>
IT Productivity CenterXML News Feed
 

Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, and Patriot Act compliant. These policies are also contained in their entirity in other templates - review the individual descriptions for details

Record Management, Retention, and Destruction Policy

    

Record Management PolicyA record is essentially any material that contains information about your company’s plans, results, policies or performance. In other words, anything about your company that can be represented with words or numbers can be considered a business record – and you are now expected to retain and manage every one of those records, for several years or even permanently depending on the nature of the information. The need to manage potentially millions of records each year creates many new challenges for your business, and especially for your IT managers who must come up with rock-solid solutions to securely store and manage all this data.

The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

Record Retention Requirements

You areas included with this policy template are:

  • Record retention requirements for SOX sections 103a, 302, 404, 409, 801a and 802.
  • Policy
  • Standard
  • Scope
  • Responsibilities
  • Record Management
  • Compliance and Enforcement
  • Email Retention and Compliance
  • Job Description Manager Record Administrator
  • 12 forms for Record Retention and Disposition Schedule

You can download the Table of Contests and selected pages for this policy template.

    

Backup and Backup Retention Policy

Backup Policy & Backup RetentionThe Backup and Backup Retention policy is an 11 page sample policy that is a complete policy which can be implemented immediately. 

The document is provided in both Word 2003 and Word 2007 formats and is easily modified.  This policy is included in the Disaster Recovery / Business Continuity Template

  

Below is a table from the policy.

Type of Data

Minimal Backup Policy

Backup Retention Policy

System software

Latest Version plus patches
 At Least Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

Application software

Latest Version plus patches
At Least Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

System data

Daily

Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations

Application Data

Daily with real time transaction files

Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations

Software licenses, encryption keys, & Protocol Data

Weekly

Annual (verified) Backup
Monthly Generations
Weekly Generations

  

Typical data disaster that occur and should be considered when implementing a backup and retention policay are:

  • Pulling the wrong drive. While trying to replace a failed disk in a RAID array, a healthy disk is accidently removed.
  • Reformatting a disk. During a server migration, the wrong SAN LUN is accidently reformatted.
  • Restoring corrupt/old backup data. A server containing a business-critical database is deleted by mistake and is restored with a corrupt or incomplete backup prior to realizing the backup is not sound.
  • Rebuilding a bad array. Following a multiple drive failure in a RAID array, an attempt to force the failed drives back online and rebuild the configuration is made, whereby damaging or corrupting the data on the array.
  • Deleting data. Files, volumes, virtual machines or a SAN LUN is deleted by accident and there is no backup or the backup is old or corrupt.

  

Blog and Personal Web Site Policy Template

Blog Policy, Procedures and Guidelines

With the advent of blogs, there is a need to set rules of the road for the use of blogs by employees, contractors, agents, supplies and others.  This sample blog policy template contains specific policy statements on what can and can not be done via blogs.  There are 13 specific guidelines defined as specific guidelines for personal web sites and blogs which are on your enterprise's domains and those on are on domains outside of your enterprise's control.

The policy template comes in word format and can easily be modified to meet the specific requirements of any size enterprise.

This policy is also contained in the IT Service Management Policy Template.  The IT Service Management Policy Template contains policies, standards,  procedures and metrics that comply with the ITIL Standard.  Chapters of the template include:

    • Service Requests Policy
    • Service Request Standard
    • Help Desk Policy
    • Help Desk Standards
    • Help Desk Procedures
    • Help Desk Service Level Agreement
    • Change Control Standard
    • Change Control Quality Assurance Standard
    • Change Control Management Workbook
    • Documentation Standard
    • Application Version Control Standard
    • Version Control Standard
    • Internet, e-Mail and Electronic Communication Policy
    • Travel and Off-Site Meeting
    • Blogs and personal web sites

In addition, the  ITSM template includes the Business and IT Impact Questionnaire, a Change Control Request Form and an Internet Use Approval Form. It conforms with ITIL.

 

Internet, E Mail, Mobile Device, Electronic Communication, and Record Retention Policy

This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

  • Appropriate Use of Equipment
  • Mobile Devices
  • Internet Access
  • Electronic Mail
  • Retention of Email on Personal
  • E-mail and Business Records
  • Copyrighted Materials
  • Banned Activities
  • Ownership of Information
  • Security
  • Sarbanes-Oxley
  • Abuse

Included are these ready to

  • Internet & Electronic Communication Employee Acknowledgement
  • E-Mail - Employee Acknowledgement
  • Internet Use Approval Form
  • Internet Access Request Form
  • Security Access Application Form

Sensitive Information Policy

Sensitive Information Policy defines how to treat Credit Card, Social Security, Employee, and Customer Data.
 

This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data.  The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).

Travel and Off-Site Meeting Policy

Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is four page in length and covers:

      • Data and application security
      • Minimize attention
      • Shared public resources
      • Off-site meeting special considerations

Things to you need to do to make an off site meeting successfuL

  • Set clear objectives. The worst mistake you can make is neglecting to set key objectives for your off-site meeting, just because you want everyone to “relax.” Nothing will get accomplished, and you’ll end up with a group of bored, frustrated employees who will resent you for not respecting their time.

  • Choosing the right meeting site
    Remember that an off-site meeting is meant to “shake things up.” If your office is located in a busy downtown area, don’t hold your meeting in another crowded urban location. Choose a site that provides employees with a new experience. If you work in the city, take them somewhere rural and relaxing; if your office is located in the suburbs, employees might enjoy a trip to a bustling city center.

  • Schedule just enough to be accomplished
    Don’t hold your employees hostage at the meeting site by trying to accomplish too much in one day. Make sure the meeting doesn’t cut into people’s evening activities or family time. You can’t solve the entire year’s problems with one daylong retreat, so don’t even try. However, if the off-site meeting encompasses two days, the evening between can be a good time for a fun activity.

  • Publish an agenda beforehand
    Be careful not to mislead your employees with promises of relaxing outdoor activities, only to transform into a corporate drill sergeant who puts them through a series of grueling trust-building exercises all day. Be clear about your intentions from the start.

  • Schedule meetings during normal working hours
     Just because you can get a cheaper hotel or convention center rate, it’s always a bad idea to plan your off-site meeting around weekends or holidays, which will make attendance a hardship for your employees. Also avoid days when there might be other important things going on within your company.

  • Hold meeting at site where you can work
     When booking your site, inquire what other events or company meetings might be scheduled for the same day. You don’t want the distractions of a raucous wedding party or other large group sharing your space or causing delays in the dining room.

  • Have time to interact
    Don’t turn the day into a PowerPoint marathon or fill it with endless speeches by the boss. The energy will be sucked right out of the room in no time. Keep the day active and engaging, with opportunities for all employees to participate
    .
  • Have good speakers
    When considering guest speakers for your event, be certain they have a solid understanding of your company — and not just from the CEO’s lofty perspective. Choose someone interesting who will hold people’s attention in a way that's clearly relevant to the meeting's purpose.

  • Have limited and focused activities
    While they can sometimes be fun, don’t overdo the trust-building, ice-breaking activities. Make sure they are well thought out and actually enjoyable. If an employee is an effective salesperson, it doesn’t really matter if he or she can’t climb a rope. Never forget that most people would rather be home with their families or out with friends than playing games with their boss.

  • After the meeting follow-up
    Once the day of the off-site meeting has come and gone, don’t file it away and forget it. Check back in as a group to gauge the benefits of the experience. What has actually changed as a result of the meeting? Have any of the great ideas people came up with that day been implemented? Use the feedback to improve upon next year’s meeting.

Outsourcing Policy

This policy is eighteen page in length and defines everything that is needed for a function to be outsourced.  The policy comes as a Microsoft Word document (Word 2003 & Word 2007) that can be modified as needed.  The template has been updated to include a HIPAA audit program definition:

  • Outsourcing Management Standard
    • Service Level Agreement
    • Responsibility
  • Outsourcing Policy
    • Policy Statement
    • Goal
  • Approval Standard
    • Base Case
    • Responsibilities 

Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing

 

Policies, Procedures and Infrastructure News

Disaster Recovery Planning Site Re-Launched by Janco

The site www.zinnote.com has  just been re-lanuched by Janco Associates, Inc.  the site focus on disaster recovery and business continuity planning. 

Victor Janulaitis, the Chief Executive Officer of Janco Associates, Inc. said "Our mission is to provide the Chief Information Officer (CIO) and the Chief Technology Officer (CTO) all of the tools they need to efficiently and effectively stay current on the latest developments in Technology. To that end this site focused to meet these objectives." He added, "Each of our site is manually created from Janco products. This is not a mindless automated process, rather it is one which we gather, filter and prioritize. Only the most meaningful disaster recovery and business continuity informationpresented is presented."

 - more info

Disaster Recovery is Area of Cost Cutting Focus

Disaster Recovery Planning and SecurityDisaster Recovery (DR) is a tough game. It's a critical component of IT and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. Unfortunately, DR is often one of the first line items hit by budget cuts. How can you get creative in protecting more data, recovering more swiftly, but also saving some money at the same time?

According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

Next to personnel, data is your most irreplaceable asset.  Networks, application hosting platforms, and end user computing environments can be replaced quickly.  However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.

- more info

Enterprise Architecture - a cost savings solution

Enterprise Architecture: A Solution for Business Savings

Business works best when it’s orchestrated carefully, choreographed thoroughly and directed perfectly. Business, in other words, is a production that requires planning, staging and management in order to hit peak performance. That’s the value Enterprise Architecture brings to the IT world and all other functions, divisions and departments of today’s businesses.

Janco is focused on supporting that peak performance with tools for professionals to architect the complex structures of modern corporations and to help create opportunities for the future.

- more info

Directions that IT infrastructure is moving defined

Information Technology Service Management ITSM - Change Control, Help Desk, and Service Request

Through the years, the role of the network and it infrastructure has changed with computing transitions. Each computing transition has also increased the network’s value and reshaped the vendor landscape.  The transition to a virtual enterprise will have an impact on the network similar to the previous computing shifts. The network will become a strategic point of competitive advantage for companies that use it to accelerate virtualization deployments. For this to occur, network decisions-makers can no longer settle for any part of the network infrastructure that is “good enough” simply because it is from the market brand leader. Corporate network managers that seek to leapfrog the competition need to adopt bold new thinking and embrace the following concepts:

Virtualization will extend out of the data center and expand functionality all the way to the desktop, creating new demands across the network.

  • Data center class reliability, performance and features are required not only in the data center, but also at the aggregation edge and wiring closest.
  • Open and standards-based solutions need to be the norm, not the exception. The network’s tight coupling with the compute infrastructure will drive greater ecosystem support, meaning that closed, proprietary systems will only act as long-term barriers to adoption.
  • Good enough is no longer good enough. It’s easy to evaluate different vendors and just choose the incumbent vendor or brand leader. However, as the market transitions, this decision can often be the wrong one as legacy vendors with a large installed base can’t protect their install base and transition with the market simultaneously.
- more info

Social networks still banned by many CIOs

DRP/BCP Security Templates

Cisco released the results of a third-party global study designed to assess how organizations use consumer social networking  tools to collaborate externally, revealing the need for stronger governance and IT involvement. The research is the first of a two-part series that Cisco has commissioned to explore the impact of social networking and collaboration applications in the enterprise.

The  study is based on extensive interviews with 105 participants representing 97 organizations in 20 countries around the globe.

The use of consumer-based social networking tools, such as Facebook and Twitter, as collaboration platforms is connecting organizations with the external world in myriad ways. These tools bring technology and business together through innovative experiences, connect people and information, establish potential new routes to market, and enhance customer intimacy and brand awareness. The study findings indicate that the business world is at the early stages of adopting these tools and in the process of identifying key challenges, such as the need for increased governance and IT involvement, which may impact the integration and adoption of these new platforms and technologies.

- more info

Business continuity planning becomes more critical

The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.

Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.

Order DRP BCP Download DRP BCP

The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.

- more info

Security demands CIOs to adapt as new threats appear

Security ManualIt is not easy to keep an enterprise successful and secure these days. Businesses all over the world are faced with a host of new challenges: an unsteady economy, growing competition, volatile global markets, shrinking budgets, and consumer uncertainty. Overworked IT departments are not only expected to respond to the demands of anxious business teams, they’re also responsible for securing the organization and its valuable data against a raft of sophisticated new threats they have never seen before; proving their processes are internally and externally compliant; and being fiscally responsible.

The security policies and procedures template by Janco is the perfect solution.  It helps CIOs and IT Managers create the proper security environment.

Because of the way security has evolved over the years, it is rarely looked upon or "fulfilled the role" as a strategic business enabler. Some see it as an inescapable and often costly necessity. The approach to security is generally driven by the latest threats; it is reactive rather than proactive, tactical rather than strategic.

- more info

H-1B rule may help US IT job market

Job Market maybe helped by a proposed new rule.  A rule known as the 50/50 rule in a piece of 2009 Senate legislation (as well as a clause in the House in the Comprehensive Immigration Reform ASAP Act of 2009) seeks to balance out the numbers of foreign workers and U.S. workers in companies that employ more than 50 U.S.-based employees. If a company is using H-1B or L-1 visa workers or both, the legislation would limit the number of those workers to no more than 50 percent of the company's U.S.-based workforce. - more info

Disaster Planning Takes Good Staff

Disaster PlanGood business continuity planning needs to take a broad view, embracing people, human behavior, customers and other factors that lie outside the data center. It is also important to secure the vision and endorsement of executive management. A properly funded, well-prioritized business continuity plan, combined with a regular program of testing and recovery drills, will help to safeguard the organization. Read this white paper to understand the key elements of a successful business continuity plan, see how to develop a plan that clarifies what is critical, and set specific recovery requirements.

- more info

Disaster Recovery Planning is Required for Business Continuity Planning

Disaster Recovery Plans are part of a larger, more extensive planning process known as Business Continuity Planning. Disaster Recovery plans should be tested frequently so that the as many individuals as possible are familiar with the specific actions they will need to take when a disaster occurs. Disaster Recovery plans must also be adaptable and updated frequently, e.g. if new people, a new branch office, or new hardware or software are added to an organization they should promptly be incorporated into the organization's disaster recovery plan. Enterprises must consider all these facets of their organization as well as update and practice their plan if they want to maximize their recovery after a disaster.

Types of Disasters

Disaster Recovery and Business Continuity Planning are the process an organization uses to recover access to their enterprise operations; software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. While Disaster Recovery and Business Continuity plans, or DRPs & BCPs, often focus on bridging the gap where data, software, or hardware have been damaged or lost, one cannot forget the vital element of work force that composes much of any organization. A building fire might predominantly affect vital data storage; whereas a pandemic or epidemic illness is more likely to have an effect on staffing. Both types of disaster need to be considered when creating a Disaster Recovery and Business Continuity Plans. Thus, enterprises should include in their DRPs & BCPs contingencies for how they will cope with the sudden and/or unexpected loss of key personnel as well as how to recover their data.

- more info

2010 Productivity Award Give to eJobDescription.com

The IT Productivity Center (ITPC) has just awarded ejobdescription.com with its prestigious “2010 Productivity Award” for the electronic Internet and IT Job Descriptions HandiGuide.  The 2010 awards competition attracted 131 nominations for innovations and productivity improvements worth $40 million in cost savings, cost avoidances and increased revenue for the IT function of enterprises of all sizes.

The awardee’s electronic book met all of ITPC’s criteria for improved productivity, as it is electronically based and is content rich.  Not only does it include 231 fully ADA and ISO compliant IT job descriptions, it also contains a job progression matrix, sample organizational charts, set of best practices for screening resumes and phone screening, process for hiring and motivation employees, job evaluation questionnaires, and logs to be used in the hiring process.
In providing the award the CEO of the IT Productivity Center said, “We have reviewed the job descriptions that are included in the HandiGuide and find them as complete and update as any that we have seen.”  They added, “The best practices included are what really put this product over the top for http://www.ejobdescription.com.  Every CIO and IT Manager should strive to achieve the processes contained within the HandiGuide.”

The 2010 Productivity Award allows its recipients to the award logo on their web site as well as including it on any materials that that received the award. 

In order to qualify for this award the product or service is required to “Soar like and eagle” as the logo depicts.  The center is constantly looking for enterprises that seek to achieve this goal.  Nominations are accepted from enterprises that can show measurable productivity improvements from the products or services that they nominate.

- more info

Recession drags on and on and....

Per-hour worker productivity in the U.S. grew 2.5% in 2009, according to The Conference Board's Total Economy Database. At the same time, employment decreased by 3.6%, and hours worked per employee dropped by 1.5%. The rise in productivity last year, as well as the 3% increase that The Conference Board projects for 2010, is a reversal of a long downward trend. But the rise is entirely due to the stresses of the recession, the organization says.

In contrast, The Conference Board notes that per-hour worker productivity dropped 1% in Europe last year, and the chief economist for the organization, attributed the divergence to the way companies in the two parts of the world reacted to the recession.

- more info

Privacy Commissioners ask Google to respect national privacy laws

The privacy commissioners of Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain, and the U.K. send and open letter to Google asking the company to respect national laws, and also to adhere to six guiding privacy principles:

  • Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
  • Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
  • Create privacy-protective default settings;
  • Ensure that privacy control settings are prominent and easy to use;
  • Ensure that all personal data is adequately protected, and
  • Give people simple procedures for deleting their accounts, and honor their requests in a timely way.

"Privacy is a fundamental right that people value deeply," the letter concluded, calling on Google to promise to respect privacy and data protection requirements before the launch of future products.

- more info

Data Protection and Records Management CIO Concern

Data Protection is a complex topic that has become a growing concern of most companies as they face increased quantities of critical information which must be stored, protected and archived to meet regulatory requirements, user expectations and business requirements. Consolidating storage and backup practices with Storage Area Networks gives customers a wide variety of ways to create point-in- time snapshots, clones and replicas of data to be used for disaster recovery and business continuity. The addition of data deduplication technologies has delivered on the promise of significant cost savings through backup data reduction and enlarged the scope of potential applications that can be protected effectively and affordably - both at central and remote sites. - more info

Management concerns of CIOs and executive management

The top security concerns of executive management, including CIOs are:

  • Regulatory compliance
  • Protecting data from outside access
  • Keeping secuirty cost to a minimum
  • Understanding and managing security risks
  • Enabling employee access to useful business data
  • Protecting data from unauthorized access by insiders
  • Protecting the securfty image of the enterprise
- more info

H1-B Cases not easy to prosecute

More than a year ago, federal agents arrested 11 people in seven states for submitting false statements and documents in support of their H-1B visa petitions. The Department of Justice also issued indictments against IT services firm Vision Systems Group of New Jersey for conspiracy and mail fraud involving H-1B visas. A court finds federal investigators acted recklessly in the aftermath of last year's bust of an alleged nationwide H-1B scam ring, arresting 11 people in seven states and bringing a 10-count indictment against a New Jersey IT services firm, Vision Systems Group.

The federal investigation involved companies that sponsored primarily H-1B non-immigrants. Vision Systems officials claimed their H-1B workers have been brought to the United States to fill existing IT vacancies. The feds claim the companies have not always had jobs available for these workers, placing them in non-pay status after they arrive in the United States.

Vision Systems is suspected of visa fraud, mail fraud, wire fraud, money laundering and conspiracy.

- more info

Goverment to add new mandates on Internet companies

Senator Richard Durbin, the assistant majority leader, is planning legislation that will require US Internet companies to uphold human rights abroad.  "With a few notable exceptions, the tech industry seems unwilling to regulate itself,” Durbin said. “I will introduce legislation that will require Internet companies to take reasonable steps to protect human rights, or face civil and criminal liability."
- more info

Compliance concers of CIOs

Major security legislation that CIOs should be concernted wtih are based on where they operate and who their customers are.

Enterprises doing business within the United States

  • SOX – The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
  • HIPAA – The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
  • GLBA – The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.

Enterprises doing business with the US Federal Government

  • FISMA – The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.

Enterprises doing business internationally

  • Basel II – The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
  • UK Data Protection Act of 1998 – The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.
- more info

64 bit processors take off

Good news for fans of technological progress: Windows 7 is on track to become the first Microsoft desktop OS that's as popular in its 64-bit (x64) format as it is in the legacy 32-bit (x86) format that has dominated PCs for nearly two decades. The Infrastructure is changing.

A recent survey by the folks behind the Steam online gaming network shows that, at least among gaming enthusiasts, 64-bit is now the more popular way to go, with the majority of gamers running the x64 variants of Vista or Windows 7.

According to records drawn from its 23,000-strong user base, more than half of Windows 7 PCs are running the 64-bit version. This is remarkable in that the exo.performance.network user base consists primarily of enterprise IT users, not hardcore gamers like Steam's users. Moreover, it represents a significant uptick in 64-bit use versus that in Windows 7's immediate predecessor, Windows Vista. Of the thousands of Vista machines monitored by the network, less than one in five are running the x64 edition.

- more info

Security Risks and Compliance Requirement Defined

For businesses today, managing IT security risk and meeting compliance requirements is paramount. The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information -  resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security - creating further pressure for organizations to define, control and govern their IT infrastructure more effectively.

Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive information (specifically financial, non-public information and protected healthcare information). This has significantly impacted the underlying IT systems that support the applications and repositories holding this sensitive information. Organizations are continuously looking for help in preventing fraud and protecting sensitive information. The fact that key corporate executives carry personal liability in the event of non-compliance virtually ensures compliance to be a key initiative in any large organizations. Additionally, there are other internal cost-containment requirements that can be effectively met by defining and implementing a sound auditing and compliance methodology. Most corporations agree that compliance leads to better corporate governance and management.

- more info

Goverments sites hacked -- again

Someone defaced the Web pages of nearly 50 members of the U.S. House of Representatives with an explicit insult to President Obama after he gave his State of the Union address on Wednesday night.

The 49 House Web sites, representing both Democrats and Republicans, were managed by a company called GovTrends, The Associated Press reported on Thursday.

Security Manual Template

ISO 27000 / HIPAA / SOX / CobiT Compliant
Includes PCI DSS Audit Program
Table of ContentsOrder

The hacking occurred while GovTrends was performing an update, Jeff Ventura, spokesman for the House chief administrative officer, told the AP.

Last August, 18 House sites managed by GovTrends were also defaced, according to Ventura, who added that the House is reconsidering the business relationship with the Web site service provider.

- more info

How secure is your sensitive data?

Security ManualThe prevailing model of enterprise network security is rooted in the axiom that being "physically inside is safe and outside is unsafe." Connecting to a network point within the enterprise is generally considered safe and is subject to weaker security controls. On the other hand, tight security controls are enforced at the network traffic entry and exit points using firewalls and VPNs. A WLAN breaks the barrier provided by the building perimeter as the physical security envelope for a wired network because invisible radio signals used by the WLAN cannot be confined within the physical perimeter of a building, and usually cut through walls and windows. Firewalls, VPN and 802.11i become ineffective at protecting the network from hackers, but there are certain security measures you can take.

Buy nowTable of Contents

This Security Manual for the Internet and Information Technology is over 240  pages in length and is ISO 27000 Compliant. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).  

- more info

Outsourcing issues CIOs need to address

Outsource OutsourcingCIOs need to avoid issues associated with their businesses as they operate in a crisis mode. Outsourcing decisions will be made in haste and be too simplistic and sudden to deliver real business advantage.

  • CIO should start their sourcing endeavor by building a solid sourcing strategy that focuses on creating short and long term value. This strategy should be aligned with the organization's sourcing management maturity and include business value scenarios, open options and a road map of value creation with a timeline of expected results.
  • CIOs must take a long-term view of the developing global presence of countries that can provide high-quality resources at the right price point. If your geographic presence is diverse, seek providers that are not exclusively focused on single country, so that you can mitigate risks (such as geopolitical instability) and also take advantage of the benefits of alternative countries, which may offer opportunities close to your own growth markets.
  • CIOs should actively monitor the market to determine the best combination of software and IT services and service provider options to meet their requirements and specify their appetite for risk.
- more info

Security a key issue

Security Policies and Procedures and Audit Program

Some industries inherently deal with extremely sensitive data – financial services, healthcare and law firms are among some of the businesses that cannot risk a data breach due to an employee emailing a file that could be compromised en route. It is imperative that their knowledge workers and staff had a bullet-proof way to move files.

- more info

IT Professionals Not Happy

IT Hiring Kit

The recession and its accompanying reorganizations, layoffs and corporate turns to outsourcing have been corrosive to IT employee job satisfaction.

And that job dissatisfaction is increasing concerns among many employment experts that key employees may leave current jobs as soon as they get what they perceive is a better offer.

A mid-2009 job satisfaction survey by the Corporate Executive Board, a Washington-based advisory firm that counts many Fortune 500 firms among its clients, found that the number of dissatisfied workers continues to increase. The firm surveys 150,000 workers each quarter, asking a battery of behavioral questions about their jobs. About 10,000 of the those surveyed work in IT jobs, board officials said.

- more info