Foreign Assignments

Foreign Assignments Considerations

Foreign Assignments – Taking an overseas assignment can be a great career boost. There are some major issues that you need to consider.

Taxes

Many career opportunities can be unlocked when you accept a foreign assignment. Here is a list of things that you need to consider

The US is the only country in the world that taxes their citizens on their WORLDWIDE income. So even though you may earn every penny in other country on your local contract, the US wants to tax you for it. Fortunately there is a “foreign earned income tax” exclusion that you can apply for that will prevent the US from taxing you for the first $80,000 but above that value you will be taxed by both countries.

Download Selected PagesKeep a US address – find someone in your family who you can have all of your mail forwarded to and whose address you can use on your US tax forms.

Foreign Banking

The US requires that if you have a foreign bank account every year you must file a form with the Treasury Department to list all the foreign bank account numbers you own. Foreign branches of banks do not talk to their branches in the US. For all intents and purposes, they are totally different banks. You can wire money back and forth between your accounts (with associated fees), however it is easier to live with the separate accounts.

Moving

Have your movers come and estimate the volume of your household goods and then you get a feel for how much will fit in a new “smaller” place.

If you plan on coming back to the US, might leave any valuable goods (antiques, paintings, etc) with your family. Boats have been known to sink; containers have fallen off ships in bad weather, and while these items are insured, they could be lost forever.

Leave most of your electronics in the US. Your TV, stereo, microwave, washer/dryer, blender, even alarm clock, hair dryers, and telephones will not work on the power in many foreign countries.  The one exception is a DVD player – note your US DVDs will not work on an foreign DVD player as your DVDs are coded for the US.

Your goods will take 6-8 weeks to come from the US by boat – so be sure to negotiate into your contract that they put you into temporary housing or a hotel until your goods arrive and provide you with a car. I

Car and Driving

It is not cost effective to ship a car. Sell your car and buy a new one in your new country.

The US does not use the “international road signs” so you can find these on the Internet and study them before you arrive. Try to get your hands on an foreign countries’ driving manual before you arrive as the rules of the road are different in almost every country.

Bureaucracy

Getting a work permit, temporary resident’s visa, your driver’s license, and local ID in foreign country is a paperwork frenzy. Get as many of your personal documents together and organized up front (birth certificate, passport, immunizations, etc).

Networking

When you arrive in the foreign country typically you know virtually nobody. It is critical that you find a group of people soon after arriving. Type “Americans (country name)” into Goggle and find some local groups. These groups help you to meet other Americans who are in my exact same situation and who have already crossed the hurdles that you are just going over. These clubs often have “Newcomer” events that will welcome you to the area or subgroups (e.g. American Rotary, Mothers of Young Children, Retirees, Working Women’s Group, etc) that will help you almost immediately find other Americans in similar situations to yours.

Paperwork

Have a power of attorney and a will before you leave the US. Have an the attorney look into what could be done to make these documents legally recognizable in the foreign country.

Renting your Home in the US

You should find a fantastic property management company that does background checks (criminal) and credit checks on potential renters. Also, get the highest end rental insurance and fire insurance you can buy with replacement cost adjusted for inflation.

For a more complete presentation of these considerations go to http://goo.gl/8L4ICw.

10 best practices electronic meetings

10 best practices electronic meetings

10 best practices electronic meetings
Travel Off-Site Meeting Policy

10 best practices electronic meetings have been identified by Janco Associates, Inc.  They are:

  1. Have an agenda that is available to all attendees before the meeting
  2. Have a process to validate that the devices in use by users will work with the electronic meeting application
  3. Test the meeting technology with all attendees well in advance of the meeting
  4. Have a specific start time
  5. Be aware of time zones that meeting attendees will be in
  6. Have a dress code including background for meeting attendees to follow
  7. Send electronic invitation which require a confirmation and put the meeting in the electronic calendars of all attendees
  8. Have a common secure location where share documents are available to all attendees
  9. Record the meeting and comments for others to review if they are not able to attend
  10. After the meeting send a summary of the meeting including next steps, tasks assigned, and when the next follow-up meeting will take place.

Order PolicyDownload Selected Pages

10 best practices to retain millennials

10 best practices retain millennials

10 best practices retain millennials can be applied easily and favorable results will be seen quickly.

10 best practices retain millennials
10 best practices retain millennials
  1. Implement a mentoring programs – utilize social media to communicate frequently followed up with face to face time.
  2. Rotate work assignments to provide millennials with a broader range of exposure to the enterprise what is in store for them in the future
  3. Provide millennials with a flexible feed-back loop process so you know what their state of mind is. Minimize the chances for “unhappy” employees
  4. Give them time to develop their skills and career opportunities
  5. Encourage on-going education but technical and managerial.
  6. Define clear and achievable performance metrics so both you and they know what is expected
  7. Minimize stress and provide training to millennials on how to deal with stress.
  8. Balance work and personal time. Avoid situations where the 50-hour week is the norm
  9. Implement an open door policy and have managers, even the CIO, interact with all levels of employees. Manage by walking around and getting a feel for how everyone is doing.
  10. Provide opportunities for millennials to provide ideas and when one is implemented sound the praises of the employee.

Download Selected Pages

 

Top 10 Technology Travel Tips – International

Top 10 Technology Travel Tips – International

Travel, Electronic, and Off-Site Meeting Policy
Top 10 Travel Tips

Top 10 Technology Travel Tips – When people traveling, especially internationally, not only is technology at risk but also sensitive personal and work information.  Below are 10 tips taken from Janco’s Travel, Electronic, and Off-Site Meeting Policy.

  1. If it’s not necessary, don’t travel with a computer or tablet.
  2. Whenever possible, arrange to use loaner laptops and handheld devices while traveling.
  3. If you are bringing a laptop with you, make sure you have the proper plug adapter.
  4. Install a host-based firewall, and configure it to deny all inbound connections.
  5. Disable file, printer sharing, and Bluetooth. Apply full disk encryption, picking a long, complex password
  6. Update all software immediately before travel.
  7. Always clear out browser cache before you leave.
  8. Backup your computer
  9. If you are bringing private data, not on a computer, copy the data onto an encrypted USB memory device
  10. Change the password for your accounts email, Gmail, Facebook, etc.
    1. Utilize complex passwords – Assume the workstation or medium will be lost or stolen.
    2. Memorize the password, or keep it in a secure location on your person.
    3. Password protect the login, and require the password after screen-saver.
    4. NEVER set browser to remember passwords.

Order Policy Download Selected Pages

SEnuke definition of poor service management

SEnuke definition of poor service management

SEnuke an adventure into poor service management.  We have  just spent a week of our lives working to get SEnuke – an SEO google search tool to work and have been frustrated beyond belief.

They came out with a new version that looked like the best thing since sliced bread.  Here are the problems that we encountered.

  1. Day 1 when when they launched the site was “down” in that you could not download the program.  The page said try back in 30 minutes.  It took a full day to get the download to work.
  2. When it installed, it did not uninstall the older version but left traces of it on so that “mysteriously” over the next week at times the older version executed confusing the heck out of me.
  3. The marketing material said that Captcha was included – however the SEnuke Captcha did not work for the better part of a week so that I had to purchase a service for that.
  4. When tried  purchasing Captcha, all of the listed companies did not work.  Links were to sites that were disable or not there.  In addition each of the sites had their own userids and passwords.  By the time that I was done shopping I have over 7 sets of them.
  5. The application was to create links and URLs.  It did not do that.  The help, which was via a blog forum, after two days told me I had to get the update.
  6. I got the update.  However, it could not be installed because it was classified as an UNSAFE publisher.  The certificate they had from GODADDY.com had been REVOKED.
  7. When I posted on the SEnuke forum the response I got was that I had to put an exclusion in my Norton.   I had already done that and even turned off Norton, but it still did not install.
  8. I posted that we would PAY for support to get it to work.  No response from them.

Considering they want close to $150 a month for their product it is not worth it.  Finally after almost a week of effort I cancelled the service and created this review of the product.

10 Steps to Implement Cloud SaaS

10 Steps to Implement Cloud SaaS

10 Steps to Implements Cloud SaaS
10 Steps to Implements Cloud SaaS

10 steps to implement cloud SaaS – As more CIO and other C-Level executives look have Software as a Service (SaaS) for interaction with their users, customers, suppliers, and markets there are some best practices that they should follow.

  1. Cloud How To Guide

    Evaluate the current capabilities of their IT infrastructure and application portfolio. Included in that an assessment of the competition and the state of opposing competitive solutions.

  2. Develop a roadmap with priorities for SaaS/cloud deployment. Establish who the drivers and owners of the SaaS process are.
  3. Establish clear governance that considers key stakeholders for cloud deployments. Include budgetary responsibility as well as for achieving stated goals.
  4. Develop metrics for performance and for measuring success in meeting cost and other deployment goals. Include a process for dissemination of the results in a timely manner
  5. Adopt vendor management practices to monitor SLA performance and define responsibilities.
  6. Provide active project management to keep implementation on time and on budget. Steering committees and SDM (System Development Methodology) need to be included in the mix.
  7. Plan for ongoing support, acquiring or training resources for the necessary skills, and address skills gaps. Budgets and associates service levels need to be defined before the SaaS development begins.
  8. Regularly evaluate performance and goals/metrics to ensure they are being met. Utilize every form of communication possible so the enterprise as a whole knows what the state of the SaaS activity is.
  9. Audit compliance with security and other standards and practices and privacy policies. Build compliance into the SaaS process.
  10. Ask suppliers to provide specific data and experience with cloud-to-cloud integration and performance.
Order Cloud Outsourcing Template  Download Selected Pages

10 Security Assessment Questions

10 Security Assessment Questions

Security Assessment and Compliance Management
Security Assessment and Compliance Management

Security Assessment Questions

  1. To stop a breach tomorrow, what does the enterprise need to differently today?
  2. Does the enterprise know if the company has been breached? How does it know?
  3. What assets are being protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
  4. What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
  6. Are formal written policies, technical controls or both in place? Are they being followed?
  7. What is the enterprise’s security strategy for IoT?
  8. What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
  9. Does the enterprise have an incident response plan in place?
  10. What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?

Security Compliance – Comprehensive, Detailed and Customizable for Your Business

The Security Compliance Policy and Audit Program bundle provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis – Threat and Vulnerability Assessment via Electronic Forms
  • Staff member roles
  • Physical security
  • Electronic Communication (email / SmartPhones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document

Order Download Selected Pages

Top 10 Cloud SLA Best Practices identified by GAO

Top 10 Cloud SLA Best Practices identified by GAO

Cloud SLA Best Practices
Cloud SLA Best Practices

Top 10 Cloud SLA Best Practices are:

  1. Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
  2. Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
  3. Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
    SLA Best Practices
    SLA Best Practices
    • Level of service (e.g., service availability—duration the service is to be available to the enterprise).
    • Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
    • Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
  4. Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
  5. Specify specific SLA infrastructure and requirements methodology:
    • How the cloud service provider will monitor performance and report results to the enterprise.
    • When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
  6. SLA DRP and Security for Cloud
    SLA DRP and Security for Cloud

    Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.

  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.

Documentation Security Compliance

Documentation is a key part of security compliance — here’s how to do it right

Compliance Management
Compliance Management – Documentation

Documentation Security Compliance – Maintaining security compliance is a multifaceted responsibility. It’s not enough to simply implement the required controls and enforce security policies. In order to remain fully compliant, businesses must thoroughly document their compliance efforts as well. Maintaining formal, written documentation of all compliance-related activities is a requirement of many regulatory guidelines, but all too often, it’s treated as an afterthought.

Order Compliance Kit

In many cases, compliance documentation is inadequate due to varying responsibilities. In many organizations, compliance efforts spread across departments and different individuals are responsible for various aspects of the security plan. As a result, documentation tends to be inconsistent at best, with varying standards and levels of detail. Unfortunately, such an approach to compliance can land your company in hot water should it ever be selected for a compliance audit.

Specific security compliance documentation standards vary by regulation (HIPAA has different requirements than PCI DSS, for instance) but there are some general best practices that you can follow to ensure that your compliance documentation is up-to-date and meets the requirements put forth for your organization.

Select the Right Manager

Security Documentation Job Descriptions Bundle
Security Documentation Job Descriptions

Even with a dedicated compliance department, many companies struggle with documentation. Regulatory requirements tend to be highly technical, and require writers with the technical expertise to develop them thoroughly and accurately. When the wrong individuals are tasked with creating compliance documentation, there is the potential for errors and omissions. If professional technical communicators are unavailable, establish specific standards for the creation of documentation for staff to follow, or consider outsourcing the project.

Understand the Requirements

The first step to managing compliance documentation is understanding what is required of your company and developing a consistent means of recording the necessary information. In general, this means:

  • Describing the specific requirement and how it relates to your business
  • Outlining the specific controls in place to meet that requirement
  • Listing the name and contact information for the person in charge of implementing the control
  • Designating the date that the control/documentation needs to be reviewed and/or updated

Many organizations implement a content management system specifically for the purpose of maintaining security compliance documentation. Doing so allows for information to be accessed and updated online in real time, without relying on paper copies. An efficient CMS allows for additional information to be imported as well; for instance, when you invest in a Cisco video conference system from KBZ, the information from training sessions completed by employees can be seamlessly added to the CMS, keeping records up-to-date.

Conduct Regular Audits

Security Audit Program
Security Audit Program

Compliance documentation is an ongoing process, and IT needs to schedule annual documentation reviews as part of their compliance activities. Ideally, reviews should not be conducted by those who have responsibility for specific security controls, but by other individuals who have knowledge of the controls and can identify gaps or other potential issues that need to be addressed when necessary. The annual documentation review should be focused on identifying required changes, as well as comparing the existing documentation to current regulations to ensure full compliance.

The best time to conduct documentation audits is in conjunction with your scheduled risk assessments. Most security regulations require regular risk assessments, with controls put in place in relation to the results of the assessment. Including a documentation review as a part of that process allows you to identify areas that need improvement or change, as well as activities that need to be added to your security controls.

Focus on the User

Finally, the most effective compliance documentation is user-focused, both in terms of employees who may need to access the information and regulators who will be auditing your efforts. While a focus on the technical aspects of the documentation is necessary, you also want to ensure that the documentation is usable. This means keeping it user-focused, easily accessible, and accurate. Nothing is more frustrating than attempting to find documentation that is hopelessly out-of-date or incorrect, so being user-friendly means committing to maintaining the most current documentation possible.

Failing to correctly maintain your security compliance documentation puts your company at risk for failing an audit, which could result in costly fines and other sanctions. A scattershot and disorganized approach to documenting your efforts is not adequate for anyone’s needs, and could leave your company vulnerable to security breaches in addition to regulatory infractions. By taking the time to develop a comprehensive and thorough approach to compliance documentation, you’ll save time and money in the long run.

Technology Application Trends

Technology Application Trends

Technology Application Trends – 2010 – 2015 was the true start of the digital technology revolution that fundamentally altered the way we live, work, and relate to one another. In its scale, scope, and complexity, this transformation was unlike anything we have experienced before.

Everything was affected – politics, media, social interactions, commerce and technology itself.

Often described as the 4th Industrial Revolution, this period of digitalization continues to intensify characterized by a fusion of technologies which are blurring the lines between the physical and digital spheres for the 21st Century Enterprise. The 4th Industrial Revolution is causing widespread disruption in almost every industry across the globe, with enormous change in the skill sets required to master this new landscape. We have tailored this year’s program to explore the exponential speed of current breakthroughs (which has no historical precedent), with the breadth and depth of these changes unleashing entire new systems of production, management, governance, and Information Technology.

As digital business now moves into the next phase, autonomous and algorithmic investments will be required to improve operational efficiencies, drive down costs to run IT, and deliver the self-funded returns necessary for additional innovation and business value creation.

We do not yet know precisely how the 4th Industrial Revolution will unfold, but one thing is clear: our response to it must be comprehensive and integrated, involving all global IT ecosystem stakeholders at the intersection of the public and private sectors, and within academia and civil society.

2016 Internet and IT Position Description HandiGuide Released

IT Job Descriptions

There are now 273 IT Job Descriptions available that that have been updated to meet the latest compliance and new technology requirements. The HandiGuide can be acquired in MS WORD and / or PDF format.  In addition we provide the option to get updates and free custom job descriptions.

The job descriptions that we have added are:

Top 10 benefits Cloud ERP

Top 10 benefits cloud ERP

Traditional ERP projects increase costs, take a long time to implement, and require larger and more specialized IT professionals

Cloud Based ERP
Cloud Based ERP

Top 10 benefits Cloud ERP — With the emergence of a secure clouds, moving to a new ERP solution is not as high-risk an event as it once was. There are some critical benefits that make a cloud based ERP a solution that should be looked at:

  1. Vendor packages are available that create an architecture that is easily customized, modified and maintained.
  2. Metrics can be defined up front which can be the road map for communication of the benefits and costs of the ERP solution.
  3. The staffing requirements for scores of ERP specialists is significantly reduced and there is less risk that staff attrition could cause a delay in the implementation and deployment processes.
  4. A cloud based solution eliminates the need for most of the on-site data center resources and is more cost effective (typically at least 30% less expensive than on-premise)
  5. There is much less of a requirement to “re-invent” the wheel and much less of likelihood that the ERP efforts will go down a non-productive path.
  6. Development and and implement cycles are reduced. As a result deployment is quicker, value of the precised benefits are received more quickly, and the organization faces significantly less risk.
  7. With the cloud the ERP is more easily sized for both features and number of users supported and costs can be aligned with company’s ROI objectives.
  8. Business continuity objectives are more easily managed as part of the core design of the ERP.
  9. New technologies and equipment is more easily supported as a well managed vendor based solution provides the ability for the vendor to support new technologies and devices as they hit the market.
  10. Better security and operations than companies can otherwise afford (monitoring and meeting the SLA requirements for response time, continuous backups, redundancy, SSAE 16, PCI certifications, etc.).

Order ERP Job DescriptionsDisaster Plan Sample

Disaster Recovery Business Continuity with Security

Disaster Recovery Business Continuity with Security

Every company, regardless of size, needs a concise approach  disaster recovery business continuity with security in case of an emergency.

Order DRP BCP Security Download Selected Pages

Disaster Recovery Business Continuity with Security
Disaster Recovery Business Continuity with Security

Data is the lifeblood of every company, and often, it is a competitive advantage and the only thing that differentiates one enterprise from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the enterprise’s Information Technology and application systems. For this reason disaster recovery and business continuity are a definite need.  In addition, there are  security requirements that need to be met.  With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.

Disaster Recovery Business Continuity with Security

Google has addressed this and describes it in a video that is has placed on youtube.

10 step security implementation process :

  • Make security an executive directive
  • Implement clear security guidelines
  • Provide specifics for security compliance
  • Enforce that everyone follows the rules
  • Provide formal training program
  • Communicate Security
  • Monitor security compliance
  • Establish security compliance metrics
  • Provide security compliance feedback
  • Audit security with a third party 

World Class Organizations mobility a standard feature in IT applications

World Class Organizations mobility a standard feature in IT applications

World Class Organizations mobility –  CIOs are incorporating mobility into their IT applications and business operational solutions. All of the recent major advances in technology have moved mobility into the mainstream.  In addition, they are building on the average user’s mobile-device comfort level that exists due to smartphones.

The primary driver for this mobile-ready technology is simple: world class application solutions more easily meet evolving industry needs, and are accessible to broad range of top managers in a manner that matches the work styles – and even the personal lives – of the internal and external users who depend on them.

BYOD - mobility policy
BYOD – mobility policy

Business professionals typically carry one or more devices with them at all times. Over 85% of IT functions have moved out of the denial stage regarding the “bring-your-own-device” (BYOD) movement and are successfully managing the operational complexity created by employee-owned, multi-platform mobile devices connected to their networks.

In a recent Janco Associates survey of c-level executives – including CEOs, CFOs, and CIOs:

  1. 36% of respondents said that they currently access their organization’s core operational and financial data, via smartphone or mobile device.
  2. Only 23% of the c-level executives interviewed describe themselves as technology “early adopters” or “techno-centric.”

C-level executives and top managers are no longer tied to their desks, and while they are on the move, the information that they need moves with them. In previous generations of technology “mobility” and “productivity” were at cross-purposes, the latest generation of IT applications and business operational solutions has paired the two successfully, providing increased access to information that improves efficiency. In sum, c-level executives and top managers no longer have to be techno-centric in order to leverage world class IT applications and business operational across the enterprise.

In the case of mobile IT applications and business operational functionality, CIOs need to understand the business processes, and relate with other c-level executives and top manages, and understanding how mobile access of information changes the way the enterprise operates.

For instance, a mobile IT applications and business operational solution, allows managers to approve workflows on the go – something that would otherwise have to wait until the manager is back in the office.

In the world of mobile business management, production and operations managers have instant access to information about potential problems, and these managers can even authorize changes to expedite specific work orders or deliveries. Since this data is linked to the enterprise’s other applications, the cost ramifications of real-time changes will become immediately apparent to business and finance leadership as well.

Bring Your Own Device Policy updated to to meet Disaster Recovery, Business Continuity and Corporate Intellectual Property Requirements

Download Selected Pages

Cyber attack stages

Cyber attack stages

 

Cyber attack stages - Security Manau
Cyber attack stages

Stages of a cyber attack’s life cycle need to be understood so that CIO’s can create an effective defense strategy. Malicious cyber attacks continue to threaten sensitive data — whether it is personal data or company sensitive data — one fact remains: attackers will continue to exploit weakness to infiltrate systems and extract data that they can turn into money. The life cycle of attacks is as follows.Order Security ManualDownload Selected Pages

Identify and define potential attack vectors

The first step attackers usually take is to identify members of staff within the organization and the best attack vectors to utilize. This is done by scanning the organization’s public facing websites and gathering as much information about the sites as possible, while simultaneously performing scans against the internal networks.

Initial attack

Using several identified attack vectors, hackers attempt to gain access to an organization’s network. Using different IP addresses and a significant number of computers, the hackers will kick off an automated dictionary attack and after only a few short days malware is installed on the victim’s computer.

Command and control

With the malware in place, the attackers can now begin an in-depth recon against the internal network. The attackers will attempt to escalate privileges on the victim’s account, and create new user accounts with administrative and privileged access.

Discover and spread

With access to the network, the hackers begin to spread it across the organization’s entire network. With a significant presence within the network allowing them to wait, while making detailed asset maps, noting employee patterns and any other information that can assist them in their long term goal: data theft.

Extract and ex-filtrate

Attacks siphon data out of their target company’s environment. They will do this by moving the targeted data to a remote server. After several weeks or possibly even months of siphoning data, the attackers can end their campaign. However, before exiting, they will ensure that they make several network modifications to enable them to return at anytime in the future.

Discovery and clean up

When the organization finally discovers the compromise, typically more than 200 days to detect a breach, stopping the attack begins.

KPI Metrics are a top priority of C-Level executive

KPI Metrics are a top priority of C-Level executive

KPI Metrics are best tools CIOs can use against the biggest challenges they have to justify staffing and spending levels as they strive to improve IT efficiency. When assessing comparative benchmarks, it is hard to know which metrics to start with. The Metrics for the Internet, Information Technology and Service Management HandiGuide helps CIOs to understand and pick the appropriate comparative benchmarks to justify staffing and spending, improving IT operations and demonstrating the value of IT to the business.

Janco release Version 5 of its KPI Metrics HandiGuide

The Metrics for Internet, IT, and Service Management HandiGuide includes a reporting framework that is easily implemented.  It defines a specific process that can be followed and has a road-map for a KPI metrics report that covers all of the areas that the IT function interacts with including: finance, staffing, infrastructure, productivity, system development, quality assurance, help (service) function, operations, communication and a number of industry specific KPI metrics.

The price of Metrics HandiGuide is based on the core document and whether the user selects specific supporting materials and 12 or 24 months of update service:

KPI metrics
Metrics for IT Download Selected Pages

Metrics IT Service Level Management and IT Cost Control – Platinum Edition

  • Metrics HandiGuide is over 300 pages, defines 540 objective metrics, and contains 83 Metric reports that show over 220 objective metrics. An Adobe PDF document with electronic bookmarks. ITIL and ISO 20000 Compliant.
  • IT Service Management Policy Template (Word) is an 126 page document that contains standards, policies and procedures, metrics and service level agreement for the help desk, change control, service requests, blog / personal web site, and travel and off-site meetings. It also contains a Change Request Form, Business and IT Impact Questionnaire, and an Internet Use Approval Form.
  • Service Level Agreement Policy Template (Word/PDF) defines a three tier environment and specific SLAs metrics that are both internally and externally focused. The sample contain over 70 metrics presented graphically in PDF format.
  • Metrics, Service Level Agreement (SLA) and Outsourcing Job Description Bundle includes 12 full job descriptions in WORD and PDF formats. They are: VP Administration; VP Strategy and Architecture; Director IT Management and Control; Manager Contracts and Pricing; Manager Controller; Manager Metrics; Manager Outsourcing; Manager Service Level Reporting; Metrics Measurement Analyst; Quality Measurement Analyst; System Administrator Unix; and System Administrator Windows.
  • Internet and IT Job Descriptions as individual files in Word formats. Long file names have been used to make customization easier.
  • Latest IT Salary Survey for 73 positions in all major metro areas in the US and Canada.
  • Update Service Available