XML Feed

Feed
Description

 

IT Service Management

ITSM - SOA Policy Template
ITIL Compliant
Change Control - Help Desk - Service Requests
Blog - Personal Web Site - Sensitive Information

 

The IT Service Management Policy Template is a 130 page document that contains policies, standards,  procedures and metrics.  Chapter of the template include:

  • Service Requests PolicyITIL

  • Service Request Standard

  • Help Desk Policy

  • Help Desk Standards

  • Help Desk Procedures

  • Help Desk Service Level Agreement

  • Change Control Standard

  • Change Control Quality Assurance Standard

  • Change Control Management Workbook

  • Documentation Standard

  • Application Version Control Standard

  • Version Control Standard

  • Internet, e-Mail and Electronic Communication Policy

  • Blog & Personal Web Site Policy

  • Travel and Off-Site Meeting

  • Sensitive Information Policy

In addition, the  ITSM template includes the Business and IT Impact Questionnaire, a Change Control Request Form and an Internet Use Approval Form. It conforms with ITIL.

The template can be purchased by itself or with supporting job descriptions.  We do provide an update service for the template as it is modified.  You can see a full table of contents and some sample pages by clicking on the link below.

  Standard
 Edition
Silver Edition Gold
Edition
Platinum
Edition
ITSM - SOA Template Word X X X X
ITSM - SOS 14 Job Descriptions   X X X
210 IT and Internet Job Descriptions     X X
IT & Internet Position Description HandiGuide       X

The ITSM Job bundle contain the following 14 job descriptions:

1. Director Sarbanes-Oxley Compliance
2. Manager Change Control
3. Manager Customer Service Center
4. Manager Help Desk Support
5. Manager Metrics
6. Manager Quality Control
7. Manager Service Level Reporting
8. Manager User Support
9. Capacity Planning Supervisor
10. Change Control Analyst
11. Change Control Supervisor
12. Help Desk Analyst
13. Metrics Measurement Analyst
14. Quality Measurement Analyst

 

 

 

 

Site Map

HTML News

 
The Four Major Security Regulations That Must Be Followed -

Security TemplateThe major mandated security requirements in addition to PCI-DSS are:

  • SARBANES-OXLEY ACT requires accurate reporting of all assets, including computer assets. Non-compliance carries severe penalties (fines of up to $5 million and imprisonment for up to 20 years) for senior management.
  • CALIFORNIA SENATE BILL 1386 requires all organizations in the state of California that own or license computerized data containing personal information to disclose to residents any breach of security if unencrypted personal information is reasonably thought to have been compromised by an unauthorized person. Furthermore, the bill extends beyond California's borders because it also applies to any business that holds data on a California resident. Most states have also adopted legislation similar in scope to Senate Bill 1386.14
  • GRAMM-LEACH-BLILEY is a law that mandates that all companies protect the security and confidentiality of their customers' private information. To comply, organizations storing personal customer information must identify and safeguard against the loss of any personal information.
  • HIPAA (HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT), establishes rules for handling and securing medical records to ensure the privacy and security of patient information. The act pertains to organizations - including school districts - that process, transmit or store protected health information. Noncompliance carries significant civil and criminal penalties. Since most districts maintain student medical records on at least some of their computers, they must therefore comply with HIPAA.
- more info
 
 
Data Breach Regulation Exist in 37 States -

The 2002, California Senate Bill1386 added a new, public dimension to regulatory compliance. In the event of a data breach such as a lost laptop computer containing sensitive information, the bill requires organizations to notify all parties whose personal information has been exposed.  Following CaliforniaÂ’s lead, 36 additional states have enacted similar data breach laws. It has been estimated that it costs a company $197 per missing record when a breach occurs.

Data Breach Network Intrusion Detection Tools

States that do not have such laws are:

  • Alabama
  • Iowa
  • Kentucky
  • Maryland
  • Mississippi
  • Nebraska
  • New Mexico
  • South Carolina
  • South Dakota
  • Virginia
  • West Virginia
  • Wisconsin
  • Wyoming
- more info
 
 
Outsourcing Impacts IT Professionals -

Janco Associates has just completed an analysis of over 75 companies within the US that have outsourced their IT functions to see what the impact was on the IT Job Market.  The major finding was that just under 20% of the IT professionals remained with the company in some capacity and in some cases at a lower salary.

Impact on IT Professionals

The actual percentages were 71.63% - Laid off; 8,65% - Quit within 90 days of the outsourcing; and 19.72% - Remained with the company at least 90 days after outsourcing.

Outsource Impact

 

Outsourcing by Industry

Outsourcing is occurring at various levels by industry.

Outsourcing by Industry

- more info
 
 
Mozilla Names Best Ad-Ons -

Mozilla Labs awarded three grand prizes in the "Best New Add-on" category to Pencil, a diagramming and graphics interface tool; Tagmarks, which adds additional tagging icons to Firefox 3.0's location bar; and HandyTag, an extension that provides relevant keywords for associating with bookmarked sites.

In the "Best Updated Add-on" category, Mozilla also pegged three winners, including Read it Later, a bookmarking substitute; TagSifter, which lets users browse bookmarks by their tags; and Bookmark Previews, an extension that adds album and thumbnail views of bookmarked sites.

Browser Market Share

 

- more info
 
 
Secure Messaging - eMail Encryption - Is a Requirement -

Secure messaging (email encryption) technologies keep sensitive information private, prevent anyone from tampering with the contents of messages and authenticate the identity of both the message's sender and recipient. And all organizations, regardless of their size, require encryption to be both user- and IT-friendly.

Secure encryptionSome of the factors driving secure messaging are:

  • Sarbanes-Oxley Act (SOX) holds CEOs and CFOs of public companies personally accountable for documenting and controlling business processes and systems with intentional offenders facing up to twenty years behind bars.
  • Health Insurance Portability and Accountability Act (HIPAA) regulations are aimed at protecting patient privacy. Penalties range for up to ten years in prison with fines to $250,000 for knowingly misusing individually identifiable health information.
  • Gramm-Leach-Bliley Act (GLBA) mandate financial institutions of all types - from banks and security firms to tax-return preparers, credit counselors, real estate settlement services and insurance companies - to follow a host of provisions for protecting consumersÂ’ personal financial information.
  • Corporations doing business internationally are forced to adhere to other countries' laws as well. There are Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), the United Kingdom's Data Protection Act (OPA) and the European Union Privacy Directive.
  • Corporations doing business with the US Government must comply with FISMA (Federal Information Security Management Act) when implementing email security.
  • In the United States individual states have also initiated laws relating to a company's responsibility to maintain customer personal information confidentiality. CaliforniaÂ’s AB1950 requires businesses that store or manage residents' "private" information provide "reasonable security" for that data.
  • Internal governance, privacy and intellectual property protection concerns are also driving organizations to take a closer look at technologies that can protect data both stored in databases and transmitted via the internet.

 Sensitive Information Policy  Security Audit Data Breach Network Intrusion Detection ToolseMail Policy

- more info
 
 
Data Center Location Can Cause Disater Plan to Fail -

Location of a data center is important and there are many factors to consider.  Not only do you have to worry about power sources, telco switching centers, proximity to highways and to characteristics of the land.  A government data center in Tennessee was built on an unstable landfill, next to a railroad and a river and downstream from a large dam that the U.S. Army Corps of Engineers said has a risk of failing.

Disaster Recovery Plan Template   Security Manual - Sarbanes-Oxley   It Infrastructure

The data center is unstable because it was built on a landfill. The foundation has been cracking and part of the facility is sinking. The IT staff avoids adding more weight in some sections to help stabilize the building. The data center also has some single points of failure, including one power source, which is unacceptable.

- more info
 
 
Disaster Planning Needs To Consider Excessive Success of Business Operations -

Disaster PlanningChanging business conditions are a double-edged sword. Almost any risk—whether it comes in the form of an opportunity or a threat - requires a response from your business. If the business responds inappropriately or too slowly, the business could lose ground to its competitors.

For example, while too much success may not sound like a threat to the business, it can become one if the business is not prepared to handle a surge in customer demand. For example, when VictoriaÂ’s Secret televised a fashion show during the 1997 American foot­ball Super Bowl, the company was unable to scale to meet the ensuing demand for access to its Web site, resulting in significant performance degradation and customer dissatisfaction.


Disaster Recovery Audit ProgamOn the other hand, a disruption in business operations and services, whether from a natural disaster, a terrorist strike, a cyber attack or a simple malfunc­tion, can seriously reduce your revenues and even do long-term damage to your brand. Industry estimates indicate that upwards of 40 percent of organi­zations without business continuity and recovery plans will go out of business within a few years of a major disaster.

The best response to the threat of disaster is to combine several disparate risk-management strategies into a single, integrated resilience strategy that will allow your organization to adapt and respond rapidly to opportunities, regulations and risks - in order to maintain security-rich business operations, be a more trusted partner and enable growth.

The Janco Disaster Recovery Plan & Business Continuity Template is just such a solution.

 

- more info
 
 
Types of Server Consolidation Are Defined -

 There two basic types of server consolidation:

·         Physical Consolidation - Physical consolidation involves migrating and/or combining workloads from multiple physical servers onto larger or newer physical hardware configurations such as blade servers. Blade server technology aids physical consolidations by allowing organizations to make the most of data center floor and rack space. Factors driving physical consolidation may include:

1.       The retirement of legacy or end-of-lease hardware.

2.       Data center relocations – i.e. moves to regions where power and cooling costs are significantly lower or where local government offers new business incentives.

3.       Post-merger or acquisition IT consolidations.

Physical consolidation requires the movement of workloads between hardware platforms via physical-to-physical workload migration. Consider a multiplatform workload migration solution that supports different hardware configurations and server technologies to accommodate future changes in server infrastructure.

 

Metrics - Server Consolidation

·         Virtual Consolidation - Virtual consolidation involves migrating workloads from physical servers to virtual hosts running virtualization infrastructures hardware and software. Virtualization allows more efficient sharing of physical resources to deliver higher CPU utilization rates. It also reduces the total number of servers needed to run the business, as multiple workloads can be combined and hosted on a single virtual machine host. Server consolidation through virtualization requires the movement of physical workloads to virtual platforms via physical-to-virtual (P2V) workload migration. This task may be performed over a local network (LAN) or across greater distances using a WAN. In cases where bandwidth or lack of connectivity between sites is an issue, staged workload migrations may be required in which workloads are captured to image archives, redeployed on the virtual hosts at the remote site and then synchronized to capture any changes that occurred during the move.

- more info
 
 

© 1999 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 05/26/08.