Chief Information Officer and IT Managers Areas of Interest
Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA
The Positive Support Review, Inc (PSRinc.com) News feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed the options that you have are:
- Chief Information Officer News Feed - 25 items
- Chief Information Officer Histrocial News Feed- 40 items
Business continuity planning becomes more critical
The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.
Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.
The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.
- more infoSecurity demands CIOs to adapt as new threats appear
It is not easy to keep an enterprise successful and secure these
days. Businesses all over the world are faced with a host of new challenges: an
unsteady economy, growing competition, volatile global markets, shrinking
budgets, and consumer uncertainty. Overworked IT departments are not only
expected to respond to the demands of anxious business teams, theyre also
responsible for securing the organization and its valuable data against a raft
of sophisticated new threats they have never seen before; proving their
processes are internally and externally compliant; and being fiscally
responsible.
The security policies and procedures template by Janco is the perfect solution. It helps CIOs and IT Managers create the proper security environment.
Because of the way security has evolved over the years, it is rarely looked upon or "fulfilled the role" as a strategic business enabler. Some see it as an inescapable and often costly necessity. The approach to security is generally driven by the latest threats; it is reactive rather than proactive, tactical rather than strategic.
- more infoH-1B rule may help US IT job market
Job Market maybe helped by a proposed new rule. A rule known as the 50/50 rule in a piece of 2009 Senate legislation (as well as a clause in the House in the Comprehensive Immigration Reform ASAP Act of 2009) seeks to balance out the numbers of foreign workers and U.S. workers in companies that employ more than 50 U.S.-based employees. If a company is using H-1B or L-1 visa workers or both, the legislation would limit the number of those workers to no more than 50 percent of the company's U.S.-based workforce. - more infoDisaster Planning Takes Good Staff
Good business continuity planning
needs to take a broad view, embracing people, human behavior, customers and
other factors that lie outside the data center. It is also important to secure
the vision and endorsement of executive management. A properly funded,
well-prioritized business continuity plan, combined with a regular program of
testing and recovery drills, will help to safeguard the organization. Read this
white paper to understand the key elements of a successful business continuity
plan, see how to develop a plan that clarifies what is critical, and set
specific recovery requirements.
Disaster Recovery is Area of Cost Cutting Focus
Disaster Recovery (DR) is a tough game. It's a
critical component of IT and risk mitigation strategies, and compounded in
difficulty by ever growing data volumes, distributed computing, and new
technologies. Unfortunately, DR is often one of the first line items hit by
budget cuts. How can you get creative in protecting more data, recovering more
swiftly, but also saving some money at the same time?
According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.
Next to personnel, data is your most irreplaceable asset. Networks, application hosting platforms, and end user computing environments can be replaced quickly. However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.
A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.
- more infoDisaster Recovery Planning is Required for Business Continuity Planning
Disaster Recovery Plans are part of a larger, more extensive planning process known as Business Continuity Planning. Disaster Recovery plans should be tested frequently so that the as many individuals as possible are familiar with the specific actions they will need to take when a disaster occurs. Disaster Recovery plans must also be adaptable and updated frequently, e.g. if new people, a new branch office, or new hardware or software are added to an organization they should promptly be incorporated into the organization's disaster recovery plan. Enterprises must consider all these facets of their organization as well as update and practice their plan if they want to maximize their recovery after a disaster.
Disaster Recovery and Business Continuity Planning are the process an organization uses to recover access to their enterprise operations; software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. While Disaster Recovery and Business Continuity plans, or DRPs & BCPs, often focus on bridging the gap where data, software, or hardware have been damaged or lost, one cannot forget the vital element of work force that composes much of any organization. A building fire might predominantly affect vital data storage; whereas a pandemic or epidemic illness is more likely to have an effect on staffing. Both types of disaster need to be considered when creating a Disaster Recovery and Business Continuity Plans. Thus, enterprises should include in their DRPs & BCPs contingencies for how they will cope with the sudden and/or unexpected loss of key personnel as well as how to recover their data.
- more info2010 Productivity Award Give to eJobDescription.com
The IT Productivity Center (ITPC) has just awarded ejobdescription.com with its prestigious 2010 Productivity Award for the electronic Internet and IT Job Descriptions HandiGuide. The 2010 awards competition attracted 131 nominations for innovations and productivity improvements worth $40 million in cost savings, cost avoidances and increased revenue for the IT function of enterprises of all sizes.
The awardees electronic book met all of ITPCs criteria for improved
productivity, as it is electronically based and is content rich. Not only
does it include 231 fully ADA and ISO compliant IT job descriptions, it also
contains a job progression matrix, sample organizational charts, set of best
practices for screening resumes and phone screening, process for hiring and
motivation employees, job evaluation questionnaires, and logs to be used in the
hiring process.
In providing the award the CEO of the IT Productivity Center
said, We have reviewed the job descriptions that are included in the HandiGuide
and find them as complete and update as any that we have seen. They
added, The best practices included are what really put this product over the
top for http://www.ejobdescription.com.
Every CIO and IT Manager should strive to achieve the processes contained within
the HandiGuide.
The 2010 Productivity Award allows its recipients to the award logo on their web site as well as including it on any materials that that received the award.
In order to qualify for this award the product or service is required to Soar like and eagle as the logo depicts. The center is constantly looking for enterprises that seek to achieve this goal. Nominations are accepted from enterprises that can show measurable productivity improvements from the products or services that they nominate.
- more infoRecession drags on and on and....
Per-hour worker productivity in the U.S. grew 2.5% in 2009, according to The Conference Board's Total Economy Database. At the same time, employment decreased by 3.6%, and hours worked per employee dropped by 1.5%. The rise in productivity last year, as well as the 3% increase that The Conference Board projects for 2010, is a reversal of a long downward trend. But the rise is entirely due to the stresses of the recession, the organization says.
In contrast, The Conference Board notes that per-hour worker productivity dropped 1% in Europe last year, and the chief economist for the organization, attributed the divergence to the way companies in the two parts of the world reacted to the recession.
- more infoPrivacy Commissioners ask Google to respect national privacy laws
The privacy commissioners of Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain, and the U.K. send and open letter to Google asking the company to respect national laws, and also to adhere to six guiding privacy principles:
- Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
- Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
- Create privacy-protective default settings;
- Ensure that privacy control settings are prominent and easy to use;
- Ensure that all personal data is adequately protected, and
- Give people simple procedures for deleting their accounts, and honor their requests in a timely way.
"Privacy is a fundamental right that people value deeply," the letter concluded, calling on Google to promise to respect privacy and data protection requirements before the launch of future products.
- more infoData Protection and Records Management CIO Concern
Data Protection is a complex topic that has become a growing concern of most companies as they face increased quantities of critical information which must be stored, protected and archived to meet regulatory requirements, user expectations and business requirements. Consolidating storage and backup practices with Storage Area Networks gives customers a wide variety of ways to create point-in- time snapshots, clones and replicas of data to be used for disaster recovery and business continuity. The addition of data deduplication technologies has delivered on the promise of significant cost savings through backup data reduction and enlarged the scope of potential applications that can be protected effectively and affordably - both at central and remote sites. - more infoManagement concerns of CIOs and executive management
The top security concerns of executive management, including CIOs are:
- Regulatory compliance
- Protecting data from outside access
- Keeping secuirty cost to a minimum
- Understanding and managing security risks
- Enabling employee access to useful business data
- Protecting data from unauthorized access by insiders
- Protecting the securfty image of the enterprise
H1-B Cases not easy to prosecute
More than a year ago, federal agents arrested 11 people in seven states for submitting false statements and documents in support of their H-1B visa petitions. The Department of Justice also issued indictments against IT services firm Vision Systems Group of New Jersey for conspiracy and mail fraud involving H-1B visas. A court finds federal investigators acted recklessly in the aftermath of last year's bust of an alleged nationwide H-1B scam ring, arresting 11 people in seven states and bringing a 10-count indictment against a New Jersey IT services firm, Vision Systems Group.
The federal investigation involved companies that sponsored primarily H-1B non-immigrants. Vision Systems officials claimed their H-1B workers have been brought to the United States to fill existing IT vacancies. The feds claim the companies have not always had jobs available for these workers, placing them in non-pay status after they arrive in the United States.
Vision Systems is suspected of visa fraud, mail fraud, wire fraud, money laundering and conspiracy.
- more infoGoverment to add new mandates on Internet companies
Senator Richard Durbin, the assistant majority leader, is planning legislation that will require US Internet companies to uphold human rights abroad. "With a few notable exceptions, the tech industry seems unwilling to regulate itself, Durbin said. I will introduce legislation that will require Internet companies to take reasonable steps to protect human rights, or face civil and criminal liability."- more info
Compliance concers of CIOs
Major security legislation that CIOs should be concernted wtih are based on where they operate and who their customers are.
Enterprises doing business within the United States
- SOX The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
- HIPAA The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
- GLBA The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.
Enterprises doing business with the US Federal Government
- FISMA The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.
Enterprises doing business internationally
- Basel II The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
- UK Data Protection Act of 1998 The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.
64 bit processors take off
Good news for fans of technological progress: Windows 7 is on track to become the first Microsoft desktop OS that's as popular in its 64-bit (x64) format as it is in the legacy 32-bit (x86) format that has dominated PCs for nearly two decades. The Infrastructure is changing.
A recent survey by the folks behind the Steam online gaming network shows that, at least among gaming enthusiasts, 64-bit is now the more popular way to go, with the majority of gamers running the x64 variants of Vista or Windows 7.
According to records drawn from its 23,000-strong user base, more than half of Windows 7 PCs are running the 64-bit version. This is remarkable in that the exo.performance.network user base consists primarily of enterprise IT users, not hardcore gamers like Steam's users. Moreover, it represents a significant uptick in 64-bit use versus that in Windows 7's immediate predecessor, Windows Vista. Of the thousands of Vista machines monitored by the network, less than one in five are running the x64 edition.
- more infoSecurity Risks and Compliance Requirement Defined
For businesses today, managing IT security risk and meeting compliance requirements is paramount. The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information - resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security - creating further pressure for organizations to define, control and govern their IT infrastructure more effectively.
Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive information (specifically financial, non-public information and protected healthcare information). This has significantly impacted the underlying IT systems that support the applications and repositories holding this sensitive information. Organizations are continuously looking for help in preventing fraud and protecting sensitive information. The fact that key corporate executives carry personal liability in the event of non-compliance virtually ensures compliance to be a key initiative in any large organizations. Additionally, there are other internal cost-containment requirements that can be effectively met by defining and implementing a sound auditing and compliance methodology. Most corporations agree that compliance leads to better corporate governance and management.
- more infoGoverments sites hacked -- again
Someone defaced the Web pages of nearly 50 members of the U.S. House of Representatives with an explicit insult to President Obama after he gave his State of the Union address on Wednesday night.
The 49 House Web sites, representing both Democrats and Republicans, were managed by a company called GovTrends, The Associated Press reported on Thursday.
Security Manual Template
ISO 27000 / HIPAA / SOX / CobiT Compliant
Includes PCI DSS Audit Program
The hacking occurred while GovTrends was performing an update, Jeff Ventura, spokesman for the House chief administrative officer, told the AP.
Last August, 18 House sites managed by GovTrends were also defaced, according to Ventura, who added that the House is reconsidering the business relationship with the Web site service provider.
- more infoHow secure is your sensitive data?
The prevailing model of enterprise network security is rooted in
the axiom that being "physically inside is safe and outside is unsafe."
Connecting to a network point within the enterprise is generally considered safe
and is subject to weaker security controls. On the other hand, tight security
controls are enforced at the network traffic entry and exit points using
firewalls and VPNs. A WLAN breaks the barrier provided by the building perimeter
as the physical security envelope for a wired network because invisible radio
signals used by the WLAN cannot be confined within the physical perimeter of a
building, and usually cut through walls and windows. Firewalls, VPN and 802.11i
become ineffective at protecting the network from hackers, but there are certain
security measures you can take.
This Security Manual for the Internet and Information Technology is over 240 pages in length and is ISO 27000 Compliant. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).
- more infoOutsourcing issues CIOs need to address
CIOs need to avoid issues
associated with their businesses as they operate in a crisis mode. Outsourcing
decisions will be made in haste and be too simplistic and sudden to deliver real
business advantage.
- CIO should start their sourcing endeavor by building a solid sourcing strategy that focuses on creating short and long term value. This strategy should be aligned with the organization's sourcing management maturity and include business value scenarios, open options and a road map of value creation with a timeline of expected results.
- CIOs must take a long-term view of the developing global presence of countries that can provide high-quality resources at the right price point. If your geographic presence is diverse, seek providers that are not exclusively focused on single country, so that you can mitigate risks (such as geopolitical instability) and also take advantage of the benefits of alternative countries, which may offer opportunities close to your own growth markets.
- CIOs should actively monitor the market to determine the best combination of software and IT services and service provider options to meet their requirements and specify their appetite for risk.
Security a key issue
Some industries inherently deal with extremely sensitive data financial services, healthcare and law firms are among some of the businesses that cannot risk a data breach due to an employee emailing a file that could be compromised en route. It is imperative that their knowledge workers and staff had a bullet-proof way to move files.
- more info