Janco News Feed
Sarbanes-Oxley
Compliance Auditing Tools
The audit spotlight now shines on IT. After years of regulation and embarrassing data breaches, the highest levels of management now comfortably discuss IT controls and audit results. However, their quality expectations are rising. Where IT once performed audits annually, many now support quarterly, monthly, and ad hoc exercises. Each audit expands the scope of the technologies assessed, measured, and proven compliant. Broader scope means more complexity and more work. With the Sarbanes Oxley Compliance Kit you can increase timeliness and accuracy of audit data while reducing IT audit effort, disruption, and cost.
Sarbanes-Oxley challenges the Information Technology function with requirements that impact day-to-day activities.
SOX compliance monitoring and auditing tools put in place the infrastructure that every enterprise that must comply with the requirements of this and other mandated security needs addresses. Each of the components in this tool kit are easy to implement and meets the most stringent needs that you face.
-
Security Audit Program - Contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000, Sarbanes-Oxley, HIPAA, and PCI-DSS.
The results are posted to a 22 page Excel worksheet that graphically summarizes the strengths and weaknesses of the enterprises security and compliance to best security practices. (Read on...)
-
Job Descriptions - Director Sarbanes-Oxley Compliance and Manager Sarbanes-Oxley Compliance job descriptions.
Sarbanes Oxley Auditing News
Tools for Disaster Recovery planing
February 2nd, 2012
When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing field. Safe recovery distances can also mean painfully slow replication and backup across the WAN in addition to the costs to accomplish this.
Janco's "Disaster Recovery and Business Continuity Template" leads the way to implementation of the latest disaster recovery technologies and cost savings strategies. Enterprise of all sizes can build a functional disaster recovery plan with this tool and make your own disaster recovery efforts more efficient.
- more info
Business Continuity Plan is more than just paper
January 20th, 2012
The Business Continuity Planning is about more than the IT components. Though the CEO and executive staff must define what business processes need protection and the appropriate response.
IT has several innate characteristics that make them well suited to disaster planning and implementation.
- more info
- Project planning: IT is accustomed to implementing new technology in a controlled fashion, giving IT staff experience in understanding and planning for the impact of change for maximum success.
- People/Process/technology relationship understanding: Two areas in which having an understanding of this relationship are key to success. The implementation of new technology often changes process. Changes in process change the ways people interact with information systems. From advanced computers and applications to systems that allow physical building access, IT understands the people/process/technology relationship better than any other team in the company. In addition, IT also has a deep understanding of how supporting systems are critical to the delivery of, and access to primary information systems. From Active Directory and DHCP to routers and firewalls, IT understands the key systems and the order in which they must be restored to deliver a complete service. This understanding facilitates business continuity and restoration.
- Experienced in disaster management: In complex IT environments, something is usually broken or has a problem. IT has the experience to quickly identify the problem, understand the impact and respond appropriately to the issue. This experience is vital in the high stress and dynamic environment of managing a disaster event.
Disaster Recovery and Business Continuity a critical part of enterprise operations
January 8th, 2012
Disaster recovery is becoming an increasingly important aspect of enterprise computing. As devices, systems, and networks become ever more complex, there are simply more things that can go wrong. As a consequence, recovery plans have also become more complex. According to Janco Associates (the author of the Disaster Recovery Business Continuity Template). For example, fifteen or twenty years ago if there was a threat to systems from a fire, a disaster recovery plan might consist of powering down the mainframe and other computers before the sprinkler system came on, disassembling components, and subsequently drying circuit boards in the parking lot with a hair dryer. Current enterprise systems tend to be too large and complicated for such simple and hands-on approaches, however, and interruption of service or loss of data can have serious financial impact, whether directly or through loss of customer confidence.
Appropriate plans vary from one enterprise to another, depending on variables such as the type of business, the processes involved, and the level of security needed. Disaster recovery planning may be developed within an organization or purchased as a software application or a service. It is not unusual for an enterprise to spend 25% of its information technology budget on disaster recovery.
Nevertheless, the consensus within the DR industry is that most enterprises are still ill-prepared for a disaster. According to the Janco Associates Disaster Recover Business Continuity web site, Despite the number of very public disasters since 9/11, still only about 50 percent of companies report having a disaster recovery plan. Of those that do, nearly half have never tested their plan, which is tantamount to not having one at all.
- more info
eCommerace mandates business continuity management
December 14th, 2011
There's little doubt that business continuity management (BCM) must be front and center for today's payment card issuers : the potential cost implications of an unmanaged catastrophic incident within the supply chain for payment card issuers can run into millions of Euros and cause wide-ranging reputational issues that may impact customer growth.
- more info
Lost data is critical to users
November 10th, 2011
The general lack of preparedness for disasters and business interuptions is surprising in light of the fact that 40% of users feel like they would never be able to recover, recreate or repurchase all of their documents and files if their personal computer crashed. Its even more surprising considering the insights that the study uncovered regarding the significant value many assign to their digital content, including:
- It is More Valuable Than Vacation Time
- It is Even More Precious Than My Wedding Ring
- I would Pay Dearly to Get My Data Back
- I would Sacrifice Something I Love to Save My Data
Users Place Too Much Trust in Their Hard Drives
Users are surprisingly trusting of their computer hard drives, particularly taking into account that over half have lost all of their personal files in a computer crash at some point. According to study, 82% of users keep electronic files only and the majority of these files are nowhere else but on their computer hard drive. The most popular files people store digitally are photos (55%), music (46%), resumes (42%), addresses (28%), phone numbers (27%), and financial documents (22%). Notably, the average user surveyed has more than $400 of digital music and movies on their computers and that, for one in four, the music and movies are worth more than the computer itself.
- more info
