XML Feeds

CTO Toolkits.com
e-janco.com
IT Productivity.org
IT-Toolkits.com
ejobdescription.com
psrinc.com
psrorders.com
newsgroupworld.com
ntcity.com
disaster-planning-template.com
disaster-recovey-planning.org
disaster-recovery-planning.com
disaster-recovey-planning-template.com

IT Job Descriptions

Disaster Recovery Business Continuity

Security Manual Template Policies & Procedures

IT Salary Survey

IT Hiring Kit

The IT Salary Survey draws on data collected throughout the year by extensive interviews, internet-based survey data, and survey forms completed by businesses throughout the United States and Canada.

IT Job Descriptions - IT Salary Data XML Feeds

Janco IT Productivity Center ejobdescription IT-Toolkits

CIO - Job Description - Salary - IT - News

Disaster Plan - Yes or No

In many businesses, disaster recovery plans (DRPs) are often inadequate or outdated and in small to mid-sized businesses the situation is even worse: only a relatively small percentage have any form of plan. Why do so many businesses have such a lackadaisical approach to disaster recovery planning? Probably because it is a long and complicated process that ties up key personnel, can be costly to produce, and will change over time so it has a limited shelf life. And why spend time producing a document that may well never be needed? But any business that does not create a DRP is gambling that disasters will not strike and gambling with the livelihood of its employees and with the investments of shareholders and stakeholders.

Gartner, a leading research and advisory company, 40% of businesses that encounter a disaster close their doors within the following five years. For the 60% that do survive, the expenses that result from a loss of continuity can be significant.

According to Janco Associates, an International Disaster Recovery - Business Continuity consultancy the most common form of enterprise wide disaster is related to power outages. Janco has found that in disaster recovery and business continuity cases it has reviewed the following is true:

Over one third companies take more than a day to recover from a major power outage caused by events like hurricanes and extensive disasters.
Over eleven percent of companies take more than a week to recover from these events.
The typical time to reconfigure a network that has not been planned for can take up to 72 hours - if the resources are available.
Data that is lost (not backup up electronically) can take weeks to re-enter if there is paper trail and if there is none the data can be lost forever.
Over 85 percent of companies that experience a computer disaster and do not have a Disaster Recovery - Business Continuity Plan go out of business within 18 months.

Scope of Disaster Planning is expanding as world events escalate

Disaster Planning scope continues to expand. The volcanic ash air travel crisis caught many by surprise but in hindsight it was a predictable outcome of an event which was almost inevitable. What other such outliers are there? Continuity Central believes that using the huge experience of our global readership of business continuity managers many of these can be identified in advance.

If you add terroist attacks at infrastructure that can cause widespread environmental damage like the oil rig explosion in the gulf, the events to be considered are almost infinate.

A Yellowstone eruption, which would be a super volcand, would make the ash problems from the Icelandic volcano look like a minor event. It would impact the entire US except Calfinoria. According to the Yellowstone Volcano Observatory the last supervolcanic eruption occurred 74,000 years ago at the Toba Caldera in Sumatra, Indonesia. Other known supervolcanoes around the world, include Long Valley in eastern California, Toba in Indonesia, and Taupo in New Zealand. In addition other potential supervolcanoes include large caldera volcanoes of Japan, Indonesia, and South America.

Touch screens are a security risk according to U of Penn

A University of Pennsylvania researcher presented a paper at the Usenix conference analyzing "Smudge Attacks on Smartphone Touch Screens."

Based on his results, "the practice of entering sensitive information via touchscreens needs careful analysis," said the researchers. "The Android password pattern, in particular, should be strengthened." But they cautioned that any touchscreen device, including ATMs, voting machines, and PIN entry devices in retail stores, could be susceptible to smudge attacks.

Touchscreens, of course, are an increasingly common feature of mobile computing devices. According to one market research firm, 363 million touchscreen mobile devices will be sold in 2010, an increase of 97% over last year's sales. But are passwords entered via touchscreens secure?

The key elements of business continuity management defined

Writing and testing a disaster recovery plan is one of the key elements of business continuity management. Traditionally business continuity and disaster recovery (DR) planning have always been separated between the business and the information technology department. It has long been recognised that this divide creates more problems than it solves, after all most businesses could not continue to operate successfully if their IT services were unavailable for a period of time, depending on the nature of your business this may well range from a few hours to several days. The recent launch of BS25999 has established a business continuity management (BCM) standard which intrinsically links BCM, incident management, and IT DR. Essentially the key message is to have true business continuity you must also have strong IT DR capability.

A disaster recovery plan should interface with the overall business continuity management plan, be clear and concise, focus on the key activities required to recover the critical IT services, be tested reviewed and updated on a regular basis, have an owner, and enable the recovery objectives to be met.

External Drives are a security risk

The Department of the Navy's CIO Privacy Office was notified on July 27 that a Naval headquarters office had been burglarized, and that the thieves had stolen at least 10 laptops and nine external hard drives. In the initial reporty by the Privacy Office said that one laptop contained a file with passwords and user names; personal financial data including bank accounts, investment accounts, and credit card information; a personal contact list with cell phone numbers, addresses, and birth dates; "government only" contract information; discrimination and hostile work environment correspondence; and other sensitive information.

Upon investigation, the Navy found that the laptop contained "high risk" personally identifiable information on only eight people. And the external hard drives were either still in their boxes or encrypted when taken.

The incident emphasizes the importance of security policies and continued vigilance over insider threats, according to Navy department of the CIO privacy team lead who disclosed the breach in a blog post on the Navy CIO's Web site.

"External hard drives are becoming as vulnerable as thumb drives," Muck wrote. "A best practice should be to physically secure them at the end of each work day."

The Navy Privacy Offices advised employees to never store personally identifiable information or unencrypted user names and passwords on government computers. And he reminded of the importance of inventory control policies.

What Does Disaster Recovery and Business Continuity Mean

The IT industry continues to add emphasis and focus to Disaster Recovery and Business Continuity Planning. While the concept has been around for many years, Disaster Recovery has a different connotation today. As business technology and software applications have advanced, Disaster Recovery has come to mean more than simply the ability to get your systems back online after a power outage. Companies are now expected to recover from unforeseen disasters, and retrieve contracts, memos, invoices, signatures and all other critical documents with minimal interruption.

There is little doubt of the importance of an effective backup plan if a natural or man-made disaster destroys your business records. Many companies, however, still have yet to implement a Disaster Recovery plan, believing that the chance of it happening to them is too slim.

The reality is that an organization may declare a disaster for a number of reasons, including:

Extreme weather conditions
Prolonged power or communications failure
Robbery or other criminal activity
Civil unrest
Terrorist acts

End of life for XP will increase security risk

Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP Service Pack 2 (SP2), a report published today claimed.

According to Toronto, Canada-based technology provider, 77 percent of the organizations it surveyed are running Windows XP SP2 on 10 percent or more of their PCs. Nearly 46 percent of the 280,000 business computers they analyzed rely on the aged operating system.

Remote Branch Offices are a Disaster Recovery Business Continuity Risk

Distributed data at remote and branch offices (ROBOs) continues to grow substantially year after year. Leaving this data unprotected or inadequately protected poses, serious business risks for organizations. Protection approaches require careful consideration as factors such as technical complexity, capital and operational costs, and expertise of personnel must be taken into account.

Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.

Necessary Steps in Developing a Disaster Recovery Business Continuity Plan That Works

The process of developing a disater recovery & buisness conintuity plan requires that you:

Provide management with a comprehensive understanding of the total effort required to develop and maintain an effective recovery plan;
Obtain commitment from appropriate management to support and participate in the effort;
Define recovery requirements from the perspective of business functions;
Document the impact of an extended loss to operations and key business functions;
Focus appropriately on disaster prevention and impact minimization, as well as orderly recovery;
Select project teams that ensure the proper balance required for plan development;
Develope a contingency plan that is understandable, easy to use and easy to maintain; and
Define how contingency planning considerations must be integrated into ongoing business planning and system development processes in order for the plan to remain viable over time.

Apple a monopolist?

Apple is acting like a monopolist with its effort to promote HTML5 as the future and to cast Adobe Flash as the past, Apple on Friday launched a new series of Web pages called "HTML5 Showcase."

HTML5 is the emerging standard for next generation of Web pages and applications. It remains a draft specification and isn't expected to be finalized for years.

Apple has been promoting HTML5 as an alternative to Flash, which company CEO Steve Jobs has spent the past few months deriding as slow, power-hungry, insecure, ill-suited for touch-based devices, and deleterious to the progress of the iPhone OS platform.

Apple's crusade against Flash continues in its HTML5 Showcase with its observation that HTML5, as a standard, isn't an add-on to the Web (like Flash).

Post Disaster Assessment - Questions to Ask

After the disaster occurs what are the questions that need to be asked to assess the impact of a disaster on a business from both a financial and physical (infrastructure) perspective:

How many/much of the organization's resources could be lost?
What are the total costs?
What efforts are required to rebuild?
How long will it take to recover?
What is the impact on the overall organization?
How are customers affected, what is the impact on them?
How much will it affect the share price and market confidence?

Downtime is costly

The average midsize company (defined as one with 100 to 1,000 employees) experiences 16 to 20 hours per year of downtime due to network, system, application and operational issues. That works out to about 1.5 hours a month. It has been found that revenue losses per hour for some midsize companies averages $70,000 (or on average more than $100,000 in total).

This business risk strategy guide is designed to help midsize businesses identify and mitigate those risks, thus reducing those costs. Infrastructure is a key componet to a solution.

DRP - Business Continuity Template Update Service Is A Must

The Disaster Recovery / Business Continuity Template version 5.4 has just been released. Janco contiues to update its templates to meet the ever changing requirements of the business environment.

Janco provides and update service for all of its templates which guarantees its clients have the all of the information they need to meet mandated requirements.

With this new version a fully indexed PDF copy of the template is now provided in addition to the two versions of WORD (2003 and 2007).

The updates to the template included:

Added Pandemic Coordinator job description
Added Business Pandemic Planning Checklist
Updated organization chart to include Pandemic Coordinator
Updated backup and backup retention section
Updated style sheet to be CSS Style sheet format
Added Disaster Recovery Business Continuity General Distribution Information
- What to do after an explosion / terrorist attack
- How to clean up after a disaster
Defined generic metrics for DR/BC success
Business & IT Impact Analysis Questionnaire Updated
Updated references to DRP card
Updated formatting to meet WORD 2007 requirements

The version history for updates to template can be seen at http://www.e-janco.com/drpversion.htm and the full Table of Contents with sample pages can be downloaded at http://www.e-janco.com/Register_drp.asp .

Feds fall short on necessary desktop security

A General Accountability Office (GAO) report found federal agencies have not fully adopted secure desktop configuration standards mandated by the Office of Management and Budget (OMB) three years ago, leaving desktops less secure than they ought to be, .

Federal agencies have taken some steps to implement the goals of the Federal Desktop Core Configuration (FDCC), which are to improve overall security and reduce IT operating costs across the federal government.
None, however, have fully implemented all the configuration settings on applicable PCs, citing a number of challenges to doing so, according to the report, published last month.

The FDCC was established by the OMB in 2007 to provide a baseline for security across federal workstations. The OMB based the FDCC on settings developed by the Air Force in partnership with the National Security Agency, Defense Information Systems Agency, the National Institute of Standards and Technology (NIST) and representatives from the Army, Navy, and Marines.

To become compliant with FDCC, agencies were supposed to first submit an implementation plan, and then configure Windows XP and Vista PCs according to the common security settings required by the initiative by February 2008.

They also were required to document any changes from the OMB's recommended settings and have them approved by an accrediting authority; acquire a specified NIST-validated tool for monitoring implementation of the settings; ensure that future IT acquisitions comply with the configuration settings; and submit a status report to NIST.

Internal security threats

Several studies have show that 78 percent of data breaches come from authorized insiders of an organization. Loss of proprietary information and intellectual property can trigger fines, litigation, brand damage, and bad press. Enterprises have deployed protective measures - such as VPNs, firewalls, and network monitors - to provide audit trails and prevent unauthorized external access to proprietary information. However, these solutions dont address the rising threat from internal users. Because they have access to data assets, insiders are a major channel for information leaks, whether through deliberate policy breaches or accidental data loss (such as losing a mobile device containing personal records).

To protect sensitive data, enterprises need an effective data loss prevention (DLP) solution that monitors potential information loss at the point of use. However, the explosion of messaging systems, wireless networking, and USB storage devices has made the protection of critical enterprise data difficult. As a result, enterprises are experiencing an increase in the loss or theft of data assets by employees or contractors who accidentally or maliciously leak data.

IT Manager are now younger than most IT professionals

The average age of the workforce continues to drop. At no time is this more evident than when you ask older workers what it is like to be managed by younger bosses. A CareerBuilder report that polled 5,200 workers found 43 percent of workers who are 35 or older work under younger managers.

As you go up the spectrum of age brackets, the numbers consistently rise: 53 percent of workers 45 and older have younger bosses; as do 69 percent in the 55-or-over age bracket.

"As companies emerge from this recession, it is important for employees to work together and move the business forward, regardless of their age," said a vice president of Human Resources. "With so many different age groups present, challenges can arise. Younger and older workers both need to recognize the value that each group brings to the table."

Part of the reason is the evolution of the workforce, but also the sheer size of the baby-boom generation. A 2007 Bureau of Labor Statistics study found that between 2000 and 2005, the number of workers over 55 increased 30 percent. In that same time period, younger workers between 25 and 54 increased only 1 percent.

Evolving data threats - CIOs and enterprises adapt

Businesses adapt to increased mobility and expanded connectivity: Evolving data threats

Mobile computing and global networking cast a new light on data security issues as, in response, organizations reassess the technologies in use within their IT infrastructures and reconsider the ways in which staff members, customers and partners communicate. Solutions that do not provide the appropriate balance between protection and usability must be discarded in favor of solutions that effectively minimize risks of data theft or loss achieve compliance with existing regulations and equip personnel with tools that help them work productively and securely.

The facts are that business processes today rely on vastly different methods of data storage and data exchange than even a few years ago. These changes in the computing landscape make it essential that companies adopt a very different approach to security. According to the a research report by a leading IT think tank, 90% of organizations say that data security is "important" or "very important" and would get high priority in 2009.

Big Brother gets closer

The Obama administration has argued that warrantless tracking is permitted because Americans enjoy no "reasonable expectation of privacy" in their--or at least their cell phones'--whereabouts. U.S. Department of Justice lawyers say that "a customer's Fourth Amendment rights are not violated when the phone company reveals to the government its own records" that show where a mobile device placed and received calls.

Those claims have alarmed the ACLU and other civil liberties groups, which have opposed the Justice Department's request and plan to tell the U.S. Third Circuit Court of Appeals in Philadelphia that Americans' privacy deserves more protection and judicial oversight than what the administration has proposed.

Not long ago, the concept of tracking cell phones would have been the stuff of spy movies. In 1998's "Enemy of the State," Gene Hackman warned that the National Security Agency has "been in bed with the entire telecommunications industry since the '40s--they've infected everything." After a decade of appearances in "24" and "Live Free or Die Hard," location-tracking has become such a trope that it was satirized in a scene with Seth Rogen from "Pineapple Express" (2008).

Once a Hollywood plot, now 'commonplace' - Whether state and federal police have been paying attention to Hollywood, or whether it was the other way around, cell phone tracking has become a regular feature in criminal investigations. It comes in two forms: police obtaining retrospective data kept by mobile providers for their own billing purposes that may not be very detailed, or prospective data that reveals the minute-by-minute location of a handset or mobile device.

Security concerns drive FBI to set new mandades on ISPs

Security conserns are making the FBI press Internet service providers to record which Web sites customers visit and retain those logs for two years. This requirement could help it in investigations of child pornography and other serious crimes according to senior FBI investigators.

FBI Director supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. A survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. An Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting.

The chief of the FBI's digital evidence section, said that the bureau was trying to preserve its existing ability to conduct criminal investigations. Federal regulations in place since at least 1986 require phone companies that offer toll service to "retain for a period of 18 months" records including "the name, address, and telephone number of the caller, telephone number called, date, time and length of the call."

SOA improves productivity

The applications within an organization's portfolio present a compelling argument for integration and connectivity to reduce maintenance expenses Disconnected applications can strain productivity, increase maintenance costs, and make overall system security difficult and expensive to manage. A proven strategy is to use an SOA approach with an enterprise service bus (ESB). Doing so can cut IT integration cost and maintenance by two to four times. Hence, the more integrations that are performed using this infrastructure, the greater the savings for your organization.

Change Control - Help Desk - Service Requests
Blog - Personal Web Site - Sensitive Information

IT Service Management (ITSM) and Service-Oriented Architecture (SOA) have gained great acceptance as the change management discipline has grown over the last several years. The percentage of participants using a structured approach to manage change has grown from 55% to 75%.

.