Published: Fri, 20 Jun 2014 11:21:56 -0600Copyright: © 2008 - 2014 Janco Associates, Inc. -- ALL RIGHTS RESERVED -- http://www.e-janco.com
Thu, 03 Apr 2014 15:49:28 -0600As the incidence and cost of cyber crime have escalated, organizations have responded by establishing security operations centers (SOCs) to detect and counter cyber attack and to assure compliance with industry guidelines. But how capable are SOCs, and where is the greatest opportunity for improvement? HP Security Intelligence and Operations Consulting has performed maturity assessments evaluating people, processes and technology in 69 SOCs.
Return on investment (ROI) is a conventional business calculation that is used to allocate resources for maximum profitability. The calculation is simple: subtract the investment from the payback (increased profits) and divide by the investment. The reason for ROI is to account for all the costs and attribute profits generated from the expenditure. In most business situations, such as adding new production capacity, that is not hard. For security, however, the ROI concept does not work well. Many attempts have been made to develop a useful approach and even a special term, return on security investment (ROSI) has been coined, but the attempts have been less than successful. With some methods, calculations and speculations are so complex that by the time they are completed, the security situation has changed.
Mon, 17 Mar 2014 13:56:17 -0600
In the age of Edward Snowden and the NSA, there are increasing concerns about data privacy and especially where best to keep data secure. The prevalence of cloud computing and cloud-based storage and collaboration services is only exacerbating these concerns. Many organizations are confused about regulations that protect data in different countries and jurisdictions, and don't know what steps to take to ensure their cloud collaboration vendor can provide adequate safeguards.
Wed, 19 Feb 2014 07:11:30 -0600
The CDO is not only a digital expert, but also a seasoned general manager. As the role is transformational, the CDOs is responsible for the adoption of digital technologies across the entire business. As with most senior executive titles, the responsibilities are set by the organization's board of directors or other authority, depending on the organization's legal structure. The CDO is responsible for digital consumer experiences across the entire enterprise and its operations.
Thu, 06 Feb 2014 08:25:23 -0600
The growth of the technology industry in ASEAN in 2014 will likely mirror that of the region's GDP that is, it will lack intensity and vigor as CIOs continue to face pressure to cut technology management costs. Despite the less-than-rosy outlook, technology priorities such as big data, analytics, and mobility are becoming more critical in ASEAN. These priority shifts reveal the deeper undercurrent that has pervaded the technology landscape in the region: Businesses have entered the customer-obsessed era and CIOs have to adjust to new business demands accordingly.
Janco provides an overview of planned technology budgets and top technology priorities in ASEAN in 2014 based on data from the Forrsights Budgets And Priorities Survey, Q4 2013, which surveyed CIOs and other technology decision-makers in four major ASEAN economies: Indonesia, Malaysia, the Philippines, and Singapore. CIOs in ASEAN can use this analysis to evaluate whether they have sufficiently and strategically positioned themselves in the age of the customer.
Tue, 21 Jan 2014 13:36:19 -0600
Tue, 07 Jan 2014 08:05:08 -0600
Sun, 15 Dec 2013 13:26:57 -0600
Wed, 13 Nov 2013 14:57:19 -0600
Reduced complexity is key element world-class IT organizations use to eliminate nonessential spending, maximize staff productivity and drive down costs. The Janco Associates, Inc. (www.e-janco.com) measures complexity in a couple different ways, one of which being asset and type counts.
When Janco looks at the companies they benchmark, they look at 'type counts. Types of languages, types of data centers, types of software. Janco then can measure how many systems CIOs have to support vs. how much they have to deliver. The more complex an organization, the harder it is to change and respond to changing business needs, and that makes businesses slower, less efficient, and more costly.
Mon, 14 Oct 2013 07:26:08 -0600
Have You Implemented the Balanced Scorecard? What has been your experience implementing the balanced scorecard? Have you been able to quantify benefits? What do you think of the framework?
Delivering quality IT service and measuring IT's performance cost effectively is a difficult and time consuming exercise. Many enterprises believe that they do not have the time, money, or resources to initiate and monitor the necessary processes. However, enterprises cannot determine how much something is worth unless its value can be quantified. It is a necessity of the new economy that every business unit needs to demonstrate its worth while meeting necessary service objectives.
Thu, 03 Oct 2013 15:39:36 -0600
After initially endorsing the use of electronic devices strictly for the content stored on them, a Federal Aviation Administration (FAA) advisory panel has determined that Wi-Fi will be safe to use on an airplane during takeoff and landing, the Wall Street Journal reports.
A member of the FAA committee behind the ruling and the vice president of global public policy for Amazon, said "the vast majority" of airplanes will be "just fine" regardless of the use of Wi-Fi-connected devices on board, according to The Verge.
One interesting aspect to note is that cellular connections are likely to remain restricted, according to the reports. But how will the airlines police that? While many users are likely to connect to a Wi-Fi network when it's available, plenty others won't even think of it. I can't imagine flight attendants checking every device's homescreen for 3G or 4G logos. If cellular network usage is still considered a threat to the planes' communications systems, it remains to be seen how the airlines prevent them from being used during takeoff and landing.
Wed, 11 Sep 2013 09:12:27 -0600
Best Practices Digest - Recent Articles
Mon, 26 Aug 2013 15:28:46 -0600
Mon, 05 Aug 2013 17:36:08 -0600
IT security managers should pay attention to such risks and ensure that cell phones that connect to the corporate network have multiple layers of protection, including encryption of data at rest and in transmission
(image) Femotcell technology, used by phone companies to boost cell phone coverage, can be hacked to intercept cell phone calls, text messages and other data. Femtocells are small, low-power base stations provided by phone companies to extend cellular coverage, especially inside buildings and facilities with spotty coverage. The devices use cable or DSL services to connect to a service providers' network.
Researchers from iSec Partners, used an femtocell from Verizon to demonstrate how hackers can eavesdrop on phone conversations and see text messages and photos sent or received by nearby cell phone users.
The researchers gained root access to the Linux operating system used in Verizon's femotcell by interfacing with the device via an HDMI port at the base of the system. Then they used the root access to tweak the femtocell to intercept voice and text messages from cell phones connected to the device.
Verizon has patched the flaw in its femtocells after it was notified. But they added that femtocells from other vendors are vulnerable to the same kind of exploits.
Sun, 21 Jul 2013 09:43:52 -0600
(image) The U.S. Defense Department is building a single security architecture that ultimately will eliminate firewalls in the future, according to the USAF's Defense Information Systems Agency (DISA) director.
The future architecture, the plans for which are not yet set in stone and will likely change, the general cautioned, will be designed to protect data rather than networks. In the past, weve all been about protecting our networks - firewall here, firewall there, firewall within a service, firewall within an organization, firewalls within DISA. Weve got to remove those and go to protecting the data. You can move that data in a way that it doesn't matter if youre on a classified or unclassified network, depending on someones credentials and their need to know, he declared.
"We want to be able to normalize our networks to where you can have the collaboration and information moving over our networks and you dont have to have the different firewalls, the separate networks, to get those things done," he added. Additionally, the department can realize significant savings in instrumentation - for example, by moving from hard phones to soft phones," he said.
The director stressed the importance of getting the information to the soldier, sailor, airman, Marine, Coast Guardsman, wherever it is they may be.
The single security architecture will improve command and control capabilities, including cyber command and control, he said.
He also discussed the importance of cloud computing. The Defense Department
is in the infant stage of deciding how to build the cloud and whether to use a
private, public or Defense Department-owned cloud. "We want to do that in fiscal
year 14 so that all of this can be automated, and were working feverishly to
get that done," he said.
Tue, 09 Jul 2013 19:21:15 -0600Both the disaster recovery and the business continuity plan covers how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan. For others, information technology may play a more pivotal role, and the BC/DR plan may have more of a focus on systems recovery. The critical point is that neither disaster recovery nor business continuity issues can be ignored. These IT and human resources plans cannot be developed in isolation from each other. The core of disaster recovery and business continuity is about constant communication. Business leaders and IT leaders should work together to determine what kind of plan is necessary and which systems and business units are most crucial to the company. Together, they should decide which people are responsible for declaring a disruptive event and mitigating its effects. Most importantly, the plan should establish a process for locating and communicating with employees after such an event. In a catastrophic event (Hurricane Katrina being a relatively recent example), the plan will also need to take into account that many of those employees will have more pressing concerns than getting back to work. [...]
Sun, 02 Jun 2013 10:17:31 -0600
Despite slow economic growth, CFOs expect steady and conservative IT spending going forward in 2013 and and 2014 plans, according to a new survey of CFOs.
A recent study found that 60 percent of CFOs see the economy as similar to that of 2012 with 27 percent seeing an expansion but just not at the level of 2008. For the longer term, 13 percent expect the economy to stabilize at current levels compared to only 1 percent who see growth beyond what they achieved in 2008.
About 39 percent of respondents predicted a similar IT operating expense budget in 2014 as in 2012, while 44 percent forecast an increase and 17 percent see a decrease. For IT capital appropriations, 32 percent project a status quo on spending compared to 48 percent who expect an increase and 20 percent who forecast a decrease.
Business applications and intelligence ranked as more important than technology and social media.
Among CFOs, 27 percent saw the need for IT investment in business applications, 25 percent in business intelligence-related technologies compared to 5 percent in mobile technologies and 2 percent in social networking.
When asked about the top technologies that should be applied in the office of finance today, reconciliation management, financial statement generation/disclosure management and Governance, risk and compliance management solutions ranked among the top five in the survey of CFOs.
Thu, 09 May 2013 09:48:21 -0600Articles - What Makes a good CIO Top 10 Things to Improve Employee Retention (8.7) Employee retention will be a CIO concern when the economy improves Here are ten things that you can do to employee retention. See that rules... Released Internet and Information Technology Position Descriptions HandiGuide, 2013 Edition (8.7) Internet and Information Technology Position Descriptions HandiGuide, 2013 Edition Janco has released the Internet and IT Position Descriptions HandiGuide® which is over 700 pages; includes... 10 Things to do to Increase Your Chance of Getting a Raise (7.9) 10 Things to do to Increase Your Chance of Getting a Raise Growth of IT job market continues to slow down and many companies are... 8 Characteristics of a Good Disaster Recovery Manager (7.7) 8 Characteristics of a Good Disaster Recovery Manager The characteristics of a good disaster recovery manager and leader in a crisis like a recovery process... Top 10 CIO Productivity and Budgeting Issues (7.2) CIO Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices... [...]
Thu, 18 Apr 2013 10:03:52 -0600Related cloud articles: CIOs are not conducting cloud computing risk assessments CIOs are not conducting cloud computing risk assessments A new survey by Protiviti has found that cyber security tops chief information officers concerns, with 84... Top 10 Reasons Cloud Solutions are Expanding Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud solutions and processing there are many benefits. The top 10... Top 10 Selection Criteria for a Disaster Recovery Cloud Provider Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business Continuity Services you need to establish that they will be... More Cloud based DR and BC More businesses will take advantage of cloud computing for business continuity during 2013, it has been predicted. According to a research firm, next year will... Cloud storage aids disaster recovery and business continuity Cloud Storage is a next step to implement after the disaster recovery plan is created Cloud storage is a next step after the CIO creates a... Cloud Issues Outsourcing Infrastructure Review Security Backup Requirements SLAs DR BC Secrutiy Issues Pit Falls Contract Best Practices[...]
Tue, 02 Apr 2013 11:00:02 -0600
At the moment, CIOs may feel like the most highly skilled of IT professionals have a distinct advantage over them in terms of negotiations for compensation, perks and other recruitment enticements. And perhaps that's true - for now.
Great job descriptions are a crital to maintaining good employee morale and focus on long term staff development.
But here's an interesting revelation from the same tech workers who currently possess all the leverage: They harbor significant reservations about the future, according to a recent survey. In fact, a great many of them worry about whether they'll even be able to enjoy a long-term career. They feel the fast pace of IT will eventually render them obsolete, while others sense a workplace bias that favors younger employees. In either case, CIOs may want to reassure valued, veteran IT staffers, and even encourage more training so these employees continue to make impactful contributions. By the same token, IT professionals [must identify] which technologies will become increasingly important at their organizations, and ensure that they are equipped with the skills needed to handle new technology initiatives.
Tue, 26 Mar 2013 15:56:10 -0600
(image) (image) It's the biggest shift in IT in years: the consumerization-of-IT trend that gained major traction with the advent of the iPhone and other modern mobile devices, causing most businesses to let employees bring -- or at least choose -- their own smartphones and tablets, all in fewer than two years.
The consumerization and BYOD trends are only getting stronger, as success on the mobile front puts pressure on IT to allow other employee-driven technologies, such as PCs, cloud services, desktop apps, and social media.