Sensitive Information Policy
HIPAA Audit Program Guide and a PCI Audit Program
Includes ElectronicSensitive Information Policy Compliance Agreement Form for Easy Depolyment of Policy
With identify theft and cyber attacks on the rise, you’re facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
- Implementing an information security program
- Encrypting data
- Notifying customers in the event of a security breach that compromises unencrypted personal information
To protect sensitive information, many states are now required to implement security programs that include capabilities for incident monitoring and alerting, trend reporting, logging, security information management (SIM), and other prudent security controls and practices.
This policy is easily modified and defines how to treat Credit Card, Social Security, Employee, and Customer Data. The template is 34 pages in length and complies with Sarbanes Oxley Section 404, ISO 27000 (17799), and HIPAA. The electronic word form that is provided can be delivered electronically, completed via computer, and filed electronically. The PCI Audit Program that is included is an additional 50 plus pages in length.
The Massachusetts and California mandated requirements were specifically included as part of the policy.
This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) , co-location providers, and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates. (see also Nationalized ID)
You can download the Table of Contents and some sample pages by clicking on the link below.
The policy contains text that can be used immediately. For example::
General Policy Statement
The Chief Security Officer or delegate must approve all processing activities at ENTERPRISE associated with sensitive information. This information includes but is not limited to social security numbers, credit card numbers, credit card expiration dates, security codes, passwords, customer names, customer numbers, ENTERPRISE proprietary data, and any other data (i.e. California Personal ID number) that is deemed to be confidential by ENTERPRISE, its external auditors, any governmental agency, or other body that has jurisdiction over ENTERPRISE or its industry.
This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
All processing, storage and retrieval activities for sensitive information must maintain the strict access control standards and the Chief Security Officer mandates the these specific polices be followed.
Other PoliciesThe policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.
- CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Google Glass Policy (Includes Google Glass Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing Policy
- Physical and Virtual Server Security Policy
- Record Management, Retention, and Destruction Policy
- Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with Metrics
- Social Networking Policy (includes electronic form)
- Telecommuting Policy (includes 3 electronic forms to help to effectively manage work at home staff)
- Travel and Off-Site Meeting Policy
- IT Infrastructure Electronic Forms
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing
Current Information Technology News
Chief Security Officer now a key role in many organizations
November 14th, 2013
A few years ago, hiring a Chief Security Officer (CSO) would have been superfluous. However, as companies continue to expand their technological footprint, they are also more vulnerable to cyber attacks. Having a CSO on board is necessary to alleviate cyber-security risks.
Much of the challenge to hiring one comes from defining the CSO's role against that of the chief information officer's. Indeed, the job responsibilities of a CIO are quite different from those of a CSO. The common misconception is that the two positions would be adversarial, but the reality is they often collaborate.
CIOs ensure that the information-technology infrastructure enables employee functionality. They use technology to create efficiencies in the company. CSOs safeguard intellectual property or protect against data breaches. For the most part, the CSO helps C-suite executives make judgments by lending an independent voice to the discussion.
The main function of a CSO is to lower a company's risk in respect to the security compromises that can happen via a network. From a board-level perspective, CSOs give visibility to and quantify the risks in a company. Its helpful to have a role dedicated to those responsibilities, Carpenter says.
Typically, CSOs ensure there are adequate policies and procedures in place for cyber and physical security. Then, they assess the security risk relative to those policies and procedures. From there, they are responsible for identifying to the C-suite and the board those gaps in policies and procedures.
- more info
What is the cost of a business iinterruption?
November 5th, 2013
Four steps that must be taken to determine if a business continuity plan is worth the investment are listed below. This will allow the organization to determine real dollar cost per downtime event, calculate acceptable data recovery points and return to operation goal. This data will then allow an organization to align itself to a particular disaster recovery organization(s) skill sets and capabilities.
- Conduct a Business Impact Analysis -- The first step is to conduct a business impact analysis. A BIA maps the interdependencies between each system (physical and virtual), application, and component with each business process and service provided. Based on the information collected in that process, a determination can be made on the consequences to the business as a result of disruption. This analysis should prioritize the importance of each process, application, and components in terms of cost to the business when they are no longer accessible. Those costs should include but are not limited to the following:
1. Lost productivity
2. Lost revenue
3. Complicance risk
4. Reputation loss
- Determine Recovery Time Objective -- The next step is to determine the Recovery Time Objective (RTO). RTO is the amount of time that a business process must be restored in order to meet Service Level Objectives (SLO) for the business. Organizations need to meet Recovery Time Objectives in order to avoid catastrophic consequences when a process or application continues to be unavailable. While system and component RTOs are important, the application RTO is what is important to the customer, whether internal or external. The RTO is established during the Business Impact Analysis portion of the Business Continuity Plan (BCP).
- Determine Recovery Point Objective - Next you need to determine the Recovery Point Objective (RPO). RPO is the amount of data loss that is acceptable for a certain time period as part of Business Continuity Planning (BCP). A certain amount of data loss for some processes is tolerable (i.e. a data entry clerk types data in manually to process sales orders, if the data entry clerk keeps the paper files for one day, then the RPO would be 24 hours). Recovery Point Objectives should be carefully planned for each process and application, as traditional backup and restore methods may not meet today's demanding business environments. Snapshot and replication technology enablers are needed in most environments to meet shrinking RPO time requirements. Calculate Cost of Downtime per Hour - How Much Does It Really Cost?
1. Labor cost per employee multiplied by percentage of employees affected by application or service interruption.
2. Average revenue per hour multiplied by percentage of revenue affected by outage.
Personalization is key to OmniCommerce
October 7th, 2013
According to a recent study by IDG Research Services, personalization is recognized as a key differentiator among online businesses, for both e-commerce and non-commerce sites. Companies with an online presence are learning that they need to take action to learn more about their customers in order to increase customer loyalty, gain new followers and outshine the competition. More than 60 percent of the companies surveyed are prioritizing investments over the next year that will enable a more personalized Web experience.
There are several benefits companies can realize by creating a more personalized website experience. Cited by 69 percent of survey respondents, improved website engagement is at the top of the list. When businesses employ website personalization techniques, the visit becomes a two-way interaction. Instead of solely clicking or pushing his or her way through the site, the user is enticed or pulled through the site via personalization, thus increasing website engagement.
The second benefit, according to 62 percent of survey respondents, is improved brand image. Visitors think highly of businesses that anticipate their needs and appeal to their individual interests. Finally, coming in third and fourth, 44 percent of respondents cite improved lead generation and decreased customer or website abandonment rates.
In order to provide a personalized Web experience and realize these benefits, companies need information about their visitors. Yet there are gaps identified when it comes to the information companies are currently able to collect. These gaps primarily exist around location, which inhibits the ability to offer visitors a personalized Web experience.more info
Internert users are masking their identities
September 13th, 2013
A Pew Internet and American Life study released last week showed that 86 percent of Internet users have made steps to remove or mask their identities online. Meanwhile, some companies are even trying to be open about their activities: Acxiom Corp., which collects and sells data about individuals to companies, just launched Aboutthedata.com, a site where Internet users can see and manage what Acxiom knows about them.
Generally speaking, fields such as statistics, computer science and the hard sciences dont teach ethics. There are privacy concerns, such as how much corporations and the government should know about individuals . But software engineers are taught about the elegance or the mathematical beauty of the thing that theyre building, not how it will affect peoples lives.
A computer science professor at the University of Illinois at Urbana-Champaign, says that she teaches her students how to sample data ethically and protect subjects in academic studies. For example, in a Facebook study, the researcher should replace all the participants names, all their friends names and all their friends of friends names with numbers.
If you do these large social network studies, you dont have what they call participant-informed consent. Lets say I have you in one of my Facebook studies, and youre coming to my lab and we are analyzing the strength of the connections between you and your friends. Im getting information about your friends and their friends without their consent. Its a very, very ethically sensitive area.
Many ethics guidelines come from the Belmont Report, created in 1978 to protect human research subjects. It requires universities that receive funding from the government to have whats called an Institute Review Board perform an ethics review of proposed studies involving human subjects.
If academics find that big data allows them to obtain more information than they would be able to gather when dealing with subjects in person, imagine what companies like Google and Facebook know. They are forming their own policies, which tend to be that you pay for a service, particularly a free service, by giving up some privacy. The fact people are so used to this may be why, after the initial shock over the NSA news, many people effectively shrugged. According to a Washington Post-ABC poll in late July, 58 percent said they support this intelligence gathering in the effort to identify potential terrorists, compared to 39 percent opposed.- more info
10 questions that need answers in an interview
August 26th, 2013
In the inerview process a uniform front is important.. Before you start recruitng you should have answers prepared for questions like the following:
- Are responsibilities for this job completely defined?
- How would you describe the someone who is successful in that role?
- What is it like working at the company?
- How are responsibilities defined within the team that this position is in?
- How would you describe a typical week/day in this position?
- Is this a new position? If not, why did the previous employee leave?
- Is travel expected?
- Is relocation a possibility?
- What is the typical work week like?
· Will there be overtime?- more info
Business Continuity Digest
August 21st, 2013
- Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...
- Include Social Media in Your Business Continuity Plans 6 Ways to Utilize Social Media Before a Disaster Strikes by Adam Crowe When creating a disaster recovery plan include social media. Simple things like...
- Business Continuity Planning for Survival Under Stress Business continuity and disaster recovery planning took a real hit in the recession that started in 2008. First many companies reduced the number and intensity...
- Cloud storage aids disaster recovery and business continuity Cloud Storage is a next step to implement after the disaster recovery plan is created Cloud storage is a next step after the CIO creates a...
- 10 Commandments of Disaster Recovery and Business Continuity 10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
Business Continuity Plan Template
ISO 27000 ( formerly ISO 17799 ) - Sarbanes-Oxley - HIPAA - PCI-DSS Compliantmore info
August 5th, 2013
Mobility has revolutionized how we do business. Managing mobility and BYOD means knowing how to navigate changing operating systems, changing platforms and changing hardware to reap benefits like improved productivity, agility, growth and better customer service.
BYOD include consumer SmartPhones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but its also risky. How can you say yes to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?
With the advent of Bring-Your-Own-Device - BYOD and the ever increasing mandated requirements for record retention and security CIOs are challenged to manage in a complex and changing environment.
If your enterprise does not have a BYOD policy, then two types of things are happening:
- more info
- BYOD blocked and your company is losing productivity associated with an employee making use of a BYOD or your company is paying for each employees access device.
- BYOD are already accessing your corporate network, with or without your knowledge, and you are not doing anything to ensure that this is being done securely and is not in compliance with mandated federal, state, local, and industry requirements.
Mobile Device Use Policy Is Need
July 19th, 2013
- 3 out of 5 workers say they no longer need to be in the office to be productive.
- The average mobile worker is now carrying 3.5 devices, up from 2.7 devices in 2011.
- 64% of mobile users use a tablet for work, as of March 2012. Based on purchasing predictions from users, that number likely reached 80% by October 2012.
- Apple iPhones and iPads and Google Android devices - all of them consumer devices - now make up more than 70% of the mobile devices used by mobilworkers.
- Mobile workers are using smartphones for email, web conferencing, social media for work, accessing and editing Office documents, and note-taking.
- In 2010, web-based email usage declined 6%, while mobile email access rose 36%
How to Implement IT Security
July 9th, 2013
It is the CIO's and CISO's job to identify and present the risks the business may face, but its up to the board of directors to make the final decision on the acceptable level of risks. Security decisions should be made taking into consideration all relevant business, economic, organization and technology issues. Factors that could influence the decision-making process include:
- Economic - the financial risk exposure of a given techinical process or application. IT spending is an investment with real potential benefits, as well as real security risks.
- Organizational - prior experience with making similar decisions; background knowledge about security in the company; internally established standards; maturity of existing security management processes.
- Technology - existence of known technical vulnerabilities and risks in the technology stack.
- Business - relate to the security knowledge and awareness of C-level executives and board members. It is impossible to make meaningful decisions if they dont realize how security issues may occur at each enterprise level.- more info
Security Manual - Comprehensive, Detailed, and Customizable
The Security Manual is over 240 pages in length. All versions of the Security Manual Template include both the Business IT Impact Questionnaire and the Threat Vulnerability Assessment Tool (they were redesigned to address Sarbanes Oxley compliance).
In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO security domains, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, HIPAA, FIPS 199, and CobiT.
Data Security and Protection are a priority and this template is a must have tool for every CIO and IT department. Over 3,000 enterprise worldwide have acquired this tool and it is viewed by many as the Industry Standard for Security Management and Security Compliance.
- Top 10 Things a CIO Needs to Add Value Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist? There are many strategies...
- Compliance requirements drive security Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT Compliant Includes PCI DSS Audit Program Security incidents...
- Top 10 CIO Productivity and Budgeting Issues CIO Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
- 5 Corporate Compliance Errors Executives Are Making 5 Corporate Compliance Errors many executives are making Compliance is never easy and even the best make mistakes on occasion. But we can learn from...
- Google data center security & disaster recovery This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
CIOs are drivers of BYOD
June 2nd, 2013
Organizations that choose to support their employees' personal devices within a secure environment will measurably increase their business productivity as well as extend their employees' flexibility. Additionally, the results underline a need for businesses to develop a platform agnostic device strategy that ensures corporate data remains secure.
- more info
- Organizations provide comprehensive support to BYOD: Employees will workaround corporate IT infrastructure in order to be productive and find ways to leverage their personal devices, regardless of if they're supported by the business or not. Supporting as many computing platforms as possible will ensure employees are accessing and sharing business data within a secure environment approved by the organization.
- CIO should focus on data when implementing BYOD: Over three quarters of all CIOs identify their role as a data custodian or someone responsible for locating content and establishing context that is aligned with associated business rules. An organization's mobile strategy therefore needs to not only enable IT professionals to effectively manage the volume of data, but also provide the solutions that allow employees to securely access and leverage data as a business asset.
- BYOD implementation should enable productivity: Identify the business applications employees rely on (such as the organization's email or social collaboration tools) and provide mobile and tablet support for these applications to ensure employees can remain productive.
Security Tip of the Week
May 14th, 2013
While using wireless hotspots, limit activity to Web surfing only. A hotspot is an open wireless network that is available (open) to everyone. An example would be the wireless network at your favorite coffee shop. These networks hook computers into the public Internet -- handy but dangerous. Because wireless hotspots are for open use, they don't provide much protection for your data. When using a wireless hotspot try to limit activity to web surfing only.
You should also disable peer-to-peer networking, file sharing, and remote access. Always use a good personal firewall and of course make sure all your software including your operating system (like Windows) is up to date and patched. You should never use hotspots for online banking, bill paying, or for making purchases that require you to give out confidential information such as a credit card number.Other Redings- more info
- Fraud is on the rise CIOs need to address fraud issues with better security For the last three years it has been reported that estimated fraud losses that are doubling...
- Cyber war breaks out slows Internet Cyber war pushes need for more security The recent cyber war between Spamhaus and Cyberbunker with commercial Denial of Service Attack (DDoS) pushed the Internet...
- CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found that cyber security tops chief information officers concerns, with 84...
- Many CIOs have not addressed cloud security issues Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
- Email Spam Reporting Policy E-mail Spam Reporting Policy Note: Of course legitimate, individually-sent employment, business and personal inquiries are not considered spam. Below is a sample of a letter...
CMoO focus on Mobile Workers
May 10th, 2013 CIOs are focusing on the mobile worker. The role of CMoO (Chief Mobility Officer) The executives, engineers, and sales representatives that are on the move are often responsible for bringing in new revenue and dealing with the customer in times of crisis. As such, it's essential that these employees have fast access to any and all of the corporate resources that are available to employees at the office.
The introduction of a mobile user use case adds a number of requirements for any proposed application solution:
- Does the mobile solution provide the same level of functionality to mobile workers as available in branch offices?
- Is the solution architected so that the mobile user connects directly to the existing appliance solution?
- Can the application support potentially thousands of mobile workers effectively?
- Does the mobile software use the same code base and functionality as the primary solution?
IT-empowered mobile workers can also enable new and innovative work arrangements within an organization. For example, businesses that are hoping to expand to a new region often want to hire professionals in that region. At first, however, those professionals might not have enough work to occupy them and justify the expenses required to get regional business opportunities moving. With a mobile solution, both the cost and revenue side of the business can benefit. The office can be set up with virtually no infrastructure since a mobile worker simply needs a laptop with application software installed to be up and running. That dramatically reduces the necessary up-front investment in IT. Once in place, the workers can source work from other offices, collaborating in real time with colleagues on projects in other parts of the world.more info
Productivity news and trends summary
May 2nd, 2013
Productivity news and trends summarymore info
Disaster Recovery Recap
April 22nd, 2013more info
Disaster Hits - All Computers are Down at AA
April 16th, 2013
Disasters can also be computer generated as they were for American Airlines when grounded all its flights across the U.S. on April 14, after an unidentified computer problem hit its reservation system.
AA used Twitter to post "We are now in a system-wide ground delay until 4:00pm CT as we work to resolve this issue. We apologize for any inconvenience."
The problem was causing "intermittent outages" to its reservation system, the airline said. More details were not immediately available.
American said it would offer travelers impacted by the problem refunds or itinerary changes at no charge, but was unable to modify Tuesday reservations until the problems were solved. In March the airline carried an average of 313,000 passengers worldwide on its network per day.
The airline first posted that its system was offline shortly after 11 a.m. Central Time (16:00 GMT).- more info
CIOs stop hiring
April 9th, 2013
Hiring for information technology workers stalled in March, according to a report by Janco Associates. Companies were reluctant to hire in an uncertain economy, and also were discouraged by the financial impacts of the sequester, tax considerations and the cost of health insurance for new employees.
Janco's says, "For the first time since the dot com bust Janco's metrics show that hiring by CIOs is at a standstill there is a high degree of uncertainty in the economic climate "
Security issues that CIOs need to manage
March 29th, 2013
Security is a critical issues as related in several posts:more info
Security is a concern of CIOs with the increase in use of mobile devices
March 12th, 2013
By definition, mobile devices are extending beyond corporate physical security controls and data on devices or transmitted over public Wi-Fi networks is at risk. Security is a key concern for CIOs as they begin to implement mobile device solutions. Over two thirds of all CIO, according to Janco Associates, Inc. , feel that security of mobile devices is the largest risk to deal with when building a mobility strategy.
Lost or stolen devices are the most common type of mobile security incident today. How many times have we heard in the media that an employee of a hardware vendor loses a device in a bar or cab before it is released? Add to this, unauthorized applications or malware targeted at mobile devices that do put corporate systems at risk.- more info
5 skills that Disaster Recovery Business Continuity Pros Need to Have
February 19th, 2013
Disaster Recovery Business Continuity skills Recent disasters, like Sandy, have showed that business continuity professionals can offer a great amount of assistance to their companies during a disaster if they have certain basic skills. Those skills include: Situational awareness: They Continue reading the post 5 skills that Disaster Recovery Business Continuity Pros Need to Have
- 8 Characteristics of a Good Disaster Recovery Manager 8 Characteristics of a Good Disaster Recovery Manager The characteristics of a good disaster recovery manager and leader in a crisis like a recovery process...
- 10 Characteristics of a Good Business Continuity / Disaster Plan 10 Characteristics of a Good Business Continuity / Disaster Plan Most organizations have a Business Continuity / Disaster Recovery plan but how can you recognize...
- Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...
- 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud 10 Backup best practices - supplementing a disaster recovery and business continuity back-up solution with the cloud Backup best practices are used by many CIOs...
- Disaster Recovery and Business Continuity Top 10 Disaster Recovery and business continuity are all about being ready for everything. The question that every IT manager and CIO has to answer every day...
High Availability - Key to CIOs success
February 11th, 2013
High Availability blog postings
- more info
- Restoration Point Objectives Defined Maximum Tolerable Period of Disruption CIOs, CSOs, BC Managers constantly will work to improve their restoration point objective (RPO) and also recovery time objectives (RTO)...
- High Availability Versus Disaster Recovery High Availability High Availability is when A machine that can immediately take over in case of a problem with the main machine with little down...
- Disaster Recovery High Risk Users Disaster Recovery High Risk Users There are three types of high risk users in disaster recovery and business continuity planning. They are: People who do...
- Best of Breed Disaster Recovery Business Continuity Best of Breed solutions for disaster recovery and business continuity has four key components: High Availability Best of breed requires service that have high...
- DRP BCP Best Practices Defined DRP BCP Best Practices Defined Here are some Disaster Recovery Business Continuity best practices Keep your primary backup disaster recovery business continuity data in...
1,509 mass layoff actions affected 137,839 workers
January 25th, 2013
In December, employers took 1,509 mass layoff actions involving 137,839 workers. Mass layoff events decreased by 240 from November, and associated initial claims decreased by 35,040. In 2012, annual totals for events and initial claims were at their lowest levels since 2007.
There is a narrow gap between the average pay of senior executives, midlevel managers and even IT staff. Considering the salaries some hot skills are commanding, that's not surprising. Money isn't necessarily the make-or-break issue in whether a worker leaves a job. Improving relationships between worker and boss, and more closely aligning the worker with the agency mission can "balance or even trump" the limits on monetary compensation. Companies clearly can't ignore worker satisfaction with their salaries - not only those highly skilled IT workers, but also their bosses can surely make a statement with their feet.- more info
Data Center Consolidation Impacts DRP and BCP
January 16th, 2013
Disaster Recovery and Business Continuity planning are impacted by Data Center consolidation that centralizes productivity applications. As enterprises reduce the overall number of data centers, consolidating remote and branch office assets in the process Disaster Recovery and Business Continuity become more critical. According to an international research firm, 41% of large organizations have consolidated most IT assets in corporate data centers, while another 34% have consolidated some assets in corporate data centers.
While this has given IT greater operational control and lower costs, it also can lead to increased risk. Each remote site that accesses the centralized data center creates a potential point of failure. If the new centralized location were to fail, all the applications and services housed therein would be unavailable and its impact - as measured in lost productivity and revenue - could be far greater.- more info
IT jobs market was mixed in 2012
December 15th, 2012
Janco Associates has found that the IT jobs market has seen its fair share of highs and lows over the last year. However, with technology becoming more important, the landscape is growing stronger and the most recent stats support this fact.
According to the latest numbers from the Bureau of Labor Statistics, the IT job market has grown by 8,700 jobs in November, which puts the total number of jobs created in the sector in the last 12 months at 59,400.more info
Security ComplianceResults: 80 for Security Compliance.
December 8th, 2012...Security techniques - Guidelines for Cybersecurity is also intended to protect computers when browsing. Janco's Security Template meets all of the defined requirements in the new standard. The leader of the working group that developed the standard said, "Devices and connected networks that support cyberspace have multiple owners ...from Janco Associates, Inc. - Nov 5, 2012 6:37 PM...without covering compliance risks and without using compliance tools to mitigate risks. On the other hand, compliance management is a critical component of disaster Continue reading →The post Sandy shows that not being prepared can be fatal to an enterprise appeared first on IT Manager - CIO. Related posts: Disaster Recovery and Business Conti...from IT Manager - CIO - Nov 8, 2012 9:17 AM...without covering compliance risks and without using compliance tools to mitigate risks. On the other hand, compliance management is a critical component of disaster Continue reading →The post Sandy shows that not being prepared can be fatal to an enterprise appeared first on IT Manager - CIO. Related posts: Disaster Recovery and Business Conti...from IT Manager - CIO - Nov 8, 2012 9:06 AM...business continuity compliance with ISO 22301 Compliance and business continuity management are closely inter-related ISO 22301 is just one of many standards. A companys disaster recovery and business continuity programs would be incomplete without covering Continue reading →The post Top 10 Reasons Compliance of Business Continuity Fails ap...from IT Manager - CIO - Oct 29, 2012 10:45 AM- more info...business continuity compliance with ISO 22301 Compliance and business continuity management are closely inter-related ISO 22301 is just one of many standards. A companys disaster recovery and business continuity programs would be incomplete without covering Continue reading →The post Top 10 Reasons Compliance of Business Continuity Fails ap...from IT Manager - CIO - Oct 29, 2012 11:12 AM
10 point flood disaster planning checklist
December 1st, 2012
A practical checklist to help firms minimise the impact of a natural disaster and protect their important information assets:
- Validate your employee and top customer contact lists are up to date.
- Monitor the weather: check the national maps and flood warnings to find out how vulnerable you are.
- Create a plan for communicating with employees in the event of a business disruption, bearing in mind that your phones or IT network could be down and your office inaccessible. Rehearse the plan, and have a back-up in case it does not work on the day.
- Create a plan for communicating with your top customers. You are unlikely to have time to call everyone so focus on those most critical to your business, with a website or voicemail update for the rest.
- Store your information archives in secure facilities away from flood plains. Your office may not be the safest place to keep business critical records and data. Host your services and systems off-site or in the cloud, so that they are protected if the business is affected by natural disaster. Plans should also be made to relocate important paper documents as this format is sometimes forgotten from IT-centric business continuity plans, but is equally vulnerable should flooding occur.
- Validate the protection of your historical archives -storing physical and digital data offsite ensures that business activity can continue in the event of a disaster. Information is the most important asset to any business and shouldn't be under any unnecessary risk.
- Equip employees to work from home - and aim to do this before a crisis so that you can get the necessary equipment, security and processes in place. If undertaken as an ad hoc emergency response, you run the risk of employees relying on insecure personal IT to handle confidential or sensitive information.
- Ensure your business remains compliant. For example, it is essential to keep corporate email systems going, or to get them up and running again as soon as possible, so that employees are not communicating or transacting business via non-compliant personal email accounts.
- Audit your suppliers' and vendors' plans.
- Rehearse and test every aspect of your plan, understand what could disrupt it and create a back-up plan.
These are the related entries for this entry. Updating this post may change these related posts.
- more info
- 10 point checklist for disaster recovery
- 10 steps to cloud disaster recovery planning
- Business Continuity Planning for Survival Under Stress
- 10 Disaster Recovery Lessons Learned
- 10 Backup Best Practices supplementing a disaster recovery and business continuity solution with the cloud