Enterprise Wide Licenses

You can order an enterprise wide license for Janco's templates, white papers, policies, and procedures.  The license allows you to to place the product on your enterprise's INTRANET (not INTERNET) and they can be shared by groups/ divisions/data centers within a single Country / DUNS number. If you need to share it with more groups please contact us at 435 940-9300.

The products that you can purchase enterprise licenses for include:

• Disaster Recovery Template
• Security Manual Template
• IT Salary Survey
• IT Salary Survey 10 year comparative study
• Functional Specification Template
• Safety Program Template
• IT Infrastructure, Strategy & Charter Template
• IT Service Management Template
• Practical Guide IT Outsourcing
• Client Server Management HandiGuide
• Internet & IT Position Descriptions HandiGuide
• Metrics for the Internet & IT HandiGuide
• Internet & PC Workstation Polices & Procedures
• Business & IT Impact Questionnaire
• Threat & Vulnerability Assessment Tool

IT Management News

How companies protect laptops is an issue

More than 50% of organizations surveyed have indicated that they protected sensitive information with encryption software. A further 43% reported the use of asset tracking software. Simply knowing where all mobile computers are located is a powerful security measure, however, traditional IT asset management solutions are designed to track only those laptops that connect to a local area network (LAN) or virtual private network (VPN) connection. For a large proportion of laptop users, returning to head office is an intermittent event - allowing many laptop computers to remain below the radar of IT.

Encryption software is commonly referred to as the computer security fall back. In the event that a computer protected by organizational policy and physical deterrents is stolen, sensitive information on the laptop is made unreadable by encryption. For encryption software to be effective however, laptop users must consistently and accurately follow company encryption policy. Even more worrisome is the fact that more than 30% of companies believe employees are actively involved in the theft of company computers. Armed with the necessary passwords and encryption keys to access data, disgruntled or dishonest employees represent a threat that cannot be addressed by encryption alone.

The common failing of these laptop security measures is the fact that they are heavily reliant on the diligent action of laptop-using employees to remain effective. If a cable lock is not used, an authentication password is taped to the keyboard for convenience or a regular encryption process not completed, organizations remain unnecessarily vulnerable to public data breach. By the same token, complex, expensive and ultimately productivity-dampening security measures may be effective but greatly reduce the benefits of laptop computers. Endpoint security solutions complement other security measures by providing a final, user-independent layer of protection.

Data breaches continine to be CIO's concern

The FBI received a record number of complaints in 2008, and the associated direct cost of the frauds carried out with stolen data was $265 million versus $235million in 2007.  Adding to this is the challenge of securing personal information and intellectual property data.  Companies are granting access to more systems and information - bank customers access to account balances; workers maintain their own 401k and investment accounts; web shoppers place orders and make purchases with a single click; and business partners work on projects in a collaborative manner online.

To reduce the risk of a data breach or theft, organizations must adopt new tactics.  In addition, companies must address e-mail and Web security along with employing a functional data loss and prevention strategy.  The application of multiple security techniques is required to reduce risk. For example, there must be a way to control spam and block the downloading of malicious software from poisoned Web sites.  In today's open Web 2.0 and social networking environments, companies need a way to defend against attacks and protect secret or sensitive data.  At the same time, they must maintain a flexible and responsive infrastructure to support today's business working habits.

The Janco Security Manual Template has helped over 2,000 enterprises world-wide to  meet these requirements.

Pandemic Disaster Recovery Plans At Risk

Pandemic disaster recovery planning should consider the impact the H1N1 flu virus could have on the Internet if workers and students are forced to stay home because of the pandemic. Officials at the U.S. Government Accountability Office weighed in on the potential for clogged networks  in a 71 page preport.

Although the issue has been raised before by various ISPs and network carriers, recent worries have focused on securities firms that depend on third parties to clear trades and process payments over the Internet, according to the GAO.

"Internet congestion during a severe pandemic that hampers teleworkers is anticipated, but responsible government agencies have not developed plans to to address such congestion and may lack clear authority to act," the GAO warned.

Internet backbone congestion from a pandemic is not a major concern. The larger problem may be with the network "edge" or "last mile" in the residential portion of the Internet. Janco says that work-at-home strategies for organization may not work as advertized as residential Internet access may not be sufficient.  This is true both from a capacity and bandwidth at work at home sites.

Often many residential DSL users could share a single DSLAM connection at the carrier's switching office to reach the backbone, contributing to congestion problems. Last-mile DSL and cable modem networks are where remote access falls apart.

While the network edge impact would vary by neighborhood, the Centers for Disease Control planning guideline that assumes 40 percent of the workforce might not be in the workplace for an extended period of time during a pandemic.

Best Practices for CIOs and IT Departments

Business continuity is not just a good business practice - it can mean success or failure if data and applications on a production server are lost. Disaster recovery planning ensures organizations have the capability to continue essential functions across a wide range of situations that could disrupt normal operations. High availability is the cornerstone for most business continuity plans and is one of the reasons for evaluating and deploying data protection solutions. However, traditional data protection strategies focus on just the data and not the application.

CIOs and IT departments design the organization's infrastructure with continuity of business operations in mind. However, most organizations are not doing enough to protect mission-critical data, applications and systems from unexpected disruption and potential loss -- volatilities, such as viruses, power outages, natural disasters, corruption, human error and media failures can't always be prevented. Environments today are characterized by rapid data growth, complexity, stringent business requirements and the increasing government regulations, making it difficult for organizations to get their arms around their data protection strategies. In many cases, the focus is on just protecting data - not necessarily on recovering it. And when there is a focus on recovery, it usually involves just making data available to an application.

Audit Fatigue is Setting In for Some

(Internet Research Group) - Regulation is a part of business, regardless of company size, industry, or geography. In addition, for the most part, the larger the enterprise, the larger the potential for non-compliance risk. Non-compliance can mean a number of things - sanctions, fines, legal action, market value impact, and the cost of remediation may exceed the perceived cost of prevention. Audit program is required

The results are supportive of the term audit fatigue, that unmanaged IT Audit efforts within regulated organizations have a negative business impact on IT resources and reduce IT efficiency. However, respondents are largely aware of and interested in tools to automate audit processes and controls as a means of overcoming audit fatigue and freeing up IT budget and resources for innovation rather than compliance. This results in the following:

• Compliance impact is increasing, resulting in high audit frequency and number: As can be expected, larger organizations must satisfy a number of IT audits. Small to mid-sized enterprises (SMB’s) are also subject to an increased level of compliance requirements - resulting in higher than expected IT audit engagements. Given the lack of consistent IT standards across industries and geographies for audit criteria and reporting, compliance efforts - i.e., IT audit and remediation - are largely manual.
• Audit costs are unmanaged, resulting in increased cost: Many respondents conduct audits on an ad-hoc basis rather than as a scheduled effort of an enterprise risk-management program. Given the inability to forecast audit and remediation, spending, budgetary control is lost - exacerbating the perceived impact of compliance efforts.
• Lack of controls automation, limited process maturity: Audit fatigue can be attributed to lack of controls automation and unmanaged IT Audit processes. Limited controls maturity - i.e., repeatable and sustainable controls enforcement and audit processes -  constrains IT innovation due to uncontrolled costs associated with IT Audit and issue remediation.
• Security Policies and Procedures missing