Home

Search

Templates Kits

Salary Survey

HandiGuides

Job Descriptions

Policies

Compliance

White Papers

Update Service

Bundles

CIO Infrastructure

Promotions

 

Janco

 

 

News

 

 

 

 

 

Disaster Recovery, IT Service Management,
IT Job Description, Sarbanes Oxley, and
IT Salary News

IT Salaries Fall According to Janco

Janco released its 2009 Mid Year IT Salary Survey which shows that overall pay has declined for IT Professionals in the past 18 months. Janco also found that demand is down for IT Professionals.  The CEO of Janco, Victor Janulaitis stated, "The current economic climate with its cost cutting mindsets, business closures, and extensive outsourcing has put such great pressure on the IT job market that overall pay has been impacted.  Added to that many 'baby-boomers' who had planned on retiring in the next few years are not leaving the job market and you have more potential employees than positions available."

Janco has captured IT compensation statistics since 1996 and publishes its IT Salary Survey semiannually. The IT Salary Survey is based on Janco Associates, Inc. IT Professionals compensation database.  Compensation benchmark hiring and salary ranges are established for each position surveyed. In analyzing the study data, the upper and lower quartiles are eliminated to determine benchmark ranges. The benchmark ranges are then used to assess the alignment of a company's actual compensation to the marketplace for each job function. A summary of the most recent salary survey can be downloaded by visiting Janco IT Salary Survey at http://www.e-janco.com/Salary.htm.

- more info

CIO Salaries Fall

The group of information- technology executives who are among the five highest-paid officers and those making over $1,000,000 per year at their companies has gotten smaller. The shift indicates that  salaries are falling in general and that technologists are being regarded more as functional workers than strategists.

Public companies are required to openly report compensation every year for their five highest-paid officers. Technology executives historically make a meager showing; typically, less than 6% of the Fortune 1,000 include them in proxy filings. Executives in more established roles - finance, operations, human resources - generally slip in ahead of information chiefs on the pay scale.

Technology executives salaries are suffering from a backlash against overspending and a poor economy that has forced budget cuts.

Many CIOs and people who evaluate CIOs equate productivity with cutting the budget.  CIOs thought they would change the world and that the whole business depended on I.T. But now the pendulum has swung in the other direction.

- more info

Cutbacks Impact Fringe Benefits for IT

In preliminary results for the Janco 2009 Mid Year Salary Survey, Janco has found that fringe benefits like insurance, 401Ks, flexible hours, bonuses and stock options are being reduced by enterprises as they struggle to contain costs.  Janco has tracked this trend for several quarters.  The CEO of Janco, Victor Janulaitis said, "Over the first two quarters there has been a noticeable reduction in costs associated with employees.  Companies of all sizes freezing salaries, laying-off staff, making employees pay a larger portion of their insurance cost, decreasing bonuses, and cutting other benefits."

The 2009 Mid Year IT Salary Survey will be released at the end of June and more information can be gotten at Janco’s websites.

- more info

Change Management Issue for Measuring IT Success

(HP) A significant number of service disruptions are due to poor change processes including flawed impact assessment. The cost to the business of these self inflicted wounds is high. Poorly managed change results in many negative outcomes including:

• poor quality of service
• dissatisfied business customers
• unnecessary rework
• missed deadlines
• higher operating costs
• poor employee morale and infighting
• downtime of business critical services

It is no surprise to anyone associated with IT management that along with the increase in the rate and complexity of change has come a corresponding increase in the interest associated with using a best practice approach to change management. ITIL v3 says that changes should be managed to:

• Optimize risk exposure (supporting the risk profile required by the business)
• Minimize the severity of any impact and disruption
• Be successful at the first attempt
  While many

firms are investing in change management as a best practice, doing it well remains difficult. There are many hurdles that must be overcome to implement a change management process that not only follows a best practice approach but also yields outstanding results. The challenge becomes obvious when you consider that many changes within a large enterprise span multiple geographies, involve multiple teams and organizational units and include infrastructure elements that cross multiple domains—network, servers, storage, and applications.

- more info

Where to Start with Security

The keys to sound security are often considered deployment of a sensible security risk analysis approach, compliance with a recognized standard such as ISO17799 or ISO27000 or BS7799, development of comprehensive information security policies and deployment of a detailed security audit program.

But where to start? The answer is easy -  Janco Security Policies and Procedures Template and the Janco Audit Security Program.  Risk analysis is often presented in a confusing and over-complicated manner, ISO 17799 or ISO27000 or BS7799 compliance can seem a daunting task, security policies can be totally ignored in practice, and security audit is sometimes less effective than it should be due to over-stretching of busy audit professionals.

http://www.e-janco.com/SecurityAudit.html is intended to provide a launch pad to help alleviate these difficulties. Janco has an approach that works.

Whether you need a security risk analysis method/product, guidance on how to achieve compliance with ISO 17799, ISO27000, BS7799 or your own IT security policies, or whether you simply wish to increase the productivity of your security audit team, the resources at Janco should help.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.

- more info

Get US IT Salary Data

Participate in IT Salary Survey and get a free copy of the study when it is released in July. 

The Janco Associates, Inc. salary survey draws on data collected throughout the year by extensive interviews, internet-based survey data, and survey forms completed by businesses throughout the United States and Canada.  The database contains over 50,000 data points for each reporting period.

Are you paying too much or too little to your IT staff? Do you have IT job descriptions? Are you earning what you're worth? Whether employer or employee, it is important to know what other companies are paying in total compensation for a similar position in your area. Learn how your company compares in the area of compensation.

- more info

CIOs Cost Control

In order to manage IT costs' effectively CIOs need to review their existing IT operations with an eye towards doing more for less.  The first areas to review are:

• Utilization (Equipment and Personnel) - IT utilization typically measures the capacity of the physical hardware that an organization is using to support its business. Generally, the most common metric is server utilization.  Despite only using a portion of the server resources, organizations are still paying for and supporting the entire device. The same is true of personnel.  Charge back systems should be set to cover 100% of the cost of all resources.  If a CIO sees that only 10% of a resource is utilized then that can be a candidate for consolidation.
• End-user support - Enterprises typically have an internal help desk. Generally, this internal help desk is responsible for supporting end users' client devices. When IT budgets get cut, one area that usually comes under investigation is the internal help desk. However, the internal help desk can be essential to providing support for the end users and marinating employee productivity.
• Maintenance and support budget - By far the largest component of the IT operations budget is for external support services. In many cases, organizations are either under or over supporting their IT environments and adding additional costs.

- more info

H-1B Visas are Under Fire

H-1B program is under fire in Washington.  The economy has finally gotten to the point that Congress is listening to the concerns of laid-off technology workers.  U.S. Department of Homeland Security Secretary Janet Napolitano told a congressional committee that ensuring that U.S. workers have jobs is one of her "top obligations," and she said that her agency is stepping up its enforcement of the H-1B program.

Napolitano said that the department has added fraud prevention tactics that were not being used previously in the H-1B program. Those measures include visits to work sites. Napolitano was responding to a question from Senators who have introduced legislation called the H-1B Visa Fraud and Abuse Protections Act (S.887). The reform bill includes a number of restrictions and enforcement provisions, including audits of employers.

- more info

Microsoft's IE Loses Almost 6.5% of the Browser Market in the Last 12 Months

Park City, UT - Janco and the IT Productivity Center have just released its May 2009 Browser and Operating System Market Share White Paper. The major findings are that Microsoft's IE browser market share has has fallen to 66.81% versus 73.23% in May 2008 and 76.40% in March 2008; Firefox has maintained its number 2 browser position and is used by almost 19.55% of all users; Google, with its Desktop and Chrome offerings, has just over 5.4% of the market; and acceptance of Vista continues to be below Microsoft's expectation.

Victor Janulaitis, the CEO of Janco said, "The major browser findings of the study are: Microsoft's Internet Explorer's market share has stabilized and Google’s Chrome is a non-event." He added, "... IE 8 has been released but its acceptance is slow at best." The White Paper has a detailed historical analysis of browser market share since 1997. The findings are supported by data which is provided both graphically and in spreadsheet format.

On the Operating System front, Microsoft's Vista is installed on just under 1 in 5 desktops (17.34%) after over 30 months since Vista's first release (RC1). Janulaitis added, " Vista proves that large companies like Microsoft can and do make huge blunders in technology. Microsoft can no longer count on moving users to new products like Vista as quickly as they want."

A summary of Janco's white paper can be found on the Janco’s web site (http://www.e-janco.com/browser.php) and the IT Productivity Center’s web site (http://www.itproductivity.org/browser.php).

- more info

CIOs Need to Have Programmers Who Are Experts in Multiple Programming Languages

CIOs need to hire programmers who know more than one programming language.  Americans have a reputation for only speaking one language. Small surprise, then, that the same is often true for American programmers. Today's computer science graduate often leaves school with a strong knowledge of only one programming language -- typically a major systems language, such as Java or C++ -- and goes on to a career based almost exclusively on that language.

On the surface, this makes sense. C++ and Java are both highly versatile, complex tools. Just learning the syntax of either one is nothing compared to the amount of study it takes to become familiar with the whole ecosystem of associated libraries and frameworks. Not to mention that both languages are widely used; if the CIO does not staff with programmers who know both they cut their enterprises’ capabilities dramatically.

- more info

Best Practices For the Resume Review Process

Best Practices for Screening Resume

• Define job requirements clearly for recruiters and electronic posting - You do not want to waste your time looking at resumes of individuals who are clearly not qualified.  In current job market, some active job applicants apply for anything even when they are not remotely qualified for the position that you are trying to fill.  If a recruiter sends you candidate resumes that fall into this category - warn them and then stop using them if they continue.  A full job description with specific accountabilities, authority, and position requirements should be part of the materials that are used in communicating the needs of your enterprise. "Must have led an ecommerce Internet development team that implement a customer WEB 2.0 application" is much different than "5+ years experience as lead developer."
• Use consistent rules to select and reject resumes - Communicate so that the screeners/recruiters and hiring manager have the same understanding of the job requirements before the screening process starts. For example, screeners/recruiters should review a sample of several real resumes - real time - with the Hiring Manager, who should  defined the "must-haves" and "nice to haves." Why a resume goes in the yes pile, while this similar one goes in the no pile?
• On the first pass spend no more than 20 seconds on any resume - In the current job market, it is typical to get 100 to 200 resumes for a single position.  Given that volume, it will take one to two hours to get through the first pass.  You want to get through all of the resumes that you have and with luck you should be able to find between 10 to 15 individuals that can be phone screened.
• Create a scorecard with the must have requirements - Create simple, 10-question-or-less checklist to help you stack rank your applicants. Define items for the checklist that highlight your requirements for the key experience, skills, and technology. Use this tool in the resume and in the phone screening. For example, "How many years of commercial web ecommerce experience do you have writing HTML and XML?"  or "What specific application development and version control  tools have you used"
• Eliminate resumes that are too long and filled with acronyms and  buzzwords - Many candidates have figured out that if they load up their resumes with more acronyms and buzzwords (i.e. technologies) hoping to win an interview. Rather accept resumes that communicate the hands-on experience using the technologies listed in your job requirements. Focus on resumes that show where and when the technology was used on the job. Keywords that show up in the bullets under job history summaries are better than keywords that show up at the top or bottom of tech resumes in the skills summary section.

Best Practices for Phone Screening

• Before starting see if anyone knows the potential candidate - There are many candidates in the market who have either a great reputation or a poor one. Time is precious and if someone is not "hirable" by your enterprise then do not waste your time.
• Rank the candidates before they are phone screened - Use the scorecard to rank the resumes and any know history about the candidates and then budget your time to spend enough time on a phone screen to find the candidates that are hirable.
• Know what the deal breakers are for the hiring manager - The focus of a phone screen is to weed out the unqualified applicants while selling the enterprise to the top candidates so that you invest time with onsite interviewees who are most likely to get offers. Validate that each candidate you pass on to the interview has the required capabilities, meets the salary and eligibility requirements, and wants to do this type and level of work.
• Experience counts - Focus on the on-the-job skills and job-specific accomplishments. What have they done, in what industry, with which technologies, on what kind of resources and team, over what kind of timeline?
• Motivation and mind set are important - In this economy, there is a greater risk of having candidates who just want or need a job and will say or do anything to get a position. Gain an understanding into what they loved about their current and past jobs and what they hope to find if they join your enterprise.  Ask this before you tell them all about your culture and resources.
• Protect your enterprise reputation - Just because there may be hundreds of applicants for every opening you have, build your reputation as an employer - one candidate at a time. Maybe several years from now you will be interviewing with the canidate or working with them in another compay. Even though you may be in the driver's seat, treat every candidate with respect. Follow the basics: start your phone interviews on time, ask fair, relevant questions, let them ask you a few questions, and always follow up.

- more info

Unlimited Web Access Puts Companies at Risk

When enterprises allow their employees to have uncontrolled free access to the web they run a serious risk that there will be misuse of the web. Web misuse has serious implications for your enterprise and its employees.  The implications are:

• Reduced productivity - If employees spend their time on social networking sites such as Tweeter they are not spending it doing their job.
• Data Leakage – Confidential and sensitive information could be transmitted to unauthorized individuals and competitors.  In addition, data that is covered by mandated privacy and security requirements (HIPAA and PCI-DSS) could be exposed.
• Security problems - Malware hides on websites and can install itself as users browse infected pages. One company reports that the number of new, malicious websites blocked each day by it nearly doubled (91 percent) in just one month.
• Legal risks - When users download inappropriate material to their computers, other employees may take serious offense. This in turn can create legal liabilities for enterprise and its managers.
• Wasted bandwidth - Internet connections cost money. If half of an enterprise’s bandwidth is taken up with non-work related traffic, the enterprise could be paying than they need to and the enterprise-critical communications could be running at half their speed capacity.
• Unlicensed software - When users download and install software from the internet, they create a legal risk. If an organization uses unlicensed copies of software, it may face a civil suit and company directors risk criminal penalties.
• Reputation risk - Social networking can create opportunities for employees to leak confidential information or spread damaging rumors online. Bad behavior by a single employee can reflect on the reputation of the whole organization.

- more info

Which IT Metrics are Important?

IT Metrics are not understood by many business executives.  What non-IT business execurives often focuses on is the one metric that they understand - the cost of IT.  This in turn leads to a continuous cycle of IT budget reductions.

Most IT metrics efforts lack relevance to the business and are not well linked to business outcomes. They tend to be IT focused, such as WAN availability or server downtime. It is difficult for the business to understand how these measures relate to its objectives, and they provide little insight into the value that IT delivers.

CIOs must create a scorecard that is:

• Relates to the enterprise and its management team. Server availability, network throughput, help desk call volumes, capacity utilization, and other IT operational metrics are not relevant to business executives. These types of metrics need to be translated into something enterprise management understands, such as availability of business applications or the cost to support a business area. The IT-operational metrics should be kept within IT unless they can be put in enterprise terms.
• Relates to the enterprise strategic and tactical objectives. Enterprise executives are concerned with introducing new products and services, improving customer loyalty and satisfaction, increasing gross margins, and growing market share. IT metrics must be linked directly to these enterprise objectives, specifically demonstrating how IT initiatives contributed favorably to improving them.

 

- more info

Can-Spam to be followed by m-Spam

A bill, the M-Spam Act, was just introduced in the US Senate aimed at attacking unsolicited commercial text messages sent to cell phones, also known as mobile spam.

The m-Spam Act would strengthen the powers of the Federal Communications Commission and Federal Trade Commission to fight mobile spam. The measure also would prohibit commercial organizations from sending text messages to cell phone numbers that are listed in the National Do-Not-Call Registry.

There is also increasing concern that mobile spam will become more than just an annoyance - the viruses and malicious spyware that are often attached to traditional spam will most likely be more prevalent on wireless devices through m-spam.  Mobile users in the U.S received about 1.1 million spam text messages in 2007, up 38% from the year before. In some cases, mobile subscribers have to pay up to 20 cents for each text message sent or received, although some mobile service providers allow their customers to block text messages in order to avoid spam.

- more info

Is Outsourcing the Right Thing to do?

Despite the anti outsourcing backlash, benefits from outsourcing are very tangible. The very fabric of American success lies in opportunity and innovation, making it very difficult for anyone or anything to paralyze its workers or its economy.  It does not matter to which industry an enterprise is in, outsourcing can bring tremendous benefits to any type of business.

Every minute your employees spend on an activity that does not directly add value to your enterprise's business strategy is a cost that can be saved.

CIOs must analyze their organizations' needs and find out if their businesses can outsource.  Questions that need to be asked and answered are:

• Is the enterprise finding it difficult to meet its customer needs?
• Does the enterprise want to maximize its impact in the marketplace
• Does the enterprise's IT function have managers who are not sure about what makes and what loses money?
• Is the enterprise experiencing constant challenges based on operational issues?
• Does enterprise lack the expertise to survive and grow?
• Does the enterprise have important nonrecurring project requirements but no resources to handle them?

If the answer is 'yes' to more than one question, then outsourcing may be in order for the enterprise. Outsourcing can help CIOs to efficiently deal with the challenges of today’s business climate. Outsourcing can help you to meet your customer needs on time, increase market presence, make the right decisions about product lines, overcome operational challenges, get access to expert services and benefit from professional resources who can competently handle your projects.

Some of the benefits of outsourcing are:

• Better performance and management
• Process maturity and scalability
• Efficiency and productivity
• Reduced capital and labor costs
• Operational efficiencies without capital investment
• Professional and skilled services
• Improved processes bring about improved customer satisfaction
• Gain a competitive edge with sophisticated technology and people

- more info

Cost of Certification to Meet Mandated Requirements

What is the cost of compliance to mandated security standards is a question that many CIOs need to answer as they adjust their budgets.  The cost fall into four areas:

• Internal resources - these costs include all business functions - management, HR, IT, facilities & security. These resources will be required during the implementation of the compliance requirements.
• Implementation costs - these costs include both hardware and software required to meet the mandated requirement.
• Consultancy and outsourced resources - these costs include all outside contractors, consultants, and service providers
• Certification costs - these costs include the ongoing costs that the business will incur after the implementation of the compliance requirements.  These costs will include internal resources as well as things like annual or quarterly certification verification services.

 

- more info

Challenges CIOs and CTOs face

With today's economic uncertainty, CIOs is faced with many new challenges including how to manage.  Janco has compiled a list of issues that are keeping may CIOs up at night.  They are:

• Economic uncertainty and management ambiguity on strategic direction are crimping the ability of CIO to plan effectively.
• Economic stakes are higher in many enterprises and there is significant conflict and competition for the limited resources that CIOs have at their disposal
• R&D, training, and certification programs have been at least cut if not all together eliminated limiting the ability of CIOs to understand the implications of new technologies and train staff in their application.
• Risk aversion has gotten hold and limits have been placed on many CIOs in their ability to implement new and innovative solutions - no longer are CIOs able to say they want to have a competitive advantage.  Rather they need to focus on survival of the enterprise.
• CIOs now are being told by senior management that they have to deal with what is "good-enough" versus what really will solve provide the right long term solution.
• CIOs do not know if the last cost-cutting directive or reduction in force program has been presented.  They are all asking, "Will there be another lay-off next month?" Staff morale is low, as IT professionals understand that their professional destinies are no longer in their own hands. 
• Best practices are now  "dirty words" in the executive suite.  Many senior executives do not want to hear about long term ROI, rather they want to know how short term expenses can be reduced.

With this as an operating environment, CIOs now have the most challenging environment to manage since the early 1980's.  

- more info

Most Security Breaches Caused by Lost or Stolden Devices

Most enterprises face data security breaches because of lost or stolen laptops, PDAs, SmartPhones, and USB storage devices.  Industry experts have found that:  

• Laptop and mobile device theft is experienced by 50% of security professionals (CSI, The 12th Annual Computer Crime and Security Survey, 2007)
• Every 50 seconds a laptop goes missing - and that is just at U.S. airports (Ponemon Institute, Airport Insecurity: the case of lost laptops, 2008)
• 85% of privacy and security professionals had at least one reportable breach in the past 12 months (Ponemon Institute, Enterprise at Risk: Privacy & Protection Survey, 2007)
• The cost of recovering from a single data breach now averages $6.3 million (Ponemon Institute, U.S. Costs of a Data Breach, 2007)
• 66% of data breaches involved data the victim did not know was on the system (Verizon, Data Breach Investigations Report, 2008)

- more info

Infrastructure Management is the Key to Recovery

Infrastructure management (IM) is the management of essential operational components, such as policies, processes, equipment, data, human resources, and external contacts, for overall effectiveness. Infrastructure management includes systems management, network management, and storage management.

Infrastructure management seeks to:

• Reduce duplication of effort
• Ensure adherence to standards
• Enhance the flow of information throughout an information system
• Promote adaptability necessary for a changeable environment
• Ensure interoperability among organizational and external entities
• Maintain effective change management policies and practices

All business activities depend upon the infrastructure, planning and projects to ensure its effective management. Investments in infrastructure management have the largest single impact on an organization's revenue.

- more info

Lost PCs Equal Security Breach

As the amount of information stored digitally on company servers, stationary computers and mobile devices such as laptops continues to escalate, protecting that information from public data breach is becoming a priority for IT and compliance departments.

A recent survey found that 75% of all corporate users were very concerned about the possibility that confidential information would be exposed and potentially misused. A further 60% were very concerned that the theft of a laptop computer would result in identity theft and nearly 25% said they would be willing to pay between $10,000 and $50,000 to have a stolen executive’s laptop returned to their organization. Despite the widely acknowledged link between laptop theft and nearly 50% of data breaches, the corporate users reported that a surprising number of mobile computers continue to go missing.

- more info

CIO Abilities Showcased

Successful CIO have the ability to providing an attractive environment, to improve recruiting and retention, to create a bias toward learning that adapts well to new business demands, to aligning the organization to the strategic goals, and to having a cadre of strong leaders are the elements of the desired culture.

   

Expanding business demand meets a constrained workforce. According to published research, IT is seeing increasing demand from the businesses it supports. Overall budgets are expected to increase by 8% in 2008, and this translates into a much greater increase into project investments.  At the same time, demographics are resulting in a shrinking labor pool. This is creating a supply/demand imbalance that is making it harder to hire and meet this expanding business demand, especially in the more sought-after skill areas.  Driving this is:

• The rate of change is increasing and accelerating. Both business and technology change continues to increase at accelerating rates. This requires an adaptable workforce and expectations that IT staff has business, technology, and communications skills to meet its strategic priorities.
• IT too frequently is not perceived as a viable career. The dot-com bust coupled with a shift toward more outsourcing and off shoring has led to a lower perception of IT as a viable career. The number of university students pursuing a computer science or related degree has dropped by a third since the beginning of the decade.  The reality is that for many skills there is significant demand. There is a need to change this image and reverse the trend.  Key to these efforts is creating a positive culture to get the most out of people, encouraging them to recruit others, retaining the best, and developing positive relationships.

- more info

IT Service at Risk

IT Service Management has increased importance, as more organizations are requiring CIO to do more for less.  Best practices are followed by successful CIOs and IT organizations as they continue to address infrastructure issues with reduced staffs and budgets.  Their focus is:

1. Have an IT Infrastructure that supports IT Service Management. Customers (users) evaluate Information Technology based on their perception of the service provided and its associated costs. This perception of service quality depends upon a number of soft factors such as timeliness of responses, impact of service outages, and quality of communications and between IT and users. Best practices include:

• Metrics for aimed to show productivity of IT Service Management function
• Service Level agreements that are tied to enterpriser operational performance
• Documented policies and procedures which are followed
• Diagnostic processes and tools to provide early warnings when things start to go wrong

2. Have a cost tracking (chargeback) system that is understood. While reliability is a key measure of IT Service Management, cost is a close second.  In addition to understanding the cost structure of IT, CIO must be able to explain the cost drivers and what you are doing to improve productivity and reduce costs while maintaining quality and reliability.  Best practices include:

• Defined system development and operation methodology which includes change control and version control
• Quality assurance function and responsibilities defined
• Change and version control management tools

3. Have the ability to change the organizational and application infrastructure while continuing to provide quality service.  IT operations must provide consistent stable operations – networks, servers, applications, workstations, email, and telephony systems must be up, functional, and be invisible to the operation of the enterprise.  Best practices include:

• Clear organizational responsibilities and accountabilities
• Review processes (meeting and reports) with IT and users to discuss performance
• Published service level definitions with expectations

4. Have defined policies and procedures in place for change management and service management.  Users need a clear and understandable set of rules of how to work with IT: how to request services, who is responsible for the quality of the services, and what information and status they should expect from you? Best practices include:

• Documented policies and procedures which are followed
• Feedback loops which highlight strengths and weaknesses
• Open approach that allows for changes to policies and procedures and unlocking new ways to get thing accomplished

5. Have a courteous and well trained IT staff.  In these troubled times it is easy to overlook the quality of your staff as a factor in your continuing success.  Best Practices Include:

• Formal training program for both users and IT staff that has as its focus change control, version control, IT Service Management
• Adequate staffing levels during periods required by users
• IT staff that can communicate effectively with users using user terms not IT scripts

 

- more info

Definition of a Strong CIO

CIOs that have successfully save strategic projects and  survive in these difficult economic times are realistic about what is strategic and what is not. Typically, these CIOs have the following characteristics.

• They have credibility with their organizations. These CIOs are good stewards of their resources, work well with other executives, and demonstrate a willingness to make sacrifices for the common good.
• They are smart about the design and structure of the project. In addition, they are willing to adjust timing, scope or costs to fit the economic environment.
• They are assertive. They can make a case to convince others of the merits of keeping a project.

Even having these characteristics, they often have a fight on their hands.  However, they can build a strong business case.

 

- more info

Cost of Data Breaches Continues to Increase

The cost per record of a data breach has gone from $138 in 2005 to $202 in 2009 according to the Ponemon Institute in its fourth annual U.S. Cost of a Data Breach Study. 

Other key findings from the study include the following:

• Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
• Healthcare and financial services companies experienced the highest churn rate - 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
• Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
• More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 - meaning that companies are becoming more experienced in managing breaches over time.
• More than 88% of all cases in this year's study involved insider negligence.
• More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
• The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.  

- more info

Massachusetts Data Protection Deferred

Massachusetts has deferred the deadline for compliance with it latest data security and breach legislation (download PDF) which protects the personal data of Massachusetts residents until January 2010.  The rules apply at all companies that handle the personal data of Massachusetts residents, whether they are based in the state or not.  The rules require companies to

• Limit the amount of data they collect
• Have written security policies
• Maintain a detailed inventory of all personal data, whether it is stored in computers, archived on tapes or kept in paper files.
• Have in place adequate physical and technical security controls for safeguarding protected data and properly authenticating users who are given access to the information.

Included with the latest deferral, Massachusetts regulators also removed a requirement mandating that companies get third parties with access to customer data to attest that they were compliant with the regulations as well. The old provision also required third-party services providers to include language in their contracts specifying that they were willing and able to comply with Massachusetts security rules.  With this latest revision, companies only have to take "reasonable steps" to verify that any third-party providers with access to personal data have the ability to protect the information through measures that are comparable to the ones spelled out the Massachusetts regulations.

- more info

Record Managemet Policy

The Record Management, Retention, and Destruction is a detail policy template which can be utilized on day one to create a records management process.  Included with the policy are forms for establishing the record management retention and destruction schedule and a full job description with responsibilities for the Manager Records Administration.

- more info

Added Responsibility for the CIO

McKinsey presented issued a challenge for senior executives to commit to implementing new approached to managing data centers and energy consumption.  The challenges are:

• Improve and integrate asset-management capabilities in the data center.
• Include the true total cost of ownership in business-case justifications for adding facilities or applications to the data center.
• Formally move accountability for data center facilities and operations expenses to the CIO and appoint internal energy czars with operations and technology mandates to double IT energy efficiency by 2012.

As energy costs seesaw wildly and public concern over the environment grows, data centers are now seen as an expensive luxury that needs to be controlled. CIOs find themselves on the hot seat, asked to account for the huge energy costs their systems incur.

The question arises, should CIOs get ready to add "energy czar" to their list of job roles? McKinsey has called on companies to move accountability for facilities operations to the CIO and to appoint an internal energy czar to better focus on the true cost of data center ownership, which includes both equipment and facilities expenses.

- more info

Cost Cutting to Hit Mobile Device Market

Smart phones made up about 14% of all mobile devices shipped globally in 2008 and should increase to more than 17% of the total in 2009. This data is from a study by ABI Research Inc. in New York.

Janco Associates forecasts that the fall will continue and in some case accelerate.  They also said that in private meetings with Verizon employees, the employees said that the internal projections for the next few quarters is "bleak at best".

- more info

Data Loss Can be Prevented

 
Power outages are the most common driver in the events that disrupt IT systems. A PW study shows:

• 34 percent of companies take more than a day to recover.
• 10 percent of companies take more than a week.
• It can take up to 48 hours to reconfigure a network.
• It can take days or weeks to re-enter lost data.
• 90 percent of companies that experience a computer disaster and don't have a survival plan go out of business within 18 months.

The risk of a massive weather disaster like hurricane Katrina is slight. Only three percent of data loss incidents are caused by site disasters. Computer viruses only account for seven percent of data loss incidents. The most destructive influences on data centers actually come from much more mundane causes: software error (14 percent), human error (32 percent) and hardware failure (44 percent), frequently triggered by power problems, including power failure, power sages, power surges, brownouts, line noise, high voltage, frequency variation, switching transients and harmonic distortion.

That means that the greatest risks of data loss or system damage in controllable.

- more info

Industry Standards for Security Continue to Expand

In response to high-profile security breaches certain industries have also come together to create their own sets of guidelines, as demonstrated in the following examples. Several of the standards have an international remit, highlighting the extent of the problem.

• Credit cards - The PCI DSS (Payment Card Industry Data Security Standard) is one of the most well known standards governing the handling of information relating to credit card transactions. It was created by major credit card companies, including MasterCard and Visa, in response to increasing credit and debit card security threats, and is designed to prevent credit card fraud, hacking, and other risks.
• IT governance - CobiT (Control Objectives for Information and related Technology) is an internationally accepted set of best practices for developing appropriate IT governance and control in a company.
• Financial - Basel II is an international business standard that requires financial institutions to maintain enough cash reserves to cover risks incurred by operations.
• Security Center for Internet Security (CIS) is a not-for-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS Benchmarks is a set of system hardening configuration settings and actions accepted by many auditors for compliance with a number of regulations, including HIPAA and Sarbanes-Oxley.
• Standards ISO (International Organization for Standardization) forms a bridge between the public and private sectors and is the world’s largest developer and publisher of International Standards with 157 member countries.

- more info