Security is a pipe-dream

Security Pipe Dream for many

Security is a pipe-dream,  few enterprises are fully protected from events that have occurred in the past several months.  All one has to do is to look at the recent cyber attacks at Uber and Experian. In both of those cases, the CIO and/or  CSO were blamed and left the organization.

Not many CIOs and CSOs feel they have 100% of their security risks covered. In a recent survey that was published in NetworkWorld:

  • 55% said that was the case
  • 40% said they hope the had all of their security bases covered
  • 6% said that they did

With only 6% saying they had all of their bases covered there are many opportunities for security hackers and data breachers to attack the systems in place.

Now that we know that a security breach may occur, how sure are these same CIOs and CSOs that they will be able to react in time? The first step is detection that a hack or breach has occurred. In another survey by Janco Associates, we found that in midsized and large enterprises:

  • 35% had a detection solution in place and they automatically quarantined the server(s)
  • 43% had a detection solution in place but had to “manually” quarantine the server(s)
  • 23% had to “manually” put the server(s) offline when they found out they had a problem

When you put these two sets of data together, you conclude that less than 2% of enterprises are protected adequately enough to prevent a major security hack or breach occurs.

Disaster Recovery / Business Continuity &
Security Template Bundle

ISO 27000, Sarbanes-Oxley, and HIPAA Compliant
PCI-DSS Compliant

Order DRP BCP SecuritySample DRP Security Manual

Experts Agree You Should Update Your Plan Annually

Security is a critical concern during the recovery process

It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don’t have a disaster recovery plan or haven’t updated yours recently, now is the time to take this critical step to protect your business.

Highest Unemployment States

Highest Unemployment States are in unrelated job markets

Highest Unemployment States are Alaska, District of Columbia, and New Mexico.  Two of the job markets that have unemployment rates higher today than a year ago are Alaska (6.6% – 2016 and 7.2% – 2017) and the District of Columbia (5.8% – 2016 and 6.6% – 2017).

Highest Unemployment States - Graphic

The interesting fact about these three states is that they have seen little of the positive effects of the improvement in the national job market with its low unemployment numbers.

National Unemployment Rate - Graphic
The U.S. national unemployment rate is at the lowest levels that it has been at in over seven (7) years.

The current unemployment rate for the U.S. is just about the full employment rate (4.1% versus 4.0%).  At that level companies typically begin to increase salaries to help acquire and maintain the necessary staffing levels to meet operational objectives.

Order Salary SurveyDownload Sample salary survey

 

At Risk e-Mail Accounts

At risk e-mail accounts are Gmail, Yahoo, and Hotmail

Security Manual Template
Security Manual Template contains all of the procedures needed to support a world class security infrastructure. Contain BIA and Threat Assessment Tools.

At risk e-mail accounts according to the University of California (Berkeley) and Google are Gmail.com, Yahoo.com and Hotmail.com.  Users who use those email  account have the highest probability of being  victims of hacking attacks. The types of attacks are credential exposure, phishing, and keylogging.

Much of the expose is due to the multitudes of “unsophisticated” users who are not well trained in how to avoid those attacks.  In addition, there is the exposue they face due to the loss of their credentials because of a lack of adequate security at hosting sites from where their credentials and personal data can be extracted.  The cases in point are the recent massive hacks at Yahoo and Experian.

The summary results of the study are:

At Risk e-mail accountsThe data does NOT reflect the victims of the Yahoo and Experian attacks.

Read on SecurityOrder Security ManualDownload Selected Security Manual Pages

 

 

Security Vulnerability Analysis Tool

Security Vulnerability Analysis Tool and BIA in Template

Security Manual Template
Security Manual Template contains all of the procedures need to support a world class security infrastructure. Contain BIA and Threat assessment tools.

Security Vulnerability Analysis Tool is not included as part of Janco’s Security Manual Template.  Firewalls have become ubiquitous across enterprises over the past decade, but the combination of new and varied access methods combined with increasingly sophisticated attacks has forced network operators and security professionals to constantly evaluate their defenses. When deploying a next-generation firewall there are many  factors to consider.

The Security Manual template now includes the latest Threat Vulnerability Analysis Tools.  They are proven and ready to use.

One of the really great features are all of the electronic forms that come with the Security Manual Template.

Read on SecurityOrder Security ManualDownload Selected Security Manual Pages

Blockchain Developer Job Description

Blockchain Developer Job Description added to Janco’s HandiGuide

Blockchain Job DescriptionBlockchain Developer Job Description has been added to Janco’s HandiGuide and will appear in the 2018 Edition.  Until that time anyone who orders the Job Description HandiGuide will get the MS WORD version as a separate file.

The Blockchain Developer is currently one of the hottest jobs out there.  Individuals with that skill set can easily command $125K to $150K as a starting salary.  The developer is responsible for

  • Developing innovative solutions to challenging problems, including command and control and high integrity solutions.
  • Performing complex analysis, design, development, testing, and debugging of computer software for distinct product hardware or technical service lines of businesses.
  • Performng software design, operating architecture integration, and computer system selection.
  • Having the ability to operate on multiple systems and apply knowledge of one or more platforms and programming languages.

The Blockchain Developer is challenged with legacy infrastructure that will be the main obstacle to successful implementations. This is coupled with the challenges of technical understanding – the practicality of implementing decentralized cryptosystems that fall outside of the traditional IT development skill-set.

Order digital brand manager job description

Women CIOs

Women CIOs – 28% of CIOs in public companies are women

Women CIOs – Women in management are making it as CIOs in large publicly traded companies.  In reviewing Janco’s historical data we have found that in 2013 only 19% of the CIOs in our sample were women.  That has grown to 28% with our more recent data.

Women CIOs
More women are CIOs in large publicly traded enterprises than in smaller one

In an earlier article post our the Janco web site (Women in Management – Women are making inroads in the CIO position and other C-Level jobs), Janco found that the areas where women are getting to the executive management positions are:

  • Human Resources -Chief Human Resources Officers
  • Marketing – Chief Marketing Officers
  • Information Technology – CIO

Within those organization the number of women supervisors is  currently in the 30 to 40% range.

Order CIO Job Description

Those who violate 10 commandments of business continuity plan fail

When a business continuity plan is non-functional

Failed Business Continuity – This morning about 2:00 AM MST one of the largest providers of cloud services went down.  As I write this it is 11:30 AM MST and the service is still down.

It seems that their entire network – both the east coast and west coast is down.  I talked to their corporate office and at this time they have no idea as to when they will be back up and at the same time the person I talked to said he did not know what their business continuity plan was since this was a nation-wide failure in their network.

They should have followed the 10 commandments that we published earlier.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

Digital Brand Manager Why?

Digital Brand Manager why have the position

Digital Brand Manager Why
The Digital Brand Manager helps a company drive growth in its brands and product lines

Digital Brand Manager why have the position is a question that if you have to ask means that you do not understand the new market place.  Social media and networks drive traffic to social networking sites and websites where reputations and products are focused on.

The Digital Brand Manager is the primary focus point for the Internet and social network presence of a brand. The individual is responsible for digital consumer experiences across the entire enterprise and its operations. They help a company drive growth in its brands and product lines by converting traditional physical brand management process to social media ones, and oversee the rapidly changing digital sectors like mobile applications, social media and Internet based marketing.

The reasons why an organization should have a Digital Band Manager:

  • They are responsible for executing and evolving the enterprise’s Social Media Strategy
  • Understanding a brands performance & emerging company/consumer needs.
  • Defining channel roles
  • Establishing content strategy
  • Managing the social persona development of the brand’s social network

Order digital brand manager job description

Threat and Vulnerability Tool – Best in Class according to IT Productivity Center

Threat and Vulnerability Tool – Best in Class according to IT Productivity Center

Threat Vulnerability Assessment Tool Best in class
The purpose of a Threat Risk Assessment (TRA) is to categorize enterprise assets, examine the different “threats” that may jeopardize them, and identify and correct the most immediate and obvious security concerns.

Threat and Vulnerability Tool – Best in Class award concurrent with the release of Version 4.o.  Janco is proud to announce it has recieved a Best in Class by the IT Productivity Center.  This is the third time the IT Productivity Center has issued an award to Janco for this tool.

One of the added features of version 4.0 is that it now comes not only in MS Word and PDF formats, but it also comes as an ePub (eReader) document that can easily be distributed to smartphones, tablets, and desktops.

The Tool comes with a work plan that can be used to conduct the Threat and Vulnerability Assessment as well as a definition of the components of the process including:

  • Administrative Safeguards
  • Logical Safeguards
  • Physical Safeguards

One of the additional features of this template is that it can be used as the core of an enterprises compliance program.

This tool is also included with the Disaster Recovery / Business Continuity Template and the Security Manual Template.

DR/BC Plans and Security Procedures have errors

DR/BC Plans and Security Procedures errors

DR/BC Plans and Security Procedures errors – Janco has reviewed the recovery processes of 148 enterprises that were impacted by the recent hurricanes, fires, miscellaneous business disruption events and found that 53% had some significant error(s) or omission(s) in their DR/BC Plans and/or security procedures. Many were attributed to the length of the business interruption event and the lack of supporting infrastructure such as cell communication (Puerto Rico) or shortage of fuel for back up generators.

Only 17% of enterprises that had major business disruption events in the summer and fall of 2017 had no major issues with their DR/BC plan activation process and security procedures

Janco is currently in the process of determining what were the causes for these defect.  Preliminary  findings are that as a result of the slow economy enterprise cut back on the maintenance of core infrastructure.  This included updating existing DR/BC plans Security procedures with changes, training in those areas, and people being reassigned or leaving the enterprise that were critical for these processes.

Janco’s Solution

Janco has added 17 electronic forms to alleviate this problem in DR/BC plan and its Security Manual Template. Included as a bonus is an eReader format of both templates.  The forms can be completed via tablets and smartphones and stored in a remote cloud location.  With the included security and DR/BC audit programs, it now is easier to highlight those areas of existing plans and procedures which need work to guarantee compliance with security mandates and success in the recovery process.

Security and DR - BC Read onOrder DRP BCP SecurityDownload Table of Contents Security and DRP templates

596,300 IT jobs to be created

596,300 IT jobs to be created between 2016 and 2026

596,300 IT jobs to be created in the next 10 years according to BLS Forecasts.  The BLS projects the median salary for all IT jobs will be $82,830 excluding inflation.  For most jobs a Bachelor’s degree will be required, those would include:

  • Software Developers, system software (46,100 jobs median salary $105,860)
  • Software Developers, applications (253,400 jobs median salary $100,080)
  • Computer Systems Analysts (53,000 jobs median salary $87,220)
  • Operations Research Analysts (31,300 jobs median salary $79,200)

For those IT Pros that do not have a degree but some college, they will opportunities as Computer User Support Specialists (71,100 jobs median salary $49,390). These will be the lowest paying jobs in the IT job market.

When we take that project and compare it with what Janco says are the median salaries for staff positions we there there is significant room for growth in compensation levels.

IT jobs median salary
These are the latest summary results of Janco’s salary survey which is is updated twice a year; once in January and then again in July.

The growth in salaries will be greatest amount those who “create” code and applications. User support will end up being minimum wage jobs.  Added to that as new applications are created they will have more built in help, self correction and tutorials negating the need for “specialist” who know the the applications and devices at a very low level of detail.

Order Salary SurveyDownload Sample salary survey

 

 

10 Reasons why Chip Readers

10 Reasons why Chip Readers used by merchants

10 Reason why Chip Readers10 Reasons why Chip Readers usage will expand.

  1. Credit card chip usage improves the security landscape
  2. Required for compliance
  3. Merchants pay a lower fee
  4. Physical card is required for in-store transactions
  5. Credit card chips reduce counterfeit card fraud: Countries that have been using chip cards for many years have seen significant reductions in counterfeit card fraud. In the UK, for example, counterfeit card losses have been reduced by 70%.
  6. An increased number of chip cards in consumers’ possession: over 600 million chip cards have been issued in the U.S. as of the end of 2016.
  7. Majority of all retail outlets now accept chip cards: almost 90% of all travel, entertainment, and high-cost retail operations accept chip cards
  8. Swipe and insert versus manually keying in card information is more accuracte
  9. Daily settlement of transactions for merchants
  10. Get accurate customer information: For online transactions validate customers’ billing and address information is entered correctly.

Read on…

Order Omni Commerce Planning ToolkitDownload Selected Pages of omni commerce strategy

10 Question Security Assessment Process

10 Question Security Assessment Process for CIOs and CSOs

10 Question Security Assessment
Everything that needs to be done in order to improve the security and compliance of the enterprise

10 Question Security Assessment Process is a way for CIOs and CSOs to quickly identify risks that they need to address.

  1. What does the enterprise need to differently today in order to stop a breach tomorrow?
  2. Does the enterprise know if the company has been breached? How does it know?
  3. What assets are protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
  4. What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
  6. Are formal written policies, technical controls or both in place? Are they being followed?
  7. What is the enterprise’s security strategy for IoT?
  8. What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
  9. Does the enterprise have an incident response plan in place?
  10. What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?

Supports Meaningful Use Compliant Stage Implementation – Meets HIPAA Ransomware Guidelines — Comes in eReader, MS Word, and PDF formats. Includes 24 Electronic Forms that are ready to use and User Bill of Rights for Sensitive Data and Privacy

Order Security Policies and ProceduresDownload TOC security policies

Over 50% Job References Not Checked

Job references not checked by employers

Job references used to be the gold standard that almost all enterprises used to verify candidates backgrounds and character.  That is no longer the case according to Janco Associates.

In the process of updated and re-issuing its Interview and Hiring Guide, they found that only 46% checked even one reference.  Surprisingly they discovered that 30% depended on statements made by candidates during the actual interview process.  In addition, 26% whet to social media pages like Linkedin and Facebook reviewed what was posted there and assumed it was factual and correct.

Job references
Hiring managers no longer depend as much on job references when evaluating whether to hire a candidate.

The move away from personal references has been driven by the inability of individuals to provide “accurate” information on candidates.  For example, if a negative reference is given by an enterprise’s employee or agent, the enterprise could bee subject to litigation. Plus, many severance agreements stipulate that companies provide “positive references” for terminated employees.

Interview and Hiring Guide

Version 2.0 of the Interview and Hiring Guide contains specific questions that interviews can ask about prior employment, the position the candidate is interviewing for, education and training, remote workers, decision-making and creativity, management and leadership, non-work activities and interests, and questions that should be avoided. In addition, it provides a list of best practices for screening resumes, phone screening, the top 10 interview best practices, and hiring best practices.

The Interview and Hiring Kit can be purchased separately $89 or with one of the four versions of the IT Hiring Kit, ranging in price from $579 to $2,399 with 12 months of update service or $799 to $2,799 with 24 months of update service.

Read on Order Interview Hiring GuideDownload Interview Guide

Top 10 Interview Best Practices

Top 10 Interview Best Practices to get the candidate to say yes

Top 10 Interview Best Practices to improve an enterprise’s chances that a candidate will say yes to your job offer.

  1. Make the right impression from the first point of contact to the job offer.
  2. Have complete and accurate job description available during the interview.
  3. Let the candidate review the job description before the interview.
  4. Communicate to the candidate what the interview will entail.
  5. Be prompt and do not make the candidate wait.
  6. Allow no interruptions and focus on the candidate.
  7. Prepare for the interview and have a set of questions ready to be asked.
  8. Have materials to be provided to the candidate available –  put a post-it note on the materials with the candidate’s name on the materials.
  9. Be enthusiastic and positive not only about the job that is being filled but also about the company.
  10. Define next steps at the end of the interview.
Top 10 Interview Best Practices
“Everything enterprises need to hire the best IT Pros as demand for IT Professionals increases” – CIO Fortune 500
Order IT Hiring Kit
%d bloggers like this: