Janco Associates, Inc.

Disaster recovery and business continuity still a struggle for many CIOs

Webmaster — Thu, 02 Feb 2012 16:27:57 -0700

Organizations of all sizes are struggling with getting some of the basics of disaster recovery and business continuity right. They still need support in obtaining executive buy-in, managing resources and implementing easy to use and reliable technology. To some extent, there is still a lack of best practices being provided by vendors, and many SMBs rely heavily on their channel partners to be their best practices advisors to help them make the right choices.

What has made the world more complex is the fact that organizations are now presented with three different platforms for their disaster recovery strategies: physical, virtual and cloud. Each platform has its own unique challenges and benefits. Some organizations will opt to keep purely physical, others will add virtualization while many will embrace all three.

Ultimately the success of any company's backup and DR is based on the availability of its systems and data and the impact that downtime has in terms of lost revenue and lost customers, regardless of the environment data and systems are held in. Using multiple different solutions to manage data across physical, virtual and cloud environments makes this process unnecessarily complicated and risks wasting valuable time and resources.

For most small to medium size businesses, a service's success is underpinned by its ability to deliver ease of use, cost effectiveness and flexibility, and by its ability to implement measures quickly enough to affect a near immediate positive impact. Both cloud services and virtualization can do this, so the future is bright. Managed in the right way, from one central, easy to use solution, they can offer businesses the ultimate backup and disaster recovery protection, ensuring that business continuity becomes easier to manage.

For IT managers, Janco encourages them to compare their backup and DR practices against their counterparts.

Mobile devices are the bane of many CIOs concerns

Webmaster — Fri, 27 Jan 2012 09:22:21 -0700

As more companies embrace the broad usage of individually-owned mobile devices for access to corporate applications and data, CIO are asked for guidance on the establishment of an associated device usage policy.

Every organization needs to identify and develop mobile security policies to be deployed which will provide adequate protection. The level of protection has to be aligned with the level of risk that your organization is willing to accept. These policies should ensure that the many regulatory or compliance concerns that might be applicable are addressed.

Only by a partnership of information technology (IT), human resource (HR), finance, and legal teams - working closely with your executive team and business unit managers - can determine the exact corporate liable and/or individual liable policy that best fits your company, meets its financial goals and objectives, and takes into account security, legal, regulatory, tax, or other requirements and considerations that may uniquely apply to your company and its operations.

Will IT spending increase in 2012

Webmaster — Sat, 14 Jan 2012 10:34:28 -0700

IT spending is expected to increase in 2012. After years of budgets crimped by the economy, there is significant pent-up demand at companies around the globe to drop some extra cash for the products and services theyve been waiting for to drive business forward. But weve heard this song before. One research fiorm that was bullish on IT spending last year, said that it could rise somewhat significantly in 2012, yet in its latest report the research firm acknowledges that its estimates might have been too optimistic. Global spending on IT spending will still be up, the company says, but dont expect it to rise too quickly.

Janco has found that consultants and contractors are starting to be hired again.

The salary survey is updated twice a year; once in January and then again in July. You can get a free copy of the full survey if you provide 10 valid data points and use a corporate email address. Free email accounts like gmail or yahoo do not qualify as we have no way to verify the accuracy of the data provided.

The report is updated twice a year, once in January and second time in July. The unemployment data on this page is updated at least once a month and is based on the Bureau of Labor Statistics data.

New Facts of Life For the CIO and IT Management

Webmaster — Sun, 08 Jan 2012 15:43:14 -0700

The world has changed and the CIO and IT managers need to face the new realities. They include:

iPhone and Tablet are here to stay
CIO and IT department no longer are in control of how technology is used by you enterprise
There will always be some downtime
Systems will not be 100% compliant all of the time
The cloud will not be the solution for all problems and will case new ones
There will never be enough capital and staff to get what needs to be completed done
The network has already been compromised
Social networking use risks all of your company's secrets
Users will always need your support even for technology that you have not implemented
IT will continue to be viewed as a service organization

Compliance Best Practices

Webmaster — Wed, 04 Jan 2012 07:48:49 -0700

Security compliance best practices include:

Combine written content, usage, and retention policies with a Hosted Managed Email Archiving Service to ensure an organization's ability to preserve, locate, and produce legally valid email evidence. Unmanaged email and other record management solutiond can trigger financial, productivity, and legal issues for your organization when it a finds itself in a workplace lawsuit. The cost and time required to produce subpoenaed email, retain legal counsel, secure expert witnesses, mount a legal battle, and cover jury awards and settlements is ver costly. Best practices call for a proactive approach to email and business records management.
Utilize a proven archiving technology to ensure forensic compliance. For example, by encrypting and archiving a copy of every business record and internal and external email sent or received and across the organization, a Hosted Managed Email Archiving Service solution guarantees that your email is secure and tamperproof. Nothing in your archive can be deleted or altered. Everything in your archive is legally compliant.
Ensure that financial data and related documents are effectively protected from malware, viruses, and other malicious intruders - and are preserved in a legally compliant manner in order to maximize SOX, GLBA, SEC, FINRA, and PCI DSS compliance. This includes having solutions in place to manage messaging threats and compling with regulatory requirements including Email Anti-Virus, Email Archiving, Email Continuity, and Email Content Control.
Meet HIPAA requirements by using formal policies, employee training, and technology including email
Archiving, Anti-Virus, Continuity, and Content Control Services to ensure compliant use of email to transmit and store HIPAA-regulated patient information.
Safeguard personal or sensitive data whose transmission falls under state encryption laws or other privacy acts by deploying proven solutions that are designed to effectively identify personal information in any electronic transmission and, if necessary, block or encrypt the transmission.
Reduce business and security risks associated with electronic communication by implementing a formal electronic communication policy that combines a written policy with employee training.

Where not to hide your password and user ids

Webmaster — Fri, 23 Dec 2011 14:40:48 -0700

With dozens of logins and passwords spread out across an equal number of sites and apps, it's no wonder the average user tends to forget them. Even with a tried and true system for generating memorable but complex passwords, the formula could easily fall apart if you just can't remember it.

So rather than continually clicking the "Forget Your Password?" help link, folks are readily hiding login information around their computer station.

And given that there's little variety in those secret locations, "hiding" might be a stretch. The most common locations where folks hide their login info are:

Under the keyboard
Under the phone
Under the mouse pad
On the monitor
In the top drawer
Under the desk

CIO Mission Defined

Webmaster — Wed, 14 Dec 2011 13:52:18 -0700

The CIO's mission is to find innovative ways to leverage the technology in place - or will be in place - to help grow the business and execute better. That is a fundamental shift because it requires the CIO to be much more of a business partner. At the same time with tight corporate budgets, the CIO is expected by the enterprise to make the right calls around acceptable risk and smart investment while still reducing overall IT costs.

The CIO is expected not only to provide the internal strategic focus in terms of the needs that exist within the business to support the mission of the company, but in many cases the CIO is asked to step up and be part of revenue generation for the company. It is more about understanding the business and the strategic goals of the business - how technology can be applied in a cost-effective way that helps move the business forward.

IT Loses 10,000 Jobs

Webmaster — Wed, 07 Dec 2011 07:39:13 -0700

IT sector lost 3,900 jobs, including 2,900 telecom positions

The struggling U.S. economy had something to cheer about Friday as the U.S. Labor Department reported a drop in the unemployment rate, but the IT sector isn't benefitting.

Unemployment in November fell from 9 percent to 8.6 percent, the Labor Department's Bureau of Labor Statistics (BLS) announced, and nonfarm payroll employment rose by 120,000. That's the lowest unemployment rate in 2 1/2 years since March 2009, according to The Washington Post.

The government noted improvements in such industries as retail trade, leisure and hospitality, professional and business services, and health care.

The IT sector wasn't so fortunate: It lost 3,900 jobs, including 2,900 telecom positions, Janco Associates announced, citing BLS statistics. The IT sector lost 5,100 jobs in October, according to Janco Associates.

Cost of data based fraud increases

Webmaster — Thu, 10 Nov 2011 17:23:31 -0700

Fraud cost organizations 2.1 percent of earnings in the past 12 months, which is equivalent to a week of revenues over the course of a year in a recent survey that polled more than 1,200 senior executives worldwide.

The study found a decline in the frequency of fraud over last year. Of the executives polled, 75 percent suffered some kind of fraud-related loss in the last 12 months, which is down from 88 percent the year prior.

However, fraud remains predominantly an inside job and insider jobs increased this year. The 2011 figures show that 60 percent of frauds are committed by insiders, up from 55 percent last year.

Keep in mind these are only the cases in which the perpetrator is known. And that translates into more concern among executives. Overall, fraud concerns among executives around the globe rose approximately 15 percent led by information theft and corruption and bribery. Half of all companies surveyed said they are moderately to highly vulnerable to information theft, up from 38 percent in 2010. IT complexity is the leading cause of increasing fraud exposure, cited by 36 percent of respondents compared with 28 percent last year.

Compared to just 10 years ago, more and more the value of a company is not contained in tangible things, it's contained in the company's ideas, and those ideas tend to live on information systems in the form of digital data. "

Indeed, information-based industries reported the highest incidence of theft of information and electronic data; including financial services (29 percent), technology, media and telecoms (29 percent), health care, pharmaceuticals and biotechnology (26 percent), and professional services (23 percent).

Roughly one in four companies were hit by physical theft of cash, assets and inventory or information theft, both down from 2010. Management conflict of interest (21 percent), vendor, supplier or procurement fraud (20 percent), and internal financial fraud (19 percent) all saw notable increases. The incidence of corruption and bribery nearly doubled over the past year from 10 to 19 percent.

The policies that Janco has created are a must have that every enterprise needs. They can all be accessed by going to the Policy Master Page or the individual policies can accessed directly by clicking on the links below.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically. A totally solution that uses technology at its best.

CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

CIOs are losing the contol battle with SmartPhones

Webmaster — Wed, 09 Nov 2011 15:59:50 -0700

Smartphones are now finally on the CIO agenda and, in fact, one of the most difficult topics: there are a variety of different platforms; employees are bringing their own phones to work; applications can compromise security; and the monthly costs are unpredictable.

With an increasing number of individually acquired smartphones, IT departments need to be defining their strategy for dealing with these devices. A process needs to be defined that is cost effective and helps CIOs manage the challenges of security, cost and IT control while balancing the needs of employees.

IT is losing control of smartphones and yet retaining all the accountability.

Other Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy