Home
Search
Templates Kits
Salary Survey
HandiGuides
Job Descriptions
Policies
Compliance
White Papers
Update Service
Bundles
CIO Infrastructure
Promotions

 

IT Management Template SuiteIT Management Template Suite

Special Offer
Save  $2,500 to $6,500

You can order the IT Management Template Suite which contains all of Janco's templates, white papers, policies, and procedures.   

We can process purchase orders as long as we have a copy of a purchase order or a letter on company stationary with the signature of an individual who is authorized to purchase items of this magnitude. 

There is a company license for each item which allows you to to place the product on your enterprise's INTRANET (not INTERNET) and they can be shared by groups/ divisions/data centers within a single Country / DUNS number.  

If you order the update service at the same time you will receive that service for 18 months for the cost of just 6 months.  That is a full extra year of service.

This is the best offer that we have ever made or will make on the FULL IT Management Template Suite.

IT Manager Management Tools

The products that are included in the IT Management Template Suite are:

  • Disaster Recovery Template
  • Security Manual Template
  • IT Salary Survey
  • IT Salary Survey 10 year comparative study
  • Functional Specification Template
  • Safety Program Template
  • IT Infrastructure, Strategy & Charter Template
  • IT Service Management Template
  • Practical Guide IT Outsourcing
  • Client Server Management HandiGuide
  • Internet & IT Position Descriptions HandiGuide
  • Metrics for the Internet & IT HandiGuide
  • Internet & PC Workstation Polices & Procedures
  • Business & IT Impact Questionnaire
  • Threat & Vulnerability Assessment Tool

CIO Management Tools

IT Salary Survey  IT Hiring IT Job Descriptions IT Salary Survey  Sarbanes Oxley Compliance Tool Kit  Information Technology Service Management ITSM - Change Control, Help Desk, and Service Request

Job Descriptions IT Salary Data Outsourcing Guidelines Outsource procedures IT Infrastructure, Strategy, & Charter Template safety Program Template

 

CIO Management Tools

 

 

 

CIO and CTO Management News



Managing Productivity and Costs in a Turbulent Economy

There have been unprecedented events in the global markets that will have a profound impact on enterprises of all types. Enterprises need to take proactive measures to mitigate the risk of coming under severe financial pressure themselves.

IT Internet Metrics
Is traditional "cost cutting"really the answer? Cost reduction is a promising solution to sustain profitability for nearly all organizations. However, the key to success is finding creative ways to prevent costs.

Metrics are the way we see it.  Metrics based solutions allow enterprises to improve their understanding of the key drivers of profitability and enable them to develop a cost redistribution program that will ensure long-term financial viability. It is critical to identify the areas where cost can be eliminated or reduced and to create and implement a formal cost review process.

Enterprises of all types are feeling the pressure as customers' disposable income decreases while trying to keep up with higher costs of living. Over the last several years, cost management strategies have become the focus of executive management due to global economic challenges.

These external drivers of cost management include:

  • Marketplace Competition - competitors providing similar products at lower prices
  • Recession Fears - less cash flow in the marketplace
  • Rising Production Costs - increasing cost of energy and material
  • Inflation - declining value of currency and/or rising prices of goods and services
    Increased
  • Investors and Boards of Directors Pressures - missed revenue targets, mergers and acquisitions
- more info


ITSM Metrics

IT Service Management Metrics are defined in the ITSM Template.

ITSM Metrics

IT Service Management is possible only with client and IT agreement that service is being delivered.  The ITSM SOA Template is the perfect solution.

- more info


Setting Priorities With Tight Budgets

Meet with each user groups executives and ask them if they could get only one project done, what it would be. The rule for the discussion: They describe their projects in terms of business change, not in terms of software requirements ("We need to improve productivity in the warehouse by picking items more efficiently," not "We need an inventory picking system enhancement.")

IT Infrastructure Strategy Charter ISONext, call a meeting with your business analysts. Walk them through the full list, then parcel out the requests based on each analyst's expertise and ability to get along with the various execs. In this discussion, let them know you're looking for quick solutions that are good enough, not elegant solutions that will withstand the test of time. Their job is to figure out how to get each exec most of the improvement they're looking for and quickly, not all of the improvements they'd like done the "right way."

This means that if a twice-a-day batch extract into Excel file works, there is no need to create a real-time SOA-driven interface. It means that a once-a-night dump-and-load into Excel might be a better answer than enhancing the data warehouse and its business intelligence interface.

It might mean nothing more than teaching their staff how to assign tasks to each other using plain-vanilla existing software, instead of deploying a full-blown, enterprise-scale integrated project management solution.

- more info


CIO Need to Hire and Develop IT Staff

IT Job DescriptionsSuccessful CIOs are utilizing sophisticated, aggressive hiring tactics to acquire the most desirable personnel wherever they may be, while at the same time putting extensive emphasis on retaining and developing internal talent.

This is not easy given the current economic situation.  Developing an adequate in-house talent pool demands more than a simple training program for employees' development. Establishing a strong, predictable internal talent pipeline requires:

  • Clarity of role and expected performance
  • Management of employees at every level
  • Guided training, education, and career planning
  • Assignment of eligible staff to the most exciting projects to motivate them and ensure a satisfying work experience
- more info


IT Metrics Key to Success in Troubled Times

IT MetricsYou cannot manage what you do not measure. In addition, once you measure you modify behavior. Yet many organizations do a very poor job (or no job at all) of measuring the business value of their IT investments; but maximizing the business value of IT investments is the primary objective of good IT governance. A number of formal measurement methodologies exist for measuring the business value of IT. Simple ROI or other financial metrics are not good enough. By employing a consistent, repeatable, credible methodology, that both the business users and IT are held accountable for and that measures projected business value as well as the actual value delivered, organizations can significantly improve their IT investment returns.

Many IT organizations are under increasing pressure from the board of directors, executive management, and business unit managers to demonstrate and improve the business value of their IT investments. However, IT organizations still struggle to measure business value. Many of the attempts to do so have been focused on ROI measures at the front end as part of developing a business case for the IT portfolio’s proposed investments - but these are only estimates of expected business value. Actual delivered business value can only be measured by taking a life-cycle approach, working with the business to measure actual benefits after the project is complete.

Firms that strive for best practice in IT portfolio management need to apply a credible standard methodology across the enterprise to measure the business value of investments, both when proposed and when delivered. The good news is that a number of IT value methodologies have emerged that can be employed in the portfolio management process. The key is to adopt one and begin using it.

- more info


IT Strategy is Based on a Grounded Infrastructure

If companies are going to grow into entities that are truly greater than the sum of their parts, they need to respond faster and smarter to market challenges with better decision-making capabilities. One vital concern, which is often overlooked in discussions of information visibility, is the need for stringent alignment of departmental objectives with corporate strategy.

IT Strategy and CharterBusiness activity alignment is the ability to take your theories and put them into practice - in essence, taking the strategic plan and translating it into tactical steps. This results in more clearly defined executive roles, as well as an enhanced ability to leverage technology towards growth.

Additional business benefits include achieving a balance of cost and investment towards organizational goals; a balance between internal limits and external growth; enhanced collaboration for better decisions and departmental alignment; and a 360-degree view of customers for better customer experiences as well as marketing and sales efforts.

To ensure alignment, management should focus on the development of a common set of metrics within the organization, which naturally requires a common set of definitions. Typically, different parts of the organization develop metrics specific to themselves and their purposes - resulting in a lack of consistency in reporting and an inability to aggregate information to senior management. According to a 2007 report 57 percent of companies do not have a common set of metrics to work with.

The challenges become apparent when management tries to aggregate departmental information to make enterprise decisions. A lack of consistent definitions and metrics makes it particularly difficult for management to determine which way alignment needs to tilt, if at all. One caveat: small and midsize companies must strike a balance between letting groups identify and define the best metrics for themselves versus defining metrics in the best interests of the organization as a whole.

The result of strict alignment of activities with corporate strategy is that individual departments are no longer paying lip service to the business plan; instead, it serves as a coherent action plan, with all cogs working toward the same objective instead of grinding the machine to a halt.

- more info


Secuitiy Audit Starting Points

When conducting a security audit there are some common areas that should be reviewed.  Included are:

  • Computer and network passwords. Is there a log of all people with passwords (and what type). How secure is this ACL list, and how strong are the passwords currently in use?
  • Emails. Are spam filters in place? Do employees need to be educated on how to spot potential spam and phishing emails? Is there a company policy that outgoing emails to clients not have certain types of hyperlinks in them?
  • Physical assets. Can computers or laptops be picked up and removed from the premises by visitors or even employees?
  • Records of physical assets. Do they exist? Are they backed up?
  • Data backups. What backups of virtual assets exist, how are they backed up, where are the backups kept, and who conducts the backups?
  • Logging of data access. Each time someone accesses some data, is this logged, along with who, what, when, where, etc.?
  • Access to sensitive customer data, e.g., credit card info. Who has access? How can access be controlled? Can this information be accessed from outside the company premises?
  • Access to client lists. Does the website allow backdoor access into the client database? Can it be hacked?
  • Long-distance calling. Are long-distance calls restricted, or is it a free-for-all? Should it be restricted?
- more info


Government Computers Hit by Virus Attack

WASHINGTON (AP) - Law enforcement computers were struck by a Mystery computer virus, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution.

The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem.

"We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," said FBI spokesman Mike Kortan. He did not elaborate or identify the other agencies.

Marshals spokeswoman Nikki Credic said the agency's computer problem began Thursday morning. The FBI began experiencing similar problems earlier.

"At no time was data compromised," said Credic. The type of virus and its origin were not determined.

In addition to their external networks, most federal law enforcement agencies have an internal-only network to prevent cyber-snoopers from sensitive data.

In this incident, the Marshals Service shut down its Internet access and some e-mail while staff worked on the problem.

- more info


Productivty Improvements Will Drive IT's Future Growth

Microsoft CEO Steve Ballmer told developers in India that growth will come from higher productivity and innovation when the economy begins to recover. It is not clear when that recovery will take place but he added that the IT industry will have a starring role to play in that recovery as customers focus on improving productivity and innovation.

According to Ballmer, the global economy is being "reset" in a "once in a lifetime" type of economic change. IT accounts for 50% of capital expenditure in the U.S.

- more info


CIOs Change Focus of Staffing Requirments

With the recent changes in the economy, many CIO are focusing staffing requirements on factors like:

  • .NET, Java, PHP   - It is not enough to know the core languages. As projects encompass disparate functionality, IT professionals need to know the big 3 of Web 2.0.
  • Rich Graphical Internet Applications - Flash is suddenly being used for more than just animations of politicians singing goofy songs. Flash has also sprouted additional functionality in the form or Flex and AIR. Flash's competitors, such as JavaFx and Silverlight, are also upping the ante on features and performance. To make things even more complicated, HTML 5 is incorporating all sorts of functionality, including database connectivity.
  • Web Based Application development - Management is demanding more and needs staff who really knows how to work with the underlying technology at a "hand code" level.
  • Web services - IT groups who cannot work with Web services will find themselves relegated to legacy and maintenance roles.
  • People skills - Developers are being brought into more and more non-development meetings and processes to provide feedback. For example: the CFO cannot change the accounting rules without working with IT to update the systems; an operations manager cannot change a call center process without IT updating the CRM workflow. IT groups that can meet these challenges will be much more valuable to their employers - and highly sought after in the job market.
  • New programming languages - Languages like Ruby, Python, F#, and Groovy are not mainstream –  but the ideas in them are. For example, the LINQ system in Microsoft's .NET is a direct descendent of functional programming techniques. Both Ruby and Python are becoming hot in some sectors, thanks to the Rails framework and Silverlight, respectively.
  • Flexible Methodologies - Many CIO are either adopting flexible SDM or running proof-of-concept experiments. IT groups with a proven track record of understanding and succeeding in a flexible SDM environment is a critical success factor.
  • Enterprise Operational knowledge - Hand-in-hand with flexible SDM methodologies, development teams are increasingly being viewed as collaborators in the definition of projects. This means that IT groups who understand the enterprise problem are able to contribute to the project in a highly visible, valuable way.
  • Change Control and IT Service Management -  Thanks to the development of new, integrated stacks, like the Microsoft Visual Studio Team System, and the explosion in availability of high quality, open source environments, organizations without these tools are becoming much less common.
  • Mobile development - In 2008, mobile development left the launch pad, and over the next five years, it will become increasingly important. There are, of course, different approaches to mobile development: Web applications designed to work on mobile devices, RIAs aimed at that market, and applications that run directly on the devices. Regardless of which of these paths you choose, adding mobile development to your skill set will ensure that you are in demand for the future.
- more info


Rules of Engagement for Implementation of Social Networks

Rules of Engagement for Corporate Implementation of Social Networks

  1. Try out the applications - A first step is to see the features and functions the existing social networks.  This includes:
    • Blogger
    • Facebook
    • Linkedln
    • Twitter
    • UTube
    • Wikipedia

This is like the PC explosion of the 70s and 80s.  If the technology group does not set rules and standards, the user community will take it upon themselves to integrate consumer apps into their work lives. 

You may find it useful to try out social networking with a low-cost pilot. Many open source tools are widely available to experiment with. Another option is hosted applica­tions, which are easy to get up and run, and usually offer a small number of corporate li­censes at a very low price.

  1. Set Modest Expectations - Do not promise management that and enterprise social network will unleash, ignite, or change the way things are done.  Sell a project as a pilot, with the option to walk away after a quarter or two if it does not work out.  Set reasonable goals for user adoption, and focus your initial deployment on a few groups that are eager for social networking tools.  Establish pragmatic metrics and measure business value. This will be the basis for an ROI analysis for senior management's approval prior to rollout.
  2. Do not Let Fear Strangle Growth - Many enterprises are wary of open social networks because they do not know what the networks will evolve to. Some executive management worries that em­ployees will overdo the "social" aspects of these applications. 

    CIOs are tempted to police employee-generated content, either through monitoring or pre-approving posts. Resist that temptation; it will have a chilling effect on participation. Employees need time to grow comfortable with speaking up, sharing ideas, and participating in company-wide conversations. A social networking project will likely wither before it has a chance to grow if people fear the thought police.
  3. Develop Open Social Networks - CIO and CFO have a tendency to control and push to build gated networks, but that approach defeats the purpose of a social network.
  4. Build a Search Capability From Day One - a poor index and search engine makes the social applications less useful.  A primary requirement is to have strong "Google type" search capabilities and road maps.  Allow for user-generated feedback such as tags and content-rating sys­tems, because the point of social networking in business is to let people provide input into the relevancy of content and people.
  5. http://www.it-toolkits.com/Security.htm - Have the ability to integrate existing data but balance that with security and sensitive information policies and procedures.
- more info


Disaster Recovery / Business Continuity is Not the Place to Cut Costs

In today's business environment, many enterprises are looking for way  to reduce their expenses by cutting overhead. Often this takes the form of reducing headcount, particularly in areas that are regarded as ancillary or non-core components of the enterprise.

Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity  team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.

Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.

Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.

- more info


Controlling Costs Driven by IT Infrastructure

There have been significant improvements in the tools available to support IT systems and improve the efficiency of IT help desks. In the area of enterprise wide applications or datacenter support services, vendors are increasingly looking to proactive and preventive support tools and utilities to provide the high-value support services required to avoid costly downtime situations. This technology, if deployed correctly, can accelerate a shift away from reactive maintenance to proactive and preventive support services, which can improve the efficiency of the current internal IT support staff, thus reducing the amount of time and resources that need to be dedicated to supporting the current environment.

  • Virtualization  Virtualization can provide enterprises with immediate cost avoidance as it can improve the utilization of the IT infrastructure.
  • Help  desk Automated tools can help in the support and the remediation of problems. By deploying these tools, enterprise can optimize the size and the responsibilities of help desk personnel.
  • Support Portfolio Optimizing what is supported can provide enterprises with immediate cost savings.
- more info


Best Practices for Data Protection May Not be Enough

 A best practice solution for data protection is to use encryption to prevent the unauthorized from having access to information. However, encryption has a major weakness when it comes to information protection. When information has only been encrypted, once it is decrypted the authorized user cannot be prevented from doing whatever they like with the information. In fact, it is impossible for the sender of encrypted information to prevent its misuse by the authorized recipient. Therefore, while encryption controls are extremely valuable in some situations, they are not the answer to all the questions.

In addition, CIOs use access controls to try to protect information for which the IT group is the custodian. Access controls only really work inside the enterprise. Once you get outside the enterprise's network, it is almost impossible to maintain that control. Access controls were invented back in the mainframe era, they are simple, all or nothing limitations - read, write, append, delete, execute. They do not have the granularity control of a Digital Right Management (DRM) system. If you have access, then it is total and unmanaged.

- more info


Security policies for workstations become more complex

Many IT security policies require a multi-pronged approach to data security. For example, when setting up a new computer for a user, the IT department will require a BIOS (Basic Input/Output System) password for the system before the computer will start. BIOS password security varies in functionality. Some are computer system specific, meaning that the computer will not start without the proper password. Other BIOS passwords are hard disk drive specific, meaning that the hard drive will not be accessible without the proper password. Some computer BIOS employ one password for access control to the system and the hard disk drive. To add a second level of protection, new IT security policies require full hard disk drive encryption. The most common of full hard disk encryption software operates as a memory resident program. When the computer starts up, the encryption software is loaded before the operating system starts and a pass-phrase or password prompt is required. After a successful login from the user, the software decrypts the hard disk drive sectors in memory, as they are needed. The process is reversed when writing to the hard disk drive. This leaves the hard disk drive in a constant state of encryption. The operating system and program applications function normally, without having to be aware of any encryption software.

- more info


Audit and security requirements of business partners

Electronic data that is transferred between an enterprise and its business partners are considered business records and have specific audit and security requirement.  Included are:

  •  Ability to recover files from the archive log to ensure non-repudiation by partner
  • Ability to access audit trails to prove compliance
  • Ability to access weekly compliance reports for each partner
  • Facility to encrypt sensitive files in transit
  • Ability to support all security protocols used by all trading partners
  • Ability to control access by certifying partners for file transfer
- more info


Security is Driven by Shifting Trends

The Information Technology environment has changed significantl, as several trends have dictated the need for a more robust approach to corporate security policies, including:

  • A trend towards mobility of information,
  • Theft of IT assets arising from a proliferation of mobile devices,
  • Increasing data privacy and data security concerns, and
  • Regulatory compliance mandated by recent legislation.

These factors have made it necessary for network administrators to design and implement comprehensive security policies to keep pace with the changing IT landscape. Effective solutions for these multifaceted problems require a layered approach comprised of products, policies and procedures that can work in concert to provide organizations with the broadest security blanket available.

A missing computer can result in compliance and privacy issues that can be very costly for organizations that store confidential data, including enterprise, government, healthcare and educational institutions. There is a relationship between computer theft, regulatory compliance and data security. CIO and CSO must can combine policy, encryption, IT asset management and remote data deletion capabilities.

 

- more info


CIOs Do More With Less

Getting the most out of overworked and understaffed IT departments is a challenge. Now that we live in a period of economic turmoil, it is easily seen that most IT departments have to rise to the challenges of IT management with the existing number of people they have, or, more likely, even fewer.

SOA ITSMIT organizations can ill afford to waste precious IT staff resources on relatively mundane tasks. What is required is a structured approach and infrastructure to automating as many IT processes as possible, with an eye towards creating a set of processes for managing core technology assets that frees members of the IT staff to concentrate on activities that add more value to the business.

Many IT organizations are caught up in a cycle of IT service and support that is anything but efficient. In fact, an ad hoc approach to IT support that meets SOA guidelines and ITSM requirements more often than not leads to a demoralized IT staff that begins to resent having to repeatedly perform the same routing tasks.

With everything that is happening today, it is clear that any help in the form of additional IT personnel is not likely to come. That means that existing IT personnel have to find a different approach to supporting the needs of the business without compromising the quality of the services they provide.

With those goals in mind, it is critical for IT organizations to plan their approach for delivering IT services by utilizing tools that proactively solve problems and resolve issues before they first generate a trouble ticket, and inhibit end-user productivity.

- more info


Security Best Practices For Dealing with Terminated Employees

Security Best PracticesJanco recommends taking these steps to ensure that systems will be secure and data will be protected when employees exit:

  • Clearly and completely document each worker's access to the network, applications, servers and the physical building.
  • Shut down remote connections, including pcAnywhere systems and VPNs.
  • Invalidate usernames and passwords.
  • If the employee worked in IT, change root access and network access.
  • Shut down external access to the telephone system.
  • Make sure handhelds, smartphones and cell phones are turned in along with PCs and laptops.
  • Collect ID cards.
  • Use monitoring software to keep an eye on network traffic.
- more info


States Implement Data Security Regulations

Security Manual - Sarbanes-OxleyMassachusetts, Nevada, and New Jersey are in the process of imposing security regulations on businesses. In the case of Nevada, personal data must be encrypted if it is transmitted outside of a enterprise’s network. New Jersey is phasing in a set of data security mandates over a two-year period.

The most stringent is Massachusetts was written to apply to all organizations that handle the data of Massachusetts residents, whether the businesses are based in the state or not. The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has specified a long list of steps for protecting personal data and require companies to create wide-ranging internal security programs and policies. In addition, the OCABR defines personal data: as an individual's name along with his Social Security or driver's license number, or with a financial account number. In Nevada, bank and credit card numbers must also be accompanied by a PIN or password to meet the state's definition of personal data.

 

These regulations in these three states are expected to spawn a host of me-too measures in other states.

- more info