IT Productivity CenterXML News Feed
 

Join Our Email List
Email:  

IT Salary Survey

Audit


Are you paying too much or too little to your information technology staff? Are you earning what you're worth? Whether employer or employee, it is important to know what other companies are paying in total compensation for a similar position in your area. Learn how your company compares in the area of compensation. More...

Job Descriptions

Job Descriptions

 

The IT job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide® were completed in 2009 and contains over 600 pages; which includes sample organization charts, a job progression matrix, and over 220 job descriptions. More..

IT Infrastructure

Change Management

 

With the explosion of technology into every facet of the day-to-day business environment there is a need to define an effective infrastructure to support operating environment; have a strategy for the deployment and technology; and clearly define responsibilities and accountabilities for the use and application of technology. More...

IT Hiring Kit

Hiring Kit

 

Building the IT Staff your company needs to succeed requires offering the right jobs at the right salary levels. Only the IT Hiring Resource Kit provides the industry-standard job descriptions and up-to-date salary data you need to recruit top talent as effectively and efficiently as possible. More..

Newsletter HomePrior Newsletter

Issue: Volume 12 Number 12

November 18, 2009  

Janco Identifies areas where budget cuts could impact data security

CIOs and CSOs must adjust to new realities

 

With the emphasis on budget cuts, increased data sensitivity, and data security breaches the CIO and the CSO need to adjust their priorities and more effectively manage to avoid issues that could put IT and the enterprise in a bad light.   Security Manual

Janco has reviewed over 100 instances of security and data breaches and found a number of core factors why these continue to occur.  They are:

  • Data volumes and velocity of change are increasing at an exponential rate - Even in the economic downturn in most enterprises data volumes are increasing. Implementing standard security standards is resource-intense and one that most IT departments are not staffed to do.

  • Information Technology (IT) Departments are reactive not proactive - CIOs are reluctant to invest their increasingly stretched resources in deploying complex enterprise level infrastructure at the expense of delivering strategic value to the organization.  Many CIOs tend to respond to problems after the fact versus identifying solutions before a problem occurs.

  • User do not want to change or add processes - There is a wariness about deploying yet another set of rules and tasks to follow on each Smartphone, desktop, and laptop that might interfere with doing the users job by adding procedures, hogging processor cycles, requiring frequent updates, and slowing down the user as they try to do their jobs.

  • Complexity of security compliance - Devising and implementing a comprehensive, viable security policy may get in the way of traditional business practices, requiring the involvement of not just IT but also human resources, finance and legal teams, and business unit managers.

  • Addressing 20% of the problem versus the 80% - Many enterprises focus on intentional data leakage, when in reality most data leakage occurs when there is a lapse and simple proactive steps like enciphering sensitive files on laptops and seeing that only those individuals that need sensitive information have it could have prevented the problem in the first place.

Read on....

In This Issue

Janco Identifies areas where budget cuts could impact data security

Record Management

Security Audit Program

Record Management

Record Management Retention and Disposition Policy

Template comes in MS WORD format and is easily modified to meet the needs of enterprises of all sizes.  It comes with a dozen forms which can be used immediately to create a record retention and disposition schedule.

Download Sample....

Security Audit Program

Security Audit Program

The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO27001 and ISO27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

Read on...