Security is a pipe-dream

Security Pipe Dream for many

Security is a pipe-dream,  few enterprises are fully protected from events that have occurred in the past several months.  All one has to do is to look at the recent cyber attacks at Uber and Experian. In both of those cases, the CIO and/or  CSO were blamed and left the organization.

Not many CIOs and CSOs feel they have 100% of their security risks covered. In a recent survey that was published in NetworkWorld:

  • 55% said that was the case
  • 40% said they hope the had all of their security bases covered
  • 6% said that they did

With only 6% saying they had all of their bases covered there are many opportunities for security hackers and data breachers to attack the systems in place.

Now that we know that a security breach may occur, how sure are these same CIOs and CSOs that they will be able to react in time? The first step is detection that a hack or breach has occurred. In another survey by Janco Associates, we found that in midsized and large enterprises:

  • 35% had a detection solution in place and they automatically quarantined the server(s)
  • 43% had a detection solution in place but had to “manually” quarantine the server(s)
  • 23% had to “manually” put the server(s) offline when they found out they had a problem

When you put these two sets of data together, you conclude that less than 2% of enterprises are protected adequately enough to prevent a major security hack or breach occurs.

Disaster Recovery / Business Continuity &
Security Template Bundle

ISO 27000, Sarbanes-Oxley, and HIPAA Compliant
PCI-DSS Compliant

Order DRP BCP SecuritySample DRP Security Manual

Experts Agree You Should Update Your Plan Annually

Security is a critical concern during the recovery process

It goes without saying that every company, regardless of size, needs a concise business continuity plan in case of an emergency. If you don’t have a disaster recovery plan or haven’t updated yours recently, now is the time to take this critical step to protect your business.

Those who violate 10 commandments of business continuity plan fail

When a business continuity plan is non-functional

Failed Business Continuity – This morning about 2:00 AM MST one of the largest providers of cloud services went down.  As I write this it is 11:30 AM MST and the service is still down.

It seems that their entire network – both the east coast and west coast is down.  I talked to their corporate office and at this time they have no idea as to when they will be back up and at the same time the person I talked to said he did not know what their business continuity plan was since this was a nation-wide failure in their network.

They should have followed the 10 commandments that we published earlier.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

DR/BC Plans and Security Procedures have errors

DR/BC Plans and Security Procedures errors

DR/BC Plans and Security Procedures errors – Janco has reviewed the recovery processes of 148 enterprises that were impacted by the recent hurricanes, fires, miscellaneous business disruption events and found that 53% had some significant error(s) or omission(s) in their DR/BC Plans and/or security procedures. Many were attributed to the length of the business interruption event and the lack of supporting infrastructure such as cell communication (Puerto Rico) or shortage of fuel for back up generators.

Only 17% of enterprises that had major business disruption events in the summer and fall of 2017 had no major issues with their DR/BC plan activation process and security procedures

Janco is currently in the process of determining what were the causes for these defect.  Preliminary  findings are that as a result of the slow economy enterprise cut back on the maintenance of core infrastructure.  This included updating existing DR/BC plans Security procedures with changes, training in those areas, and people being reassigned or leaving the enterprise that were critical for these processes.

Janco’s Solution

Janco has added 17 electronic forms to alleviate this problem in DR/BC plan and its Security Manual Template. Included as a bonus is an eReader format of both templates.  The forms can be completed via tablets and smartphones and stored in a remote cloud location.  With the included security and DR/BC audit programs, it now is easier to highlight those areas of existing plans and procedures which need work to guarantee compliance with security mandates and success in the recovery process.

Security and DR - BC Read onOrder DRP BCP SecurityDownload Table of Contents Security and DRP templates

IT Job Market spotty

IT job Market spotty while overall job market is flat

IT job Market spotty with the overall hiring of IT Pros falling behind the rate of growth in the prior 3 years.

As of August, IT IT job market has grown by only 19,300 in 2017 versus 55,400 in 2016.

With the YTD rate being slower, the two hurricanes, and growth of 11,400 in September of last year the prospects for IT Pros are not all that great.

Sure companies involved in the rebuilding processes in Texas and Florida will do well.  However, we do not think this will translate into new IT jobs.  Rather we believe that CIOs and CFO will continue to put the breaks on increased IT spending.

From our analysis of current hiring prospects, we see that hiring for all levels of management in IT is projected to be down for several quarters. Consultants and contractor use will be flat.  The only bright spot will be in the programming and systems analysis staff levels.

IT Hiring down with the only positive aspects being at the IT staff levels
Order Salary SurveyDownload Sample salary surveyDownload Selected Pages

10 step disaster recovery clean up

10 step disaster recovery clean up

Walking into an office after an event has occurred, the facility looks to be a shamble.  There are dirt, mud, and debris all over the entire facility.  Where do you start?

Here is Janco’s 10 step disaster clean up process extracted from the Disaster Recovery Business Continuity Template. In addition to this, consult a professional conservator for further treatment.

10 step program

dr/BC template
Disaster Recovery Business Continuity Template is the industry standard. Over 3,500 enterprises world wide use this as the base fore their DR/BC plan
  1. Wet objects (electronic) – Disconnect from the power source and do not turn it on. In the case of disk drives or other electronic storage devices – inventory all of them and label them.
  2. Mobile Devices – cell phones – Small items like cell phones and mobile devices can be put in rice. The rice absorbs the moisture and after a day or two, they can be turned on. In most cases, this works.
  3. Wet objects (non-electronic) – Rinse with clear water or a fine hose spray. Clean off dry silt and debris with soft brushes or dab with damp cloths. Try not to grind debris into objects; overly energetic cleaning will cause scratching.
  4. Drying Objects – Air dry objects indoors if possible and use portable fans to move the air. Sunlight and heat may dry certain materials too quickly, causing splits, warping, and buckling. If possible, remove contents from wet objects and furniture prior to drying. Storing damp items in sealed plastic bags will cause mold to develop.
  5. Mold Prevention and Cleanup – Exposure to molds can have serious health consequences such as respiratory problems, skin and eye irritation, and infections. The use of protective gear, including a respirator with a particulate filter, disposable plastic gloves, goggles or protective eye wear, and coveralls or a lab coat, is therefore essential. In order to inhibit the growth of mold and mildew, you must reduce humidity. Increase air flow with fans, open windows, air conditioners, and dehumidifiers. Moderate light exposure (open shades, leave lights on in enclosed areas) can also reduce mold and mildew. Remove heavy deposits of mold growth from walls, baseboards, floors, and other household surfaces with commercially available disinfectants. Avoid the use of disinfectants on historic wallpapers. Follow manufacturers’ instructions, but avoid splattering or contact with objects and wallpapers as disinfectants may damage objects.
  6. Broken Objects – If objects are broken or begin to fall apart, place all broken pieces and detached parts in clearly labeled, open containers. Do not attempt to repair objects until completely dry or, in the case of important materials, until you have consulted with a professional conservator.
  7. Paper Materials – Documents, books, photographs, and works of art on paper are extremely fragile when wet; use caution when handling. Free the edges of prints and paper objects in mats and frames, if possible. These should be allowed to air dry. Rinse mud off wet photographs with clear water, but do not touch surfaces. Wet books and papers should also be air dried or kept in a refrigerator or freezer until they can be treated by a professional conservator.
  8. Office Furniture – Furniture finishes and painting surfaces may develop a white haze or bloom from contact with water and humidity. These problems do not require immediate attention; consult a professional conservator for treatment. Textiles, leather, and other “organic materials will also be severely affected by exposure to water and should be allowed to air dry. Shaped objects, such as garments or baskets, should be supported by gently padding with toweling or unlinked, uncoated paper. Renew padding when it becomes saturated with water. Dry clean or launder textiles and carpets as you normally would.
  9. Art Work – Remove wet paintings from the frame, but not the stretcher. Air dry, face up, and away from direct sunlight.
  10. Metal Objects – Rinse metal objects exposed to flood waters, mud, or silt with clear water and dry immediately with a clean, soft cloth. Allow heavy mud deposits on large metal objects, such as sculpture, to dry. Caked mud can be removed later.
Read on DRP BCP TemplateOrder Disaster Plan TemplateDownload Selected Pages Disaster Plan Template

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons Why include the following:

  1. Flexible Work Hours – If employees telecommute then their schedules become more flexible.
  2. Reduce costs – telecommuters can save money on transportation costs such as gas, parking, public transportation, work clothes, and dry cleaning bills. Employers can save money by reducing overhead and retaining employees.
  3. Ease the strain on employees -telecommuters have greater flexibility to plan non-work-related activities around their business schedule instead of searching for the time in the early morning, late evening, or during lunch.
  4. More Productive – telecommuters will save the time they now take to commute to their place of employment.
  5. Minimize Non-Work Distractions – At times employees in an office setting can be distracted from their work by untimely interruptions from peers, impromptu meetings, or pulled away onto other projects. Telecommuters may find themselves more productive.
  6. Better Morale – Working from home usually means telecommuter have more time with their family.
  7. Green Solution  – Working from home part or full-time reduces the auto emissions and decreases gas consumption.
  8. Stay Healthy – Working from home decreases the stress caused by inflexible hours, commuting time and costs, continual rushing to unmet family needs, sitting idle during a commute and provides time to exercise or pursue endeavors of particular interest to you.
  9. Potential Tax Deductions – Income deductions are available for home-based work-related expenses such as fax, scanner, phone, computer and office supplies.
  10. Reduce the Need for Outsourcing – Working from home helps keep jobs domestic and reduces need or desire for business and industry to contract with other countries for work that can be done at sites other than the main office.
Order Telecommuting PolicyDownload Selected Pages

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack
10 Best Practices for IT Infrastructure are contained in this bundle of policies and procedures

10 Best Practices for managing cyber-attack have never been more important than today. They are:

  1. Stay calm, prioritize and don’t point fingers
  2. Assign response responsibility to a single point of contact
  3. Have both an incident response plan and a disaster recovery plan in place
  4. Take detail backups regularly – store backups on non-connected sites
  5. Have a business continuity plan in place with solutions that do not depend on the existing networks and data
  6. Have a PR/media and legal operational plan in place before the event
  7. Immediately notify customers
  8. Manage user/customer expectations
  9. Conduct a postmortem
  10. Implement policies and procedures that focus on infrastructure security
Order IT Infrastructure PoliciesDownload Selected Pages

 

Top 10 tips to minimize wild fires

Top 10 tips

Fire season is just around the corner. With the wet winter, when the ground days out this summer the danger to life and property will be great. These are must follow tips.

Top 10 tips that business can follow to minimize the risk of wild fires around their sites and remote offices.

  1. Have a clear area of at least 100 yards around the business park.
  2. Keep lawns hydrated and maintained. Dry grass and shrubs are fuel for wildfire.
  3. Landscape with native and less-flammable plants. When landscaping, choose slow-growing, carefully placed shrubs and trees so the area can be more easily maintained.
  4. Create a ‘fire-free’ area within ten feet of the property, using non-flammable landscaping materials such as rocks, pavers and/or high-moisture content annuals and perennials.
  5. Have no tall vegetation immediately adjacent to structures.
  6. Clear leaves and other debris from gutters, eaves, porches and decks. This helps prevent embers from igniting the property.
  7. Remove dead vegetation from around the property, especially within 50 feet of the premises.
  8. Remove flammable materials from within 50 feet of the property’s foundation and outbuildings.
  9. If you have trees on your property, prune so the lowest branches are 6 to 10 feet from the ground and none overhang the structure.
  10. Don’t let debris and lawn cuttings linger. Dispose of these items quickly to reduce fuel for fire.

Order Disaster Recovery Business Continuity Template Download Selected Pages Disaster Recovery Business Continuity Template

eReader Security Template

eReader Security Template released with version 12

eReader Security Template
eReader Security Template now address SIEM with both best practices and KPI metrics in addition to identity protection

eReader Security Template has just been released by Janco with its latest update of the security manual.  This is a major update as it the template now also includes KPI metrics and best practices for Security Information and Event Management (SEIM) as well as a chapter in Identity Protection.

This security template was first release in 1999 and has been updates between 3 to 4 times each year.  Currently the template is over 250 pages and includes chapters on the following topics.

  • Security policies – scope and objectives
  • Minimum and Mandated Security Standard Requirements
  • Vulnerability Analysis and Threat Assessment
  • Risk Analysis – IT Applications and Functions
  • Physical Security
  • Facility Design, Construction and Operational Considerations
  • Media and Documentation
  • Physical and Virtual File Server Security Policy
  • Network Security
  • Sensitive Information Policy
  • Internet and Information Technology Contingency Planning
  • Insurance Requirements
  • Security Information and Event Management (SIEM)
  • Identity Protection
  • Ransomware – HIPAA Guidance
  • Outsourced Services
  • Waiver Procedures
  • Incident Reporting Procedure
  • Access Control Guidelines
  • Electronic Communication
  • Mobile Access and Use Policy

Read on SecurityOrder Security ManualDownload Selected Security Manual Pages

 

 

10 point DR power checklist

10 point DR power checklist defined in Janco DR/BC Template

10 point DR power checklist — After an event that disrupts a network, availability of power to recover and run the network often is critical.  Below is a 10 item check list of what to consider in your disaster recovery – business continuity plan.

  1. Electricity, water, broken wires do not mix.  Before anything else validate that the power source and power distribution systems are dry and functional before power is turned on.
  2. Understand the minimum power requirements to be operational.   Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity onsite for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.

Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

10 CIO questions

10 CIO questions as they move forward

There are 10 burning questions that CIOs need to have answers to.

10 CIO questions

The chief information officer’s (CIO) role, responsibilities and influence is growing in today’s boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges. The CIOs who will succeed will have a common set of skills.

The 10 CIO questions are:

  1. Can the CIO and IT organization sustain technology hype and deliver value?
  2. How secure is the data of the enterprise and its customers and suppliers?
  3. What is the next core systems evolution that the CIO and IT organization going to undertake?
  4. How and when will drones be used with the enterpriser?
  5. What are the implication of “industry giants” like Goggle going to impact the operations of the enterprise?
  6. Can Blockchain (a distributed database that maintains a continuously-growing list of ordered records called blocks that interconnect enterprise data) be implemented within the enterprise?
  7. Can enterprise’s product designs keep up with opportunities from technology?
  8. Will vendor consolidation continue?
  9. Is digital distribution and marketplace about to take over?
  10. Are KPI metrics and  analytics investment paying off?

CIO Role – CTO Responsibilities read on…

Order CIO Job Description

CIO Tenure Up

CIO Tenure up to 4 years 5 months

CIO tenure moves up as more CIOs are staying in their jobs.  However that is about to change as the “baby-boomers” will begin to retire over the next several quarters. This data is according to Janco’s 2017 IT Salary Survey.

Read on…

Order IT Job DescriptionSample job description Download Selected IT Job Descriptions

eReader versions of the DR Plan and IT Job Descriptions

eReader version of DR/BC Plan and IT Job Descriptions – 273 jobs

eReader version of DR Plan and IT Job Descriptions have just been released by Janco.  Both of these offering now can be put in an enterprise’s catalog of electronic documents which can be shared across the network.

eReader books by Janco
eReader books by Janco

The .epub version can be read by most (if not all mobile devices) including iPad, Surface, generic tablets, SmartPhones, and computer desktops.  With this step forward a great collaboration tool is now in the hands of individuals who can review, write notes on, share, and utilize as a handy set of reference tools.

The eReader version are fully indexed, have a hot link table of contents and meet industry standards for mobility.

Over the course of the next several months Janco will be adding .ePub options to most of its product line.  Products that are next in line for this include.

Order Sensitive Information Policy

10 Point Checklist DR Power Requirements

10 Point Checklist DR Power Requirements

10 point checklist DR power requirements in Janco’s Disaster Recovery Business Continuity template.  The checklist addresses the issues associated with power after an event disrupts availability. It is:

  1. Electricity, water, broken wires do not mix.  Before anything else, validate that the power source and power distribution systems are dry and functional before power is turned on.10 Point Checklist DR Power Requirements
  2. Understand the minimum power requirements to be operational.   Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity on-site for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.
Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

Job Market grim for Information Technology professionals

 Job Market grim for Information Technology professionals

Job Market grim for Information Technology professionals as it is leading the way to fewer prospects for new jobs being created.  Just last month there were eight (8) states with unemployment rates in excess of 6%.  That along with the loss of 27,700 jobs makes many wonder if we are facing a possibility of a new recession.

US job market grim
8 states have unemployment in excess of 6% and that is with 94 million individuals who have have dropped out of the labor market making the true unemployment number closer to 13% – depression era levels,
 Job Market grim for Information Technology professionals
IT job market grim – Janco may revise its forecast for the IT job market to shrink if this trend continues.

Job Market grim for Information Technology professionals as 2016 fall behind 2015 in creating new IT jobs

IT Job Market growth is 57,300 worse in 2016 than 2015 as of May
If the loss of jobs continues at this rate all of the recovery achieved in the IT job market over the past several quarters could be lost.
Order Salary SurveyDownload Selected PagesDownload Selected Pages
%d bloggers like this: