of the functions with IT -- especially for the CIO and CTO. The table below depicts several of those changes.more info
Cost and Security BriefsJuly 25th, 2013
- Internet Costs Are Too High Internet Costs are Too High Open Market Makes US Costs Highest in the World In his new book which covers communication and Internet costs,...
- Disaster Planning Business Continuity Cost of No Plan Cost of no Plan CIO and the organizations they manage need to place a high value on being prepared for disasters of any kind because...
- Anatomy of a Chinese Cyber Attack Cyber Attack How the Chinese do it A Chinese cyber Attack (a Stuxnet-style attack) frequently makes its first entry into a companys secure network...
- Rebalancing Strategies For The Real-Time Enterprise Re-balancing Strategies Converging forces in Mobility, Big Data, Social Media, & Cloud Computing & their disruptive impact to the global IT ecosystem The amount of...
- Security Ethics Collide Security Ethics are a growing concern for many According to a new report by Symantec CIOs need to be concerned about security and ethics, half...
Securing a typical business network and IT infrastructure demands an end-to-end approach with a firm grasp of vulnerabilities and associated protective measures. While such knowledge cannot stop all attempts at network incursion or system attack, it can empower IT professionals to eliminate general problems, greatly reduce potential damages, and quickly detect breaches.
With the ever-increasing number and complexity of attacks, vigilant approaches to security in both large and small enterprises are a must. The Security Manual Template meets that requirement.- more info
Record retention for 50 years -- a requirement?July 9th, 2013
A recent study revealed that 80% of companies say they're required to keep data archived for 50 years. 68% say they're required to for 100 years. Predictions say that by 2015, the total amount of digital information in archives will exceed 300 Exabytes.
All business are required by law to keep confidential client information, as well as employee or company data for a minimum amount of time - in essence they need a Record Management Policy.
There are numerous business records that should be held on to for a minimum of seven years, which can include employee agreements, business loan documentation, litigation records, as well as general expense reports and records including overhead expenses and professional consultation fees.more info
Top 10 CIO ListsJune 2nd, 2013
Top 10 lists for CIOs
- Top 10 CIO Productivity and Budgeting Issues CIO Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
- Top 10 Things a CIO Needs to Add Value Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist? There are many strategies...
- 10 ways a CIO can get ahead 10 Ways a CIO can get promoted The role of the CIO and CTO is changing as more enterprises more towards a Value Added role...
- 10 findings in 2013 IT Salary Survey by Janco 2013 IT Salary Survey Released -10 major findings Janco has just released its 2013 IT Salary Survey and had ten (10) major findings. You can...
- 10 reasons why organizations need a Chief Mobility Officer (CMoO) Chief Mobility Officer (CMoO) business case Here are ten reasons your company needs a chief mobility officer: To deliver mobility solutions for the enterprise to...
Former employee breaches systems - causes damageMay 9th, 2013
A system manager man was arrested for allegedly disrupting his former employer's network after he was passed over for promotions, leading him to quit his job and take revenge. The manager who worked for a company that manufactures high-voltage power supplies, allegedly caused the company over $90,000 in damages.
The specialized in developing and customizing software used by the company to run its business operations. He was one of two employees responsible for ensuring that the software ran smoothly in order to keep production planning, purchasing and inventory control operating efficiently. This role gave the employee high-level access to the company's network.
After being passed over for promotions he allegedly expressed his displeasure and resigned. After his network access was terminated, ex-employee found a way to launch a three-week campaign to cause damage to his former employer after getting unauthorized access to the network.
He allegedly hacked into the company's network, stole former co-workers security credentials, via a program to capture log-in names and passwords. The information was then used to remotely access the company's network using a virtual private network to corrupt the company's network from another location.
- more info
- Fraud is on the rise CIOs need to address fraud issues with better security For the last three years it has been reported that estimated fraud losses that are doubling...
- Cyber war breaks out slows Internet Cyber war pushes need for more security The recent cyber war between Spamhaus and Cyberbunker with commercial Denial of Service Attack (DDoS) pushed the Internet...
- CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found that cyber security tops chief information officers concerns, with 84...
- Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
- Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are not considered spam. Below is a sample of a letter...