|
Risk
analysis is inextricably linked with
disaster recovery. assessment of the
risks which may lead to disaster is
essential in the determination of
what controls are appropriate to the
situation. Again, however, risk
analysis is often made more
difficult than necessary.
The
Threat & Vulnerability Assessment
Tool Kit
and tool was designed to simplify
matters, and to make risk analysis
more widely accessible through
automation. It is now probably the
most widely used product and method
in the world
|
|
|
01/28/2012 Hiring and keeping younger workers -
Today's young workers are extremely tech-savvy, and the technology they'll
have access to is a major consideration for many as they join the workforce.
Many are used to having 24/7 access to email and the Internet on their
smartphones or tablets. And with extensive knowledge of the Internet and its
many services, more are using Web-based applications for many of the solutions
they use on a daily basis. As an employer, making sure you have the right
technology on hand to both appeal to and keep your younger workers happy is an
important consideration when plotting out your technology roadmap.
  
Keeping workers helps reduce training costs over time, and it could also help
you sell your CEO on some product purchases. You know that cloud solution you're
dying to implement? Well, tell the CEO about your young workforce being able to
take advantage of it to work extra hours, and it might just happen. Want to
bring iPads to the office? Tell the top executive that it might just improve
productivity. As your company tries to find an edge in a job market filled with
educated Millennials, technology could very well be the differentiating factor
that helps you attract and retain a young workforce.
more info
01/20/2012 Cloud as an alternative to outsourcing -
CEOs at three of India's top ten outsourcing providers recently told the
Times of India that they plan to "reduce on-site work by up to five percent over
the next year and handle traditional onsite projects such as managing takeover
of an existing outsourcing contract& through videoconferencing. (The Times
did not name the CEOs or their companies.)
 As the
whistleblower case against Infosys, alleging that the Indian IT services
provider misused B-1 visas to bring offshore staff to the U.S., heads to court
later this year, it's unlikely that scrutiny of the temporary worker visa system
will subside. And, as of Monday, talks between the U.S. and India intended to
address these visa complaints among other issues, were called off
indefinitely.
Prepare now for the inevitable effects of reductions in onshore and on-site
headcount:
- Conduct a Process Design Review - Make sure that
essential on-site roles required for seamless operation of global delivery
will be filled. Consider contract resources to handle short-term gaps, advises
Amneet Singh, vice president of global sourcing for outsourcing consultancy
Everest Group. Longer term, developing such skills in-house maybe a better
bet. "Buyers are picking and choosing certain roles to bring back in-house,"
says Esteban Herrera, chief operating officer of outsourcing analyst firm HfS
Research.
- Invest in Change Management Efforts - Prepare users for
potential tweaks in the delivery model and changes in their day-to-day working
experience, says Singh, and execute an effective communication strategy to
address any uncertainty in the business
Consider Nearshore Alternatives -
Providers with alternate delivery locations, like Mexico, do not have the same
temporary visa restrictions as a result of the North American Free Trade
Agreement (NAFTA), Herrera points out. They can more easily transfer workers
across borders to manage projects and knowledge transfer.
- Beef Up Your Technology Backbone - Your offshore provider
is likely to require more high-end videoconferencing or digitization
capabilities to manage future projects. Ensure you have the right
infrastructure and software to handle the proposed technology enablers of
diminished on-site staff, says Singh. Also, make sure to design and execute
effective internal training programs for the new tools.
- Revisit Contract Pricing - If your IT service provider is
planning to move on-site roles overseas, it's probably a good time to
renegotiate price, but don't play hardball. Sharing the upside of sending more
work to less costly locales will result in a happier and healthier
relationship long-term.
more info
01/12/2012 Half of European companys have no Disaster Plam -
 Over half of small
organisations across the UK, France and Germany are operating without a formal
disaster recovery plan in place, according to research.
The survey of 160 IT decision-makers found that 58% of small organisations
(50-250 employees) do not have a formal disaster recovery plan, and nearly one
fifth of mid-sized enterprises (250- 1,000 employees) are in the same
position.
Industry differences became apparent when comparing how prepared
organisations are for a potential disaster. companies within the Financial
Services sector (90%), as well as those in Communications and Media (81%), have
formal disaster recovery plans in place. However, a much smaller percentage of
businesses in Retail & Distribution, and Manufacturing, have done the same,
with less than 40% having drawn up formal disaster recovery
plans.
more info
01/07/2012 Security Template now has electronic forms -
 Security
Manual for the Internet and Information Technology is over 230 pages in length.
All versions of the Security Manual template include both the Business & IT
Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both
were redesigned to address Sarbanes Oxley compliance). In addition,
the Security Manual Template PREMIUM Edition contains 16 detail job
descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000,
PCI DSS, and HIPAA.
 
The policies and procedures template now has electonic forms including:
- Blog Policy Compliance
- Company Asset Employee Control Log
- Email - Employee Acknowledgment
- Employee Termination Checklist
- Internet Access Request
- Internet Use Approval
- Internet & Electronic Communication - Employee Acknowledgment
- Mobile Device Access and Use Agreement
- Employee Security Acknowledgement Release
- Preliminary Security Audit Checklist
- Security Access Application
- Security Audit Report
- Security Violation Reporting
- Sensitive Information Policy Compliance Agreement
more info
11/22/2011 Federal agencies are not spending as much as private businesses on security -
Federal agencies have budgeted $6.5 billion for security in 2012, much less
on a percentage basis than other businesses and industries.
The federal
government lags behind most industries when it comes to how much of its IT
budgets are spent on security, pointing to a need for agencies to rethink their
investments as they adopt new technologies.
Many agencies report they don't feel they have enough money to spend on
security and, in general, security investments by the federal government are
less than that spent by other business sectors.
In total, federal agencies have budgeted $6.5 billion for all security
investments in fiscal 2012. However, the entire IT budget for the feds for that
year is expected to top $81.3 billion.
Not surprisingly, the Department of Defense spends more than any other agency
on security, according to the report. Its budget in 2012 for security for both
legacy systems and development, modernization, and enhancement, in 2012 is $4.1
billion, according to the report, which does not provide data on total IT
budgets for agencies. The Department of Homeland Security also is one of the
leading security investors among agencies, having budgeted $525.7 million for
security in 2012.
more info
|
