IT Toolkits - Productivity equals Success

Get Exclusive
White Papers
Follow Us TwitterFollow Us FacebookFollow Us Blog Janco RSS FeedGoogle Plus

CIO, CTO, CSO, IT Service Management, IT Job Description, Sarbanes Oxley, and IT Salary News

CIO - CTO - CSO News

Florida Activates Disaster Recovery Plan

AC failure takes out Florida state computers

A massive air-conditioning failure at a state office complex in Tallahassee shut down government computer traffic statewide and forced emergency managers to begin studying backup plans.

Rising temperatures posed an immediate threat to a $30 million state computer system in the Shared Resource Center, a highly secure, windowless brick complex that serves as the electronic nerve center for much of state government.

Computer traffic from 84 agencies and local governments, including some non-profit groups, flows through it daily.

Temperatures in a 9,276-square-foot room filled with 1,200 computer servers hovered at 90-degrees earlier today. Technicians like to keep the room chilled to 68 degrees and expect the equipment to start failing at 95 degrees.

- more info

New RFID technology could end lost data tapes

(Computerworld) --  Imation Corp. today announced a first-of-its-kind tracking technology that could put an end to the ongoing problem of lost data tapes by using passive radio frequency identification (RFID) tags and Global Positioning System (GPS) tracking systems to remotely locate cartridges, no matter where they are -- stationary or in transit. - more info

ISO 17799, SOX, HIPPA Compliant Disaster Recovery / Business Continuity Template Released

Disaster PlanningThe ISO 17799 compliant Disaster Recovery Planning (Business Continuity) Template is Version 4.2.  The template has increased in size from 140 pages in version 3.1 to 189 pages in the current version. 

New with this version of the Disaster Recovery Planning Template are:

  • Added Section defining the ISO 17799 compliance requirements
  • Reviewed and modified entire DRP/BCP template to ensure compliance with ISO 17799
  • Business & IT Impact Questionnaire updated to meet ISO 17799 compliance requirements
  • Added Best Data Retention and Destruction Practices section
- more info

Protecting your data center

(Computerworld) -- If anyone knows how to protect against power outages caused by extreme weather, it would be Jeff Biggs. The vice president of operations and engineering for Peak 10 Inc., a fast-growing Charlotte, N.C.-based data center operator, Biggs has taken many steps to harden Peak 10s colocation facilities in Florida against the states annual threat of hurricanes.

Like making sure Peak 10s Jacksonville, Fla., data center taps into the city’s underground power lines in two places, in case one substation or line goes down. Or buying a massive, 1,500-kilowatt backup diesel generator for Peak 10’s Tampa Bay data center, along with emergency refueling contracts with two separate suppliers in case of an extended outage.

But Biggs admits that recent storm-related power outages in Denver, Seattle and St. Louis, all of which left parts of those cities dark for a week or longer, would have tested and perhaps overwhelmed Peak 10’s precautions.

An outage that long, oh, my God, it would catch even my fuel suppliers off guard, he said.

The continued growth of the Internet, combined with cheaper PC-based technologies, has led the number of servers worldwide to double since 2000, according to market research company IDC.

Much attention has been paid on how to cut the spiraling costs of powering and cooling these servers. But less thought has been devoted on how to better protect data centers from power outages, now that incidents of turbulent weather caused by global climate change appear to be on the rise.

- more info

ISO 17799 Security Template Released by Janco

The template includes everything needed to customize the Internet and Information Technology Security Manual to fit your specific requirement.  The electronic document includes proven written text and examples for the following major topics / sections for your security plan:
 

  • ISO 17799, Sarbanes-Oxley, Patriot Act, and HIPAA compliance

  • Security Manual Introduction - scope, objectives, general policy, and responsibilities

  • Risk Analysis - objectives, roles, responsibilities, program requirements, and practices program elements

  • Staff Member Roles - policies, responsibilities and practices

  • Physical Security  - area classifications, access controls, and access authority

  • Facility Design, Construction and Operational Considerations - requirements for both central and remote access points

  • Media and Documentation - requirements and responsibilities

  • Data and Software Security - definitions, classification, rights, access control, INTERNET, INTRANET, logging, audit trails, compliance, and violation reporting and follow-up

  • Sensitive Information Policy

  • Network Security - vulnerabilities, exploitation techniques, resource protection, responsibilities, encryption, and contingency planning

  • Internet and Information Technology contingency Planning - responsibilities and documentation requirements

  • Travel and Off-Site Meetings - specifics of what to do and not do to maximize security

  • Insurance - objectives, responsibilities and requirements

  • Outsourced Services - responsibilities for both the enterprise and the service providers

  • Waiver Procedures - process to waive security guidelines and policies,

  • Incident Reporting Procedures - process to follow when security violations occur

  • Access Control Guidelines - responsibilities and how to issue and manage badges / passwords

  • Sample Forms

    • Business and IT Impact Questionnaire

    • Threat & Vulnerability Assessment Tool

    • Security Violation Reporting form

    • Security Audit form

    • Inspection Check List

    • New Employee Security form

    • Security Access Application form

    • Employee Termination Checklist

    • Supervisor's Employee Termination Checklist

    • Sensitive Information Policy Compliance Agreement

- more info

Avoiding Data Migration Delays

(Computerworld) -- As a technical matter, migrating data from an old computer system to a new one should be straightforward. There are common industry practices that can help, such as running field-mapping and conversion scripts, and using extract, transform and load tools. So why does data migration so often turn good IT projects into bad ones, with embarrassing delays that drag on for weeks or months?

Delays are often the result of getting off on the wrong foot - failing to adequately plan the approach to data migration at the outset. The technical issues can be complex, but at least they are  predictable. It is the nontechnical strategy that often causes delays down the road. - more info

Malware writers are making their code harder to track down, remove

(Computerworld) -- Hackers working for criminal gain are using increasingly sophisticated methods to ensure that the malware they develop is hard to detect and remove from infected systems, security researchers warned at this week's Computer Security Institute (CSI) trade show in Orlando.

The most popular of these approaches involve code mutation techniques designed to evade detection by signature-based malware blocking tools; code fragmentation that makes removal harder; and code concealment via rootkits.

Unlike mass-mailing worms such as MS Blaster and SQL Slammer, most of today's malware programs are being designed to stick around undetected for as long as possible on infected systems, said Matthew Williamson, principal researcher at Sana Security Inc.

- more info

U.S. Lacks Cybersecurity Leadership

The U.S. Department of Homeland Security (DHS) has failed to take several basic steps to protect the nations cyber infrastructure, including a year-plus delay in naming an assistant secretary for cybersecurity, lawmakers and other critics said Wednesday.

Lawmakers and representatives of cybersecurity trade groups questioned why the DHS has failed to fill the high-level cybersecurity position after DHS Secretary Michael Chertoff announced plans to create the position in July 2005. The delay in hiring an assistant secretary shows a "lack of cybersecurity leadership" at the DHS, said Rep. John Dingell, a Michigan Democrat, during a congressional hearing. - more info

IT managers fight fatigue, labor shortages and other problems

(Computerworld) -- NEW ORLEANS -- Hurricane Katrina struck one year ago today. Since then, there is much that IT managers interviewed here last week have done to shore up their technology infrastructures and try to ensure that their organizations can continue to operate no matter what roars out of the Gulf of Mexico.

Many have replaced tape archiving with electronic data backup and added redundant voice and data lines or satellite communications systems. Power generation capabilities have been improved, and some companies have even dug wells in an attempt to ensure that they have a reliable water supply. New contracts have been signed with disaster recovery providers.

- more info

Will your documented Disaster Recovery Plan Work?

As an IT professional, you know your IT environment is recoverable, but can you prove it when your boss, auditor or CEO demands documentation and specific confirmation.  The IT Productivity Center has all of the tools that are needed to create a Disaster Recovery Plan that is acceptable by everyone.

- more info

Blog Policy Released

Janco Associates released its Blog and Personal Web Site Policy.    

 

The Blog and Personal Web Site Template includes a detailed Policy statement with specific guidelines for blog and web site participation, security standards, and Blog Policy Compliance Agreement form which all employee’s, contractors, sub-contactors and affiliates should complete.  This template can be purchased on its own and is included it the IT Service Management Template.

 

In a recent AMA survey it was found that only 9 percent have policies governing personal blogging on company time,   7 percent have policies on business blogging and appropriate content, and even fewer (3 percent) retain blog content. The risks faced by enterprises of all sizes include copyright infringement, sexual harassment and trade secret theft — not to mention the drain on employee productivity.

- more info

IT Service Management SOA Policy Template Released by Janco

Janco has just released its IT Service Management SOA Policy Template.  The Service-Oriented Architecture policy template is an 107 page document that contains standards, policies and procedures, metrics and service level agreement for the help desk, change control, service requests, blog / personal web site, and travel and off-site meetings. It also contains a Change Request Form, Business and IT Impact Questionnaire, and an Internet Use Approval Form.  The template is availalable in Microsoft Word format or PDF file. - more info

Fed up with tape, hospital moves to storage jukebox

(COMPUTERWORLD) - When Cabell Huntington Hospital installed a new image and records archiving system late last year, it was given a choice of sticking with its optical disk jukebox and its spinning disk arrays or going back to magnetic tape.

The 300-bed hospital in Huntington, W.Va., chose to stay with its unconventional optical disk format because, as its CIO said, the system saves money and has so far offered great reliability.

- more info

Microsoft joins group key to Open Document Format standards adoption

In a move some say has the potential to stall adoption of the OpenDocument Format as an international standard, Microsoft Corp. has joined a group that takes part in the International Standards Organization (ISO) voting process to standardize ODF.

Microsoft joined the V1 Text Processing: Office and Publishing Systems Interface group within the International Committee for Information Technology Standards (INCITS), a Washington-based organization. The INCITS is involved in recommending what technologies should become ISO standards, and the V1 Text Processing group in particular deals with office document formats.

ODF is overseen by the Organization for the Advancement of Structured Information Standards (OASIS) and is supported by Microsoft rivals IBM and Sun Microsystems Inc., among other companies. They want to see ODF adopted internationally as the standard for office documents and the software that creates and manages these documents, such as Microsoft's popular Office suite and rivals such as Star Office from Sun. The commonwealth of Massachusetts has already put in motion a plan to migrate its documents from proprietary formats to ODF, a process it hopes to implement beginning in January 2007.

- more info

Katrina Proves Wi-Fi Works in Disaster Zones

When Hurricane Katrina hit New Orleans, the only communication system that had not broken down was the wireless mesh network deployed in the downtown area to support surveillance cameras credited with reducing the citys prestorm violent-crime rate.

Today it still performs police duties, but as the lone public communications system left in the city, it also carries VoIP traffic that is the lifeline for many city businesses.

The storm wiped out wireline phone service and cellular networks, and those that it didn't destroy outright couldn't be kept up because the city could not get fuel to the backup generators needed to keep the networks running, Meffert told an audience at a session during Spring VON 2006 this week.

- more info

Disaster Recovery and Business Continuity Template Released

The Disaster Recovery and Business Continuity Template Version 4.0 was just released. It is a MS Word document that can be used as a DRP - BCP template for any enterprise. The template and supporting material have been updated to be Sarbanes-Oxley and HIPAA compliant. The Disaster Planning Template includes:

  • Disaster Recovery Plan and Business Continuity Template
  • Business and IT Impact Analysis Questionnaire
  • Work Plan

New with version 4.0 are:

  • Vendor Disaster Recovery Questionnaire
  • Vendor Phone List Form Updated
  • Key Customer Notification Form
  • Critical Resources to be Retrieved Form
  • Business Continuity Off-Site Materials Form
  • Department Disaster Recovery Planning Workbook

Go to https://www.e-janco.com/drp.htm

- more info

It Pays to Work with a Single Security Vendor

Evolving network threats pose significant risks to your business, and the traditional, band-aid approach of using multiple security software vendors to manage those threats only compounds your risk. The deployment of disparate solutions can actually create vulnerabilities at all points along the network, meaning more work for your already over-burdened IT staff. So, if implementing a patchwork of software solutions through multiple vendors doesn't necessarily equate to better protection, why would you take that chance with your business?
- more info

IT Service Management Policy Template Updated

The IT Productivity Center, a division of Janco Associates, Inc. announced an update to IT Service Management Template. IT Service Management (ITSM) is defined as part of a rapidly accepted standard of best practices known as IT Infrastructure Library (ITIL). The IT Service Management template joins the IT Productivity Center's CIO and IT Productivity series of tools and templates which include their popular Sarbanes Oxley Compliance Resource Kit and Disaster Recovery Plan Template. The ITSM update can be found at http://www.itproductivity.org/itsm.htm

Victor Janulaitis, CEO of Janco and the IT Productivity Center said "IT infrastructure productivity is the core of our firm's practice. We have created a set of tools to improve the productivity and quality of service provided by the IT function. With the IT Service Management Template and our Sarbanes Oxley Compliance Resource Kit enterprises of all sizes can quickly implement best practices." In addition he said. "... the IT Service Management template is now included in the CIO Productivity Bundle." The CIO Productivity Bundle, which is Sarbanes-Oxley compliant can be found at http://www.itproductivity.org/offer_cio.htm.

The IT Service Management Template (http://www.itproductivity.org/itsm.htm) contains policies, standards, procedures and metrics for Change Control, Help Desk and Service Request processing. The ITSM Template also contains the IT Productivity Center's Business and IT Impact Questionnaire, a Change Control Request Form and an Internet Use Approval Form. The template comes as a word document which can be used as a template to create customized procedures for any size enterprise.

The Sarbanes-Oxley Compliance Resource Kit (http://www.itproductivity.org/SOX.htm) which was released in January now has a Platinum Edition which contains the IT Service Management Template.

Janco also announced the activation of its new web site it-toolkits.com. The site provides productivity tools for IT and the Chief Information Officer in particular. Included are Janco's Browser Study, CIO Productivity Kit, Disaster Recovery Template, Security Template, IT Salary Survey, IT Job Descriptions, and Sarbanes-Oxley Compliance Resource Kit.

 - more info

Paid searches ometimes include links to spyware or shady companies

A Google search for "spyware," turns up more than 100 paid results. Searching for "spyware cleaner" on MSN's search engine turns up a paid link that takes the user to Secure Computer's site, where Web users are told that the product is "not available for download or sale until further notice." Secure Computer has admitted that there are problems with Spyware Cleaner, and it pulled the product from the market shortly after being sued last week.

The practice of unsavory spyware advertising is particularly troubling, because it often catches consumers at a vulnerable time, as they desperately look for a way to fix their infected computers.

- more info

Disaster Management Plan for Remote Access

Telecommuting and mobile access can help enterprises cope with emergencies. When disaster strikes, key company locations may go offline or be physically inaccessible. Remote work capability will keep businesses running. - more info