IT Productivity Center News and Information

Metrics, Productivity, Salary Survey, Job Descriptions, Business Continuity, ITSM, SOA, White Papers, Compliance, SOX, and HIPAA

The IT Productivity Center feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.

If you wish to subscribe to this news feed the options that you have are:

Janco RSS Newsfeed IT Productivity Center News


Compliance Audit Program Definition

Tools for CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Descriptions, IT Service Management, Change Control, Help Desk, Service Requests, SLAs, and Metrics.

Security and Compliance Audits are Mandated - scope definition is key to success

Compliance Management ProcessScope and content of such a process should the Annual, Semi-Annual, Quarterly, Monthly, Daily, common elements for each time period in compliance audit process.

There are dozens of security and compliance manadates which enterprises of all sizes need to address. The scope and content of each audit requirement needs to be well understood. In addition, it is not productive to create unique audit programs for eacjh mandate. Rather it is more cost effective to include each mandate in an overall Compliance Management Audit Program.

Order Compliance Management Kit  Download Selected Pages

- Compliance Audit Program Definition


Balance between Privacy, cybersecurity, and compliance is not there yet

How many enterprises are compliant with all mandated security and privacy requirements

Compliance Management may conflict with PrivacyThere is a misconception that privacy and security are in conflict with each other, and that’s not true. Privacy purists often think that cybersecurity tools track a lot of personal data and invade privacy.

There now is an evolution of the privacy community, driven by significant data breaches. Lots of Personally Identifiable Information (PII) has made its way into the Dark Web, thanks to some of the huge data breaches of the past few years, so much so that the price of Social Security numbers has dropped considerably. Unless organizations are required to implement security, the fight to protect privacy won’t be won. That’s been a shift over the last five or so years. When that happens, there will be a much better relationship between the privacy community and the security industry, and this will spill over into rules and regulations.

Thre should be a set of federal mandates that are designed to level the privacy playing field when it comes to consent but at the same time obligating organizations of all sizes to take privacy seriously.

GDPR is a good start because it provides a good roadmap on how to think from a privacy point of view.

Compliance Kit Options

Order Industry Standard Compliance Kit

- Balance between Privacy, cybersecurity, and compliance is not there yet


Enterprise Best Practices for Cloud Applications

How to Guide for Cloud Processing and Outsourcing provides everything need to support IT Management

How to Guide for Cloud Processing and OutsourcingWithin 3 years, 51% of IT spending by enterprise IT groups that may transition to cloud - application and infrastructure software, cloud based business process services, and cloud system infrastructure according to major IT research firm.

Accelerating levels of cloud adoption are expected as organizations respond to a new business and social dynamics and this is driving a faster rate of cloud shift than pre-COVID-19 forecasts predicted.

What are the processes that enterprises should use to move towards cloud based applicatons? How that impact IT spending?

Read On...  Order  Download TOC

- Enterprise Best Practices for Cloud Applications


SMBs are targets of ransomware attacks

IT Governance Infrastructure Key to Protection for SMBs

Ransomware protection for SMBsA recent study found on ransomware found that over 85% of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.

Currently, anyone who needs some holiday money can launch a ransomware attack. Thanks to ransomware-as-a-service on the dark web, all a cyber attacker needs is some BitCoin and they’re off to try to crack your business. According to a major security company, ransomware-as-a-service now comprises almost 60% of all ransomware attacks. The fact that some of these would-be cyber attackers have discovered that their ransomware partners aren’t trustworthy is not detouring them and the attacks keep coming.

Read On  Order IT Governance Infrastructure Strategy

- SMBs are targets of ransomware attacks


IT Governance focus on privacy and security

IT Governance meets privacy and security compliance reqirements

IT GovernanceThe focus of the security and privacy compliance governance is  compliance mandates. It is a five (5) step process.

1. Define where the enterprise is and the issues it faces
      Define privacy requirements
      Define security requirements
      Assess the current state of your security policies
      Discover and classify personal data assets
           and affected systems
2. Define what must be done
      Document privacy requirements
      Document security requirements
3. Implement changes
      Implement privacy requirements
      Implement security requirements
4. Operate and maintain the new compliance environment
      Manage privacy
      Manage Security
5. Govern, audit and report compliance KPIs
      Govern privacy compliance requirements
          Record personal data access audit trails
          Document and manage your compliance program
          Respond to and manage breaches
      Govern security compliance requirements
          Coordinate technical and organizational measures
          Document your security program

Read on IT Governance

- IT Governance focus on privacy and security