Tool Kits -- CIO CTO Tools
IT-ToolKits.com is the resource site for Information Technology management. This site contains the Information Technology and management infrastructure tools that the CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Descriptions, IT Service Management, Change Control, Help Desk, Service Requests, SLAs - Service Level Agreements, and Metrics. Site includes Browser and Operating System Market Share White Paper and IT Salary Survey Data.
Disaster Recovery Templates are Sarbanes Oxley compliant and the Disaster Recovery Template is included in the Sarbanes Oxley Compliance Kit
IT-Toolkits.com supports a wide range of industries and enterprises of all sizes. Our clients include over 2,500 premier corporations from around the world, including over 250 of the Fortune 500.
Chief Security Officer now a key role in many organizations
A few years ago, hiring a Chief Security Officer (CSO) would have been superfluous. However, as companies continue to expand their technological footprint, they are also more vulnerable to cyber attacks. Having a CSO on board is necessary to alleviate cyber-security risks.
Much of the challenge to hiring one comes from defining the CSO's role against that of the chief information officer's. Indeed, the job responsibilities of a CIO are quite different from those of a CSO. The common misconception is that the two positions would be adversarial, but the reality is they often collaborate.
CIOs ensure that the information-technology infrastructure enables employee functionality. They use technology to create efficiencies in the company. CSOs safeguard intellectual property or protect against data breaches. For the most part, the CSO helps C-suite executives make judgments by lending an independent voice to the discussion.
The main function of a CSO is to lower a company's risk in respect to the security compromises that can happen via a network. From a board-level perspective, CSOs give visibility to and quantify the risks in a company. Its helpful to have a role dedicated to those responsibilities, Carpenter says.
Typically, CSOs ensure there are adequate policies and procedures in place for cyber and physical security. Then, they assess the security risk relative to those policies and procedures. From there, they are responsible for identifying to the C-suite and the board those gaps in policies and procedures.
- more info
What is the cost of a business iinterruption?
Four steps that must be taken to determine if a business continuity plan is worth the investment are listed below. This will allow the organization to determine real dollar cost per downtime event, calculate acceptable data recovery points and return to operation goal. This data will then allow an organization to align itself to a particular disaster recovery organization(s) skill sets and capabilities.
- Conduct a Business Impact Analysis -- The first step is to conduct a business impact analysis. A BIA maps the interdependencies between each system (physical and virtual), application, and component with each business process and service provided. Based on the information collected in that process, a determination can be made on the consequences to the business as a result of disruption. This analysis should prioritize the importance of each process, application, and components in terms of cost to the business when they are no longer accessible. Those costs should include but are not limited to the following:
1. Lost productivity
2. Lost revenue
3. Complicance risk
4. Reputation loss
- Determine Recovery Time Objective -- The next step is to determine the Recovery Time Objective (RTO). RTO is the amount of time that a business process must be restored in order to meet Service Level Objectives (SLO) for the business. Organizations need to meet Recovery Time Objectives in order to avoid catastrophic consequences when a process or application continues to be unavailable. While system and component RTOs are important, the application RTO is what is important to the customer, whether internal or external. The RTO is established during the Business Impact Analysis portion of the Business Continuity Plan (BCP).
- Determine Recovery Point Objective - Next you need to determine the Recovery Point Objective (RPO). RPO is the amount of data loss that is acceptable for a certain time period as part of Business Continuity Planning (BCP). A certain amount of data loss for some processes is tolerable (i.e. a data entry clerk types data in manually to process sales orders, if the data entry clerk keeps the paper files for one day, then the RPO would be 24 hours). Recovery Point Objectives should be carefully planned for each process and application, as traditional backup and restore methods may not meet today's demanding business environments. Snapshot and replication technology enablers are needed in most environments to meet shrinking RPO time requirements. Calculate Cost of Downtime per Hour - How Much Does It Really Cost?
1. Labor cost per employee multiplied by percentage of employees affected by application or service interruption.
2. Average revenue per hour multiplied by percentage of revenue affected by outage.
Personalization is key to OmniCommerce
According to a recent study by IDG Research Services, personalization is recognized as a key differentiator among online businesses, for both e-commerce and non-commerce sites. Companies with an online presence are learning that they need to take action to learn more about their customers in order to increase customer loyalty, gain new followers and outshine the competition. More than 60 percent of the companies surveyed are prioritizing investments over the next year that will enable a more personalized Web experience.
There are several benefits companies can realize by creating a more personalized website experience. Cited by 69 percent of survey respondents, improved website engagement is at the top of the list. When businesses employ website personalization techniques, the visit becomes a two-way interaction. Instead of solely clicking or pushing his or her way through the site, the user is enticed or pulled through the site via personalization, thus increasing website engagement.
The second benefit, according to 62 percent of survey respondents, is improved brand image. Visitors think highly of businesses that anticipate their needs and appeal to their individual interests. Finally, coming in third and fourth, 44 percent of respondents cite improved lead generation and decreased customer or website abandonment rates.
In order to provide a personalized Web experience and realize these benefits, companies need information about their visitors. Yet there are gaps identified when it comes to the information companies are currently able to collect. These gaps primarily exist around location, which inhibits the ability to offer visitors a personalized Web experience.more info
Internert users are masking their identities
A Pew Internet and American Life study released last week showed that 86 percent of Internet users have made steps to remove or mask their identities online. Meanwhile, some companies are even trying to be open about their activities: Acxiom Corp., which collects and sells data about individuals to companies, just launched Aboutthedata.com, a site where Internet users can see and manage what Acxiom knows about them.
Generally speaking, fields such as statistics, computer science and the hard sciences dont teach ethics. There are privacy concerns, such as how much corporations and the government should know about individuals . But software engineers are taught about the elegance or the mathematical beauty of the thing that theyre building, not how it will affect peoples lives.
A computer science professor at the University of Illinois at Urbana-Champaign, says that she teaches her students how to sample data ethically and protect subjects in academic studies. For example, in a Facebook study, the researcher should replace all the participants names, all their friends names and all their friends of friends names with numbers.
If you do these large social network studies, you dont have what they call participant-informed consent. Lets say I have you in one of my Facebook studies, and youre coming to my lab and we are analyzing the strength of the connections between you and your friends. Im getting information about your friends and their friends without their consent. Its a very, very ethically sensitive area.
Many ethics guidelines come from the Belmont Report, created in 1978 to protect human research subjects. It requires universities that receive funding from the government to have whats called an Institute Review Board perform an ethics review of proposed studies involving human subjects.
If academics find that big data allows them to obtain more information than they would be able to gather when dealing with subjects in person, imagine what companies like Google and Facebook know. They are forming their own policies, which tend to be that you pay for a service, particularly a free service, by giving up some privacy. The fact people are so used to this may be why, after the initial shock over the NSA news, many people effectively shrugged. According to a Washington Post-ABC poll in late July, 58 percent said they support this intelligence gathering in the effort to identify potential terrorists, compared to 39 percent opposed.- more info
10 questions that need answers in an interview
In the inerview process a uniform front is important.. Before you start recruitng you should have answers prepared for questions like the following:
- Are responsibilities for this job completely defined?
- How would you describe the someone who is successful in that role?
- What is it like working at the company?
- How are responsibilities defined within the team that this position is in?
- How would you describe a typical week/day in this position?
- Is this a new position? If not, why did the previous employee leave?
- Is travel expected?
- Is relocation a possibility?
- What is the typical work week like?
· Will there be overtime?- more info