IT Job Descriptions

Security Manual Template

Salary Survey

Disaster Plan

IT Infrastructure Strategy Charter

XML and RSS News Feeds
CIO Tools - Disaster Planning - Security
Infrastructure - Job Descriptions



CIOs Major Responsibilities Are Focused

03/04/2010 

CIOs have three major responsibilities in helping enterprises succeed.

  • CIOs must keep all IT systems and networks managed, optimized, and available to contribute maximum business value at minimal cost.
  • CIOs need to protect critical infrastructure against an increasingly hostile threat environment spyware, viruses, attacks, intrusions and human-engineered security lapses.
  • CIOs  must prevent exposure to legal and regulatory compliance penalties or breach disclosure laws. If IT fails in any one of these areas, their organizations can go out of business, or face criminal sanctions.

In meeting these responsibilities, CIOs can no longer incrementally buy new tools to meet any new requirement that makes headlines in the technical or business media. Business drivers, security and compliance mandates converging on the enterprise require a converged response. CIOs now demand solutions that enable them to eliminate redundant technologies and processes and integrate disparate elements into a common workflow. While established enterprise software vendors have adopted the language of convergence and consolidation, their product lines remain constrained by legacy architectures and designs. Proposing radical change to their customers' carries the risk of disrupting established revenue flows not to mention technical risks inherent in overhauling or replacing obsolete products.

Business runs at a velocity unimagined a few short years ago. Complex and highly distributed environments have grown to support an intricate web of partners, suppliers, distributors, and customers. Service oriented architectures and web-based applications have progressed from vision to real-world instantiation as enterprises look to leverage technology to innovate and deliver new services. In this new world, IT-delivered services must be available 24x7 to customers, suppliers, employees, regulators, investors and other constituencies.

The highly exposed nature of today's IT infrastructures fundamentally changes how organizations manage IT assets, processes and data. IT organizations can no longer treat resource management and maintenance as back-end functions that can be performed at times and conditions of their choosing. Neither is their work protected from outside scrutiny. Processes whose success or failures were largely internal now make the difference between business success or failure, legal compliance or litigation, prudent stewardship or ineffective execution.

- more info



Passwords that hackers can attack

02/26/2010 

Hackers attack the most commonly used passwords. Security Policies should specifically exclude these as options for users.

  • 123456
  • 12345
  • 123456789
  • Password
  • iloveyou
  • princess
  • rockyou
  • 1234567
  • 12345678
  • abc123

Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second - or 1000 accounts every 17 minutes according to Imperva. 

  • The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
  • Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".
- more info



Solid State Disk (SSD) is an opportunity for CIOs

02/23/2010 

While SSD represents a premium in storage capacity, it's well worth it if it improves storage response time to users and critical applications.

Data storage managers are making moves toward solid-state storage and solid-state drives (SSDs), with 14% of 360 survey respondents planning to implement them this year and nearly 40% planning to evaluate them this year (in addition to the 7% who already have them in place). Those numbers mean that right now Many CIOs could use help in comparing SSD vs. HDD and determining what value they'd get from implementing SSD to fix performance problems. This is a role that's tailor-made for an operation's manager and represents an excellent value-add opportunity.

- more info



Today's cost savings increase cost of doing business

02/20/2010 

Metrics Internet and IT

In these economic times, CIO and CFO are tempted to have their company’s employees to hang on to their desktop and notebook computers for a couple of years beyond the usual three-year life cycle. This way they hope to avoid the capital expense of replacing them. However, knowledgeable professionals have data that shows that as a false savings.

Four to five years after a laptop has been put in service they often are more trouble than they are worth. The reasons are simple, the longer a laptop or a desktop is in service the greater the chance that they will need for repair, an upgrade of an internal card, an upgrade in memory, and a new OS.

After the three years, hard drive failures go up dramatically, as do problems with keyboards, screens, and batteries. In addition, the outdated notebooks will cost an organization in lost end-user productivity, since a machine that is two generations behind current models takes longer to boot up and runs sluggishly.

When CIO and CEO look to trim costs, care needs to be take so that long term productivity is not impacted.  In addition, if employees feel they are not productive because of "technology', once the economy improves they will find better jobs where the technology is more current..

- more info



Availability of e-mail a business continuity issue

02/11/2010 

Availability of e-mail for business continuity and associated data can impact an organization's ability to make or break a profit objectives -- as well as retain or lose customers. In today's economy, the importance of e-mail takes on new meaning. Recovery time and recovery point objectives (RTOs and RPOs) are no longer general rules. The Exchange administrator's ability to meet or exceed the proverbial lines in the sand, in terms of time to recover and the age of the data recovered, can mean the difference between gainful employment and prepping for a job interview.

Questions that you need to have answers to are:

  • What is the the impact of e-mail downtime on today's business,
  • What are the types of potential failures -- both the common and the not-so-common along with the general probability of occurrence, and
  • How do you plan to mitigate the impact of these challenges to ensure adequate levels of protection for your e-mail environment.
- more info



Backup and Retention a DRP issue

02/09/2010 

Traditional storage environments have many of the same problems as distributed server farms: applications are tied to physical devices, making any response to changing needs both disruptive and time-consuming; capacity utilization is low; and many maintenance activities require application downtime. The simple and straightforward solution is storage virtualization, which decouples applications and data from the underlying physical devices. Storage virtualization simplifies storage management, as only a single set of tools are required for a given virtualized set of similar devices, such as managing a set of disk systems.

For IT departments charged with delivering greater business value in the face of unprecedented data growth, storage virtualization is a very attractive way to control costs, improve performance and maximize resource utilization.

- more info



Security Predictions

01/31/2010 

2009 began with the biggest data breach in history. Wonder what could possibly be in store this year? The experts have spoken and have issued their astute security predictions for the New Year:

  • Increased funding security budgets
  • New compliance regulations created and enforced by congress
  • New problems with mobile security: new mobile phone worms and Trojans
  • A new key area of competition: Cloud computing
  • Growth in desktop virtualization

Security Manual Template Policies and Procedures

ISO 27000 (27001 & 27002) - Sarbanes-Oxley - PCI - Patriot Act - HIPAA Compliant

  

This Security Manual for the Internet and Information Technology is over 240 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley.

- more info



PCI-DSS is a global requirement

01/27/2010 

Although the Payment Card Industry Data Security Standard (PCI DSS) has become a global requirement, many organizations are lagging in compliance. For many companies, regulatory compliance can already be an overwhelming and confusing area to navigate, and the need to comply with the PCI DSS might feel like yet another burden. The PCI-DSS compliance kit meets fully meets enterprise compliance requirements. 

PCI-DSS Requirements Table
    Sample PCI Audit Program      Sample PCI Audit Program

The PCI DSS security requirements apply to all “system components.” A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances.

- more info



Data deduplications impacts IT budgets

01/16/2010 

Data deduplication is not just altering what media companies use as backup targets; it dramatically affects operating efficiencies, simplifies remote office data protection, and makes disaster recovery significantly more affordable and realistic for a much greater percentage of the overall market. Its advent is not unlike other storage innovations where market leadership was not necessarily determined by a technology capability, but rather the true achievable business benefits brought about by the entire solution.

Record Management  Backup Policy

Storage is more than a mainframe peripheral and as such has a profound impact on the entire IT industry and IT budgets in particular. Vendors are now poised to make a major impact by illuminating a series of expensive problems within storage environments caused by an endless array of duplicate data sprawl. CIOs and IT professionals now realize they do not have to keep buying more and more storage capacity as there are more efficient ways to store and manage information - especially in secondary storage environments.

- more info



ITSM is part of the necessary infrastructure cost of IT

01/07/2010 

IT Service Management and technical support of customers is still seen by many organizations as a necessary evil, one of the many costs of doing business. And while providing support does add a line to your balance sheet, it also creates a multitude of opportunities to cultivate relationships that maintain your customer base and even grow it.

IT Infrastructure, Strategy, & Charter TemplateIT Service Management SOA Change Control

The crux of the matter is this: Technical support should no longer be perceived as a pricy "fix-it shop around back"; technical support has grown into a revenue-generating, company-strengthening powerhouse right in the heart of the organization. With the right tactics and technology, your support center can realize its full potential by becoming an essential, strategic component of your organization's success. Just as a surgeon needs the proper tools to perform operations, so, too, must support center representatives have the proper tools to get their jobs done efficiently and cost-effectively.

- more info