Janco Associates, Inc.

Quality Contol Disaster Recovery Survey results

https://twitter.com/@itmanagercio — Fri, 17 May 2013 16:37:05 -0600

Continuity Central survey asked the following question: "Does your organization have clear processes or methods for the quality control of business continuity plans and systems?"

66.1 percent of the 218 respondents to the survey answered Yes
28.4 percent answered No.

Of those who said that their organization did not have clear processes or methods for the quality control of business continuity plans and systems the top reasons given so far are:

28.8% - Are still developing our first business continuity plan
20.3% - It is too complex to carry out
16.9% - It is not required or necessary
8.5% - It is too expensive to carry out

Respondents whose organization did undertake business continuity quality control were asked to list the quality processes and methods that are in place.

82.9% - Auditing by an internal audit process
74.4% - Align to a business continuity standard
55.6% - Defined Key Performance Indicators which we monitor and measure
46.2% - Auditing by an external audit process
24.8% - Benchmark against a Maturity Model
23.1% - Benchmark against industry peers (e.g other companies in the same industry sector)
19.7% - Formal certification to a business continuity standard

To achieve these goals for Information Technology Janco has combined some of its most popular products to help CIO and IT organizations to meet the most strigent Quality Asssurance and Contol Standards.

The Quality Assuarance and Quality Control Bundle includes:

CIO top 5 hot topics

https://twitter.com/@itmanagercio — Wed, 15 May 2013 14:16:02 -0600

Hot topics for CIOs

Read on - Chief Information Officer(CIO)

Disaster Recovery versus Business Continuity

https://twitter.com/@itmanagercio — Tue, 14 May 2013 16:55:32 -0600

Disaster Recovery is the process of fixing a failing, degraded or completely damaged infrastructure. For example, the 2nd floor of a building was on fire; the fire is now out so the initial crisis is over. Now the damage caused by fire must be dealt with; there is water and smoke on the 2nd floor, the 3rd floor has damages caused by smoke and the 1st floor has water damage. The cleanup, replacement of furniture, repair of the building and its structure, painting, plastering, etc. are all part of the disaster recovery plan.

On the other hand, Business Continuity is how you continue to maintain critical business functions during that crisis. Back to the example, when the fire started, the alarm went off and people were evacuated from the building. Let say you had a Call Center on the 2nd floor and this just happens to be a critical area of your business. How would you continue to answer calls while people are being evacuated? How would you answer calls while the building is being inspected, repaired or rebuilt? Keeping the business running during this time is Business Continuity.

Chief Mobility Officer is challenged to address mobile threats

https://twitter.com/@itmanagercio — Thu, 09 May 2013 13:29:50 -0600

One of the reasons why a corporation would want to create an office of the chief mobility officer is to improve coordination of mobile initiatives.

In the past few yeas social media and mobility have become an integral part of our professional and personal lives, and is used for much more than just talking to other people. One study last year found that mobile users spent almost 50 percent more time using their mobile devices for social networking than for phone calls.

Social media applications are more popular than ever, reflecting users preference to access the web on their mobile devices. Data shows that 73.6 percent of iPhone users actively connect to Facebook using the Facebook application for iPhone, and the Android version of the application has a 30 percent higher penetration rate. In January of 2013, the number of total mobile Facebook users was 680 million.

It is clear that those who treat mobile threats, email threats, web threats and other cyberthreats as separate and distinct risks are at greater risk than those who adopt a more holistic and integrated security posture. Security solutions that focus solely on mobile, email, web threats or similarly siloed security approaches can no longer be trusted to defend against complex, multistage attacks that can move between attack vectors.

Chief Mobility Officer Job Description Released

https://twitter.com/@itmanagercio — Thu, 02 May 2013 15:08:01 -0600

Just released full job description for the Chief Mobility Officer hits all of the targets for this position.

A Chief Mobility Officer is needed to direct the development and revisions to policies and procedures for the general operation of the mobility initiatives and its related activities. Some of the responsibilities of this role include:

Gaining visibility into the compliance of remote devices
Managing network security and sensitive information
Defining OS platforms and devices to support
Setting mobile policies
Managing BYOD
Resolving help desk incidents and problems
Ensuring compliance and producing audit trails
Supporting connectivity and Wi-Fi access
Installing and updating software
Approving applications available via the firm's application store
Enforcing mobile policies
Managing device security

Read on...

Two factor authentication soon to be a standard

https://twitter.com/@itmanagercio — Thu, 18 Apr 2013 09:24:30 -0600

Complex passwords are very difficult to guess or even crack using commonly available code breaking software. Password complexity is often built on the length of the word and the difficulty one has in guessing it. The more complex a password you create, the more secure you are making your data. Passwords that feature uppercase and lowercase letters, numbers, and characters are much more challenging for a hacker to crack. Integrating numbers and characters into phrases also helps guard against dictionary attacks. However that often is not enough.

With two-factor authentication, a user logging in to a service or device supplies a second piece of information in addition to a password, thus making it impossible for another party to gain illicit access to the user's accounts without all the separate pieces of information.

Following similar initiatives by Apple, Google and Facebook, Microsoft is enabling two-factor authentication for its Microsoft Account service, the log-on service for many of its online and desktop products.

Microsoft is implementing additional verification methods such as a short code sent to the user's mobile phone, which is then entered in addition to the password, or by asking the user to supply additional information, such as an alternative email address.

Will Boston Events Impact CISPA

https://twitter.com/@itmanagercio — Tue, 16 Apr 2013 14:26:28 -0600

Many organizations fail to realize the benefits of security information management due to the often exhaustive financial and human resource costs of implementing and maintaining the software. However, Janco's' Security Manual Template - the industry standard - provides the infrastructure tools to manage security, make smarter security decisions and respond faster to security incidents and compliance requests within days of implementation. The template provides a framework for evaluating SIM services and shows how they could be applied within your organization.

A statement from the White House National Security Council expressed support for CISPA's broad goals but stressed the importance of having adequate privacy protections built into the legislation.

"We continue to believe that information-sharing improvements are essential to effective legislation," NSC spokeswoman Caitlin Hayden said in an emailed statement on Thursday afternoon. "But they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections."

BYOD adds a level of complexity to disaster recovery plans

https://twitter.com/@itmanagercio — Thu, 11 Apr 2013 13:28:12 -0600

Assuming security issues associated with a bring your own device (BYOD) policy have been formalized in your disaster recovery policy, the BYOD policy should then include provisions to have the intellectual property contained in the personal device backed up at a prescribed frequency, such as daily or twice per day, using an automated backup tool.

However you need to be aware of what tools do not back. Forexample Carbonite does not backup .exe files -- your executable programs. So if you lose your device you have to either re-install them or get them from another source.

The BYOD policy may stipulate that replacement of approved devices from a disaster is the responsibility of the owner. It may state that the company may capture and retain a full image of the user's system at a secure location (e.g., cloud-based backup service) for recovery if the device is damaged or lost.

Hiring Stalls As CIOs Become More Concerned About Recovery

https://twitter.com/@itmanagercio — Sun, 07 Apr 2013 16:36:39 -0600

The latest BLS data shows a slowing in the rate of job creation in the IT job market. The CEO of Janco Associates said, "According to BLS there were only 5,400 jobs created for IT professionals down from 9,800 created in January. The impact of "sequester" has been felt by many. At the same time more people continue to leave the job market even as the published unemployment rate falls."

Janco's says, "For the first time since the dot com bust Janco's metrics show that hiring by CIOs is at a standstill there is a high degree of uncertainty in the economic climate"

HIPAA disaster planning

https://twitter.com/@itmanagercio — Fri, 29 Mar 2013 15:31:27 -0600

With cloud computing, disaster recovery has become very cost-effective. Health care data can be backed up off-site or hosted in a highly-available environment that maintains data integrity in the event of a disaster. Also, redundancy can also be delivered in the cloud server platform to provide failover protection.

HIPAA Compliant Hosting to medical and health care facilities throughout the country.

Disaster Recovery and Business Continuity Recent Posts on blog.e-janco.com

https://twitter.com/@itmanagercio — Thu, 14 Mar 2013 06:20:40 -0600

Disaster Recovery and Business Continuity Recent Posts:

Life cycle for business continuity and security breaches are the same When a security breach or business interruption occur, the life cycle from the start to the end are the same. First and foremost you must...
Top 10 Reasons Compliance of Business Continuity Fails Testing is key to business continuity compliance with ISO 22301 Compliance and business continuity management are closely inter-related - ISO 22301 is just one of...
Top 10 Predictions for Disaster Recovery and Business Continuity 10 Disaster Recovery - Business Continuity Predictions for 2013 Disaster Recovery vs Business Resilience There will be a move from an academic discussion to practical...
Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...
High Availability Versus Disaster Recovery High Availability High Availability is when a machine that can immediately take over in case of a problem with the main machine with little down...

Disasters Happen -- Business Continuity Disaster Recovery

How do you balance the business continuity disaster recovery risk and investment equation? Is the potential risk greater than the investment? The facts are:

43% of companies experiencing disasters never reopen, and 29% close within two years.
93% of businesses that lost their data center for10 days went bankrupt within one year.
40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.

Cloud based disaster recovery

https://twitter.com/@itmanagercio — Tue, 12 Mar 2013 16:48:15 -0600

Cloud Disaster Recovery and Security

The right way to evaluate the quality of your system and data protection is to evaluate the Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These metrics define how long you think it will take you to get back online and how current the data has to be.

Cloud-connected backup is a solution that can save time, money and ultimately improve ability to maintain business continuity in the event of a disaster. For that reason, the cloud is sold as miracle solution, causing some to wonder, "is this just a lot of hype?" People want the truth about how much the cloud can contribute to a comprehensive and reliable business continuity solution.

The cloud is not magic and there are things it can't do. It can't develop your customers' business continuity plans for them. The cloud cannot replace equipment that was damaged, and the cloud cannot create a new office if their workspace was destroyed.

Despite the cloud's inability to build your customers new office furniture, it is invaluable when you need to help them quickly and reliably recover data and systems. It can get them up and running faster, and for less money than it would cost to operate a hot site. A fail-proof cloud-connected disaster recovery backup solution with top-notch customer service provides a definitive edge for business resiliency and continuity.

Security risks faced by most organizations

https://twitter.com/@itmanagercio — Fri, 01 Mar 2013 09:42:56 -0600

Security study by Ponemon finds:

Employee-related incidents of fraud are occuring weekly in many organizations.
Two Thirds say the risk of insider fraud is very high or high within their organizations.
CEO's and other C-level executives may be ignoring security threats
Most insider fraud incidents go unpunished, leaving organizations vulnerable to
future such incidents.
The greatest threats to security from insider fraud are mobile devices, outsourced relationships (including cloud providers) and applications.
Most do not believe their organization has the appropriate technologies to prevent or quickly detect insider fraud, including employees misuse of IT resources.

Top 10 Predictions for Disaster Recovery and Business Continuity 10 Disaster Recovery Business Continuity Predictions for 2013 Disaster Recovery vs Business Resilience There will be a move from an academic discussion to practical...
Released CIO IT Infrastructure Policy and Procedure Bundle Update CIO IT Infrastructure Policy and Procedure Bundle Janco has announced an update to the CIO IT Infrastructure Policy and Procedure Bundle report to their offering....
Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are not considered spam. Below is a sample of a letter...
Released BYOD Policy Template Bring-Your-Own-Device BYOD Policy Template Janco has announced an update to the BYOD Policy Template Bring-Your-Own-Device. BYOD Policy Template Includes an electronic form for employee agreement...
Life cycle for business continuity and security breaches are the same When a security breach or business interruption occur, the life cycle from the start to the end are the same. First and foremost you must...

Clear Policies Support CIOs Goals

https://twitter.com/@itmanagercio — Mon, 18 Feb 2013 10:13:21 -0600

Written policies represent the only way for CIOs and the executive management team to clearly communicate the way it would like employees to conduct the business of the organization. Without well-managed policies, companies are left to ad-hoc decisions made unilaterally. Research shows that well-run companies suffering the least loss of sensitive data and IT downtime have strong policy management programs. However, most organizations do not have a policy management solution which provides end users with easy access to policies.

Top 10 Predictions for Disaster Recovery and Business Continuity 10 Disaster Recovery - Business Continuity Predictions for 2013 Disaster Recovery vs Business Resilience - There will be a move from an academic discussion to practical...
Released CIO IT Infrastructure Policy and Procedure Bundle Update CIO IT Infrastructure Policy and Procedure Bundle Janco has announced an update to the "CIO IT Infrastructure Policy and Procedure Bundle" report to their offering....
Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are not considered spam. Below is a sample of a letter...
Released BYOD Policy Template - - Bring-Your-Own-Device BYOD Policy Template Janco has announced an update to the "BYOD Policy Template - - Bring-Your-Own-Device". BYOD Policy Template Includes an electronic form for employee agreement...
Life cycle for business continuity and security breaches are the same When a security breach or business interruption occur, the life cycle from the start to the end are the same. First and foremost you must...

Aftermath of blizzard of 2013

https://twitter.com/@itmanagercio — Sat, 09 Feb 2013 11:09:03 -0600

The "Blizzard of 2013" -- the 100 year storm blanketed the east coast with over 3 feet inches of snow on top of hurricane Sandy. Many potential IT disasters from this blizzard were saved by the fact that it happened over the weekend.

CIOs then had to be concerned about the potential damage from extended power outages, roof collapses from the weight of the snow, and water and other related potential damages from the aftermath of the event. Adding to that the damage from Sandy still had not been completely repaired.

Many CIO had a well executable I/S disaster recovery plan in place but did they activate it on time?

Was all of the financial data is intact?
Did the relocating to an alternate site go well?
Could operations begin on Monday morning as expected?

Security and Ethics collide

https://twitter.com/@itmanagercio — Fri, 08 Feb 2013 15:15:46 -0600

According to a new report by Symantec, half of the employees who left or lost their jobs in the last 12 months kept confidential corporate data, and about 40 percent plan to use it in their new jobs.

They found that companies often do not take steps to address data leakage. Only 47 percent of respondents said their organizations take action when employees leave with sensitive information in violation of company policy. In addition, 68 percent said their organization does not take steps to ensure employees do not use confidential competitive information from third parties. Employees on the other hand say:

62% they consider it acceptable to transfer work documents to personal computers, tablets, smartphones or online file-sharing applications, with the majority never deleting the data they've moved because they see no harm in keeping it.
44% believe a software developer who develops source code for a company has some ownership of his or her work and inventions.
56% do not believe it is a crime to use a competitor's intellectual property, and
42% do not think it is wrong to reuse the source code in projects for other companies without permission

Version 7.4 of the Disaster Recovery Plan Released

https://twitter.com/@itmanagercio — Mon, 28 Jan 2013 19:23:51 -0600

Janco has just released version 7.4 of it Disaster Recovery Business Continuity Template. Updates to the template have been:

Version 7.4

Updated Recovery Site Strategy for Cloud
Updated CSS Style Sheet for black and white printing

Version 7.3

Updated to include Version 1.3 of the Disaster Recovery Business Continuity Audit Program

Version 7.2

Updated responsibilities for team members
Added Safety Program references in the core template
Added Electronic Safety Program Forms

Area Safety Inspection
Employee Job Hazard Analysis
First Report of Injury
Inspection Checklist Alternative Locations
Inspection Checklist Office Locations
New Employee Safety Checklist
Safety Program Contact List
Training Record

Version 7.1

Updated graphics
Updated Business Analysis Impact Section

Version 7.0

Updated for compliance with ISO 22301
Added Electronic Forms for Disaster Recovery and Business Continuity Plan Management
- Plan Distribution Control Log
- Remote Location Contact Information
- Team Call List
- Vendor Contact List
- Off-Site Inventory
- LAN Hardware / Software Inventory
- Personnel Locations

Disaster Recovery Business Continuity framework defined

https://twitter.com/@itmanagercio — Mon, 21 Jan 2013 16:27:54 -0600

Janco's Disaster Recovery Business Continuity template includes the framework, process, procedures and tools necessary to:

Manage a coordinated incident response
Maximize personnel protection
Reduce risk of data loss
Oversee the recovery effort defined by critical business needs
Continually slution based on proven experience

The most common problem with many Disaster Recovery Business Continuity solutions is the lack of governance integration between BC and DR. This often leads to disconnected initiatives, as well as misalignment of business direction and technology strategies, which could hinder timely recovery after a disruption.

Establishing an integrated governance model for a Disaster Recovery Business Continuity plan is not a simple undertaking. According to the a recent study:

17% say their organizations do not have a Disaster Recovery Business Continuity program in place, and of the organizations that do have a Disaster Recovery Business Continuity program
Only 25% believe that their programs reflect a leading practice approved by senior management with defined standards and guidelines, roles and responsibilities and tools and techniques.
Studies show that two out of five businesses that experience a disaster go out of business within five years. For organizations that can effectively respond to and manage a disaster, a critical success factor is strong commitment from senior executives and the establishment of a Disaster Recovery Business Continuity governance process

BYOD policy updated to meet DR and BC requirements

https://twitter.com/@itmanagercio — Fri, 18 Jan 2013 03:32:38 -0600

Bring Your Own Device Policy - BYOD Policy- updated to to meet Disaster Recovery, Business Continuity and Corporate Intellectural Property Requirements.

Assuming security issues associated with a bring your own device (BYOD) policy have been formalized in your disaster recovery policy, Janco's BYOD policy includes provisions to have the intellectual property contained in the personal device backed up at a prescribed frequency, such as daily or twice per day, using an automated backup tool.

The BYOD policy stipulates that replacement of approved devices from a disaster is the responsibility of the owner. It also states that the company may capture and retain a full image of the user's system at a secure location (e.g., cloud-based backup service) for recovery if the device is damaged or lost.

BYOD takes off

Webmaster — Wed, 16 Jan 2013 16:41:25 -0600

Wireless service providers are aware of the growing trend of bring your own device (BYOD) programs among businesses, according to a survey sponsored by a customer services provider, but results indicate the need for converged business and operational support systems (B/OSS) to provide an end-to-end view of the customer. Nearly three-quarters (73 percent) of respondents said they expect to see a 10-25 percent increase in BYOD device requests from business customers in the coming year.

Cost reduction and increased productivity, along with employee satisfaction, were cited as the top drivers of growth for BYOD programs-- almost half of service provider respondents said BYOD would decrease costs and increase productivity by 10-25. Business want service providers to offer them unique features tailored to the BYOD environment, the survey found, with 52 percent asking for spilt billing for personal and business use the same percentage said they would also like the ability to curtail business email and messaging services when the employee switches the device back to personal use.

BYOD has been gaining momentum as consumers want to bring their favorite smartphones and tablets to work, and with enterprises anticipating benefits such as increased productivity and employee satisfaction, we surely expect this trend continue to grow. But BYOD creates new complexities for both the enterprise and the service provider who must support features such as device care, bill split, security, shared loyalty and data plans and differentiated quality of service. If service providers can overcome the technological challenges of providing these features, the enhanced customer experience will lead to huge gains in customer satisfaction and loyalty.

CIO confuse DR with BC

https://twitter.com/@itmanagercio — Tue, 08 Jan 2013 18:03:35 -0600

Most CIOs confuse disaster recovery and buisness continuity planning which are very different things. The first is disaster recovery (DR).

Disaster recovery is focused on re-establishing access to the key technology systems, solutions and services required to run your business. Its about getting your network back-up, getting people back on email and ensuring that your companys order processing and customer service applications are back online. Clearly, this is a critical responsibility and the domain of the CIO. But disaster recovery in and of itself is just a small part of what a true business recovery plan addresses.

Business recovery planning is focused on re-establishing business operations. It is a far broader prevue that simply getting the technology back online. Its about understanding your key business processes at a granular level. Who are your key stakeholders? How do you conduct business? What constituencies would be impacted in the event of a disaster? How would you communicate with them? Who are the key people you need to get things back in operation? How would you engage with them? Do they have the technical means to do their work remotely or do you need to establish a secondary location where they can meet to get back to work? What capabilities would you need to provide at that site?

Backup is the killer application for the cloud

https://twitter.com/@itmanagercio — Fri, 14 Dec 2012 15:19:12 -0600

Backup has emerged as one of the first truly "killer apps" in the cloud space. Compared with primary storage or production applications, backup doesn't have the same real-time requirement, so the latency created when sending data over the Internet is less of an issue. Also, if backups fail, the consequences are much less severe than with more critical IT processes. This makes it less risky for companies to try out a new technology like the cloud on backups.

Managing backup and recovery in today's environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy). But these improvements do not replace the need to execute and deliver on a long term data retention strategy which includes:

Business and Regulatory Requirements Demand a Long-term Plan
Manage and Contain Your Total Cost of Ownership (TCO)
Encrypt Your Data for Secure Long-term Retention
Weigh the Environmental Impacts and Minimize Power and Cooling Costs
Simplify Management of the Entire Solution

CIOs are not prepared for the “fiscal cliff”

https://twitter.com/@itmanagercio — Mon, 10 Dec 2012 05:09:28 -0600

As Congress and the President play a game of chicken with the fiscal cliff" and changes in tax laws for private businesses and massive cuts in spending for federal agencies, which are slated to take effect in January, few CIOs have plans in place of how to deal with its impacts.

For CIOs and the companies thye work for, the fiscal cliff means higher taxes on research and development and higher tax rates for s corporations and LLCs. For example potentially going away is the $114,000 tax provisions allowing small businesses to write off asset-related expenses, and the disappearance of bonus first-year depreciation on expenses.

With sequestration comes a cut of $66 billion in spending cuts among federal programs - as the biggest threat to the overall IT industry. If enacted, the cuts would be distributed evenly across defense and non-defense programs, and the money that pays IT contractors serving federal agencies of all kinds could suddenly dry up.

However serious these potential changes are, many CIOs are not have been paying close-enough attention to or have plans in place on how to address the potential adverse impacts.

Disaster planning top ten lists

https://twitter.com/@itmanagercio — Sat, 01 Dec 2012 14:58:23 -0600

These are the related entries for this entry. Updating this post may change these related posts.

Disaster Recovery and Business Continuity challenges that affect remote offices, remote sites, and at home computing are often relegated to the back burner. However that can be a serious mistake. The remote office and at home computing site may contain data that unique to a customer, distributor, or sales person. If that information is lost is could have a significant impact on the enterprise.

Disaster Planning - Where to start?

https://twitter.com/@itmanagercio — Fri, 23 Nov 2012 16:09:27 -0600

Do you need a Business Continuity Plan or a Disaster Recovery Plan, but don't know where to start?

The threat of interruptions to your essential operations in the event of a fire, power outage, earthquake, tsunami or even a key person being suddenly unavailable - is real.

Having comprehensive, well structured plans to get your business back to normal asap could mean the difference between your business surviving... or going belly up.

Most businesses recognise that a good Business Continuity Plan is an extremely important safeguard for their future. But it's hard to find the time alongside your Day Job, or to know what to put into your plan. There are templates online, but mostly they are not appropriate for your specific business. Sound familiar?

The Disaster Recovery Planning Template (DRP) can be used for any sized enterprise.

The template and supporting material have been updated to be Sarbanes-Oxley compliant. The complete package includes:

Disaster Recovery Plan Template
Business and IT Impact Analysis Questionnaire
Work Plan

With the template is a 3 page Job Description for the Disaster Recovery Manager. The Disaster Recovery Plan Template PREMIUM Bundle contains 11 additional key job descriptions.

BYOD Best Practices for CIOs

https://twitter.com/@itmanagercio — Tue, 13 Nov 2012 10:38:02 -0600

CIOs are in the cross hairs and need to follow best practices into to manage this activity. If they do not, then they will be in the same position as CIO who stood in the way of the movement from the corporate desk top to the PC and the sharing of information on the Internet.

The world class best practices that Janco Associates proposes are:

Implement a BYOD policy with the key users before they just do it on their own.
Inventory the types of personal devices key users.
Have a process in place to let users enroll in your BYOD program easily.
Develop internet enabled configuration which can work in a secure Wi-Fi environment.
Let users control their own destiny within set BYOD guidelines.
Segregate corporate data from personal user data.
Implement a secure information environment and maintain privacy rule for users personal information.
Monitor data usage by user and device.
Report and modify applications based on data and application usage.
Manage your investment to meet ROI objectives.

Cyber security standard lauched

https://twitter.com/@itmanagercio — Mon, 05 Nov 2012 18:47:21 -0600

A new ISO standard has been launched to help ensure safety of online transactions and personal information exchanged over the Internet. ISO/IEC 27032:2012 Information technology - Security techniques - Guidelines for Cybersecurity is also intended to protect computers when browsing. Janco's Security Template meets all of the defined requirements in the new standard.

The leader of the working group that developed the standard said, "Devices and connected networks that support cyberspace have multiple owners - each with their own business, operational and regulatory concerns. Not only do the different users and providers share little or no input, but each has a different focus when dealing with security. Such a fragmented state opens up vulnerabilities in cyberspace. ISO/IEC 27032 will provide an overarching, collaborative, multi-stakeholder solution to reduce these risks."ISO/IEC 27032 provides a framework for:

Information sharing
Coordination
Incident handling

The standard facilitates secure and reliable collaboration that protects the privacy of individuals everywhere in the world. In this way, it can help to prepare, detect, monitor, and respond to attacks such as:

Social engineering attacks
Hacking
Malicious software (malware)
Spyware
Other unwanted software

Risk Assessment Process Defined

https://twitter.com/@itmanagercio — Fri, 26 Oct 2012 04:46:59 -0600

Corporate reputations are increasingly difficult to manage in the digital era, and can be easily sullied by any number of factors - among them IT failures. The 2012 IBM Global Reputational Risk and IT Study finds that companies have begun to pay closer attention to the links between IT outages and reputational damage.

Based on this study of 427 senior executives worldwide, the consensus is clear: IT risk can imperil companies' productivity, damage customer relations, and ultimately erode trust.

Understanding how your business works -- which processes must interlock and be continuously available to sell, produce and support your clients -- is the foremost goal of a business impact analysis.

The Risk Assessment - Business and IT Impact Analysis Questionnaire identifies:

The most critical business processes across your entire enterprise
The maximum outage that a business process can sustain before it severely impacts the well-being of your company
The financial, productivity and personal impacts of an extended business disruption
An assessment of short-term business impacts and permanent business losses
The priority of business process recovery
The most vital records to protect and their required vintage for your business operations to resume successfully
Diverse tactics to balance recovery costs with different risk thresholds.

Some CIOs limit mobile device use

https://twitter.com/@itmanagercio — Wed, 17 Oct 2012 08:46:47 -0600

Some CIOs continue to restrict remote employee access to vital work applications due to security and control fears.

However, employees were found to use an average of five work applications every day, but nearly a third (27%) claimed they were not granted access to these applications via their mobile devices. Many users they could gain access to some of these critical work apps (61%) however, only 3% could seamlessly work from their mobile device as if in the office, accessing all applications.

Finance applications topped the list of restricted programs (42%) with access to business applications (38%) and partner applications (13%) also being stated as limited.

Over half of CIOs (53%) claimed that security was the reason for restricting employee access to certain applications, whereas nearly a quarter (22%) viewed ubiquitous application access as a major management issue.

As workforces become ever-more mobile, business applications increasingly extend beyond the realms of on-premise and into the cloud. Security measures must therefore start with an individual's identity, not the application theyre accessing, or device theyre using.

Granting staff seamless access to critical applications both within and outside the business, and managing these connections closely, is essential.

IT Staff Turnover Rates at Very Low Levels

https://twitter.com/@itmanagercio — Wed, 10 Oct 2012 12:24:21 -0600

IT Staff Turnover Rates at Very Low Levels

In a recent level news story in ComputerWorld it was reported that the Society for Information Management has reported that the current staff turnover rates is 5.23%. Janco reviewed it data and found that the staff turnover rates agree with the data that it has.

The SIM study, according to ComputerWorld, also found.

60% of IT departments increased salaries, 29% kept pay levels unchanged and salaries declined at 11%.
The average CIO tenure reached nearly 6 years in 2012, up from an average of 4.5 years in prior years, the survey found.
IT analysts have reduced spending projections in recent years .
48% of IT departments surveyed said their budgets increased from the prior year.
- 46% of respondents expect budgets to increase next year
- 54% said their budgets will remain stable or be reduced.
- 36% of IT budgets, on average, were spent on outsourcing, up from an average of 28% last year.
- The percentage of IT budgets spent on outsourcing is expected to remain at 36% next year, but the share of outsourced work done offshore will rise from 5% to 7% next year.
- 4% of IT budgets this year are being spent on external cloud and 5% on internal clouds

The data from SIM is interesting in that is shows the same trends that we have had at Janco for the past few years. What is important from this set of information is that the economy has not recovered as of yet.

This is all driven by the uncertainty in the the world. Everything from Europe and EU issues, to political conflicts between China and Japan, and to the Middle East.

Janco Associates, Inc.

Quality Contol Disaster Recovery Survey results

CIO top 5 hot topics

Disaster Recovery versus Business Continuity

Chief Mobility Officer is challenged to address mobile threats

Chief Mobility Officer Job Description Released

Two factor authentication soon to be a standard

Will Boston Events Impact CISPA

BYOD adds a level of complexity to disaster recovery plans

Hiring Stalls As CIOs Become More Concerned About Recovery

Janco's says, "For the first time since the dot com bust Janco's metrics show that hiring by CIOs is at a standstill  there is a high degree of uncertainty in the economic climate "

HIPAA disaster planning

Disaster Recovery and Business Continuity Recent Posts on blog.e-janco.com

Disasters Happen -- Business Continuity Disaster Recovery

Cloud based disaster recovery

Cloud Disaster Recovery and Security

Security risks faced by most organizations

Clear Policies Support CIOs Goals

Aftermath of blizzard of 2013

Security and Ethics collide

Version 7.4 of the Disaster Recovery Plan Released

Version 7.4

Version 7.3

Version 7.2

Version 7.1

Version 7.0

Disaster Recovery Business Continuity framework defined

BYOD policy updated to meet DR and BC requirements

BYOD takes off

CIO confuse DR with BC

Backup is the killer application for the cloud

CIOs are not prepared for the “fiscal cliff”

Disaster planning top ten lists

Disaster Planning - Where to start?

BYOD Best Practices for CIOs

Cyber security standard lauched

Risk Assessment Process Defined

Some CIOs limit mobile device use

IT Staff Turnover Rates at Very Low Levels

IT Staff Turnover Rates at Very Low Levels

Janco's says, "For the first time since the dot com bust Janco's metrics show that hiring by CIOs is at a standstill there is a high degree of uncertainty in the economic climate"