Enterprises have an enterprise wide security
policy;
Enterprises have enterprise wide
classification of data for security, risk, and business impact;
Enterprises have security related standards
and procedures;
Enterprises have formal security based
documentation, auditing, and testing in place;
Enterprise enforce separation of duties; and
Enterprises have policies and procedures in
place for Change Management, Help Desk, Service Requests, and changes to
applications, policies, and procedures.
To meet these needs the Sarbanes Oxley
Compliance Resource Kit, which comes in four editions (Standard, Silver, Gold,
and Platinum) contains:
Business & IT Impact Questionnaire Risk
Assessment Tool (all editions);
Safety Program Template (all editions);
Disaster Recovery Template (all editions);
Outsourcing guide update to reflect what you
vendors need to do (all editions);
Software tool to monitor key data files (all
editions);
Internet and IT Job Descriptions (Silver,
Gold, and Platinum Editions) and;
IT Service Management Template (Platinum
Edition) includes:
Service Request Policy and Standard
Help Desk Policy, Procedure, Standard, and
Service Level Agreement
Change Control Standard, Quality Assurance
Standard, and Management Workbook
Documentation Standard
Version Control Policy and Standard
Sensitive Information Standard
Blog and Personal Web Site Policy
Travel and Off-Site Meetings Security Policy
Internet, e-mail and electronic
communication Policy
.
Security Manual
The plan is 178 pages and includes
everything needed to customize the Internet and Information Technology
Security Manual to fit your specific
requirement. The electronic document includes proven written text and
examples for your security plan. View
The Table of Contents And A Few Pages
Disaster Recovery Plan (DRP)
This Disaster Recovery Plan (DRP) can
be used as a template for any enterprise. DRP is sent to you via e-mail in WORD
and/or PDF format. Included is a 13 page Business Impact Questionnaire
as well as a 3 page Job Description for the Disaster Recovery Manager. View a the Table of Contents and sample pages [Adobe PDF]
IT Job Descriptions
The 204 Internet and IT Position
Descriptions are in Word for Windows format. Includes positions
from CIO and CTO to Wireless and Metrics Managers.
View The Table
of Contents And A Few Pages
The
IT Service Management Template
The IT Service Management Template contains policies, standards, procedures
and metrics for Change Control, Help Desk and Service
Request processing. ITSM template also contains
several easy to implement forms and conforms
with ITIL. View The Table
of Contents And A Few Pages
Safety Program is 60 pages and includes
everything needed to customize the Safety Program to fit your specific
requirement. The Safety was updated in December of 2004 and
reflects the latest issues associated with the most recent
legislation (Sarbanes Oxley).
Network Administrators,
DRP
Coordinators, and Security Managers -
can use DiskMonitor (DSM) to view drive and
folder usage. Local drives as well as network shares are supported. UNC pathing and Drive$ shares are supported as well.
CIOs
face some of its greatest challenges they have ever had. All IT Managers are
under intense pressure to cut costs, and that pressure is significantly
increased by the current grim economic outlook. Everywhere CIOs look there is
study after study indicating that IT organizations are looking at reducing
headcount, as well as their overall spending in 2009. In addition, many business
areas are relying on IT more than ever before to help them deal with the
increased competition and reduced funding. This budget crunch creates a greater
need for improved efficiency and higher productivity.
IT Median Salaries January 2008 vs. June 2009
It seems counterintuitive in a time of budget tightening; companies
must continue to make strategic investments in IT. It is contrarian to think of
investing in IT when normal reflexes would cause a CIO to consider hunkering
down and focusing on survival until business conditions improve. Survival is
clearly important, but by making survival your primary focus, you risk missing
opportunities.
CIOs and IT organizations that position themselves for the eventual
upturn will look at IT as an enabler of business efficiency and growth. In fact,
in this turbulent economy, it becomes more critical to invest differently in IT.
The key is to invest in areas that really improve IT efficiency and discipline.
This focus will enable IT not only to survive this difficult financial period,
but also to quickly shift its profile toward enabling true business
growth.
Disaster Recovery Planning & Business Continuity Planning Quick Action Steps Defined
The must do
things that your company must do to make sure the disaster recovery and business
continuity plan will work when they are need are:
Distribute the disaster recovery and business continuity plan or a
HandiGuide® to all decision makers and key operating employees who
will need access to it when the event
occurs.
Define the chain of command with single leader but do not limit the
people who would have to implement the disaster recovery business continuity
plan when the event occurs if that leader is
unavailable.
Conduct frequent tests and address all areas where shortcomings are
found.
Conduct the tests in an unannounced mode
Validated that mission critical data is at sites other than the primary
data center
Establish a communication plan that can be implemented after the
disaster.
HandiGuide is a Janco Associates registered
trademark
U.S. adults have largely given up on manufacturing and traditional industries
as the focus of the U.S. economy, according to a joint Zogby 463 Interactive
survey. Instead, they see technology and the service sector as where the nation
should target its efforts.
That was one finding of a survey of 3,030 adults,
which also found people:
Increasingly dependent on and concerned about
uses of the Internet;
Optimistic that the U.S. will not lag behind the
rest of the world in recovering from this recession;
Ambivalent about the ability of the U.S. to
produce the next wave of technology innovators on the level of Microsoft
founder Bill Gates;
Overwhelmingly believing that the average
10-year-old knows more about the Internet than their Congressperson.
Compliance Impacts on Small and Mid-sized Companies are Great
Small and midsize companies are faced
a deluge of requirements and standards from government agencies, industry
groups, customers, suppliers, and employees. Companies of all sizes require full
visibility into these requirements, as well as into the resources they are
deploying to meet them.
The compliance
issues most commonly occur in reporting, auditing,
and brand image. Additional compliance efforts may be directed at meeting
industry terms (PCI-DSS), standards, and guidelines, as well as applicable
government mandated requirements. In addition, failure to meet standards for
quality, environmental friendliness, or social responsibility could damage an
organizationÂ’s brand in the marketplace.
The challenge businesses face is with
limited resources and infrastructure conflicts. Compliance often places a large
burden on small and midsize companies. Many of those organizations struggle to
keep their heads above water in their effort to find the resources to complete
the necessary paperwork - to say nothing of the auditing processes necessary to
avoid the heavy penalties of non-compliance, such as fines, work interruptions,
and seizure of assets.
Regulatory compliance, whether itÂ’s
the Sarbanes-Oxley Act (SOX) in the US, the Financial Instruments and Exchange
Law (also known as J-SOX) in Japan, CLERP 9 in Australia, the LSF in France, or
generally accepted accounting principles (GAAP), has placed a disproportional
burden on small and midsize companies compared to their larger brethren. In the
US, for example, SOX compliance has smaller companies nation-wide up in arms.
From the 2006 SEC Advisory Committee Report: “We believe that the problem of
improper scaling for smaller public companies has existed for many years, and
that the additional regulations imposed by the Sarbanes-Oxley Act only
exacerbated the problem and caused it to become more
visible.”
Many industries, in addition to
government authorities, impose standards and reporting requirements. Thus, small
and midsize companies need the capacity to back up their claims with a complete,
accurate view of information in a timely fashion.
With the complexity and breadth of
all these requirements, it is incumbent upon CIOs and CTOs to serve as
facilitators in order to reduce the overall organizational strain of standards
and compliance. Indeed, if the proper systems are in place for tracking and
reporting, it is possible to leverage compliance as a driver for improvement,
rather than an organizational burden. These improvements include credible
financial statements, high quality products and services, and shortened product
development lifecycles.
CIOs and CTOs support standards and
compliance by capturing and enforcing
industry standards, adapting standards to the companyÂ’s technology
infrastructure, provide real-time information, allowing management to track
performance, and implement need changes
quickly.
Disaster Recovery Planning is Required for Business Continuity Planning
Disaster Recovery Plans
are part of a larger, more extensive planning process known as
Business Continuity Planning. Disaster Recovery plans should be tested
frequently so that the as many individuals as possible are familiar with the
specific actions they will need to take when a disaster occurs. Disaster Recovery
plans must also be adaptable and updated frequently, e.g. if new people, a
new branch office, or new hardware or software are added to an organization they
should promptly be incorporated into the organization's disaster recovery plan.
Enterprises must consider all these facets of their organization as well as
update and practice their plan if they want to maximize their recovery after a
disaster.
Disaster Recovery and
Business Continuity Planning are the process an organization uses to recover
access to their enterprise operations; software, data, and/or hardware that are
needed to resume the performance of normal, critical business functions after
the event of either a natural disaster or a disaster caused by humans. While
Disaster Recovery and Business Continuity plans, or DRPs & BCPs, often focus on
bridging the gap where data, software, or hardware have been damaged or lost,
one cannot forget the vital element of work force that composes much of any
organization. A building fire might predominantly affect vital data storage;
whereas a pandemic or epidemic illness is more likely to have an effect on
staffing. Both types of disaster need to be considered when creating a Disaster
Recovery and Business Continuity Plans. Thus, enterprises should include in
their DRPs & BCPs contingencies
for how they will cope with the sudden and/or unexpected loss of key personnel
as well as how to recover their data.
When
Microsoft submitted a several-hundred-page written response to the EU allegations, it was also given
the June dates for a possible hearing. The company immediately asked the
commission to reschedule according to Microsoft. The commission refused and the
commission informed Microsoft that June 3-5 are the only dates that a suitable
room is available in Brussels for a hearing.
The dates
the commission selected for the hearing, June 3-5, coincide with the most
important worldwide intergovernmental competition law meeting, the International
Competition Network (ICN) meeting, which takes place in Zurich, Switzerland. As
a result, many of the most influential commission and national competition
officials with the greatest interest in the Microsoft case will be in
Zurich and will unable to attend the Microsoft hearing in Brussels.
As a
result, Microsoft said it had canceled an oral hearing set for early next month
over EU antitrust allegations that it "shields" Internet Explorer (IE) from
competition, saying that senior regulators won't be
attending.
Enterprises
choose SOA and ITSM to increase agility, simplify
their IT infrastructure, and reduce cost pressures. This can be difficult with
solutions that are delivered under a "closed source" model. According to
industry analyst Janco Associates, 82 percent of companies are using open-source
software, and the remaining 18 percent are expected to do so within the next few
years. Sun's philosophy of free and open-source licensing is not to necessarily
favor any one license or category of license but to make decisions that match
the project or community with the license that best supports it. In this way,
enterprises can truly have the best solution that fits their needs at any given
point in time.
Microsoft
has not yet disclosed the pricing for Windows 7's editions, although Microsoft
will reportedly offer free or discounted upgrades to users who buy Vista PCs after July 1. According
to those reports, people who buy Vista Ultimate after that date will be upgraded
to Windows 7 Ultimate.
Ultimate
Extras was one of the features Microsoft cited in the months leading up to the
early-2007 release of Windows Vista Ultimate to distinguish it from lower-priced
versions. A Windows Vista Ultimate extra was to provide regularly cutting-edge
programs, innovative services and unique publications only to Ultimate
users.
Many users
took Microsoft to task for too few add-ons and a too-slow release pace. The last
time Microsoft delivered Extras was in September 2008, when it released a puzzle
game, some sound effects and three screensavers.
Last
February, in fact, Microsoft announced that it would drop the concept from
Windows 7's Ultimate edition. MicrosoftÂ’s said that the new approach to planning
and building Windows does not have the capacity to continue to deliver features
outside the regular release cycle
Some have suggested that Microsoft give users a free upgrade to Windows 7
for Vista Ultimate owners.-
more info
Safety
Program Template
