10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack
10 Best Practices for IT Infrastructure are contained in this bundle of policies and procedures

10 Best Practices for managing cyber-attack have never been more important than today. They are:

  1. Stay calm, prioritize and don’t point fingers
  2. Assign response responsibility to a single point of contact
  3. Have both an incident response plan and a disaster recovery plan in place
  4. Take detail backups regularly – store backups on non-connected sites
  5. Have a business continuity plan in place with solutions that do not depend on the existing networks and data
  6. Have a PR/media and legal operational plan in place before the event
  7. Immediately notify customers
  8. Manage user/customer expectations
  9. Conduct a postmortem
  10. Implement policies and procedures that focus on infrastructure security
Order IT Infrastructure PoliciesDownload Selected Pages

 

Top 10 tips to minimize wild fires

Top 10 tips

Fire season is just around the corner. With the wet winter, when the ground days out this summer the danger to life and property will be great. These are must follow tips.

Top 10 tips that business can follow to minimize the risk of wild fires around their sites and remote offices.

  1. Have a clear area of at least 100 yards around the business park.
  2. Keep lawns hydrated and maintained. Dry grass and shrubs are fuel for wildfire.
  3. Landscape with native and less-flammable plants. When landscaping, choose slow-growing, carefully placed shrubs and trees so the area can be more easily maintained.
  4. Create a ‘fire-free’ area within ten feet of the property, using non-flammable landscaping materials such as rocks, pavers and/or high-moisture content annuals and perennials.
  5. Have no tall vegetation immediately adjacent to structures.
  6. Clear leaves and other debris from gutters, eaves, porches and decks. This helps prevent embers from igniting the property.
  7. Remove dead vegetation from around the property, especially within 50 feet of the premises.
  8. Remove flammable materials from within 50 feet of the property’s foundation and outbuildings.
  9. If you have trees on your property, prune so the lowest branches are 6 to 10 feet from the ground and none overhang the structure.
  10. Don’t let debris and lawn cuttings linger. Dispose of these items quickly to reduce fuel for fire.

Order Disaster Recovery Business Continuity Template Download Selected Pages Disaster Recovery Business Continuity Template

eReader Security Template

eReader Security Template released with version 12

eReader Security Template
eReader Security Template now address SIEM with both best practices and KPI metrics in addition to identity protection

eReader Security Template has just been released by Janco with its latest update of the security manual.  This is a major update as it the template now also includes KPI metrics and best practices for Security Information and Event Management (SEIM) as well as a chapter in Identity Protection.

This security template was first release in 1999 and has been updates between 3 to 4 times each year.  Currently the template is over 250 pages and includes chapters on the following topics.

  • Security policies – scope and objectives
  • Minimum and Mandated Security Standard Requirements
  • Vulnerability Analysis and Threat Assessment
  • Risk Analysis – IT Applications and Functions
  • Physical Security
  • Facility Design, Construction and Operational Considerations
  • Media and Documentation
  • Physical and Virtual File Server Security Policy
  • Network Security
  • Sensitive Information Policy
  • Internet and Information Technology Contingency Planning
  • Insurance Requirements
  • Security Information and Event Management (SIEM)
  • Identity Protection
  • Ransomware – HIPAA Guidance
  • Outsourced Services
  • Waiver Procedures
  • Incident Reporting Procedure
  • Access Control Guidelines
  • Electronic Communication
  • Mobile Access and Use Policy

Read on SecurityOrder Security ManualDownload Selected Security Manual Pages

 

 

10 point DR power checklist

10 point DR power checklist defined in Janco DR/BC Template

10 point DR power checklist — After an event that disrupts a network, availability of power to recover and run the network often is critical.  Below is a 10 item check list of what to consider in your disaster recovery – business continuity plan.

  1. Electricity, water, broken wires do not mix.  Before anything else validate that the power source and power distribution systems are dry and functional before power is turned on.
  2. Understand the minimum power requirements to be operational.  Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity onsite for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.

Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

10 CIO questions

10 CIO questions as they move forward

There are 10 burning questions that CIOs need to have answers to.

10 CIO questions

The chief information officer’s (CIO) role, responsibilities and influence is growing in today’s boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges. The CIOs who will succeed will have a common set of skills.

The 10 CIO questions are:

  1. Can the CIO and IT organization sustain technology hype and deliver value?
  2. How secure is the data of the enterprise and its customers and suppliers?
  3. What is the next core systems evolution that the CIO and IT organization going to undertake?
  4. How and when will drones be used with the enterpriser?
  5. What are the implication of “industry giants” like Goggle going to impact the operations of the enterprise?
  6. Can Blockchain (a distributed database that maintains a continuously-growing list of ordered records called blocks that interconnect enterprise data) be implemented within the enterprise?
  7. Can enterprise’s product designs keep up with opportunities from technology?
  8. Will vendor consolidation continue?
  9. Is digital distribution and marketplace about to take over?
  10. Are KPI metrics and  analytics investment paying off?

CIO Role – CTO Responsibilities read on…

Order CIO Job Description

CIO Tenure Up

CIO Tenure up to 4 years 5 months

CIO tenure moves up as more CIOs are staying in their jobs.  However that is about to change as the “baby-boomers” will begin to retire over the next several quarters. This data is according to Janco’s 2017 IT Salary Survey.

Read on…

Order IT Job DescriptionSample job description Download Selected IT Job Descriptions

eReader versions of the DR Plan and IT Job Descriptions

eReader version of DR/BC Plan and IT Job Descriptions – 273 jobs

eReader version of DR Plan and IT Job Descriptions have just been released by Janco.  Both of these offering now can be put in an enterprise’s catalog of electronic documents which can be shared across the network.

eReader books by Janco
eReader books by Janco

The .epub version can be read by most (if not all mobile devices) including iPad, Surface, generic tablets, SmartPhones, and computer desktops.  With this step forward a great collaboration tool is now in the hands of individuals who can review, write notes on, share, and utilize as a handy set of reference tools.

The eReader version are fully indexed, have a hot link table of contents and meet industry standards for mobility.

Over the course of the next several months Janco will be adding .ePub options to most of its product line.  Products that are next in line for this include.

Order Sensitive Information Policy

10 Point Checklist DR Power Requirements

10 Point Checklist DR Power Requirements

10 point checklist DR power requirements in Janco’s Disaster Recovery Business Continuity template.  The checklist addresses the issues associated with power after an event disrupts availability. It is:

  1. Electricity, water, broken wires do not mix.  Before anything else, validate that the power source and power distribution systems are dry and functional before power is turned on.10 Point Checklist DR Power Requirements
  2. Understand the minimum power requirements to be operational.  Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity on-site for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.
Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

Job Market grim for Information Technology professionals

 Job Market grim for Information Technology professionals

Job Market grim for Information Technology professionals as it is leading the way to fewer prospects for new jobs being created.  Just last month there were eight (8) states with unemployment rates in excess of 6%.  That along with the loss of 27,700 jobs makes many wonder if we are facing a possibility of a new recession.

US job market grim
8 states have unemployment in excess of 6% and that is with 94 million individuals who have have dropped out of the labor market making the true unemployment number closer to 13% – depression era levels,
 Job Market grim for Information Technology professionals
IT job market grim – Janco may revise its forecast for the IT job market to shrink if this trend continues.

Job Market grim for Information Technology professionals as 2016 fall behind 2015 in creating new IT jobs

IT Job Market growth is 57,300 worse in 2016 than 2015 as of May
If the loss of jobs continues at this rate all of the recovery achieved in the IT job market over the past several quarters could be lost.
Order Salary SurveyDownload Selected PagesDownload Selected Pages

Top 10 Cloud SLA Best Practices identified by GAO

Top 10 Cloud SLA Best Practices identified by GAO

Cloud SLA Best Practices
Cloud SLA Best Practices

Top 10 Cloud SLA Best Practices are:

  1. Define SLA roles and responsibilities for the enterprise and cloud providers. These definitions should include,the persons responsible for oversight of the contract, audit, performance management, maintenance, and security.
  2. Define key terms. Include definitions for dates and performance. Define the performance measures of the cloud service, including who is responsible for measuring performance. These measures would include: the availability of the cloud service; the number of users that can access the cloud at any given time; and the response time for processing a customer transaction.
  3. Define specific identifiable metrics for performance by the cloud provider. Include who is responsible for measuring performance. Examples of such measures would include:
    SLA Best Practices
    SLA Best Practices
    • Level of service (e.g., service availability—duration the service is to be available to the enterprise).
    • Capacity and capability of cloud service (e.g., maximum number of users that can access the cloud at one time and ability of provider to expand services to more users).
    • Response time (e.g., how quickly cloud service provider systems process a transaction entered by the customer, response time for responding to service outages).
  4. Specify how and when the enterprise has access to its own data and networks. This includes how data and networks are to be managed and maintained throughout the duration of the SLA and transitioned back to the enterprise in case of exit/termination of service.
  5. Specify specific SLA infrastructure and requirements methodology:
    • How the cloud service provider will monitor performance and report results to the enterprise.
    • When and how the enterprise, via an audit, is to confirm performance of the cloud service provider.
  6. SLA DRP and Security for Cloud
    SLA DRP and Security for Cloud

    Provide for disaster recovery and continuity of operations planning and testing. Include how and when the cloud service provider is to report such failures and outages to the enterprise. In addition, how the provider will re-mediate such situations and mitigate the risks of such problems from recurring.

  7. Describe any applicable exception criteria when the cloud provider’s performance measures do not apply (e.g., during scheduled maintenance or updates).
  8. Specify metrics the cloud provider must meet in order to show it is meeting the enterprise’s security performance requirements for protecting data (e.g., clearly define who has access to the data and the protections in place to protect the enterprises’s data). Specify the security performance requirements that the service provider is to meet. This would include describing security performance metrics for protecting data, such as data reliability, data preservation, and data privacy. Clearly define the access rights of the cloud service provider and the enterprise as well as their respective responsibilities for securing the data, applications, and processes to meet all mandated requirements. Describe what would constitute a breach of security and how and when the service provider is to notify the enterprise when the requirements are not being met.
  9. Specify performance requirements and attributes defining how and when the cloud service provider is to notify the enterprise when security requirements are not being met (e.g., when there is a data breach).
  10. Specify a range of enforceable consequences, such as penalties, for non-compliance with SLA performance measures. Identify how such enforcement mechanisms would be imposed or exercised by the enterprise.

Technology Application Trends

Technology Application Trends

Technology Application Trends – 2010 – 2015 was the true start of the digital technology revolution that fundamentally altered the way we live, work, and relate to one another. In its scale, scope, and complexity, this transformation was unlike anything we have experienced before.

Everything was affected – politics, media, social interactions, commerce and technology itself.

Often described as the 4th Industrial Revolution, this period of digitalization continues to intensify characterized by a fusion of technologies which are blurring the lines between the physical and digital spheres for the 21st Century Enterprise. The 4th Industrial Revolution is causing widespread disruption in almost every industry across the globe, with enormous change in the skill sets required to master this new landscape. We have tailored this year’s program to explore the exponential speed of current breakthroughs (which has no historical precedent), with the breadth and depth of these changes unleashing entire new systems of production, management, governance, and Information Technology.

As digital business now moves into the next phase, autonomous and algorithmic investments will be required to improve operational efficiencies, drive down costs to run IT, and deliver the self-funded returns necessary for additional innovation and business value creation.

We do not yet know precisely how the 4th Industrial Revolution will unfold, but one thing is clear: our response to it must be comprehensive and integrated, involving all global IT ecosystem stakeholders at the intersection of the public and private sectors, and within academia and civil society.

2016 Internet and IT Position Description HandiGuide Released

IT Job Descriptions

There are now 273 IT Job Descriptions available that that have been updated to meet the latest compliance and new technology requirements. The HandiGuide can be acquired in MS WORD and / or PDF format.  In addition we provide the option to get updates and free custom job descriptions.

The job descriptions that we have added are:

Top 10 benefits Cloud ERP

Top 10 benefits cloud ERP

Traditional ERP projects increase costs, take a long time to implement, and require larger and more specialized IT professionals

Cloud Based ERP
Cloud Based ERP

Top 10 benefits Cloud ERP — With the emergence of a secure clouds, moving to a new ERP solution is not as high-risk an event as it once was. There are some critical benefits that make a cloud based ERP a solution that should be looked at:

  1. Vendor packages are available that create an architecture that is easily customized, modified and maintained.
  2. Metrics can be defined up front which can be the road map for communication of the benefits and costs of the ERP solution.
  3. The staffing requirements for scores of ERP specialists is significantly reduced and there is less risk that staff attrition could cause a delay in the implementation and deployment processes.
  4. A cloud based solution eliminates the need for most of the on-site data center resources and is more cost effective (typically at least 30% less expensive than on-premise)
  5. There is much less of a requirement to “re-invent” the wheel and much less of likelihood that the ERP efforts will go down a non-productive path.
  6. Development and and implement cycles are reduced. As a result deployment is quicker, value of the precised benefits are received more quickly, and the organization faces significantly less risk.
  7. With the cloud the ERP is more easily sized for both features and number of users supported and costs can be aligned with company’s ROI objectives.
  8. Business continuity objectives are more easily managed as part of the core design of the ERP.
  9. New technologies and equipment is more easily supported as a well managed vendor based solution provides the ability for the vendor to support new technologies and devices as they hit the market.
  10. Better security and operations than companies can otherwise afford (monitoring and meeting the SLA requirements for response time, continuous backups, redundancy, SSAE 16, PCI certifications, etc.).

Order ERP Job DescriptionsDisaster Plan Sample

Disaster Recovery Business Continuity with Security

Disaster Recovery Business Continuity with Security

Every company, regardless of size, needs a concise approach disaster recovery business continuity with security in case of an emergency.

Order DRP BCP Security Download Selected Pages

Disaster Recovery Business Continuity with Security
Disaster Recovery Business Continuity with Security

Data is the lifeblood of every company, and often, it is a competitive advantage and the only thing that differentiates one enterprise from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the enterprise’s Information Technology and application systems. For this reason disaster recovery and business continuity are a definite need.  In addition, there are security requirements that need to be met.  With mandated requirements like Sarbanes-Oxley, HIPAA, PCI-DSS, and ITIL, executive management is depending on you to have the right security policies and procedures in place.

Disaster Recovery Business Continuity with Security

Google has addressed this and describes it in a video that is has placed on youtube.

10 step security implementation process :

  • Make security an executive directive
  • Implement clear security guidelines
  • Provide specifics for security compliance
  • Enforce that everyone follows the rules
  • Provide formal training program
  • Communicate Security
  • Monitor security compliance
  • Establish security compliance metrics
  • Provide security compliance feedback
  • Audit security with a third party

Security breach cost $3.8 million

Security breach cost averages $3.8 million

Security breach cost – Cybersecurity threats are on the rise. In 2015 the average cost of a data breach was $3.79 million, and that figure is expected to grow to close to $5 million by the end of this year.

Security RisksAreas of concern are:

  • Cloud Services – danger that they’re bypassing security protocols and systems in the process
  • Ransomware – Kits for this software are now readily availalbe. The attack encrypts important files, rendering data inaccessible until you pay the ransom.
  • Spear phishing – Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.
  • Known vulnerabilities – Once these are published everyone is exposed
  • Internet of Things – As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow.

Order Security Manual Download Selected Pages

The top 10 drivers of security shortcomings include:

  1. Insufficient funding for security
  2. Lack of commitment by senior executive management
  3. Lack of leadership in the security arena by the CIO
  4. Belief that the organization will not be targeted
  5. Lack of internal resources who are “security” experts
  6. Lack of an effective IT security strategy
  7. Lack of an action plan on how to implement a solution before an event
  8. Infrastructure for IT that does not easily lend itself to security implementation including complex and disjointed applications and data
  9. No central focus with the enterprise that focuses on security
  10. Lack of a good termination policy for employees and contractors

Cost of business interruption

Cost of business interruption

Cost of business interruption – Calculating the impact and cost to an enterprise of a disruption of service is difficult.  It is a necessary planning step that needs to be re-visited on  an annual basis. Some of the factors need to be considered:

  • How will your clients, customers, and users react a disruption? Will they react in a way that will be more or less disruptive to the business and its operation?
  • Will the disruption have an impact on other activities? For example your sales force may still be able to make sales call but the distribution arm of the company may be at a standstill.
  • How will the event impact the overall reputation of the enterprise?  Will there be an adverse media or social networking publicity?
  • Once the event is over how quickly will you company be able to catch up and get back to business as normal?
  • During the outage and how much revenue will your company lose?
  • Will there be any contractual or legal penalties that will be imposed and how extensive will they be?
  • If the event impacts items that will need to be repaired or replaced, will the repair parts, maintenance staff, and replacement equipment be available?  At what cost?
  • If you activate other services, overtime, or incur other expenses what will the cost of that be?

To address those issues we have found that a speadsheet like the one below will help to summarize the information that you will collect and present.

Order DRP BCP Download Selected Pages