Get Exclusive
White Papers
Follow Us TwitterFollow Us FacebookFollow Us Blog Janco RSS FeedGoogle Plus

CIO, CTO, CSO, IT Service Management, IT Job Description, Sarbanes Oxley, and IT Salary News

CIO - CTO - CSO News

Top 10 Lists for Disaster Recovery and Business Continuity

Disaster Recovery
  1. Top 10 tips for Disaster Recovery in a Small Business – best way to protect your data Disaster Recovery for a Small Business Baseline for best practices defined in Janco’s Disaster Recovery Business Continuity Template. As requirements for avoiding downtime become increasingly...
  2. Top 10 Disaster Recovery Best Practices As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
  3. 10 Commandments of Disaster Recovery and Business Continuity 10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
  4. violates 10 commandments of business continuity plan fails business continuity plan non-functional Failed Business Continuity – This morning about 2:00 AM MST one of the largest providers of cloud services went down. ...
  5. 10 tips for surviving a natural disaster Failing to prepare for a natural disaster is not an option for businesses. That’s because 75 percent of companies without business continuity plans fail within...

 Order Disaster Plan TemplateDisaster Plan Sample

- more info

Security is key to keeping cybercriminals at bay

To catch a sophisticated cybercriminal in today's age, IT departments must look deeper into their web traffic and examine many sources of information about web visitors and sessions to determine what behavior is typical and what is not. Existing solutions for detecting and analyzing online criminal behavior usually identify either pre-authentification threats , or post authentification threats (fraud products) but unfortunately not both.

Security Manual Purchase Options

Order Security Manual
Sample DRP
- more info

Security News Digest

Security Manual

Security News Digest

  1. Cybersecurity IT Pros are in short supply  IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...
  2. Top 10 Data Security Risks for Cloud Storage  There is tremendous anxiety about security risks in the cloud. CIOs and CSOs worry whether they can trust their users (both internal and external to...
  3. 10 Certifications for Cloud Professionals  10 Certifications for Cloud Professionals Hear are 10 certifications for Cloud professionals.  Some are hardware and software specific and others are independent of hardware and...
  4. ERP Job Descriptions  ERP – Enterprise Resource Planning Job Description Bundle Released Janco has just released 15 Enterprise Resource Planning Job Descriptions in its ERP Job Description Bundle. ...
  5. IT Security Decision Process  IT Security Decision Process The IDG Enterprise Role & Influence of the Technology Decision-Maker survey helps CIOs understand their evolving roles and influence in today’s...
Order Security ManualSample DRP
- more info

Business continuity objectives

Disaster Plan

Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives exist? What are they used for? How are they set?

Purpose of business continuity objectives

Victor Janulaitis, the CEO of Janco Associates, said, "What gets measured gets managed.: The same goes for business continuity – if you don't know how well you are doing, you will have a very difficult time steering your business continuity in the desired direction. And it is exactly this desired direction that is an essential part of measurement: setting the objectives.


Types of objectives

There are at least two levels for which you need to set objectives:

1)  Strategic objectives – for your whole Business Continuity Management System, and

2)  Tactical objectives – Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs),  Minimum Business Continuity Objectives (MBCOs), and exercising and testing objectives.

Of course, depending on the size and complexity of your organization, you can choose to add another layer of objectives – e.g., at the level of individual organizational units (departments, business units, etc.)

- more info

Using spreadsheets to manage risk is risky

Spreadsheets are universally loved. Why? Because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.

When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed.  Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that does not work:

  • Lack of integrity – spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation once it has happened, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light.
  • No audit trail – you can’t easily check who changed what when.  You have no guarantee of the provenance of data supplied, and you can’t see how it may have changed over time.
  • Deadlines missed – spreadsheets don’t have any workflows or processes built into them. So while someone may request a review, some information or an audit, if there is no response, there is no mechanism to highlight missed deadlines.
  • No consistency – with no formal structure, each time a new spreadsheet is set up the formatting will be different.
  • Difficult to compile information – risk management information could be held within hundreds of spreadsheets across the organization.  Compiling them is a very long and arduous task.
Threat Vulnerability AssessmentDownload Threat Assessement
- more info

Does it pay to get Certification

Certification a scam or a help?

Most of the certifications being sold to job seekers are unregulated, making it hard for individuals and employers to measure their worth. There are clear metrics on the size of the certification industry but there are estimates that less than 10% of the more than 4,000 personnel certifications that exist have been accredited by a third party.

Salary Survey Job Descriptions IT Hiring Kit Interview Guide

Certifications porcesses and schools are a huge industry.  There are courses and accreditation promoted and sold by professional associations, software vendors, commercial training companies, and even formal educational institutions. In some cases, professionals may end up spending several thousand dollars in pursuit of a certification. Demand seems to be high, with certification requirements often being mentioned in help-wanted ads.

Whether or not they pay may depend upon the types of jobs and levels of demand in a particular economic environment. For example, Janco Associates says that there are no appreciable premiums paid for certifications in recent years, especially when the recession set in around 2009. However, in the most recent quarter, the researchers say average pay premiums for IT certifications rose 1.5%in the third quarter of 2013 -- the largest quarterly gain since 2005 and the first time since 2006 that there has been two consecutive quarters of positive growth in pay for certifications.

Order Salary Survey    Free Salary Survey

Certifications are recognized as a badge of accomplishment in many industries, and Marte indicates that work in underway in some sectors to standardize these programs. Also, employer endorsements of programs is key.

In a competitive era when there is acute demand for highly qualified professionals in a range of areas, certification programs are a way to ensure more training and skills updates. Lifelong learning -- not education that stops on graduation day -- is essential to both working professionals and organizations. The skills that are in demand five years from may be entirely different than today. 

- more info

Password Security Tip


Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info

CIO Best Practices Digest

CIO Best Practices Digest

  1. Top 10 issues for CIOs in 2014 Top 10 issues for CIOs in 2014 The top 10 issues that CIOs need to address in 2014 are driven by the current economic and...
  2. Top 10 CIO Leadership and Management Traits CIOs and IT Managers who are successful have some common leadership  and management traits Are one of the people and able to get their hands...
  3. Top 10 Things a CIO Needs to Add Value  Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
  4. Top 10 CIO Productivity and Budgeting Issues  CIO – Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
  5. CIOs Drive Enterprise Management Processes  IT Infrastructure is key to CIOs leading enterprises in their management processes CIOs and other members of the IT management team could be the reason...
Order CIO Job Description
- more info

Chief Security Officer now a key role in many organizations

A few years ago, hiring a Chief Security Officer (CSO) would have been superfluous. However, as companies continue to expand their technological footprint, they are also more vulnerable to cyber attacks. Having a CSO on board is necessary to alleviate cyber-security risks.

Job DescriptionsMuch of the challenge to hiring one comes from defining the CSO's role against that of the chief information officer's. Indeed, the job responsibilities of a CIO are quite different from those of a CSO. The common misconception is that the two positions would be adversarial, but the reality is they often collaborate.

CIOs ensure that the information-technology infrastructure enables employee functionality. They use technology to create efficiencies in the company. CSOs safeguard intellectual property or protect against data breaches. For the most part, the CSO helps C-suite executives make judgments by lending an independent voice to the discussion.

 BuyTable of Contents

The main function of a CSO is to lower a company's risk in respect to the security compromises that can happen via a network. From a board-level perspective, CSOs give visibility to and quantify the risks in a company. It’s helpful to have a role dedicated to those responsibilities, Carpenter says.

Typically, CSOs ensure there are adequate policies and procedures in place for cyber and physical security. Then, they assess the security risk relative to those policies and procedures. From there, they are responsible for identifying to the C-suite and the board those gaps in policies and procedures.


- more info

What is the cost of a business iinterruption?

Four steps that must be taken to determine if a business continuity plan is worth the investment are listed below. This will allow the organization to determine real dollar cost per downtime event, calculate acceptable data recovery points and return to operation goal. This data will then allow an organization to align itself to a particular disaster recovery organization(s) skill sets and capabilities.

 Order Disaster Plan TemplateDisaster Plan Sample

MTO Disaster Timeline

  • Conduct a Business Impact Analysis -- The first step is to conduct a business impact analysis. A BIA maps the interdependencies between each system (physical and virtual), application, and component with each business process and service provided. Based on the information collected in that process, a determination can be made on the consequences to the business as a result of disruption. This analysis should prioritize the importance of each process, application, and components in terms of cost to the business when they are no longer accessible. Those costs should include but are not limited to the following:
        1. Lost productivity
        2. Lost revenue
        3. Complicance risk
        4. Reputation loss
  • Determine Recovery Time Objective -- The next step is to determine the Recovery Time Objective (RTO). RTO is the amount of time that a business process must be restored in order to meet Service Level Objectives (SLO) for the business. Organizations need to meet Recovery Time Objectives in order to avoid catastrophic consequences when a process or application continues to be unavailable. While system and component RTOs are important, the application RTO is what is important to the customer, whether internal or external. The RTO is established during the Business Impact Analysis portion of the Business Continuity Plan (BCP).
  • Determine Recovery Point Objective - Next you need to determine the Recovery Point Objective (RPO). RPO is the amount of data loss that is acceptable for a certain time period as part of Business Continuity Planning (BCP). A certain amount of data loss for some processes is tolerable (i.e. a data entry clerk types data in manually to process sales orders, if the data entry clerk keeps the paper files for one day, then the RPO would be 24 hours). Recovery Point Objectives should be carefully planned for each process and application, as traditional backup and restore methods may not meet today's demanding business environments. Snapshot and replication technology enablers are needed in most environments to meet shrinking RPO time requirements. Calculate Cost of Downtime per Hour - How Much Does It Really Cost?
        1. Labor cost per employee multiplied by percentage of employees affected by application or service interruption.
        2. Average revenue per hour multiplied by percentage of revenue affected by outage.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info