IT Productivity Center News and Information
Metrics, Productivity, Salary Survey, Job Descriptions, Business Continuity, ITSM, SOA, White Papers, Compliance, SOX, and HIPAA
The IT Productivity Center feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed the options that you have are:
Compliance Audit Program Definition
Tools for CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Descriptions, IT Service Management, Change Control, Help Desk, Service Requests, SLAs, and Metrics.
Security and Compliance Audits are Mandated - scope definition is key to success
Scope and content of such a process should the Annual, Semi-Annual, Quarterly, Monthly, Daily, common elements for each time period in compliance audit process.
There are dozens of security and compliance manadates which enterprises of all sizes need to address. The scope and content of each audit requirement needs to be well understood. In addition, it is not productive to create unique audit programs for eacjh mandate. Rather it is more cost effective to include each mandate in an overall Compliance Management Audit Program.
Order Compliance Management Kit Download Selected Pages
- Compliance Audit Program Definition
Balance between Privacy, cybersecurity, and compliance is not there yet
How many enterprises are compliant with all mandated security and privacy requirements
There is a misconception that privacy and security are in conflict with each other, and thats not true. Privacy purists often think that cybersecurity tools track a lot of personal data and invade privacy.
There now is an evolution of the privacy community, driven by significant data breaches. Lots of Personally Identifiable Information (PII) has made its way into the Dark Web, thanks to some of the huge data breaches of the past few years, so much so that the price of Social Security numbers has dropped considerably. Unless organizations are required to implement security, the fight to protect privacy wont be won. Thats been a shift over the last five or so years. When that happens, there will be a much better relationship between the privacy community and the security industry, and this will spill over into rules and regulations.
Thre should be a set of federal mandates that are designed to level the privacy playing field when it comes to consent but at the same time obligating organizations of all sizes to take privacy seriously.
GDPR is a good start because it provides a good roadmap on how to think from a privacy point of view.
Order Industry Standard Compliance Kit
- Balance between Privacy, cybersecurity, and compliance is not there yet
Enterprise Best Practices for Cloud Applications
How to Guide for Cloud Processing and Outsourcing provides everything need to support IT Management
Within 3 years, 51% of IT spending by enterprise IT groups that may transition to cloud - application and infrastructure software, cloud based business process services, and cloud system infrastructure according to major IT research firm.
Accelerating levels of cloud adoption are expected as organizations respond to a new business and social dynamics and this is driving a faster rate of cloud shift than pre-COVID-19 forecasts predicted.
What are the processes that enterprises should use to move towards cloud based applicatons? How that impact IT spending?
- Enterprise Best Practices for Cloud Applications
SMBs are targets of ransomware attacks
IT Governance Infrastructure Key to Protection for SMBs
A recent study found on ransomware found that over 85% of managed service providers (MSPs) have reported attacks against small and midsized businesses (SMBs). Despite that appallingly high number, just 28% of SMBs consider ransomware a worry.
Currently, anyone who needs some holiday money can launch a ransomware attack. Thanks to ransomware-as-a-service on the dark web, all a cyber attacker needs is some BitCoin and theyre off to try to crack your business. According to a major security company, ransomware-as-a-service now comprises almost 60% of all ransomware attacks. The fact that some of these would-be cyber attackers have discovered that their ransomware partners arent trustworthy is not detouring them and the attacks keep coming.
Read On Order IT Governance Infrastructure Strategy
- SMBs are targets of ransomware attacks
IT Governance focus on privacy and security
IT Governance meets privacy and security compliance reqirements
The focus of the security and privacy compliance governance is compliance mandates. It is a five (5) step process.
1. Define where the enterprise is and the issues it faces
- IT Governance focus on privacy and security
Define privacy requirements
Define security requirements
Assess the current state of your security policies
Discover and classify personal data assets
and affected systems
2. Define what must be done
Document privacy requirements
Document security requirements
3. Implement changes
Implement privacy requirements
Implement security requirements
4. Operate and maintain the new compliance environment
Manage privacy
Manage Security
5. Govern, audit and report compliance KPIs
Govern privacy compliance requirements
Record personal data access audit trails
Document and manage your compliance program
Respond to and manage breaches
Govern security compliance requirements
Coordinate technical and organizational measures
Document your security program