Facebook Follow



XLM News Janco News Feed

Reddit  Del.icio.us  Stumble Upon  Facebook  
Business Continuity &
Disaster Recovery Template
A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters.

The DRP template includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. More...
Security Manual Template
Most companies have initiated the necessary steps to safeguard their company assets. Information security has moved from a business cost to a business enabler. However, new threats and technologies are constantly and rapidly changing the network landscape. System administrators must scan the network continually for known security weaknesses, keep their skills current and, most important, reexamine corporate security policies periodically.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step.. More...
Job Descriptions
The Internet and IT Position Descriptions HandiGuide® was completed in 2012 and is over 660 pages; which includes sample organization charts, a job progression matrix, and 243 Internet and IT job descriptions.  The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format. More...
Infrastructure
Infrastructure Policies
ITSM
Job Descriptions
Communication Policy
SOX Compliance

 

IT Service Management ITSM ITILMetrics IT and Internet

 ITIL - Implementation

Using the
IT Service Management for
Service-Oriented Architecture
Template to implement ITIL

      

Order ITIL ImplementationSample ITIL Implementation

The IT Service Management for SOA architecture is compliant with the latest defined ITIL and ISO 20000 standards. 

Information Technology Infrastructure Library (ITIL) is a consistent and comprehensive documentation of best practice for IT Service Management. Used by hundreds of organizations internationally, a whole ITIL philosophy has grown up around the guidance contained within the ITIL books and the supporting professional qualification scheme.

ITIL Implementation

ITIL Version 3 was released in the spring of 2007 and ITIL 3.0 is structured around a core of Service. 

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement

The processes that are addressed in that standard are:

  • Access Management
  • Availability Management
  • Capacity Management
  • Evaluation
  • Event Management
  • Financial Management (aka Service Economics)
  • Information Security Management
  • Knowledge Management
  • Problem Management
  • Release and Deployment Management
  • Request Fulfillment
  • Service Asset and Configuration Management
  • Service Catalog Management
  • Service Continuity Management
  • Service Level Management
  • Service Portfolio Management
  • Service Validation and Testing
  • Supplier Management
  • Transition Planning and Support

These process in turn are supported by six (6) functional areas.  Each of these areas have policies and procedures that are contained in the IT Service Management Template.

Order ITIL Implementation       Sample ITIL Implementation

ITIL Standards

Service Desk - (Help Desk Policy, Help Desk Standards, Help Desk Procedures, and Help Desk Service Level Agreement)

An effective "service desk" (Help Desk) can be a great asset to any enterprise. Getting accurate feedback on issues your users are having can only benefit your development efforts and ultimately, the users themselves. The key here is to make sure that the help desk is well-prepared to accept responsibility for support calls on your applications.

Janco recommends that you start working with the help desk at least six weeks before your first application release. If the help desk is mature, they will have aids for capturing application support requests. These will provide the initial information needed for the knowledge base. The help desk personnel will augment that knowledge base over time with solutions and user work-around(s) as they come up with. Be sure to weed out the "false solutions."

There should be a complete distribution list for ticket reports from the help desk to all of the key managers and users in the enterprise. These will disclose what issues users are encountering. Commonly recurring or high-impact issues should become the focus of everyone involved. This then feeds the priority setting process in the Problem Management process.

Incident Management (Help Desk Procedures, Service Request Policy and Service Request Standard)

ITIL defines an "incident" as any disruption to the normal operation of a system or application.  This includes bugs, outages, and even user interface problems.  The Incident Management process begins with notification of an incident.  This can be logged by the  help desk in response to a user call.  It can even be automatically created by a monitoring system.  It marked as completed when normal functioning of the system is restored.

Note that this does not include root cause analysis or correction!  Incident Management is all about restoring service.

Ideally, the  help desk handles the entire Incident Management process.  In less ideal cases, development may be called on to help resolve "novel" incidents--ones that do not have a solution in the  help desk's knowledge base.

When incidents come into the development room, you have some negatives that need to be dealt with. The incident needs to be resolved expeditiously, making it both interrupt driven and urgent. Therefore, every incident will automatically take somebody off their current assignment. This is damaging to flow.

In worse cases, the entire team may get derailed and start huddling around the incident. Fire-fighting is exciting and many help desk professionals like to work them. If the entire team is chasing the incident, nobody is making forward progress on scheduled tasks. If you have a large user community or a lot of incidents, you can lose an entire day or weeks before you realize it.

This can be exacerbated if your help desk never resolves application support incidents. In such cases, Janco recommends the "Center-Post" position. Assign one member of the team to be the primary point of contact for incident resolution.

Problem Management (Help Desk Procedures, Service Request Policy and Service Request Standard)

Recurring incidents can be identified as Problems that require correction. This is the job of the Problem Management process.

Identifying a problem is often done by the  help desk, but it can also come from others. The decision about which problems require correction and which ones have top priority often becomes very slow and bureaucratic. Janco has seen teams get chewed out for fixing problems that weren't scheduled to be addressed for a couple of iterations!

Problem managers should be encouraged to communicate via status reports. There also is a need to communicate back to the user community when the status of a problem changes. Good Problem Management classifies problem states such as "known problem", "known workaround", and "known solution". A help desk team will typically move through these states pretty quickly.

Bear in mind that the ITIL definition of Problem Management is all about oversight, not the actual changes needed to fix the problem.  The actual changes are deployed as part of Release Management.

Change Management (Change Control Standard, Change Control Quality Assurance Standard, Change Control Management Workbook, Version Control Policy, and Version Control Policy)

Change Management is the most complex part of the ITIL standard.  This is the process that so easily slips into heavyweight bureaucracy or, worse, meaningless meetings.

Change Management as defined simply means tracking changes, their impact to configuration items, and ensuring that changes are applied in an orderly way.  It doesn't have to hurt.

In reality, however, help desk will spend a lot of time preparing for change management committee (CMC) meetings.

Janco recommends standardizing your change and deployment process (per the standards defined in the template). Get into a regular rhythm of releases and deployments so the CMC comes to expect that every third Tuesday (or whenever), your team will have a new release. Standardize the release mechanics and system impact statement so you can standardize and re-use your change requests. Familiarity will create confidence with the CMC.

Configuration Management (Documentation Standard, Version Control Policy, and Version Control Policy)

Configuration Management (CM) is not the act of changing configuration items. It's the process for tracking planned, executed, and retired configurations. As you plan each release, you should identify the places that will be affected by the release.

In a well-executed ITIL rollout, CM is vital for change management, incident management, the help desk, and release management. In a poorly-executed ITIL rollout, configuration management does not exist, or it only addresses servers or network devices.

CM should cover servers, network topology, applications, business processes, documentation, and the dependencies among all of them. That way, proposed changes to one area (e.g., upgrade to front-end firewalls) can be analyzed for its impact.

Release Management (Documentation Standard, Version Control Policy, and Version Control Policy)

Release Management dove tails with Information Technology's release planning cycle. Engage early.

Order ITIL Implementation       Sample ITIL Implementation

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ITIL News



BYOD improves productivity

IT Infrastructure, Strategy, and Charter TemplateThe latest results from a quarterly survey of IT decision makers shows that a significant number of companies with tablets deployed are seeing productivity gains tied directly to their use.

In the survey of over a thousand IT decision-makers, 74% indicated that using tablet computers and smartphones led to an increase in productivity in their organization while 25% of those said it has led to a significant increase. In addition, half of those surveyed said they felt the use of tablets and smartphones has led to cost savings in their organization.

order

Addressing the so-called BYOD (Bring Your Own Device) trend, 64% of the IT decision-makers at large businesses reported that consumer technology adoption has led to cost savings, while 42% said they experienced significant cost savings.

- more info


Mobile devices put a strain on help desk staff

IT Infrastructure, Strategy, and Charter TemplateIT Help desks need to focus more of their resources handling mobile computing.  Even though remote access is only available to one third of mobile workers and instant messaging is only available to one quarter, CIOs need to consider new technologies when providing support to workers who do not have ready access to in-person support options. Policies and performance metrics are a must.

order

Documenting a clear set of IT policies is a resource-intensive process for CIO and their staffs due to the research and writing time involved. And once policies are created, the next step is to communicate and gain acceptance for those policies throughout the organization. Wouldn't it be nice to start with boiler plate templates that require only minor customizing?

- more info


Meeting productivity improvement

Ideas to improve meeting productivityCIO Productivity KitIT Infrastructure, Strategy, and Charter Template

  • Have agendas with goals objectives. It's considered bad business manners to send a meeting request without providing an agenda. When calling a meeting focus agenda on expressly stating the goal(s) of the meeting.
  • Replace the default 60-minute meeting time slot with a 20-minute meeting unit. For some inexplicable reason, people seem to naturally default to 60 minutes as the amount of time needed for a meeting. And while that may be the case in certain circumstances, it should not be the default position. In place of a 60-minute default time slot, adopt the 20-minute meeting unit. If a particular topic needs more time than that, it is up to the meeting organizer to convince the participants that two (or three, or four) meeting units of 20 minutes are necessary.
  • Have people stand during meeting.  It is too easy to "waste time" when everyone is sitting. 
  • Orient the meeting toward follow-ups and actions. Meetings produce lots of ideas and discussion. That's wonderful. But the real purpose of most meetings is to agree on next steps and actions. Keep a focus on targeted actions and your meetings will be productive. Allow them to become discussion forums for "important issues," and they will feel long and painful.
Order IT Infrastructure KitDownload Infrastructure
- more info


Labor Force Participation Rate at Lowest Level in over 40 Years

The BLS data shows that the participation rate in the job market is at levels that have not been seen since the 1970's. In March of 2012 the work force participation percentage of all employees (male and female) was at 63.8% according to the BLS data.

Work Force Participation

    
 
Assuming that there is a significant downsizing of the military and there are no new programs to get jobs for soldiers coming home then the true unemployment levels will not go down for some time.
- more info


Mobile device usage improves productivity

BYOD Policy

Today's most productive employees are not tied to a desk, an office, or a location. They are mobile. And your company’s IT strategy has to be ready to support them with easy, reliable, 24/7 access to the business information they need, from anywhere in the world, across a broad range of communication devices.

order

Mobile contentmanagement increases user productivity, ramps up customer engagement, enhances customer service, maximizes collaboration and drives more effective business decision-making.

- more info


Disaster planning state of the art solutions

order   Download

Disaster Recovery Business ContinuityNot all disaster recovery applications are created equal. There are three main methods for providing backup for virtual environments in the industry today. Understanding how these methods impact your environment as a whole, is key to making sound decisions when choosing the correct application for your business.

In our Disaster Recovery Planning Template Janco presents:

  • Review these methods to compare and contrast the impact on the environment
  • Strategies
  • See how each method effects the backup window and storage and the MTPOD (Maximum Tolerable Period of Recovery)
  •  Present state of the art solutions to the global body of knowledge for DR/BC, including current international standards and best practices.
- more info


EU Proposes New Security Requirements

Security Manual Template

EU proposed the replacement of Data Protection Directive 95/46, an important component of EU privacy and human rights law under which organizations in both the public and private sector have been operating for thirteen years.

It would reduce bureaucratic compliance requirements for many organizations and provide a single set of compliance laws across Europe. At the same time, it would impose a greater responsibility on organizations to protect against and acknowledge data breaches, introducing stiffer penalties for organizations that fall short of the legal requirements. This would be no bad thing. Senior management need to act to stop the flow of sensitive information that is leaking out of organizations. The right information policies and procedures need to be in place. All too often, it seems that organizations are mopping the floor after the leak.

order   Download

In particular, the draft EU proposal includes four requirements that would, if adopted, have a far-reaching impact on all organizations that do business in Europe.

  • A mandatory notification of breaches. This recommends that both the relevant Data Protection Authorities (DPAs) - [in the UK's case this would be the ICO]  - and all affected individuals have to be notified within 24 hours of a data security breach, including unauthorised destruction or loss. The data protection authorities must be notified even in the absence of any risk of harm to data.

    This requirement raises a number of important questions including the need for data breach thresholds: does this requirement apply to the loss of a single record, for example, and would there be a longer time limit if the data breach involved the loss of millions of customer records? It also raises the question as to whether public and private sector organizations would be able and indeed willing, to self-regulate.
  • All public sector organizations, and private sector organizations with more than 250 employees, to have a named data protection officer. This could have significant resource, training and recruitment implications for many organizations. One option could be to add the responsibility to the remit of an appropriately skilled employee.
  • Regulatory authorities would have powers to impose fines of up 1 million Euros -  or two percent of turnover for private sector organizations -  for failures to comply with the regulation. That the EU is prepared to authorise this level of punishment highlights just how seriously data protection is to be taken.
  • Give individuals the 'right to be forgotten'. In essence, it states that individuals should have greater control over their data and be allowed to demand the removal or deletion of personal records from any organization that holds them. If adopted, this requirement would have immense resource implications for organizations and could be time-consuming and complex to implement, particularly where it relates to the fast-moving world of social media. However, the small print suggests that this right is a 'qualified' one.
- more info


Proposed new manadated compliance for executive and CIO compensation

An entirely new and potentially more invasive accounting-related influence on executive compensation (including CIOs), in the form of proposed amendments to Public Company Accounting Oversight Board (PCAOB) auditing standards. If adopted, the proposed amendments could spur corporate auditors to force changes to compensation programs due to unacceptable risks of material misstatement, an increased risk of fraud, or both.

 IT Compensation Data

    

Executive compensation is not a new area for the PCAOB. Auditing Standard No. 12, "Identifying and Assessing Risks of Material Misstatement," currently states that "the auditor should consider performing . . . procedures and the extent to which the procedures should be performed [to] obtain an understanding of compensation arrangements with senior management, including incentive compensation arrangements, changes or adjustments to those arrangements, and special bonuses."

The increased scrutiny would not be limited to just reviewing more documents. The proposed amendments also would require the auditors to consider contacting persons who are involved in executive-compensation decisions but not in financial audits - such as the compensation committee chair, the outside compensation consultant, and human-resources personnel - to better understand the company's executive-compensation structure. Auditing procedures would also target the authorization and approval process for executive perquisites and reimbursement arrangements.

- more info


Security breaches can go un-detected for a lomg time

Security Breaches

Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference.

According to the report, the use of default or stolen credentials was one of the primary methods that attackers used to gain access to data in 2011. Some organized crime groups have automated their attacks to scan for very specific ports, like those for remote desktop, pcAnywhere and similar products, and then they try to log in with common or stolen passwords.

This problem is common with small businesses that outsource the administration of their IT systems to third parties who offer remote support. These organizations should implement some type of access control for remotely accessible systems, like restricting which IPs are allowed to connect to them.

Web-based attacks like SQL injection have a lower frequency and didn't even make the top 10 list on the annual report that will be published later this year, Baker said. The rate of SQL injection attacks is usually much higher for financial services organizations.

Janco's Security Manual for the Internet and Information Technology is over 240 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program.

order   Download

One problem that doesn't seem to improve from year to year has to do with breach discovery. It takes the majority of organizations months to discover a breach and some of them even take years.

- more info


Cybersecurity now a CEO concern

Security Procedures

Cybersecurity is not just an IT issue; that is not how your adversaries are looking at it. Using IT happens to be the way they get into networks. Technology is only one aspect. Organizations need to look at it as a foreign intelligence collection effort. Bottom line, cybersecurity needs to be top-down driven, from the head of the agency or a CEO on down. Only then will the enterprise be adequately protected.

Security Manual Template

- more info


Disaster Planning budget discussion

Business Continuity

Points that need to be included in any discussion of disaster planning budgets:

  • There's nothing more important to the business than its data
  • The DR investment protects the enterprise from everyday disruptions
  • Is the current DR plan in compliance with new privacy laws
  • Stakeholders won't invest in the business without a DR plan
  • A weather disaster could be heading to your enterprise's way
  • It's not a matter of if, but when an IT catastrophe will strike
  • New DR advances make it more affordable than you think
  • Outsourcing DR can save you time and money

order   Download

Disaster Recovery Planning (DRP) template can be used by any size enterprise. The template and supporting material have been updated to be Sarbanes-Oxley compliant.  The Disaster Recovery Planning Documentation comes as a Word document with electronic forms.

- more info


Feds to cut IT spending

Metrics Internet and ITThe current administration has proposed a slight decrease in federal IT spending in 2013, with many of its funded projects aimed at realizing further savings down the road.

Overall, the budget calls for spending $78.8 billion, a 1.2 percent decrease from 2012.

The Defense Department takes the biggest hit overall, with a drop of 3.6 percent, which more than offsets a 1.1 percent gain in civilian agencies.

Many of the IT projects highlighted in the proposed budget received support because of their potential to improve the efficiency of agency operations by modernizing and enhancing existing systems. The budget also highlights ongoing efforts to save money through data center consolidation and cloud computing.

order   Download

One idea is to create a “data center marketplace,” in which agencies in need of new computing power can be steered toward unused capacity available within government.

- more info


Training supervisors on supporting staff improves productivity

Job Descriptions

The demand to improve productivity has created a workplace environment of intense competition and increased stress for many. Paradoxically, these conditions often stymie organizational efforts to become more efficient and effective.

A new study offers a way to improve worker productivity - training direct supervisors to provide support. While it may seem a common-sense notion, many employers do not train supervisors on the necessity of support or on techniques to provide assistance.

In earlier studies, scholars have shown stress at the workplace (due to high job demands and low control) can cause workers to develop psychological strain that translates into physiological symptoms, such as headaches, stomach aches and fatigue.Metrics Internet and IT

When the boss offers support in the form of, for example, a lightened work load or stress management training, it is more likely to keep the worker from taking sick leave. This is because the worker feels more inclined to reciprocate the supportive treatment by keeping their work effort high.

Researchers determined that co-worker support early on, when the employee begins to experience workday stress, plays a role in reducing the physical effects of stress, thereby reducing the likelihood of even developing the need for sickness absence.

- more info


H-1B discriminates against US IT workers

H-1B workers are better educated than U.S. born workers and earn more. The report by two economists at the non-partisan Public Policy Institute of California, found that, on average, H-1B workers are about 10 years younger than U.S. born workers.

 IT Job Market

The report's findings concerning pay indirectly challenge beliefs about the H-1B program held by its backers.  In a recent column in the Financial Times, it was argued that restrictions on the H-1B program protect "many high earners from skilled migrant competitors." He called the H-1B program "a subsidy for the wealthy," meaning well-paid IT workers.

But according to this study, the conclusion U.S. IT workers are a "privileged elite is wrong." The study found that the average annual earnings of H-1B workers are about 10% higher than the average annual earnings of U.S. workers, after adjustments for age, occupation and education.

The study is drawing reaction from those who see current H-1B policies as a detriment to U.S. workers.

- more info


Anonymous implements social media hacks

Security Procedures

Anonymous distributed links to specially crafted Web pages via its Twitter feed which was re-tweeted widely, and links also popped up on Internet Relay Chat rooms, Facebook, Tumblr and other social networking sites. Some of the links led to PasteHTML.com, a site that looks a little like the popular text-sharing site Pastebin frequently used by Anonymous to issue statements. A variation of this method allowed users to type in the IP address of target Web servers before the JavaScript code began executing.

order   Download

Most of the links were obscured using URL shortening services such as bit.ly. Several Anonymous Twitter accounts have thousands of followers, and some gained "hundreds of thousands of new fans overnight" during the course of the campaign, according to Cluley.

The new method appears to have helped knock Universal Music and other sites offline during last week's Megaupload-revenge attacks

- more info


FedRAMP to drive cloud solution providers

The Federal CIO Council released the security control requirements for the Federal Risk and Authorization Management Program (FedRAMP) - the new, innovative IT risk management program created to foster the adoption of cloud computing by the Federal government. FedRAMP provides a standardized approach to the security authorization process for cloud products and services, adopting requirements agreed upon by all Federal agencies and approved by the FedRAMP Joint Authorization Board (JAB). The security controls baseline is the basis for FedRAMP’sstandardized approach to the security authorization process for cloud products and services. The release of the FedRAMP controls is the critical first step that to successfully launching FedRAMP.

FedRAMP’s unified risk management process will evaluate IT services offered by vendors on behalf of Federal agencies, saving agencies from conducting their own risk management programs. By reducing duplicative risk management efforts, FedRAMP will enable Federal agencies to focus their evaluations of IT services on their agency’s specific needs, as well as their privacy and security requirements. In the coming month, GSA will release the FedRAMP Concept of Operations, further detailing the processes for Federal agencies and CSPs to meet FedRAMP requirements.

- more info


IT job descriptions updated to meet all compliance requirements

Job Descriptions

Internet and Information Technology Position Descriptions HandiGuide®

243 Job Descriptions and Organization Charts Sensitive Information Policy Compliance Agreement

The IT job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide® were completed in 2012 and contains over 700 pages; in a new easy to read format; and, includes sample organization charts, a job progression matrix, and 243 Internet and Information Technology (IT) job descriptions.   The book also addresses Fair Labor Standards and the ADA, and sexual harassment.  Each job description meets ADA standards and the position description is delivered in electronic format - word which is editable and PDF which is printed.

More..

- more info


Security ignored by younger employees

Security Procedures

Employees aged 18-30 tend to have lax attitudes about computer security and are more likely than their older ounterparts to ignore IT policies, according to a recent Cisco report.

About 61 percent of young employees surveyed by Cisco researchers feel corporate IT security isn't their responsibility and should be handled by their employer or the device manufacturer, the researchers wrote in the third installation of Cisco's "Connected World Technology" report. "Young employees" in this report included 1,400 college students polled between the ages of 18 and 23 and 1,400 professionals polled under the age of 30.

Seven out of 10 young employees polled also frequently ignore IT policies and 67 percent feel the IT policies on social media and device usage are outdated and need to be modified to "address real-life demands for more work flexibility," according to Cisco. The younger workforce has "different" expectations of what should be allowed at work, and over time these policies and restrictions may become a deciding factor in where they choose to work.

order   Download

The Security Manual for the Internet and Information Technology is over 240 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley.

- more info


Security risk from easy access to user logon information

Security Procedures

Users have dozens of logins and passwords spread out across an equal number of sites and applications and it's no wonder the average user tends to forget their secret info. Even with a tried and true system for generating memorable but complex passwords, the formula could easily fall apart if you just can't remember it.

So rather than continually clicking the "Forget Your Password?" help link, folks are readily hiding login information around their computer station.

And given that there's little variety in those secret locations, "hiding" might be a stretch. Typically user passwords was somewhere on their desk in one of these easy-to-find locations.

order   Download

The most common locations where folks hide their login information are:

  • Under the keyboard
  • Under the phone
  • Under the mouse pad
  • On the monitor
  • In the top drawer
  • Under the desk

In other words, you're not doing yourself any favors if your entire system is compromised by a casual, passing glance from someone outside your office window.

Instead of the highly visible Post-It note on the monitor, Janco Associats recommends secure password aggregators to keep your login information secure.

- more info


Is the death knell for Adobe Flash sounding

Adobe Systems is ending development of its Flash plug-ins for mobile browsers, the company confirmed today. Instead, Adobe will focus on HTML5 and, to a lesser extent, its AIR runtime environment. Adobe says it will work on tools that convert Flash content and apps to HTML5 and AIR versions for use on mobile, rather than continue to develop its mobile Flash Player.

CIO Productivity KitIT Infrastructure, Strategy, and Charter Template

At the same time there continue to be reported problems with Adobe Flash with IE in the 64 bit environment along with the frustration of users with the Adobe Update process.

Adobe has been working on mobile Flash for years, but shipped an Android version only a year ago and on both HP WebOS and the RIM BlackBerry PlayBook tablet this summer. Apple has adamantly refused to allow Flash on iOS over performance concerns (though it does allow AIR), and Flash has also not appeared in the BlackBerry smartphone OS or in Microsoft's Windows Phone 7 despite Adobe's promises to do so.

- more info


How to terminate an employee

When you are going to terminate an employee and have prepared property then you should follow these best practices. Terminations are one of the most difficult personnel issues managers have to deal with; it's easy to bungle them. Avoiding the following pitfalls will reduce your risk of a wrongful termination lawsuit.

Plan for the termination meeting  - Winging a meeting with an employee you are firing is a bad idea. If you don't prepare what you're going to say to the employee, you could speak out of turn, and your comments could be the basis for a lawsuit.

  • What they're going to say during the meeting

    Job Descriptions

  • What's going to happen after the meeting
  • Whether the employee will be allowed to collect his belongings from his desk, or whether the company will pack them up and send them to him
  • If the employee has company files at home, the manger needs to figure out how to get those files
  • Have in hand the employee's final paycheck and include pay for any unused vacation
  • Provide the employee with a COBRA notice so he knows how much it will cost to continue his health insurance.

Planning the details of the termination helps demonstrate respect for the employee. It shows you care enough about the employee to think about the questions and issues the employee will face.

Have two people present in the meeting other than the individual being fired. That way  if you end up in litigation, it's not one person's word against the other. It's better to have a second person from the company who can indicate exactly what was said.

Be serious and do not joke about what is going to happen and do not treat it like a cattle call. Some employers who have to do large layoffs round up employees like cattle in a conference room and tell them all at once that they're getting pink slips. This disrespectful tactic breeds ill will among the affected employees toward their former employer.

Get to the point quickly - Managers should never start a meeting with an employee in which they're going to be terminated with pleasantries. It's cruel to mislead the person about the conversation," she says. Instead, managers should cut to the chase. "We're meeting today because your position has been eliminated' or 'because we need to let you go.'"

  • If the termination is due to the employee's poor performance, managers should have a line and stick to it, such as, 'We've discussed your performance several times. This job is no longer a good fit.'
  • If the employee is part of a layoff motivated by economic or financial circumstances, it's best to say something simple such as, 'Your employment is being terminated due to a necessary reduction in force. The reason we have to do a reduction in force is because of the tough economic climate,' and leave it at that.

Be truthful about the reason for the termination  Managers who feel badly about having to lay off staff will sometimes try to soften the blow to the employee during the termination meeting. The manager might say, "We have to cut you, but it has nothing to do with your performance. You were a great employee, but I need to let you go, and it's completely and solely related to cost reasons".
Such non-truths become problematic when the decision to lay off the employee was in fact performance related. If that individual decides to file a lawsuit alleging he was fired because of his age, the company will respond to the claim by saying, 'You weren't fired for your age. You were fired because your performance was the lowest among the people we chose.’ The plaintiff will in turn respond, 'During my termination meeting, you told me my performance was great and that it had nothing to do with the reason for my termination.' That alone can make an employer liable.

Do not broadcast the termination news over social media. Today there are lawsuits and legal claims related to updates managers have posted to Facebook, Twitter or LinkedIn, in which they disclose details of employee terminations.

Offer employees a severance agreement in return for a release of all legal claims It helps the employee because it aids in their transition and doesn't preclude them from seeking unemployment insurance. From the employer's perspective, the severance agreements are important because the employee will release the employer of all claims related to or arising out of the employment  -- if they accept the severance package. That will take care of tort claims, contract claims, discrimination claims and wrongful termination claims.

- more info


Core network security protection best practices

Security Procedures

Network security basic protection rules:

order   Download

  • Don't grant your users local administrator rights. This is cumbersome, but it ensures that the local hash database resists compromise, keeping other users' hashes away from prying eyes.
  • Use domain administrator credentials only on machines with domain controller roles installed. Use delegated administrator accounts with fewer rights to perform privileged actions on other machines like client computers and member servers.
  • Don't grant junior administrators local administrator rights on servers. Avoid granting anyone local administrator access on servers.
  • Consider setting up a whitelist of known-good applications. For some organizations, this is a trivial task, but it will prevent the operation of the utilities  used in attacks and any other utilities that may come out to make this attack easier to execute.
  • Never use the domain administrator account to grant privileges to service accounts.
- more info


Service-Oriented Architecture and IT Service Management Are Keys To Success in the Recovery

SOA and ITSM drive success and productivity

One bad customer experience can cost you that customer for life. Hospitality, travel, retail, healthcare, and financial services are especially prone to losing customers who have a negative experience. It does not take much for a customer to decide that you and your company are not worth his time, effort, or money.

  

Customers like to feel loved, and they are turned off very quickly when they sense that you do not care about the pain they are feeling. Even if you cannot help them because the situation is beyond your control, acknowledge that you understand both the situation and their frustration.

 No customer wants the person serving her to be distracted or preoccupied. Ever go to the local mall and try to get help from a teenager focused more on texting her friends than helping you find what you’re looking for? On the other hand, being too focused can be a bad thing. Have you ever asked an innocent question out of curiosity and then found yourself stuck for an eternity while a customer support person hunts endlessly for an answer? This person is likely so focused on getting the answer that he does not realize that you really do not care that much about it and would rather not wait for an answer to an inessential question. Be sure your people understand the degree of focus required for the job.

Even if the employee has the right skill set and experience, his odds of being successful and remaining on the job are low if his core behaviors and tendencies do not line up with those needed for success in that particular role. This is especially true for customer-facing roles in which your frontline employees act as extensions of your brand and heavily influence the customer experience.  

- more info


Security for mobile devices is a major issue for CIOs

Mobile Device SecurityWith the proliferation of smartphones and tablets, workers can now process business emails, produce work content, and conduct meetings straight from these devices. They can also perform personal financial transactions, shop online, and even file our taxes with the IRS from the same device and at the same time. Mobile devices are the future credit cards and identity carriers, as well as our portals into the digital world.

This trend is driving more organizations to support personally owned devices in the work environment, allowing employees anytime, anywhere access to business resources. In North America And Europe more than 50% of firms support employee-owned mobile and smartphones. This empowered workforce uses groundswell technologies such as mobile devices to drive increased productivity, innovation, and improved customer services.

The business tasks both IT operations and security professionals with making sense of the complexities of supporting personal devices in the corporate environment. Depending on the industry that you are in, consumerization can present challenges to your security, compliance, and legal requirements. Determining what these challenges are is the first step when crafting a strategy to manage these new endpoints in your corporate network.

- more info


Data governance and record managment objectives

The objective of for records management and data governance falls into three major areas:

  •  Record Management - Data GovernanceFinding out what's in place. Organizations have historically had a rather laid-back approach to data governance, in large part because the (relatively primitive) native security controls haven’t offered any other option. Moving forward, a critical first step is to find out exactly what’s in place to begin with.
  • Minimizing IT's role as gatekeeper. Because the IT team has historically been the only group of people who could modify resource access permissions, they’ve been thrust into the role of deciding who permissions are given to. That’s inappropriate, since IT rarely has the information needed to properly govern access to resources. While IT may continue to be responsible for implementing access controls, moving forward we need to remove them from the role of actually governing, and instead put that burden on the people within the organization who actually own the data.
  • Improving consistency. Inconsistent application of permissions and inconsistent configuration of file servers are leading contributors to downtime, lost productivity, security breaches and more. Organizations seek to create a single, consistently configured and consistently governed environment that provides users with access to exactly the resources they need - no more and no less. An example would be during a merger when bringing in another directory and permission system very similar to the existing.
- more info