Chief Information Officer and IT Managers Areas of Interest
Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA,
Compliance, SOX, and HIPAA
The Positive Support Review, Inc (PSRinc.com) News feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed add the link below to your reader:
A system manager man was arrested for allegedly disrupting his
former employer's network after he was passed over for promotions, leading him
to quit his job and take revenge. The manager who worked for a company that
manufactures high-voltage power supplies, allegedly caused the company over
$90,000 in damages.
The specialized in developing and customizing software used by the company to
run its business operations. He was one of two employees responsible for
ensuring that the software ran smoothly in order to keep production planning,
purchasing and inventory control operating efficiently. This role gave the
employee high-level access to the company's network.
After being passed over for promotions he allegedly expressed his displeasure
and resigned. After his network access was terminated, ex-employee found a way
to launch a three-week campaign to cause damage to his former employer after
getting unauthorized access to the network.
He allegedly hacked into the company's network, stole former co-workers
security credentials, via a program to capture log-in names and passwords. The
information was then used to remotely access the company's network using a
virtual private network to corrupt the company's network from another
location.
Additional articles:
Fraud is on the rise CIOs need to address fraud
issues with better security For the last three years it has been reported that
estimated fraud losses that are doubling...
Cyber war breaks out slows Internet Cyber war
pushes need for more security The recent cyber war between Spamhaus and
Cyberbunker with commercial Denial of Service Attack (DDoS) pushed the
Internet...
Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting
cloud computing applications for possible security risks before deploying
them. The number...
Email Spam Reporting PolicyE-mail Spam Reporting Policy
Note: Of course legitimate, individually-sent employment, business and
personal inquiries are not considered spam. Below is a sample of a
letter...
Recent Disaster Recovery Business Continuity postings
May 2nd, 2013
Recent Disaster Recovery Business Continuity blog posting:
Finding Disaster Recovery Tools Adobe falls short Adobe is not a good source for Disaster Recovery tool development Janco
has just updated it Threat Vulnerability Assessment tool as it updates it
Disaster...
Top 10 concerns of disaster recovery pros Disasters
Happen Business Continuity Disaster Recovery How do you balance the business
continuity disaster recovery risk and investment equation? Is the potential
risk greater...
Should Disaster Recovery Plans Depend on SSD Storage Can Disaster Recovery Plans depend on SSD storage Disaster Recovery
depends on stable storage of data and modern storage technology (SSDs, No-SQL
databases, commoditized RAID...
Disaster Recovery High Risk Users Disaster Recovery
High Risk Users There are three types of high risk users in disaster recovery
and business continuity planning. They are: People who do...
Best of Breed Disaster Recovery Business Continuity Best of Breed solutions for disaster recovery and business continuity has
four key components: High Availability Best of breed requires service that
have high...
10 Compliance Best Practices10 Corporate Compliance Best
Practices Compliance is a major issue that organizations of all sizes need to
address. In the information technology field they range...
Top 10 Reasons Compliance of Business Continuity FailsTesting is key to business continuity compliance with ISO 22301 Compliance
and business continuity management are closely inter-related ISO 22301 is
just one of...
10 BYOD Best Practices for CIOsBYOD Best Practices for
CIOs Bring Your Own Devices (BYOD) is exploding all over corporations.
CIOs are in the cross hairs and need to follow...
Disaster Recovery MisconceptionsDisaster Recovery What
are the major misconceptions when a disaster occurs with IT systems? Can your
systems can not support your companys day-to-day
operations?...
CIOs and CSOs are now under a great deal of scrutiny not only from their
executive management but also from a range of governmental and industry
regulatory bodies. Janco has created a ten step program that helps them address
compliance issues directly. The program, when used in concert with Janco's
Compliance Management products gets them in front of the issue.
Rebalancing Strategies For The Real-Time Enterprise
March 26th, 2013
The amount of digital information in our world has been exploding while
the speed of business is accelerating. There is an unprecedented convergence in
the ability to collect and work with big data, simulate, model and predict with
game changing fidelity, and previously unimaginable access to information and
markets with billions of people communicating and trading through mobility and
social media channels. As enterprises attempt to capture and take action on
trillions of bytes of data real-time about their customers, suppliers, and
operations from millions of people, devices, and embedded sensors which are now
connected by digital networks throughout the physical world, the result is a
convergence of technology forces that is disrupting the global IT
ecosystem. Like other critical components of production such as hard
assets and human capital, todays economic activity, innovation, and growth
could not take place without the information provided by these persistent and
converging forces in mobility, big data, social media and cloud computing.
The business and economic opportunities created by each of these forces are
significant, but so are the complexities associated with the global deployment
of scarce IT resources. Many executives responsible for these visible
initiatives are reassessing their global IT sourcing strategies in order to
achieve the right balance of knowledge, quality, risk management, and time to
market.
Disaster Recovery Planning & Business Continuity Planning Quick Action Steps Defined
March 12th, 2013
The must do things that your company must do to make sure the disaster
recovery and business continuity plan will work when they are need
are:
Distribute the disaster recovery and business continuity plan or a
HandiGuide® to all decision makers and key operating employees who
will need access to it when the event
occurs.
Define the chain of command with single leader but do not limit the
people who would have to implement the disaster recovery business continuity
plan when the event occurs if that leader is
unavailable.
Conduct frequent tests and address all areas where shortcomings are
found.
Conduct the tests in an unannounced mode
Validated that mission critical data is at sites other than the primary
data center
Establish a communication plan that can be implemented after the
disaster.
HandiGuide is a Janco Associates registered
trademark
Good business continuity planning needs to take a broad view,
embracing people, human behavior, customers and other factors that lie outside
the data center. It is also important to secure the vision and endorsement of
executive management. A properly funded, well-prioritized business continuity
plan, combined with a regular program of testing and recovery drills, will help
to safeguard the organization. Read this white paper to understand the key
elements of a successful business continuity plan, see how to develop a plan
that clarifies what is critical, and set specific recovery
requirements.
Every organization needs to identify and develop mobile computing security
policies to be deployed which will provide adequate protection. The level of
protection has to be aligned with the level of risk that your organization is
willing to accept. These policies should ensure that the many regulatory or
compliance concerns that might be applicable are addressed.
Internet Costs Are Too High Internet Costs are Too
High Open Market Makes US Costs Highest in the World In his new book which
covers communication and Internet costs,...
Mobile devices and BYOD drive CIO priorities Mobile
devices and BYOD drive CIO priorities Mobile devices are becoming increasingly
vital in the way we connect, engage, and understand our customers. But
most...
Restoration Point Objectives Defined Maximum
Tolerable Period of Disruption CIOs, CSOs, BC Managers constantly will work
to improve their restoration point objective (RPO) and also recovery time
objectives (RTO)...
10 point flood disaster planning checklist 10 point
flood disaster planning checklist A practical checklist to help firms minimize
the impact of a natural disaster and protect their important information
assets:...
2013 will see the emergence of cloud computing ecosystem --
Public clouds are increasingly approached not only as technology
delivery platforms but also as ecosystem hubs for cloud service providers and
consumers.
Data will be the new cloud computing oil in 2013 -- Cloud
computing services, and the (social, mobile) applications that cloud platforms
underpin, generate a lot of data, which in turn requires cloud services and
applications to make sense of it.
When a CIO or an IT Executive takes over a new job one of the greatest
challenges is to quickly validate that the infrastructure that is in place.
Would it not be nice to have some tools that could be use to quickly put proven
world class policies in place with minimal effort. That is what the CIO IT
Infrastructure Policy Bundle does.
CIOs are under more pressure to do more things, do them faster, and do them
with less money than ever before. This has made the IT budget process
increasingly stressful and often contentious, as demand for IT continues to
increase while many IT budgets are held flat (or even decreased).
Disasters Happen -- Business Continuity Disaster Recovery
Business Impact Analysis (BIA) - Have you identified and prioritized
critical business applications?
Scope - How comprehensive is this plan to be and when is it to be used?
Objectives - Does this plan provide a comprehensive guide for those
involved in recovery, including links to secured reference material (e.g.
documentation, SOPs)?
Assumptions - What does this plan assume is in place in order to be
successfully executed?
Definition of a Disaster - What are the different types of disasters
accomodated by this plan? e.g. Power Outage, Fire/Flood, Theft, Data
Corruption
Recovery Teams - Who will be involved in the recovery process (Teams) and
who will lead each of those teams?
Invoking the Plan - Who will declare the disaster, how will notification
occur, what scope of downtime would cause the plan to be invoked?
External Communication - Who will be tasked with public relations with
clients, media, regulatory agencies, government, clients, etc.?
Data Backup - What data is backed up, how is it backed up (e.g. how
often), how long is the data kept (retention), where is it stored?
Alternate Workplace - Where are employees to go in the event of a disaster
and what processes around that are required?
"In the Event Of" Conditions - Specific steps (SOPs) to be taken in the
event of specific types of events - e.g. natural disaster, fire, flood, server
failure, network provider outage, etc.
Plan Review and Maintenance - How to ensure this document is living and
updated frequently? - e.g. change of key personnel
Checklists and SOPs - Developed set of checklists which can be followed
(preferably on paper)
Diagrams and Flowcharts - Visual documentation is often preferred under
times of duress
Business Recovery Planning - System and facility operations, funding,
operations recovery,
Three security issues that CIOs face when shifting from
enterprise-owned devices to BYOD
The right of users to leverage the capabilities of their personal devices
conflicts with enterprise mobile security policies and increases the risk of
data leakage and the exploiting of vulnerabilities.
User freedom of choice of device and the proliferation of devices with
inadequate security make it difficult to properly secure certain devices, as
well as keep track of vulnerabilities and updates.
The user's ownership of device and data raises privacy concerns and stands
in the way of taking corrective action for compromised devices.
Mobile devices are
becoming increasingly vital in the way we connect, engage, and understand our
customers. But most marketers are still figuring out the best way to leverage
mobile devices for their brands.
Our mobile community applications literally put your questions in the hands
of your customers. With mobile youre able to capture immediate responses using
both quantitative and qualitative exercises. This creates honest and open
communication with your customers to uncover insights faster and easier than
with other engagement methods.
So whether you are asking your community to record and share their real-world
experiences or you simply need a quick response to an important question, our
mobile and social networking policy templates will dramatically improve the role
of these processes.
Mobility Policy Bundle(more info...)
All of the policies below are included as individual MS Word files and a
single PDF file. Electronic forms are all individual documents that are easily
modifiable
BYOD Policy Template(more info...)Includes electronic BYOD Access and Use Agreement Form
With the advent of Bring-Your-Own-Device - BYOD
and the ever increasing mandated requirements for record retention and security
CIOs are challenged to manage in a complex and changing environment.
If your enterprise does not have a BYOD policy, then two types of things are
happening:
BYOD blocked and your company is losing productivity associated with an
employee making use of a BYOD or your company is paying for each employees
access device.
BYOD are already accessing your corporate network, with or without your
knowledge, and you are not doing anything to ensure that this is being done
securely and is not in compliance with manadated federal, state, local, and
industry requirements.
According to Gartner Inc., 90% of companies will support corporate
applications on personal mobile devices and 80% of companies will have a mobile
workforce armed with tablets like the iPad by 2014.
If mobile device management is not at the top your agenda, you run the risk
of putting your business at a serious disadvantage but most CIOs are unsure
of where to begin.
Related posts:
DRP BCP Best Practices DefinedDRP BCP Best Practices
Defined Here are some Disaster Recovery Business Continuity best practices
Keep your primary backup disaster recovery business continuity
data in...
Top 10 Reasons Cloud Solutions are ExpandingTop 10
Reasons Cloud Computing is Exploding As CIOs and businesses move organizations
towards cloud solutions and processing there are many benefits. The top
10...
Top 10 Disaster Recovery Best PracticesAs requirements
for avoiding downtime become increasingly stringent, administrators need tools
and platforms that can help them plan, design, and implement disaster recovery
strategies that...
Disaster Recovery - What are the major misconceptions when a disaster
occurs with IT systems? Can your systems can not support your companys
day-to-day operations?
The major misconception is that a backup recovery plan is all that you
need. At Janco Associates that is not enough. We have found that
most companies are really not prepared. Files can be restored but it does
no good if they do have facilities for their staffs.
Related posts:
Disaster Recovery and Business Continuity Top 10
Disaster Recovery and business continuity are all about being ready for
everything. The question that every IT manager and CIO has to answer
every day...
Meeting ISO 27031
Requirements Meeting ISO 27031 Requirements ISO 27031 The ISO
Standard defines the Information and Communication Technology (ITC)
Requirements for Business Continuity (IRBC) program that supports
the...
Disaster Recovery Plan in the cloud Paper disaster
recovery and business continuity plans are difficult to keep up to date and be
available for the recovery process. One solution that we...
Here is a great video that describes what some of the major misconceptions
are in disaster recovery and business continuity planning. These thoughts
are the same as Jancos and the video is well worth watching.
The
main disadvantage of tape-based disaster recovery is in day-to-day operations.
The amount of effort it takes to replace a single accidentally deleted file or
folder means that some user files just go unrecovered.
However, tapes are holding their position as an affordable backup solution
that can also be used for disaster recovery. So, if you are using tape for
backup here is how to set up for recovery after a data disaster.
There are two main ways to use tapes for disaster recovery. The most common
way is to keep Monday, Tuesday, Wednesday and Thursday tapes with full overnight
backups of everything and take them offsite each day. The second option, to do a
full backup over the weekend and add incremental changes each day to capture
updates, is generally more efficient. The granularity of recovery is the same
for a lower cost and less time is spent managing the tapes.
Depending on the needs of your business, have another tape backup copy, for
example each Friday of the month, which can stay onsite in a fireproof safe, for
recovering an accidentally deleted folder, for example. Note that most safes
arent melt proof, so after a certain amount of time the tapes will still be
vulnerable during a fire.
For archival purposes, make six (or three or nine) monthly tapes, that can go
to a bank safety deposit box, these are the last line of protection and should
definitely be offsite.
The best situation for a tape-based disaster recovery strategy is when a
companys recovery time objective (RTO) can be comfortably in the two-five day
range. A retail business or a school that will be closed after a natural
disaster, fire, or major theft is an example of an organization that can
comfortably leverage offsite tape backups for disaster recovery.
The main disadvantage of tape-based disaster recovery is in day-to-day
operations. The amount of effort it takes to replace a single accidentally
deleted file or folder means that some user files just go unrecovered.
Commitment to resilience is often a reflection of senior management's
perception, and unless a major disruption has affected them or someone they
know, it has to fight for attention. It is understandable. As an
entrepreneur, if I cannot see percentage points on the bottom line, you have
little chance in securing my vote for funding. My appetite for risk-taking
acts as an over-ride and I would rather see the cash invested in
productivity or growth, or taken as profit. Ask me to budget for an annual
sizeable sum with no apparent return on investment and Ill politely
decline.
However, despite this, my business does have a budget and we do assign
resource for business continuity. We dont feel BCM is aimed solely at
larger firms or that were wasting money because the risks are so low. We
own a continuity plan that works and matures alongside the business. So
how do we justify this?
Telecommunications Workforce is aging
and there are too few younger employees with sufficient experience to fill the
required leadership positions.
As companies cut back the first thing they typically do is eliminate newer
less experienced employees, then they cut back the middle layers of experience,
and retain only the employees with the longest seniority and experience
set. This is exactly what has happened in the telecommunications market
for IT Pros.
A recent study revealed that 80% of companies say theyre required to keep
data archived for 50 years. 68% say theyre required to for 100 years.
Predictions say that by 2015, the total amount of digital information in
archives will exceed 300 Exabytes.
All business are required by law to keep confidential client information, as
well as employee or company data for a minimum amount of time - in essence they
need a Record Management Policy.
There are numerous business records that should be held on to for a minimum
of seven years, which can include employee agreements, business loan
documentation, litigation records, as well as general expense reports and
records including overhead expenses and professional consultation fees.
Rev 2 of the Federal Computer Security Incident Handling Guide Released
August 9th, 2012
The National Institute of Standards and Technology (NIST) of the US
Department of Commerce has just released a 79 page guide on how security
incidents should be handled. This publication (800-61) is Revision 2 of
the guide and has a detail discussion of the composition, inter-relationships
with others, and responsibilities of the Incident Response Team.
Standard XML
