XML Feed

Feed
Description

 

IT Hiring IT Job Descriptions Salary Survey

IT Salary Survey

IT Job DescriptionsInternet and IT
Position Descriptions HandiGuide®

220 Job Descriptions and Organization Charts

 

Executive Positions included are:

  • Chief Information Officer (CIO)

  • Chief Information Officer (CIO) – Small Enterprise

  • Chief Security Officer (CSO)

  • Chief Compliance Officer (CCO)

  • Chief Technology Officer (CTO)

  • Vice President Administration

  • Vice President Consulting Services

  • Vice President Human Resources

  • Vice President Information Services

  • Vice President Strategy and Architecture

  • Vice President Technical Services
     

The 220 positions include all of the functions within the IT group.  Click on the each group below to see a pop up window with the list of jobs included.

The 220 positions include all of the functions within the IT group.  They include:

  • Chief Information Officer (CIO)

  • Chief Information Officer (CIO) - Small Enterprise

  • Chief Security Officer (CSO)

  • Chief Compliance Officer (CCO)

  • Chief Technology Officer (CTO)

  • Director Disaster Recovery and Business Continuity

  • Director Electronic Commerce

  • Director Sarbanes-Oxley Compliance

  • Manager Data Security/Special Project Supervisor

  • Disaster Recovery Coordinator

  • Internet/Intranet Administrator

  • Manager Metrics

  • Metrics Measurement Analyst

  • Manager Wireless Systems

  • Webmaster

  • PCI-DSS Coordinator

  • Programmer

  • Object Programmer

  • Unix System Administrator

  • Windows System Administrator

Internet and IT
Position Descriptions HandiGuide®

220 Job Descriptions and Organization Charts

 


 
Format Print Modify Source Cut & Paste

Features

Cost**
PDF Yes No No The complete Internet and IT Position Descriptions HandiGuide which includes the 220 Job Descriptions in PDF formats which utilizes the Adobe search and bookmark features. Less than $4.07 each
Word
Files
Yes Yes Yes Individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD 2003 and WORD 2007)
Less than
$4.52 each
Word
Book
Yes Yes Yes Word Search Fully Bookmarked.  All job descriptions are contained in single word book - NOTE this is a complex document and the user needs to know WORD very well to extract and modify the individual job descriptions (WORD 2003 and WORD 2007) Less than $5.88 each  
PDF
and Word
Files
Yes Yes Yes The complete Internet and IT Position Descriptions HandiGuide plus individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD 2003 and WORD 2007) Less than $6.80 each

 

 

 

 

 

Employment News

 
IT Salaries Fall According to Janco -

Janco released its 2009 Mid Year IT Salary Survey which shows that overall pay has declined for IT Professionals in the past 18 months. Janco also found that demand is down for IT Professionals.  The CEO of Janco, Victor Janulaitis stated, "The current economic climate with its cost cutting mindsets, business closures, and extensive outsourcing has put such great pressure on the IT job market that overall pay has been impacted.  Added to that many 'baby-boomers' who had planned on retiring in the next few years are not leaving the job market and you have more potential employees than positions available."

IT Salaries

Janco has captured IT compensation statistics since 1996 and publishes its IT Salary Survey semiannually. The IT Salary Survey is based on Janco Associates, Inc. IT Professionals compensation database.  Compensation benchmark hiring and salary ranges are established for each position surveyed. In analyzing the study data, the upper and lower quartiles are eliminated to determine benchmark ranges. The benchmark ranges are then used to assess the alignment of a company's actual compensation to the marketplace for each job function. A summary of the most recent salary survey can be downloaded by visiting Janco IT Salary Survey at http://www.e-janco.com/Salary.htm.

- more info

    
CIO Salaries Fall -

The group of information- technology executives who are among the five highest-paid officers and those making over $1,000,000 per year at their companies has gotten smaller. The shift indicates that  salaries are falling in general and that technologists are being regarded more as functional workers than strategists.

Public companies are required to openly report compensation every year for their five highest-paid officers. Technology executives historically make a meager showing; typically, less than 6% of the Fortune 1,000 include them in proxy filings. Executives in more established roles - finance, operations, human resources - generally slip in ahead of information chiefs on the pay scale.

CIO Salaries Fall

Technology executives salaries are suffering from a backlash against overspending and a poor economy that has forced budget cuts.

Many CIOs and people who evaluate CIOs equate productivity with cutting the budget.  CIOs thought they would change the world and that the whole business depended on I.T. But now the pendulum has swung in the other direction.

- more info

    
Cutbacks Impact Fringe Benefits for IT -

Fringe Benefits Fall for IT Professionals

In preliminary results for the Janco 2009 Mid Year Salary Survey, Janco has found that fringe benefits like insurance, 401Ks, flexible hours, bonuses and stock options are being reduced by enterprises as they struggle to contain costs.  Janco has tracked this trend for several quarters.  The CEO of Janco, Victor Janulaitis said, "Over the first two quarters there has been a noticeable reduction in costs associated with employees.  Companies of all sizes freezing salaries, laying-off staff, making employees pay a larger portion of their insurance cost, decreasing bonuses, and cutting other benefits."

The 2009 Mid Year IT Salary Survey will be released at the end of June and more information can be gotten at JancoÂ’s websites.

- more info

    
Change Management Issue for Measuring IT Success -

change management(HP) A significant number of service disruptions are due to poor change processes including flawed impact assessment. The cost to the business of these self inflicted wounds is high. Poorly managed change results in many negative outcomes including:

  • poor quality of service
  • dissatisfied business customers
  • unnecessary rework
  • missed deadlines
  • higher operating costs
  • poor employee morale and infighting
  • downtime of business critical services

It is no surprise to anyone associated with IT management that along with the increase in the rate and complexity of change has come a corresponding increase in the interest associated with using a best practice approach to change management. ITIL v3 says that changes should be managed to:

  • Optimize risk exposure (supporting the risk profile required by the business)
  • Minimize the severity of any impact and disruption
  • Be successful at the first attempt
    While many

firms are investing in change management as a best practice, doing it well remains difficult. There are many hurdles that must be overcome to implement a change management process that not only follows a best practice approach but also yields outstanding results. The challenge becomes obvious when you consider that many changes within a large enterprise span multiple geographies, involve multiple teams and organizational units and include infrastructure elements that cross multiple domains—network, servers, storage, and applications.

- more info

    
Where to Start with Security -

Security Policies & ProceduresThe keys to sound security are often considered deployment of a sensible security risk analysis approach, compliance with a recognized standard such as ISO17799 or ISO27000 or BS7799, development of comprehensive information security policies and deployment of a detailed security audit program.

But where to start? The answer is easy -  Janco Security Policies and Procedures Template and the Janco Audit Security Program.  Risk analysis is often presented in a confusing and over-complicated manner, ISO 17799 or ISO27000 or BS7799 compliance can seem a daunting task, security policies can be totally ignored in practice, and security audit is sometimes less effective than it should be due to over-stretching of busy audit professionals.

http://www.e-janco.com/SecurityAudit.html is intended to provide a launch pad to help alleviate these difficulties. Janco has an approach that works.

Whether you need a security risk analysis method/product, guidance on how to achieve compliance with ISO 17799, ISO27000, BS7799 or your own IT security policies, or whether you simply wish to increase the productivity of your security audit team, the resources at Janco should help.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.

- more info

    
Get US IT Salary Data -

IT Salary SurveyParticipate in IT Salary Survey and get a free copy of the study when it is released in July. 

The Janco Associates, Inc. salary survey draws on data collected throughout the year by extensive interviews, internet-based survey data, and survey forms completed by businesses throughout the United States and Canada.  The database contains over 50,000 data points for each reporting period.

Are you paying too much or too little to your IT staff? Do you have IT job descriptions? Are you earning what you're worth? Whether employer or employee, it is important to know what other companies are paying in total compensation for a similar position in your area. Learn how your company compares in the area of compensation.

- more info

    
CIOs Cost Control -

IT Service Management - Cost ControlIn order to manage IT costs' effectively CIOs need to review their existing IT operations with an eye towards doing more for less.  The first areas to review are:

  • Utilization (Equipment and Personnel) - IT utilization typically measures the capacity of the physical hardware that an organization is using to support its business. Generally, the most common metric is server utilization.  Despite only using a portion of the server resources, organizations are still paying for and supporting the entire device. The same is true of personnel.  Charge back systems should be set to cover 100% of the cost of all resources.  If a CIO sees that only 10% of a resource is utilized then that can be a candidate for consolidation.
  • End-user support - Enterprises typically have an internal help desk. Generally, this internal help desk is responsible for supporting end users' client devices. When IT budgets get cut, one area that usually comes under investigation is the internal help desk. However, the internal help desk can be essential to providing support for the end users and marinating employee productivity.
  • Maintenance and support budget - By far the largest component of the IT operations budget is for external support services. In many cases, organizations are either under or over supporting their IT environments and adding additional costs.
- more info

    
H-1B Visas are Under Fire -

H-1B program is under fire in Washington.  The economy has finally gotten to the point that Congress is listening to the concerns of laid-off technology workers.  U.S. Department of Homeland Security Secretary Janet Napolitano told a congressional committee that ensuring that U.S. workers have jobs is one of her "top obligations," and she said that her agency is stepping up its enforcement of the H-1B program.

Napolitano said that the department has added fraud prevention tactics that were not being used previously in the H-1B program. Those measures include visits to work sites. Napolitano was responding to a question from Senators who have introduced legislation called the H-1B Visa Fraud and Abuse Protections Act (S.887). The reform bill includes a number of restrictions and enforcement provisions, including audits of employers.

- more info

    
Microsoft's IE Loses Almost 6.5% of the Browser Market in the Last 12 Months -

Park City, UT - Janco and the IT Productivity Center have just released its May 2009 Browser and Operating System Market Share White Paper. The major findings are that Microsoft's IE browser market share has has fallen to 66.81% versus 73.23% in May 2008 and 76.40% in March 2008; Firefox has maintained its number 2 browser position and is used by almost 19.55% of all users; Google, with its Desktop and Chrome offerings, has just over 5.4% of the market; and acceptance of Vista continues to be below Microsoft's expectation.

Victor Janulaitis, the CEO of Janco said, "The major browser findings of the study are: Microsoft's Internet Explorer's market share has stabilized and GoogleÂ’s Chrome is a non-event." He added, "... IE 8 has been released but its acceptance is slow at best." The White Paper has a detailed historical analysis of browser market share since 1997. The findings are supported by data which is provided both graphically and in spreadsheet format.

Browser Market Share

On the Operating System front, Microsoft's Vista is installed on just under 1 in 5 desktops (17.34%) after over 30 months since Vista's first release (RC1). Janulaitis added, " Vista proves that large companies like Microsoft can and do make huge blunders in technology. Microsoft can no longer count on moving users to new products like Vista as quickly as they want."

A summary of Janco's white paper can be found on the JancoÂ’s web site (http://www.e-janco.com/browser.php) and the IT Productivity CenterÂ’s web site (http://www.itproductivity.org/browser.php).

- more info

    
CIOs Need to Have Programmers Who Are Experts in Multiple Programming Languages -

CIOs need to hire programmers who know more than one programming language.  Americans have a reputation for only speaking one language. Small surprise, then, that the same is often true for American programmers. Today's computer science graduate often leaves school with a strong knowledge of only one programming language -- typically a major systems language, such as Java or C++ -- and goes on to a career based almost exclusively on that language.

On the surface, this makes sense. C++ and Java are both highly versatile, complex tools. Just learning the syntax of either one is nothing compared to the amount of study it takes to become familiar with the whole ecosystem of associated libraries and frameworks. Not to mention that both languages are widely used; if the CIO does not staff with programmers who know both they cut their enterprisesÂ’ capabilities dramatically.

- more info

    
Best Practices For the Resume Review Process -

Best Practices for Screening Resume

  • Define job requirements clearly for recruiters and electronic posting - You do not want to waste your time looking at resumes of individuals who are clearly not qualified.  In current job market, some active job applicants apply for anything even when they are not remotely qualified for the position that you are trying to fill.  If a recruiter sends you candidate resumes that fall into this category - warn them and then stop using them if they continue.  A full job description with specific accountabilities, authority, and position requirements should be part of the materials that are used in communicating the needs of your enterprise. "Must have led an ecommerce Internet development team that implement a customer WEB 2.0 application" is much different than "5+ years experience as lead developer."
  • Use consistent rules to select and reject resumes - Communicate so that the screeners/recruiters and hiring manager have the same understanding of the job requirements before the screening process starts. For example, screeners/recruiters should review a sample of several real resumes - real time - with the Hiring Manager, who should  defined the "must-haves" and "nice to haves." Why a resume goes in the yes pile, while this similar one goes in the no pile?
  • On the first pass spend no more than 20 seconds on any resume - In the current job market, it is typical to get 100 to 200 resumes for a single position.  Given that volume, it will take one to two hours to get through the first pass.  You want to get through all of the resumes that you have and with luck you should be able to find between 10 to 15 individuals that can be phone screened.
  • Create a scorecard with the must have requirements - Create simple, 10-question-or-less checklist to help you stack rank your applicants. Define items for the checklist that highlight your requirements for the key experience, skills, and technology. Use this tool in the resume and in the phone screening. For example, "How many years of commercial web ecommerce experience do you have writing HTML and XML?"  or "What specific application development and version control  tools have you used"
  • Eliminate resumes that are too long and filled with acronyms and  buzzwords - Many candidates have figured out that if they load up their resumes with more acronyms and buzzwords (i.e. technologies) hoping to win an interview. Rather accept resumes that communicate the hands-on experience using the technologies listed in your job requirements. Focus on resumes that show where and when the technology was used on the job. Keywords that show up in the bullets under job history summaries are better than keywords that show up at the top or bottom of tech resumes in the skills summary section.

Best Practices for Phone Screening

  • Before starting see if anyone knows the potential candidate - There are many candidates in the market who have either a great reputation or a poor one. Time is precious and if someone is not "hirable" by your enterprise then do not waste your time.
  • Rank the candidates before they are phone screened - Use the scorecard to rank the resumes and any know history about the candidates and then budget your time to spend enough time on a phone screen to find the candidates that are hirable.
  • Know what the deal breakers are for the hiring manager - The focus of a phone screen is to weed out the unqualified applicants while selling the enterprise to the top candidates so that you invest time with onsite interviewees who are most likely to get offers. Validate that each candidate you pass on to the interview has the required capabilities, meets the salary and eligibility requirements, and wants to do this type and level of work.
  • Experience counts - Focus on the on-the-job skills and job-specific accomplishments. What have they done, in what industry, with which technologies, on what kind of resources and team, over what kind of timeline?
  • Motivation and mind set are important - In this economy, there is a greater risk of having candidates who just want or need a job and will say or do anything to get a position. Gain an understanding into what they loved about their current and past jobs and what they hope to find if they join your enterprise.  Ask this before you tell them all about your culture and resources.
  • Protect your enterprise reputation - Just because there may be hundreds of applicants for every opening you have, build your reputation as an employer - one candidate at a time. Maybe several years from now you will be interviewing with the canidate or working with them in another compay. Even though you may be in the driver's seat, treat every candidate with respect. Follow the basics: start your phone interviews on time, ask fair, relevant questions, let them ask you a few questions, and always follow up.
- more info

    
Unlimited Web Access Puts Companies at Risk -

When enterprises allow their employees to have uncontrolled free access to the web they run a serious risk that there will be misuse of the web. Web misuse has serious implications for your enterprise and its employees.  The implications are:

  • Reduced productivity - If employees spend their time on social networking sites such as Tweeter they are not spending it doing their job.
  • Data Leakage – Confidential and sensitive information could be transmitted to unauthorized individuals and competitors.  In addition, data that is covered by mandated privacy and security requirements (HIPAA and PCI-DSS) could be exposed.
  • Security problems - Malware hides on websites and can install itself as users browse infected pages. One company reports that the number of new, malicious websites blocked each day by it nearly doubled (91 percent) in just one month.
  • Legal risks - When users download inappropriate material to their computers, other employees may take serious offense. This in turn can create legal liabilities for enterprise and its managers.
  • Wasted bandwidth - Internet connections cost money. If half of an enterpriseÂ’s bandwidth is taken up with non-work related traffic, the enterprise could be paying than they need to and the enterprise-critical communications could be running at half their speed capacity.
  • Unlicensed software - When users download and install software from the internet, they create a legal risk. If an organization uses unlicensed copies of software, it may face a civil suit and company directors risk criminal penalties.
  • Reputation risk - Social networking can create opportunities for employees to leak confidential information or spread damaging rumors online. Bad behavior by a single employee can reflect on the reputation of the whole organization.
- more info

    
Which IT Metrics are Important? -

IT Metrics are not understood by many business executives.  What non-IT business execurives often focuses on is the one metric that they understand - the cost of IT.  This in turn leads to a continuous cycle of IT budget reductions.

Most IT metrics efforts lack relevance to the business and are not well linked to business outcomes. They tend to be IT focused, such as WAN availability or server downtime. It is difficult for the business to understand how these measures relate to its objectives, and they provide little insight into the value that IT delivers.

CIOs must create a scorecard that is:

  • Relates to the enterprise and its management team. Server availability, network throughput, help desk call volumes, capacity utilization, and other IT operational metrics are not relevant to business executives. These types of metrics need to be translated into something enterprise management understands, such as availability of business applications or the cost to support a business area. The IT-operational metrics should be kept within IT unless they can be put in enterprise terms.
  • Relates to the enterprise strategic and tactical objectives. Enterprise executives are concerned with introducing new products and services, improving customer loyalty and satisfaction, increasing gross margins, and growing market share. IT metrics must be linked directly to these enterprise objectives, specifically demonstrating how IT initiatives contributed favorably to improving them.

 

- more info

    
Can-Spam to be followed by m-Spam -

A bill, the M-Spam Act, was just introduced in the US Senate aimed at attacking unsolicited commercial text messages sent to cell phones, also known as mobile spam.

The m-Spam Act would strengthen the powers of the Federal Communications Commission and Federal Trade Commission to fight mobile spam. The measure also would prohibit commercial organizations from sending text messages to cell phone numbers that are listed in the National Do-Not-Call Registry.

There is also increasing concern that mobile spam will become more than just an annoyance - the viruses and malicious spyware that are often attached to traditional spam will most likely be more prevalent on wireless devices through m-spam.  Mobile users in the U.S received about 1.1 million spam text messages in 2007, up 38% from the year before. In some cases, mobile subscribers have to pay up to 20 cents for each text message sent or received, although some mobile service providers allow their customers to block text messages in order to avoid spam.

- more info

    
Is Outsourcing the Right Thing to do? -

Despite the anti outsourcing backlash, benefits from outsourcing are very tangible. The very fabric of American success lies in opportunity and innovation, making it very difficult for anyone or anything to paralyze its workers or its economy.  It does not matter to which industry an enterprise is in, outsourcing can bring tremendous benefits to any type of business.

Every minute your employees spend on an activity that does not directly add value to your enterprise's business strategy is a cost that can be saved.

CIOs must analyze their organizations' needs and find out if their businesses can outsource.  Questions that need to be asked and answered are:

  • Is the enterprise finding it difficult to meet its customer needs?
  • Does the enterprise want to maximize its impact in the marketplace
  • Does the enterprise's IT function have managers who are not sure about what makes and what loses money?
  • Is the enterprise experiencing constant challenges based on operational issues?
  • Does enterprise lack the expertise to survive and grow?
  • Does the enterprise have important nonrecurring project requirements but no resources to handle them?

If the answer is 'yes' to more than one question, then outsourcing may be in order for the enterprise. Outsourcing can help CIOs to efficiently deal with the challenges of todayÂ’s business climate. Outsourcing can help you to meet your customer needs on time, increase market presence, make the right decisions about product lines, overcome operational challenges, get access to expert services and benefit from professional resources who can competently handle your projects.

Some of the benefits of outsourcing are:

  • Better performance and management
  • Process maturity and scalability
  • Efficiency and productivity
  • Reduced capital and labor costs
  • Operational efficiencies without capital investment
  • Professional and skilled services
  • Improved processes bring about improved customer satisfaction
  • Gain a competitive edge with sophisticated technology and people
- more info

    
Cost of Certification to Meet Mandated Requirements -

What is the cost of compliance to mandated security standards is a question that many CIOs need to answer as they adjust their budgets.  The cost fall into four areas:

  • Internal resources - these costs include all business functions - management, HR, IT, facilities & security. These resources will be required during the implementation of the compliance requirements.
  • Implementation costs - these costs include both hardware and software required to meet the mandated requirement.
  • Consultancy and outsourced resources - these costs include all outside contractors, consultants, and service providers
  • Certification costs - these costs include the ongoing costs that the business will incur after the implementation of the compliance requirements.  These costs will include internal resources as well as things like annual or quarterly certification verification services.

 

- more info

    
Challenges CIOs and CTOs face -

With today's economic uncertainty, CIOs is faced with many new challenges including how to manage.  Janco has compiled a list of issues that are keeping may CIOs up at night.  They are:

  • Economic uncertainty and management ambiguity on strategic direction are crimping the ability of CIO to plan effectively.
  • Economic stakes are higher in many enterprises and there is significant conflict and competition for the limited resources that CIOs have at their disposal
  • R&D, training, and certification programs have been at least cut if not all together eliminated limiting the ability of CIOs to understand the implications of new technologies and train staff in their application.
  • Risk aversion has gotten hold and limits have been placed on many CIOs in their ability to implement new and innovative solutions - no longer are CIOs able to say they want to have a competitive advantage.  Rather they need to focus on survival of the enterprise.
  • CIOs now are being told by senior management that they have to deal with what is "good-enough" versus what really will solve provide the right long term solution.
  • CIOs do not know if the last cost-cutting directive or reduction in force program has been presented.  They are all asking, "Will there be another lay-off next month?" Staff morale is low, as IT professionals understand that their professional destinies are no longer in their own hands. 
  • Best practices are now  "dirty words" in the executive suite.  Many senior executives do not want to hear about long term ROI, rather they want to know how short term expenses can be reduced.

With this as an operating environment, CIOs now have the most challenging environment to manage since the early 1980's.  

- more info

    
Most Security Breaches Caused by Lost or Stolden Devices -

Most enterprises face data security breaches because of lost or stolen laptops, PDAs, SmartPhones, and USB storage devices.  Industry experts have found that:  

- more info

    
Infrastructure Management is the Key to Recovery -

Infrastructure management (IM) is the management of essential operational components, such as policies, processes, equipment, data, human resources, and external contacts, for overall effectiveness. Infrastructure management includes systems management, network management, and storage management.

Infrastructure management seeks to:

  • Reduce duplication of effort
  • Ensure adherence to standards
  • Enhance the flow of information throughout an information system
  • Promote adaptability necessary for a changeable environment
  • Ensure interoperability among organizational and external entities
  • Maintain effective change management policies and practices

All business activities depend upon the infrastructure, planning and projects to ensure its effective management. Investments in infrastructure management have the largest single impact on an organization's revenue.

- more info

    
Lost PCs Equal Security Breach -

As the amount of information stored digitally on company servers, stationary computers and mobile devices such as laptops continues to escalate, protecting that information from public data breach is becoming a priority for IT and compliance departments.

A recent survey found that 75% of all corporate users were very concerned about the possibility that confidential information would be exposed and potentially misused. A further 60% were very concerned that the theft of a laptop computer would result in identity theft and nearly 25% said they would be willing to pay between $10,000 and $50,000 to have a stolen executiveÂ’s laptop returned to their organization. Despite the widely acknowledged link between laptop theft and nearly 50% of data breaches, the corporate users reported that a surprising number of mobile computers continue to go missing.

- more info

    
CIO Abilities Showcased -

Successful CIO have the ability to providing an attractive environment, to improve recruiting and retention, to create a bias toward learning that adapts well to new business demands, to aligning the organization to the strategic goals, and to having a cadre of strong leaders are the elements of the desired culture.

 IT Salary Survey IT Job Descriptions 

Expanding business demand meets a constrained workforce. According to published research, IT is seeing increasing demand from the businesses it supports. Overall budgets are expected to increase by 8% in 2008, and this translates into a much greater increase into project investments.  At the same time, demographics are resulting in a shrinking labor pool. This is creating a supply/demand imbalance that is making it harder to hire and meet this expanding business demand, especially in the more sought-after skill areas.  Driving this is:

  • The rate of change is increasing and accelerating. Both business and technology change continues to increase at accelerating rates. This requires an adaptable workforce and expectations that IT staff has business, technology, and communications skills to meet its strategic priorities.
  • IT too frequently is not perceived as a viable career. The dot-com bust coupled with a shift toward more outsourcing and off shoring has led to a lower perception of IT as a viable career. The number of university students pursuing a computer science or related degree has dropped by a third since the beginning of the decade.  The reality is that for many skills there is significant demand. There is a need to change this image and reverse the trend.  Key to these efforts is creating a positive culture to get the most out of people, encouraging them to recruit others, retaining the best, and developing positive relationships.
- more info

    
IT Service at Risk -

IT Service ManagementIT Service Management has increased importance, as more organizations are requiring CIO to do more for less.  Best practices are followed by successful CIOs and IT organizations as they continue to address infrastructure issues with reduced staffs and budgets.  Their focus is:

1. Have an IT Infrastructure that supports IT Service Management. Customers (users) evaluate Information Technology based on their perception of the service provided and its associated costs. This perception of service quality depends upon a number of soft factors such as timeliness of responses, impact of service outages, and quality of communications and between IT and users. Best practices include:

  • Metrics for aimed to show productivity of IT Service Management function
  • Service Level agreements that are tied to enterpriser operational performance
  • Documented policies and procedures which are followed
  • Diagnostic processes and tools to provide early warnings when things start to go wrong

2. Have a cost tracking (chargeback) system that is understood. While reliability is a key measure of IT Service Management, cost is a close second.  In addition to understanding the cost structure of IT, CIO must be able to explain the cost drivers and what you are doing to improve productivity and reduce costs while maintaining quality and reliability.  Best practices include:

  • Defined system development and operation methodology which includes change control and version control
  • Quality assurance function and responsibilities defined
  • Change and version control management tools

IT Infrastructure3. Have the ability to change the organizational and application infrastructure while continuing to provide quality service.  IT operations must provide consistent stable operations – networks, servers, applications, workstations, email, and telephony systems must be up, functional, and be invisible to the operation of the enterprise.  Best practices include:

  • Clear organizational responsibilities and accountabilities
  • Review processes (meeting and reports) with IT and users to discuss performance
  • Published service level definitions with expectations

4. Have defined policies and procedures in place for change management and service management.  Users need a clear and understandable set of rules of how to work with IT: how to request services, who is responsible for the quality of the services, and what information and status they should expect from you? Best practices include:

  • Documented policies and procedures which are followed
  • Feedback loops which highlight strengths and weaknesses
  • Open approach that allows for changes to policies and procedures and unlocking new ways to get thing accomplished

5. Have a courteous and well trained IT staff.  In these troubled times it is easy to overlook the quality of your staff as a factor in your continuing success.  Best Practices Include:

  • Formal training program for both users and IT staff that has as its focus change control, version control, IT Service Management
  • Adequate staffing levels during periods required by users
  • IT staff that can communicate effectively with users using user terms not IT scripts

 

- more info

    
Definition of a Strong CIO -

IT Job DescriptionsCIOs that have successfully save strategic projects and  survive in these difficult economic times are realistic about what is strategic and what is not. Typically, these CIOs have the following characteristics.

  • They have credibility with their organizations. These CIOs are good stewards of their resources, work well with other executives, and demonstrate a willingness to make sacrifices for the common good.
  • They are smart about the design and structure of the project. In addition, they are willing to adjust timing, scope or costs to fit the economic environment.
  • They are assertive. They can make a case to convince others of the merits of keeping a project.

Even having these characteristics, they often have a fight on their hands.  However, they can build a strong business case.

 

- more info

    
Cost of Data Breaches Continues to Increase -

Data Breach Tools

The cost per record of a data breach has gone from $138 in 2005 to $202 in 2009 according to the Ponemon Institute in its fourth annual U.S. Cost of a Data Breach Study. 

Data Breach Cost

Other key findings from the study include the following:

  • Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.
  • Healthcare and financial services companies experienced the highest churn rate - 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.
  • Third-party organizations accounted for more than 44 percent of all cases in the 2008 study and are also the most costly form of data breaches due to additional investigation and consulting fees.
  • More than 84 percent of 2008 cases involved organizations that had had more than one data breach in 2008 - meaning that companies are becoming more experienced in managing breaches over time.
  • More than 88% of all cases in this year's study involved insider negligence.
  • More than half of respondents believe that training and awareness programs assist in preventing future breaches and 44 percent have expanded their use of encryption.
  • The most significant cost decrease was seen in activities relating to post-breach response, which indicates that organizations are becoming more cost effective in managing data breaches.  
- more info

    
Massachusetts Data Protection Deferred -

Data Breach ProtectionMassachusetts has deferred the deadline for compliance with it latest data security and breach legislation (download PDF) which protects the personal data of Massachusetts residents until January 2010.  The rules apply at all companies that handle the personal data of Massachusetts residents, whether they are based in the state or not.  The rules require companies to

  • Limit the amount of data they collect
  • Have written security policies
  • Maintain a detailed inventory of all personal data, whether it is stored in computers, archived on tapes or kept in paper files.
  • Have in place adequate physical and technical security controls for safeguarding protected data and properly authenticating users who are given access to the information.

Included with the latest deferral, Massachusetts regulators also removed a requirement mandating that companies get third parties with access to customer data to attest that they were compliant with the regulations as well. The old provision also required third-party services providers to include language in their contracts specifying that they were willing and able to comply with Massachusetts security rules.  With this latest revision, companies only have to take "reasonable steps" to verify that any third-party providers with access to personal data have the ability to protect the information through measures that are comparable to the ones spelled out the Massachusetts regulations.

- more info

  

 

© 1999 - 2009 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 12/19/08.