Disaster Recovery & Business Continuity and Security Templates Audit Bundle

This bundle is fully compliant with Sarbanes-Oxley, HIPAA, PCI-DSS and the ISO 27000 Series (ISO 27001 and ISO 27002).  It has been updated to reflect all of the recent legislation and other mandated requirements.

The Disaster Planning and Business Continuity Template has been selected by over 2,000 enterprises world-wide as the foundation of their DRP and BCP programs.

The Security Manual Template has just been updated to address issues such as SmartPhone and other PDAs

The Security Audit Program contains over 400 unique tasks divided into 11 areas of audit focus which are then divided into 38 separate task groupings. The audit program is one that either an external or an internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 (Formerly ISO 17799),Sarbanes-Oxley, HIPAA, and PCI-DSS.

The Disaster Recovery / Business Continuity Audit program identifies control objectives that are meet by the audit program.  There are 36 specific items that the audit covers in the 11 page audit program. 

The ISO 27000 series is a set of individual standards and documents defined as follows:

• ISO 27001 - The specification for an Information Security Management System (ISMS) replaced the BS7799-2 standard.

• ISO 27002 – The ISO 27002 standard is a renaming of the ISO 17799 standard, which is a code of practice for information security.  It outlines controls and control mechanisms, which may be implemented subject to the guidance provided within ISO 27001. 

• ISO 27003 – This is a PROPOSED Standard, which has yet to be completely defined.  This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (Information Security Management System).  The purpose of this proposed development is to provide help and guidance in implementing ISMS.  This will be a quality control standard when it is released.  ISO 27003 will focus on utilizing the Plan-Do-Act-Check (PDCA) method, when establishing, implementing, reviewing, and improving the ISMS.

• ISO 27004 - This is the designated number for a PROPOSED standard covering information security, system management, measurement, and metrics.
   

• ISO 27005 – This is the name of a PROPOSED standard emerging standard covering information security risk management.  As with the other standards within the ISO 27000 series, no firm dates have been established for its release.  However, it will define the ISMS risk management process, including identification of assets, threats and vulnerabilities.  This is the ISO number assigned for an emerging standard for information security risk management.
   

• ISO 27006 - This standard offers guidelines for the accreditation of organizations that offer certification and registration with respect to ISMS.

Disaster Recovery / Business Continuity Security Audit News

Issuse CIO Face in a Troubled Economic Times

CIOs face some of its greatest challenges they have ever had. All managers are under intense pressure to cut costs, and that pressure is significantly increased by the current grim economic outlook. Everywhere CIOs look there is study after study indicating that organizations are looking at reducing headcount, as well as their overall spending in 2009. In addition, many business areas are relying on IT more than ever before to help them deal with the increased competition and reduced funding. This budget crunch creates a greater need for improved efficiency and higher productivity.

Normal logic would cause a CIO to consider hunkering down and focusing on survival until business conditions improve. However, enterprises must continue to make strategic investments in Information Technology. Survival is clearly important, but by making survival your primary focus, you risk missing opportunities.

CIOs and IT organizations that position themselves for the eventual upturn will look at IT as an enabler of business efficiency and growth. In this turbulent economy, it becomes more critical to invest differently in IT. The key is to invest in areas that really improve IT efficiency and discipline. This focus will enable IT not only to survive this difficult financial period, but also to quickly shift its profile toward enabling true business growth.

Over 70% of Lost Laptops are Never Recovered

Laptops can and do get lost or stolen. In studies conducted by several security firms, it has been found that over 50% of all lost or stolen laptops disappear at airport security checkpoints an departure gates. Unfortunately almost 70% of these laptops are never recovered.

Terminating an Outsource Relationship

Enterprises can and do suffer because they do not plan for what happens when the end date of the outsourcing contract approaches. Enterprises usually omit to include a definition of procedures to be followed and assets allocated when the contract terminates.

The time to set the groundwork for the termination of an outsource contract is when the original contract is negotiated.  If it is not done then, the outsourcer has no reason to do more than the contract requires.

Key issues to consider are:

• Ownership of fixed assests
• Ownership and return of data
• Documentation and other intellectual property
• Staffing turnover from outsourcer to enterprise
• Support outsourcer is to provide in the turnover process

CIO Recovery Planning Tool Kit Released

Park City, UT –  Park City, UT - With the recovery on the horizon, Janco Associates, Inc. has released its CIO Infrastructure Planning Tool Kit. The kit contains all of the elements that are required for CIOs to hit the ground running as the recovery starts to take hold and demand increases for IT services. The CEO of Janco, Mr. Victor Janulaitis said, "During a downturn, CIOs often had to make some unpopular decisions and that cost them the alliances they need to succeed. Based on our experience the highest attrition rates for CIOs is during a recovery. With a recovery, many enterprises feel they can afford a change at the top to get a new direction and improve the enterprise's IT operations. In order to succeed CIOs need to take proactive steps before it is too late."

Janulaitis said, "CIOs need to act well in advance of the recovery, and the end of a recession is often recognized only months after the fact. The most progressive CIOs and enterprises will turn to recovery mode before competitors by implementing a recovery plan right now."

Janulaitis added, "...Most IT functions are operating at very high productivity levels and do not have any extra capacity to use when the recovery starts. Once the recovery occurs there were be huge demand for initiatives, projects, and staffing. CIOs who react too late will find they will not be able to meet the demands placed on them."

The CIO Infrastructure Planning Tool Kit directs CIO how to get there organization in order by helping them meet several key objectives. Updating the organization infrastructure with IT Service Management (ITSM) and Metrics in mind; updating the Service-Oriented Architecture (SOA) and how it will be applied with new initiatives; defining all of the responsibilities of the IT staff and support staff members; creating current job descriptions in place; and identifying the resources that will have to be hire (employees) or retain (contractors) once the recovery starts.

The CIO Infrastructure Planning kit comes in three versions: standard, silver, and gold. The gold version contains the IT Infrastructure, Strategy, & Charter Template, the latest Janco IT Salary Survey, the IT Service Management for SOA Template, 220 IT Job Descriptions, the Internet and IT Job Descriptions HandiGuide , and a Functional Specification Template. These templates and job descriptions all come in MS WORD and are fully editable. More information can be found at http://www.e-janco.com/CIOInfrastructurePlanningToolKit.html.

Is your business ready to deal with management of all of its data and business records?

For most midsized and even small businesses, managing data is a major challenge. The growth of structured data from databases, e-mail and other applications, as well as file data such as PDFs, audio, video and graphics has been exponential. Furthermore, no end is in sight. According to well know reasearch firm, the need for on-line data storage capacity is increasing at a rate of nearly 58 per cent per year; by 2011, it is estimated that companies worldwide will require disk storage of more than 32,000 petabytes of data.

The increasing flood of data can lead to a host of problems, like added time and system slowdowns due to the sheer volume of data; added cost, in new equipment and especially in management overhead, to provide for all this data accumulation; and the added business risk that comes with larger data stores.

The temptation is to accommodate added data by increasing the number of servers and disk drives. But simply adding servers is not the answer – in fact, without planning, the direct attachment of additional drives or servers can create islands of storage, resulting in greater management requirements. Such an unplanned and reactive approach to storage is inefficient, raising costs while limiting flexibility and the capacity to respond to new business opportunities.