IT Productivity Center News and Information
Metrics, Productivity, Salary Survey, Job Descriptions, Business Continuity, ITSM, SOA, White Papers, Compliance, SOX, and HIPAA
The IT Productivity Center feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed the options that you have are:
- IT Productivity Center News
- 10 best practices for cloud disaster recovery Cloud Disaster Recovery 10 Best Practices Creating out a complete cloud disaster recovery infrastructure can be cost prohibitive for many organizations. Ten best practices are:...
- Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
- Options for a data center disaster recovery strategy Data Center disaster recovery strategy - options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy - Hot...
- Infrastructure Key to Data Center Management and Disaster Recovery Infrastructure is key to data center management Data Center Management Issues - Your data centers are stuck in a rut. While 90 per cent have...
- Adopt prevention programs. Prevention training and awareness programs can help employees recognize telltale signs of phishing scams and how to handle them. Guide your employees on how to recognize and avoid fraudulent e-mails or what to do in the event of a social engineering attack. Keep testing internally to prove the training is working.
- Strengthen e-mail controls. Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Make sure you have strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and how e-mail is configured and file extensions are displayed.
- Improve CMDB. Companies need to be very diligent about building a complete configuration management data base (CMDB). It may be surprising, but most companies do not know all the IT systems in their environment across all subsidiaries and business lines. If you dont know what you have, how can you protect it?
- Insulate your infrastructure: There are a host of solutions here, from removing or limiting local workstation administration rights to seeking out the right configuration combinations (including virus scanners, firewalls, and so on). Regular patches of operating systems and applications can foil known vulnerabilities: Microsoft patches related to this particular threat was one kind of measure that Accenture used back in March 2017 as part of our normal patching cycle.
- Plan for continuity. Have a strong business continuity plan for recovery - one thats regularly reviewed, updated, and tested - makes it easier to avoid paying ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers shouldnt be constantly connected to backup devices. Further, the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.
Companies now depeding on selected cloud providers
How to Guide for Cloud Processing and Outsourcing provides everything that is needed to select a vendor, enter into an agreement, and manage the relationship
Many businesses are doing more in the cloud these days. It has some good and bad points, like being locked into various vendors has they have done in the past. It is important for business leaders to actually learn rather than just keep moving on to the new thing.
- Companies now depeding on selected cloud providers
IoT - IT Infrastructure Policies and Procedures
What security issues associated with IoT security devices, network, and back-end. All of them are potential targets, and they all require attention, according to Forrester principal analyst Merritt Maxim. Right now, devices are getting the bulk of the attention the huge number of different manufacturers, some of whom havent worked very hard to make their products secure, makes device-level IoT security problematic.IoT Security
Disaster Recovery Digest
Disaster Recovery DigestGoogle data center security & disaster recovery This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
Disaster Recovery Digest
Malware writers are sophisticated
Security Policies - Procedures - Audit Tools
Malware writers are sophisticated, increasing the threats to data privacy and security. To counter the growing risks of unauthorized access to proprietary or confidential information, the very best anti-malware tools are essential.
Endpoint anti-malware protection is tool that works to prevent malware from infecting a computer. In many such products, the security technology extends to virtual desktops and mobile devices, as well as workstations and laptops. The term endpoint used with anti-malware usually implies a product is designed for use within an organization (versus individual consumer use on a one-off or household basis), which could mean a small business, branch office, midsize company, government agency or enterprise.
- Malware writers are sophisticated
New York mandates CISO be hired by all insurance companies
CISO - CSO a mandated IT position in New York State
New York State's new cybersecurity regulations for insurance companies manadates that a CISO (Chief Information Security Officer or CSO) be hired. While this currently only affects insurance carriers operating in NY, other states seem likely to adopt versions of the NYS regulations. These regulations are notable for their unprecedented standards and strict requirements, including instituting a formal CISO, documenting policies, and submitting to regular assessments. Despite having until February 2018 to comply with the new regulations, insurance carriers are already anticipating shifts in both resources and strategies.
One of the greatest challenges insurers will face in light of these new regulations will be hiring a dedicated CISO, as they are very well paid and are in relatively short supply. This will be especially difficult for small enterprises that may need to consider partnering with certified vendors that would operate on behalf of the enterprise and be subject to the same regulatory standards as the carrier. While many mid-sized insurers will name their CIO, CSO, or COO the CISO with a domain expert to support them.New York mandates CISO be hired by all insurance companies
Ransomware protection is not inexpensive
Janco releases Version 11.4 of its Security Manual Template which includes best practices for security including ransomware guidelines
There is no guarantee that an approach that works for one enerprise will also work for another. But here are five fundamental steps your company can take to curb its chances of its falling victim to a ransomware attack:
Ransomware protection is not inexpensive
Digital Transformation is the CEOs new hot button issue
IT Job Family Classification and job descriptions are key to digital transformation
Only a few years ago CEOs and boards were pushing CIO to make significant moves into mobile, big data and the cloud. CIOs are now told they must embrace digital transformation, and theyve never felt more pressure.
Organizations that want to remain competitive in todays tech-driven climate must be skilled at creating, delivering and maintaining software.Digital Transformation is the CEOs new hot button issue
The perfect CSO job defined
CSO an in demand job - what is the perfect reole definition
A good CSO job is one that is varied and interesting -- too many CSOs roles seem to focus on going to remote sites and fixing issues. There are two different role profiles; a short term problem-fixer and a long term role developer. The ideal job shouldn't be exclusively either but a mix of the two. Provision should also be made that the CSO should be able to mold the role into what they think is required (within reason) -- too many roles seem to be pure reactive roles. The ideal long-term sustainable role is one where the CSO can make the role their own, be part of the business and help the organization grow in harmony with information security.The perfect CSO job defined