IT Productivity Center News and Information

Metrics, Productivity, Salary Survey, Job Descriptions, Business Continuity, ITSM, SOA, White Papers, Compliance, SOX, and HIPAA

The IT Productivity Center feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.

If you wish to subscribe to this news feed the options that you have are:

  • IT Productivity Center News

  • Companies now depeding on selected cloud providers

    How to Guide for Cloud Processing and Outsourcing provides everything that is needed to select a vendor, enter into an agreement, and manage the relationship

    Cloud Processing on the riseMany businesses are doing more in the cloud these days. It has some good and bad points, like being locked into various vendors has they have done in the past. It is important for business leaders to actually learn rather than just keep moving on to the new thing.

    Order Cloud Outsourcing TemplateDownload Selected Pages

     

    - Companies now depeding on selected cloud providers


    IoT Security

    IoT - IT Infrastructure Policies and Procedures

    What security issues associated with IoT security – devices, network, and back-end. All of them are potential targets, and they all require attention, according to Forrester principal analyst Merritt Maxim. Right now, devices are getting the bulk of the attention – the huge number of different manufacturers, some of whom haven’t worked very hard to make their products secure, makes device-level IoT security problematic.

    IoT Security

    Order IT Infrastructure PoliciesDownload Selected Pages

    - IoT Security


    Disaster Recovery Digest

    Disaster Recovery Digest

    Disaster Business Continuity Preparation

    Order Disaster Plan Template Disaster Plan Sample
    Google data center security & disaster recovery This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
    1. 10 best practices for cloud disaster recovery Cloud Disaster Recovery 10 Best Practices Creating out a complete cloud disaster recovery infrastructure can be cost prohibitive for many organizations.  Ten best practices are:...
    2. Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
    3. Options for a data center disaster recovery strategy Data Center disaster recovery strategy - options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy - Hot...
    4. Infrastructure Key to Data Center Management and Disaster Recovery Infrastructure is key to data center management Data Center Management Issues - Your data centers are stuck in a rut. While 90 per cent have...
    Order Disaster Plan Template Disaster Plan Sample
    - Disaster Recovery Digest


    Malware writers are sophisticated

    Security Policies - Procedures - Audit Tools

    Malware writers are sophisticated, increasing the threats to data privacy and security. To counter the growing risks of unauthorized access to proprietary or confidential information, the very best anti-malware tools are essential.

    Endpoint anti-malware protection is tool that works to prevent malware from infecting a computer. In many such products, the security technology extends to virtual desktops and mobile devices, as well as workstations and laptops. The term endpoint used with anti-malware usually implies a product is designed for use within an organization (versus individual consumer use on a one-off or household basis), which could mean a small business, branch office, midsize company, government agency or enterprise.

    Read on SecurityOrder Security ManualDownload Selected Security Manual  Pages


     

    - Malware writers are sophisticated


    New York mandates CISO be hired by all insurance companies

    CISO - CSO a mandated IT position in New York State

    CISO job descriptionNew York State's new cybersecurity regulations for insurance companies manadates that a CISO (Chief Information Security Officer or CSO) be hired. While this currently only affects insurance carriers operating in NY, other states seem likely to adopt versions of the NYS regulations. These regulations are notable for their unprecedented standards and strict requirements, including instituting a formal CISO, documenting policies, and submitting to regular assessments. Despite having until February 2018 to comply with the new regulations, insurance carriers are already anticipating shifts in both resources and strategies.

    One of the greatest challenges insurers will face in light of these new regulations will be hiring a dedicated CISO, as they are very well paid and are in relatively short supply. This will be especially difficult for small enterprises that may need to consider partnering with certified vendors that would operate on behalf of the enterprise and be subject to the same regulatory standards as the carrier. While many mid-sized insurers will name their CIO, CSO, or COO the CISO with a domain expert to support them.

    Order Chief Security Officer Job Description
    - New York mandates CISO be hired by all insurance companies


    Ransomware protection is not inexpensive

    Janco releases Version 11.4 of its Security Manual Template which includes best practices for security including ransomware guidelines

    Ransomware protection best practicesThere is no guarantee that an approach that works for one enerprise will also work for another.  But here are five fundamental steps your company can take to curb its chances of its falling victim to a ransomware attack:

    1. Adopt prevention programs. Prevention training and awareness programs can help employees recognize telltale signs of phishing scams and how to handle them. Guide your employees on how to recognize and avoid fraudulent e-mails or what to do in the event of a social engineering attack. Keep testing internally to prove the training is working.
    2. Strengthen e-mail controls. Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Make sure you have strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and how e-mail is configured and file extensions are displayed.
    3. Improve CMDB. Companies need to be very diligent about building a complete configuration management data base (CMDB).  It may be surprising, but most companies do not know all the IT systems in their environment across all subsidiaries and business lines.  If you don’t know what you have, how can you protect it?
    4. Insulate your infrastructure: There are a host of solutions here, from removing or limiting local workstation administration rights to seeking out the right configuration combinations (including virus scanners, firewalls, and so on).  Regular patches of operating systems and applications can foil known vulnerabilities: Microsoft patches related to this particular threat was one kind of measure that Accenture used back in March 2017 as part of our normal patching cycle.
    5. Plan for continuity. Have a strong business continuity plan for recovery - one that’s regularly reviewed, updated, and tested - makes it easier to avoid paying ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers shouldn’t be constantly connected to backup devices. Further, the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.

    Read on SecurityOrder Security ManualDownload Selected Security Manual  Pages

    - Ransomware protection is not inexpensive


    Digital Transformation is the CEOs new hot button issue

    Digital transformationIT Job Family Classification and job descriptions are key to digital transformation

    Only a few years ago CEOs and boards were pushing CIO to make significant moves into mobile, big data and the cloud. CIOs are now told they must embrace digital transformation, and they’ve never felt more pressure.

    Organizations that want to remain competitive in today’s tech-driven climate must be skilled at creating, delivering and maintaining software.

    Order IT Infrastructure KitDownload Selected Pages

    - Digital Transformation is the CEOs new hot button issue


    The perfect CSO job defined

    CSO an in demand job - what is the perfect reole definition

    CSO Job DescriptionA good CSO job is one that is varied and interesting -- too many CSOs roles seem to focus on going to remote sites and fixing issues. There are two different role profiles; a short term problem-fixer and a long term role developer. The ideal job shouldn't be exclusively either but a mix of the two. Provision should also be made that the CSO should be able to mold the role into what they think is required (within reason) -- too many roles seem to be pure reactive roles. The ideal long-term sustainable role is one where the CSO can make the role their own, be part of the business and help the organization grow in harmony with information security.

    Order Chief Security Officer Job Description
    - The perfect CSO job defined