Tool Kits -- CIO CTO Tools
IT-ToolKits.com is the resource site for Information Technology management. This site contains the Information Technology and management infrastructure tools that the CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Descriptions, IT Service Management, Change Control, Help Desk, Service Requests, SLAs - Service Level Agreements, and Metrics. Site includes Browser and Operating System Market Share White Paper and IT Salary Survey Data.
Disaster Recovery Templates are Sarbanes Oxley compliant and the Disaster Recovery Template is included in the Sarbanes Oxley Compliance Kit
IT-Toolkits.com supports a wide range of industries and enterprises of all sizes. Our clients include over 2,500 premier corporations from around the world, including over 250 of the Fortune 500.
Security News Digest
Security News Digest
- Cybersecurity IT Pros are in short supply IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...
- Top 10 Data Security Risks for Cloud Storage There is tremendous anxiety about security risks in the cloud. CIOs and CSOs worry whether they can trust their users (both internal and external to...
- 10 Certifications for Cloud Professionals 10 Certifications for Cloud Professionals Hear are 10 certifications for Cloud professionals. Some are hardware and software specific and others are independent of hardware and...
- ERP Job Descriptions ERP Enterprise Resource Planning Job Description Bundle Released Janco has just released 15 Enterprise Resource Planning Job Descriptions in its ERP Job Description Bundle. ...
- IT Security Decision Process IT Security Decision Process The IDG Enterprise Role & Influence of the Technology Decision-Maker survey helps CIOs understand their evolving roles and influence in todays...
Business continuity objectives
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives exist? What are they used for? How are they set?
Purpose of business continuity objectives
Victor Janulaitis, the CEO of Janco Associates, said, "What gets measured gets managed.: The same goes for business continuity if you don't know how well you are doing, you will have a very difficult time steering your business continuity in the desired direction. And it is exactly this desired direction that is an essential part of measurement: setting the objectives.
Types of objectives
There are at least two levels for which you need to set objectives:
1) Strategic objectives for your whole Business Continuity Management System, and
2) Tactical objectives Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), Minimum Business Continuity Objectives (MBCOs), and exercising and testing objectives.
Of course, depending on the size and complexity of your organization, you can choose to add another layer of objectives e.g., at the level of individual organizational units (departments, business units, etc.)- more info
Using spreadsheets to manage risk is risky
Spreadsheets are universally loved. Why? Because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.
When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ticked the box and that risk is managed. Using spreadsheets and emails to manage risk, is a very risky approach.
Here are the main reasons that does not work:
- Lack of integrity spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation once it has happened, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light.
- No audit trail you cant easily check who changed what when. You have no guarantee of the provenance of data supplied, and you cant see how it may have changed over time.
- Deadlines missed spreadsheets dont have any workflows or processes built into them. So while someone may request a review, some information or an audit, if there is no response, there is no mechanism to highlight missed deadlines.
- No consistency with no formal structure, each time a new spreadsheet is set up the formatting will be different.
- Difficult to compile information risk management information could be held within hundreds of spreadsheets across the organization. Compiling them is a very long and arduous task.
Does it pay to get Certification
Certification a scam or a help?
Most of the certifications being sold to job seekers are unregulated, making it hard for individuals and employers to measure their worth. There are clear metrics on the size of the certification industry but there are estimates that less than 10% of the more than 4,000 personnel certifications that exist have been accredited by a third party.
Certifications porcesses and schools are a huge industry. There are courses and accreditation promoted and sold by professional associations, software vendors, commercial training companies, and even formal educational institutions. In some cases, professionals may end up spending several thousand dollars in pursuit of a certification. Demand seems to be high, with certification requirements often being mentioned in help-wanted ads.
Whether or not they pay may depend upon the types of jobs and levels of demand in a particular economic environment. For example, Janco Associates says that there are no appreciable premiums paid for certifications in recent years, especially when the recession set in around 2009. However, in the most recent quarter, the researchers say average pay premiums for IT certifications rose 1.5%in the third quarter of 2013 -- the largest quarterly gain since 2005 and the first time since 2006 that there has been two consecutive quarters of positive growth in pay for certifications.
Certifications are recognized as a badge of accomplishment in many industries, and Marte indicates that work in underway in some sectors to standardize these programs. Also, employer endorsements of programs is key.
In a competitive era when there is acute demand for highly qualified professionals in a range of areas, certification programs are a way to ensure more training and skills updates. Lifelong learning -- not education that stops on graduation day -- is essential to both working professionals and organizations. The skills that are in demand five years from may be entirely different than today.- more info
Password Security Tip
Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.more info