Top 10 CIO Concerns

Top 10 CIO Concerns

Top 10 CIO Concerns – With the changing economy and improved outlook for IT spending, Janco has identified the top  10 CIO concerns.

Order CIO Job Description

The top 10 concerns are:

  1. Security – as more instances of cyber-attacks are identified CIOs are well aware that their jobs are at risk if this occurs under their watch,.
  2. Cloud Computing – This is the new hidden IT that is driving many new applications and is not under the complete control of the CIO and IT organization.
  3. Infrastructure – No longer are those interacting with the data and systems in a single location utilizing standard hardware and software. Records management, retention and destruction as well as version control are just a few of the areas that CIOs need to manage and control.
  4. Consolidation – Islands of data and computing continue to exist as new technologies are implemented. Redundancy leads to disparate information and needs to be resolved.
  5. Big Data – As data is consolidated it needs to be analyzed more quickly so that decision making within the enterprise is improved.
  6. Automation – Traditional functions are now being eliminated and automation needs to take placed which will meet the strategic objectives of the enterprise.
  7. Mobile Computing – BYOD and mobile applications are where users are looking for support in order to improve their bottom line results.
  8. Staff Retention – During the past few years that has not been an issue but now with an improved IT job market staff will leave.
  9. Social Networks – This is the wave of the future and needs to be managed more effectively.
  10. Succession Planning – Not only for the CIO role but for all of the other key roles within the IT functions. Job family definition is now a priority.
Posted in Career, Infrastructure, Job Descriptions | Tagged , , , , , , , | Leave a comment

Disaster Recovery Backup Solution

Disaster Recovery Backup

Disaster Recovery Backup and Backup Retention Policy Template

CIOs and IT Managers need to consider mandated compliance requirements

Disaster Recovery Backup Solution – Just added Best Practices for Backup, Cloud Backup and Mobile Device Backup. IT organizations of all sizes contend with a growing data footprint with more data to manage, protect, and preserve for longer periods of time. Online primary storage, has focus a on fast low latency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity.

Disaster Recovery BackupQuestion that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?

 

 

Posted in Disaster Recovery, Policies & Procedures | Tagged , , , | Leave a comment

Malware – mobile devices are reasonably safe from them

Malware mobile devices are reasonably safe from them

Malware mobile devices are reasonably safe from those attacks based on a number of reviews of malware attacks.  Typically new malware attacks are only in play for a week and after that fewer than 2% go on for more than 30 days.

Malware mobile devices
That is not to say that malware will continue to be a non-issue.  With the new move to mobile devices we expect this profile to change and malware as well as other attacks to become more common, extensive and pervasive.
CIOs and CSOs will need to watch this closely.  This is especially with the new changes that Google is putting in place for it ranking systems and adding focus on mobile sites that are responsive.
Posted in Infrastructure, Security & Compliance | Tagged , , , , | Leave a comment

ISMS 10 reasons why CIOs should implement ISMS

ISMS 10 reasons why CIOs should implement

ISMS – 10 reasons why — Some CIOs believe that their companies do not need a formal Information Security Management System (ISMS) because they already have security policies and procedures along with controls in place or are deploying other technologies to protect their enterprises from cyber-attacks.

Order Security ManualTable of Contents

Security ManualHowever here are ten reasons CIOs should implement an ISMS in their enterprises:

  1. An ISMS includes people, processes and IT systems, acknowledging that information security is not just about software, but depends on the effectiveness of organizational infrastructure, processes, and the people who manage and follow them.
  2. An ISMS provides standard set of terms and communication methods for everyone to be educated in.
  3. An ISMS helps enterprises to coordinate all security efforts (both electronic and physical) coherently, consistently and cost-effectively.
  4. An ISMS provides enterprises with a systematic approach to managing risks and enables enterprises to make informed decisions on security investments.
  5. An ISMS can be integrated with other management system standards (e.g. ISO 22301, ISO 9001, ISO 14001, etc.) ensuring an effective approach to corporate governance.
  6. An ISMS creates better work practices that support business goals by asserting roles and processes that have to be clearly attributed and adhered to.
  7. An ISMS requires ongoing maintenance and continual improvement, which ensures that policies and procedures are kept up to date, resulting in better protection for your sensitive information.
  8. An ISMS gives enterprises credibility with staff, clients, suppliers, customers, and partner organizations, and demonstrates due diligence.
  9. An ISMS helps enterprises comply with corporate governance requirements.
  10. An ISMS can be formally assessed and certified against ISO 27001, bringing additional benefits such as demonstrable credentials, customer assurance and competitive advantage.
Posted in Infrastructure, Policies & Procedures, Security & Compliance | Tagged , , , , | Leave a comment

Technology Leadership – IT job market grows to exceed dot com head count

Technology leadership will be lacking in the next few years

Technology Leadership — IT job market size now exceeds the total IT job market size of the dot com bubble.  It took over 15 to get back to that level.  In the meantime the US has lost its control of IT technology market with the advance of outsourcing and H-1B visa programs.

IT Job Market finally back to 2000 levels — It took 15 years to recover from dot com bubble

Technology Leadership

I propose that this will be shown in the lack of “seasoned” IT Pros who do not exist that will have 10 – 15  years of experience and are 35 to 45 years old.  Does that matter?

Yes, it does because those are the individuals that will be the leaders and innovates who will drive enterprises in the next decade.  Without a significant number of those individuals to drive the next generation of technology, the US may not be in a position to have the ability to drive IT technology to the next step.

Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

Order Salary Survey    Free Salary Survey
Posted in Career, Infrastructure, Job Descriptions | Tagged , , , | Leave a comment

The importance of up to date telecommunications and the businessmen and women making that possible globally

The importance of up to date telecommunications and the businessmen and women making that possible globally

Security PoliciesIt is impossible to compete in the modern global marketplace without access to a reliable telecommunications infrastructure. Ever since the first mail services made doing business outside one’s local area possible, speed of communications has been a crucial factor in business efficiency and trade, and today this is more the case than ever. With Western countries dominating the market in telecommunications products and services themselves, and prices in developing countries pitched far higher, it is a difficult gap to close, but all around the world there are bold individuals working to do it anyway.

Sudan

Now rapidly stabilizing after separating from its troubled southern neighbor, Sudan is undergoing a communications revolution. It’s one of several African countries to benefit from the focused investment of Mo Ibrahim, founder of Celtel International, who believes in communications as a tool for change and has worked with the UN’s Broadband Commission for Digital Development to help get unconnected groups of people onto the internet.

Afghanistan

In a troubled country like Afghanistan, economic growth and political stability go hand in hand. As Ehsanollah Bayat’s page shows, his company, Afghan Wireless, is working to make that happen. Bringing together the expertise of his Florida-based company, Telephone Systems International, with the organizational capacity of the Afghan government, it is providing affordable mobile phone based services that are helping small businesses to get up and going or expand their reach, as well as connecting communities.

Mexico

Although Mexico City is home to some very successful companies making extensive use of telecommunications, in rural areas of the country the service is often poor, limiting opportunities for local residents. Former government Undersecretary for Communications Gabriela Hernandez is working to change that, heading up the national branch of General Electric and, through this, playing a crucial role in infrastructure investment and access to technology.

Malaysia

Malaysia’s striking geography presents unique communications challenges, with mobile technology an obvious choice given the need to communicate affordably between islands, but with mountains interfering with signal. Fortunately, innovative entrepreneur Tatparanandam Ananda Krishnan is there to work on the problem. Famous for his work in organizing the original Live Aid concert, he owns three communications satellites that are making all the difference.

China

Like Mexico, China is a country with powerful economic centers, but many people living in rural areas are effectively cut off by poor communications infrastructure. Sun Yafang is the woman setting out to change that. A humble technician who has risen through the ranks, she now chairs Huawei and has significantly increased its efficiency in the production of telecommunications equipment, making it available in a quantity and at a price that can enable real change.

Investment in telecommunications is one of the best ways to boost any national economy, with research from southern Africa suggesting a direct link between phone access per capita and economic growth potential. Other factors may ultimately be needed to make growth happen, but telecommunications are a crucial element no country can afford to ignore.


Order Security Manual
Sample DRP

Posted in Infrastructure, Security & Compliance | Leave a comment

Security Threats – Protecting Enterprise Infrastructure

Security Threats – Protecting Enterprise Infrastructure

Security Policies

In the first half of the 2013 fiscal year, the US Department of Homeland Security’s responded to more than 200 incidents.  53 percent of the incidents were in the energy and utility sector — many of them sponsored by states such as China.

As attacks become more sophisticated and digital control systems increase in complexity and levels of automation, it is increasingly difficult to prevent threats from impacting the operation of critical infrastructure.

Order Security ManualSample DRP

Security balancing act

The costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. These costs include purchasing a security solution, implementing this security solution, and finally managing and maintaining the solution. Initial costs often include the physical infrastructure necessary to deploy the solution, such as servers, kiosks and networks, as well as the consulting services that are often required to implement the solution correctly.

Security Threats

Defining acceptable media and content

Defining a portable media and content strategy is key to a secure data workflow policy. When developing a secure data workflow policy, organizations should first define what types of portable media are acceptable and how they can be used.

Designing secure data workflows

The best security policies have multiple layers of protection, to guard against many types of threats, both known and unknown. This defense-in-depth strategy will minimize the risk of any one threat getting past all of the security layers.

A secure data workflow should leverage threat protection methods including:

  • User authentication and source verification: Prevent unauthorized users or sources from bringing in data and facilitate logging for future auditing;
  • File type analysis and filtering: Prevent risky file types from entering the facility, including files that have spoofed extensions
  • Multiple anti-malware engine scanning: Detect threats that are known by any of the many commercial anti-malware engines, and leverage many varying heuristic algorithms to detect zero-day attacks;
  • Document sanitation: Further protect against unknown threats by using sanitation methods to strip potential threats out of documents and images.

Order Security ManualSample DRP

Posted in Security & Compliance | Tagged , , , , , , | Leave a comment

CIO Role – 3 Ways CIOs Can Win People Over

CIO Role – 3 Ways CIOs Can Win People Over

CIO Role – CIOs who are committed to advancing their roles—and having a broader impact on the business—need to develop their skills surrounding the company’s number-one asset: people. Being perceived as a pure technologist, whether deserved or not, is hardly a path to advancement.

IT Job DescriptionsCIO Role – CTO Responsibilities

Chief Information Officer – Chief Technology Officer

Order CIO Job Description

There are several ways CIOs can position themselves to enhance their interaction with their fellow C-Level executives:

  1. Participate in meetings outside of IT. One CIO, frustrated that her colleagues perceived the IT function as brimming with no-sayers, requested that members of her team be invited to meetings outside of IT, so as to supply their own viewpoint. As IT folks joined technology and sales teams on an ongoing basis, they not only expanded their own scope but also broadened the others’ understanding of what IT actually does. In doing so, they helped groomed themselves for other positions. In one case, a IT executive lost one of her top performers to the sales team—and even prodded the person to take the job by promising to keep a IT position open, just in case.
  2. Figure out how to create value for other functional areas. At some companies, others perceive IT as a function whose members are only interested in tracking project status—whether that is useful or not. Rather than emailing technology-packed reports to colleagues, try playing the internal marketer and ask other functional leaders what kind of report would be most helpful to them. Engaging in a face-to-face dialogue will help restore the human element to your working relationship.
  3. Help demystify IT. Having joined a company as a CIO, one executive kept hearing the same refrain: “I don’t really know what IT does.” Those who did suggest they understood the role of IT typically ventured a textbook definition that was more suited to data processing of the late 1980s. To reduce the mystery that surrounded his role, the CIO sent out a company-wide e-mail inviting all employees to join him for a brown-bag lunch on the first Thursday of every month. After six months, he regularly drew a large crowd. He used the meetings to speak candidly about the factors that impact the bottom line, and to find ways he could help support his colleagues. The dialogue not only lifted his function’s profile—other C-Suite executives soon started following his lead.
Posted in Career, Job Descriptions | Tagged , , , | Leave a comment

Privacy is a thing of the past

Privacy is a thing of the past

When we look at the world as it is today, it is easy to see that privacy is no longer a reality no matter where you are in the world

Order Sensitive Information PolicySensitive Information policy

BYOD guidelines are just being defined, but one warning must rise above the din: never, ever, try to gain unauthorized access to an employee’s pri…

Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists BYOD

URL: http://www.e-janco.com/Press/2013/20130510-BYOD-Policy.html

Compliance Mandates – Security Manual Template Version 8.0 Released

Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists Compliance

URL: http://www.e-janco.com/Newsletters/2010/Compliance_Newsletter_100726.htm

Companies should also weigh the vulnerabilities associated with various cloud computing service and deployment models

Articles Archives Register CIO Roundtable Company Who we are Customers Downloads Advertizing Rate Sheet TestimonialsPrivacy Payment Options Terms and Conditions Return Policy Site Map Blog Top 10 Lists Cloud

URL: http://www.e-janco.com/CloudSecurity.htm

Posted in Infrastructure, Security & Compliance | Tagged , , | Leave a comment

10 steps Disaster Plan Testing

10 step Disaster Plan Testing

10 step Disaster Plan Testing

10 step Disaster Plan Testing – Almost every organization has a disaster recovery and business continuity plan on the shelf.  The question that every CIO needs to have answered is will the plan work?

To that end we have defined and documented a testing process that will ensure that a DR/BC plan will work when it is needed after a disaster or business interruption occurs.

The 10 steps are:

  1. Identify people who will participate in the test
  2. Identify the enterprise operations that will be teste
  3. Train people before the test
  4. Establish test objectives
  5. Select test type
    1. A walkthrough
    2. A desktop
    3. A timed desktop
    4. Live or real time
  6. Document the test plan
  7. Manage pretest administration
  8. Conduct the test
  9. Do a post-test review of successes and failure – implement changes the test
  10. Schedule the next test

Each of these steps is discussed in detail in the Disaster Recovery Business Continuity Template.

 Order Disaster Plan TemplateDisaster Plan Sample

Disaster Recovery Business Continuity Plan Template

The Disaster Recovery Business Continuity template has been purchase by over 2,500 enterprise world wide in both the public and private sectors. To see the distribution of our customer base click here.

Disaster Recovery Security Cloud DRP Security Incident Communication Policy Security Audit Program
 Order Disaster Plan TemplateDisaster Plan SampleDR BC History
Posted in Disaster Recovery | Tagged , , , , | Leave a comment

Recruiting IT Pros Harder Now

Recruiting IT Pros Harder Now

Recruiting T Pros now is much more difficult.  Given that the good news is that unemployment rate dipped to 5.5% – the bad news is that CIO are now having a harder time finding experienced IT Pros.  In industries ranging from retail to health care to business services, CIOs would be well-advised to look back at how they recruited and retained workers in 2005, when the unemployment rate landed at 5.1%.

Suggestions for keeping a mindset of abundance in an era of scarcity:

  • Focus advertising dollars for targeting job-hunters. CIS need to advertise on the Internet, not only on job boards and social media but also using banner ads, which appear when someone is searching for an IT position.
  • Communicate you are a quality employer. Make the impression that you are a quality firm both in your office to your web presence. You want to work for a place that’s successful and physical and virtual presence are important.
  • Offer benefits that matter most to employees. Health insurance is a big deal to people, it hurts the bottom line in the short term. However IT Pros are more likely to come -and stay – if he or she doesn’t have to switch insurance plans every six months.

IT Hiring Kit – The must have tool kit for organizations and mangers who are looking to build a quality IT function. For more information go to http://www.e-janco.com/ITHirePack.htm.

IT Hiring IT Job Descriptions IT Salary SurveyIT Salary SurveyJob Descriptions
Order IT Hiring Kit
Posted in Career, Infrastructure, Job Descriptions | Tagged , , , | Leave a comment

Top 10 Network Security Management Best Practices

Top 10 Network Security Management Best Practices

Security Management Best Practices

Security management best practices – The top 10 network  Security management best practices if not followed expose a company’s assets and reputation to unnecessary risk.

10 Security Management Best Practices

This top 10 list is one that has been proven in practice.  NO organization that follows all of them has ever been attacked with their know that an attack is in progress and can react to it before it becomes a major media event.

  1. Centralize Malware Management
  2. Establish Boundary Control
  3. Centralize Provisioning and Authorization Management
  4. Implement Acceptable Use Policy
  5. Build Security into Applications Starting in the Design Phase
  6. Understand and Implement all Compliance and Audit Requirements
  7. Implement Monitoring and Reporting Processes
  8. Manage security deployment and Infrastructure Processes
  9. Implement Network and Host Defenses
  10. Constantly Validate Network and System Resource Integrity

To read more about this Janco’s security management page.  In addition, the Security Manual Template that is offered by Janco provides a foundation to implement these best practices.

Order Security ManualSample DRP

Posted in Infrastructure, Policies & Procedures, Security & Compliance | Tagged , , , , , | Leave a comment

Top 10 Effective Feedback Best Practices

Top 10 Effective Feedback Best Practices

Effective Feedback Best Practices are based on the employer communicating with the staff member, the staff member listening, agreeing with the feedback, and (with luck) changing or improving performance and behavior.

The key to effective feedback is that it is given regularly and in an informal way so that the employee feels that the conversations are open and that you as a manager are concerned about them as individuals.

Feedback will be will work when:

  1. Feedback is given
  2. Well timed
  3. Given with respect for the employee’s opinion and judgement
  4. Clear and is accurate
  5. Given to an employee who is committed to their job and understands what is expected of them
  6. Given and when improvement is shown that fact is communicated
  7. Given with consideration for the employee’s best interests
  8. Communicated in a positive manner
  9. Provided with a proposed method of solving an issue
  10. Given and the employee takes responsibility for implementing a solution

IT Job Family Classification System HandiGuide – This HandiGuide provides a step by step methodology and architecture to define job families and and align them with pay grades.

The core of Janco’s IT Job Family Classification System are four (4) IT specifiic career families, broad meaningful grouping of jobs commonly clustered within a career emphasis.

To develop a functional set of classifications, the IT job family classification system provides the tools to identify the content of the task performed within a job which is the key criteria in determining the family into which a job falls. This process is how jobs are marketed in the recruiting process and conforms to how individuals and enterprises define overall career paths.

Included in the HandiGuide is a template that has been proven to work in over 100 organizations world wide. A core IT Job Family Classification is included along with operational tools to layer the levels within each of the defined job families.

 

Posted in Career, Job Descriptions | Tagged , , , , | Leave a comment

10 Interview Questions that the interviewee should ask

10 Interview Questions That Should be Asked by the Interviewee

In preparing for an interview there are 10 interviewee questions that should be asked either directly or indirectly.  They will provide a good benchmark for the environment of the job that the candidate in interviewing for.

They are:

  1. How will this position change after I’ve been here a while?
  2. If this is not a new position where has the prior person gone? Did they get promoted or leave? How stable is the group that I am being hired for?
  3. How will you use my skills if the activity I am being hired for is stalled or something unexpected arises?
  4. What is the career path for this position? — Jobs with more responsibility? Management positions? Positions that require specific technical expertise?
  5. What is the project/product road map for the next one to three years?
  6. What kind of training and support for ongoing education does the organization offer?
  7. Is there an open door policy to communicate with upper management levels within he organization? Does the company offer mentorships with senior leaders?
  8. How will my role contribute to the overall mission of the company?
  9. What outcomes will you use to measure those contributions? What metrics will be in place to measure personal and team performance
  10. Will I have opportunities to work directly with the line organization outside of my group?
  • Information Technology Salary Survey – Janco collects IT salary and benefit data on a continual basis and publishes that data twice a year.  Once in January and a second time in June.
Order Salary SurveyFree Salary Survey

IT Job Descriptions

Posted in Career, Job Descriptions | Tagged , , | Leave a comment

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 best practices to meet governance and compliance requirements are a baseline tat “World Class” CIOs and enterprises all follow.

  1. Understand all existing and proposed regulation and compliance requirement.  This includes industry, state, local, federal and international regulations and mandates
  2. Have clear definition of duties (job descriptions) that meet all infrastructure, security and compliance requirements. These should be well documented and distributed throughout the enterprise.
  3. Continually assess the internal controls of IT that are in place. This requires interaction with both internal and external auditors.
  4. Establish a baseline of IT internal controls – include a definition of baseline policies and procedures that need to be in place in IT function.  Infrastructure policies and procedures must be constantly reviewed and updated.
  5.  Audit compliance to baseline of IT internal controls and governance requirements. All levels of management need to be involved.
  6.  Track access to all “protected” and confidential data. This has to be real time and responsive as the exposure the enterprise faces continues to increase over time.
  7.  Preserve audit data in secure long term storage.  After the fact reviews can not take place unless this occurs.
  8.  Establish and enforce separation of duties and management accountability are key.
  9.  Implement metrics that support the alignment of IT with enterprise requirements. To measure is to modify behavior.  The right metrics need to be in place.
  10.  Implement a function which focuses on implications of new technology on infrastructure and governance of IT.

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

  • CIO IT Infrastructure Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy (more info…)
    • Blog and Personal Web Site Policy (more info…) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template (more info…) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy (more info…) Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info…)
    • Patch Management Policy (more info…)
    • Outsourcing and Cloud Based File Sharing Policy (more info…)
    • Physical and Virtual Security Policy (more info…)
    • Record Management, Retention, and Destruction Policy (more info…)
    • Sensitive Information Policy (more info…) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics (more info…)
    • Social Networking Policy (more info…) Includes electronic form
    • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information (more Info…)
    • Travel and Off-Site Meeting Policy (more info…)
    • IT Infrastructure Electronic Forms (more info…)

IT Infrastructure PoliciesInfrastructure Policy Sample

Posted in Disaster Recovery, Infrastructure, Policies & Procedures, Security & Compliance | Tagged , , , , , , | Leave a comment
%d bloggers like this: