Wearable Device Security Concerns

Wearable Device Security Concerns

Wearable Device Security – Over 300,000,000 wearable devices are going to be deployed in the next several years

Wearable Device Security
Wearable Device Security

Wearable Device Security – Janco Associates has determined that most mobile devices have some major vulnerabilities. They include:

  • Insufficient User Authentication/Authorization: Many devices are vulnerable to account harvesting, meaning an attacker could gain access to the device and data via a combination of weak password policy, lack of account lockout, and user enumeration.
  • Data Encryption Missing: Most devices have implemented transport encryption using SSL/TLS, but almost one half of all cloud connections are vulnerable to the POODLE attack, allow the use of weak cyphers, or still used SSL v2.
  • Insecure Interfaces: Over 1/3 of smartwatches use cloud-based web interfaces, all of which have major security concerns. In addition there are security concerns with the devices mobile applications. These vulnerability enables hackers to identify valid user accounts through feedback received from reset password mechanisms.
  • Software/Firmware Updates Not Secure: Firmware and software security issues, include transmitting updates without encryption and without encrypting the update files. On the plus side, most updates are signed to help prevent the installation of contaminated firmware. While malicious updates cannot be installed, lack of encryption allows the files to be downloaded and analyzed.
  • Privacy Controls are missing: most wearable devices collect some form of personal information, such as name, address, date of birth, weight, gender, heart rate and other health information. Given the account security issues and use of weak passwords on some products, exposure of this personal information is a concern.

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity

Download Selected Pages

Wearable devices provide a variety of potential business or educational uses involving accessing, capturing and sharing data.  At the same time they can pose a significant security risk to an organization with, the ability to surreptitiously record audio and video can threaten business confidentiality and jeopardize company data and even its reputation.

With that in mind, the consultants at Janco Associates have created a Wearable Device Policy that can be downloaded and used as a guideline for organizations as they establish rules for the use of such devices in the workplace.

Disaster Recovery Backup Solution

Disaster Recovery Backup

Disaster Recovery Backup and Backup Retention Policy Template

CIOs and IT Managers need to consider mandated compliance requirements

Disaster Recovery Backup Solution – Just added Best Practices for Backup, Cloud Backup and Mobile Device Backup. IT organizations of all sizes contend with a growing data footprint with more data to manage, protect, and preserve for longer periods of time. Online primary storage, has focus a on fast low latency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity.

Disaster Recovery BackupQuestion that need to be answered are:

  • Is our data safe in transit and at rest?
  • What prevents hackers from gaining access to our data?
  • Is our data properly handled, stored, and deleted?
  • Who can access our data?
  • What are the benchmark measurements?
  • Is our data backup strategy compliant?
  • Will our recovery be successful?

 

 

ISMS 10 reasons why CIOs should implement ISMS

ISMS 10 reasons why CIOs should implement

ISMS – 10 reasons why — Some CIOs believe that their companies do not need a formal Information Security Management System (ISMS) because they already have security policies and procedures along with controls in place or are deploying other technologies to protect their enterprises from cyber-attacks.

Order Security ManualTable of Contents

Security ManualHowever here are ten reasons CIOs should implement an ISMS in their enterprises:

  1. An ISMS includes people, processes and IT systems, acknowledging that information security is not just about software, but depends on the effectiveness of organizational infrastructure, processes, and the people who manage and follow them.
  2. An ISMS provides standard set of terms and communication methods for everyone to be educated in.
  3. An ISMS helps enterprises to coordinate all security efforts (both electronic and physical) coherently, consistently and cost-effectively.
  4. An ISMS provides enterprises with a systematic approach to managing risks and enables enterprises to make informed decisions on security investments.
  5. An ISMS can be integrated with other management system standards (e.g. ISO 22301, ISO 9001, ISO 14001, etc.) ensuring an effective approach to corporate governance.
  6. An ISMS creates better work practices that support business goals by asserting roles and processes that have to be clearly attributed and adhered to.
  7. An ISMS requires ongoing maintenance and continual improvement, which ensures that policies and procedures are kept up to date, resulting in better protection for your sensitive information.
  8. An ISMS gives enterprises credibility with staff, clients, suppliers, customers, and partner organizations, and demonstrates due diligence.
  9. An ISMS helps enterprises comply with corporate governance requirements.
  10. An ISMS can be formally assessed and certified against ISO 27001, bringing additional benefits such as demonstrable credentials, customer assurance and competitive advantage.

Top 10 Network Security Management Best Practices

Top 10 Network Security Management Best Practices

Security Management Best Practices

Security management best practices – The top 10 network  Security management best practices if not followed expose a company’s assets and reputation to unnecessary risk.

10 Security Management Best Practices

This top 10 list is one that has been proven in practice.  NO organization that follows all of them has ever been attacked with their know that an attack is in progress and can react to it before it becomes a major media event.

  1. Centralize Malware Management
  2. Establish Boundary Control
  3. Centralize Provisioning and Authorization Management
  4. Implement Acceptable Use Policy
  5. Build Security into Applications Starting in the Design Phase
  6. Understand and Implement all Compliance and Audit Requirements
  7. Implement Monitoring and Reporting Processes
  8. Manage security deployment and Infrastructure Processes
  9. Implement Network and Host Defenses
  10. Constantly Validate Network and System Resource Integrity

To read more about this Janco’s security management page.  In addition, the Security Manual Template that is offered by Janco provides a foundation to implement these best practices.

Order Security ManualSample DRP

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 best practices to meet governance and compliance requirements are a baseline tat “World Class” CIOs and enterprises all follow.

  1. Understand all existing and proposed regulation and compliance requirement.  This includes industry, state, local, federal and international regulations and mandates
  2. Have clear definition of duties (job descriptions) that meet all infrastructure, security and compliance requirements. These should be well documented and distributed throughout the enterprise.
  3. Continually assess the internal controls of IT that are in place. This requires interaction with both internal and external auditors.
  4. Establish a baseline of IT internal controls – include a definition of baseline policies and procedures that need to be in place in IT function.  Infrastructure policies and procedures must be constantly reviewed and updated.
  5.  Audit compliance to baseline of IT internal controls and governance requirements. All levels of management need to be involved.
  6.  Track access to all “protected” and confidential data. This has to be real time and responsive as the exposure the enterprise faces continues to increase over time.
  7.  Preserve audit data in secure long term storage.  After the fact reviews can not take place unless this occurs.
  8.  Establish and enforce separation of duties and management accountability are key.
  9.  Implement metrics that support the alignment of IT with enterprise requirements. To measure is to modify behavior.  The right metrics need to be in place.
  10.  Implement a function which focuses on implications of new technology on infrastructure and governance of IT.

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

  • CIO IT Infrastructure Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy (more info…)
    • Blog and Personal Web Site Policy (more info…) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template (more info…) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy (more info…) Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info…)
    • Patch Management Policy (more info…)
    • Outsourcing and Cloud Based File Sharing Policy (more info…)
    • Physical and Virtual Security Policy (more info…)
    • Record Management, Retention, and Destruction Policy (more info…)
    • Sensitive Information Policy (more info…) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics (more info…)
    • Social Networking Policy (more info…) Includes electronic form
    • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information (more Info…)
    • Travel and Off-Site Meeting Policy (more info…)
    • IT Infrastructure Electronic Forms (more info…)

IT Infrastructure PoliciesInfrastructure Policy Sample

35 high risk IT projects identified by GAO

35 high risk IT projects identified by GAO

35 high risk IT projects have been identified by the GAO in a recent audit of federal IT projects.  They fall in the following six areas which cover the breath of the entire federal government:

  • Government infrastructure Improvement projects
  • Transforming DOD Program Management
  • Ensuring Public Safety and Security
  • Managing Federal Contracting More Effectively
  • Assessing the Efficiency and Effectiveness of Tax Law Administration
  • Modernizing and Safeguarding Insurance and Benefit Programs

The 35 high risk IT projects are:

  • Strengthening the Foundation for Efficiency and Effectiveness
  • Limiting the Federal Government’s Fiscal Exposure by Better Managing Climate Change Risks
  • Management of Federal Oil and Gas Resources
  • Modernizing the U.S. Financial Regulatory System and the Federal Role in Housing Finance
  • Restructuring the U.S. Postal Service to Achieve Sustainable Financial Viability
  • Funding the Nation’s Surface Transportation System
    Strategic Human Capital Management
  • Managing Federal Real Property
  • Improving the Management of IT Acquisitions and Operations (new)
  • DOD Approach to Business Transformation
  • DOD Business Systems Modernization
  • DOD Support Infrastructure Management
  • DOD Financial Management
  • DOD Supply Chain Management
  • DOD Weapon Systems Acquisition
  • Mitigating Gaps in Weather Satellite Data
  • Strengthening Department of Homeland Security Management Functions
  • Establishing Effective Mechanisms for Sharing and Managing Terrorism-Related Information to Protect the Homeland
  • Ensuring the Security of Federal Information Systems and
  • Cyber Critical Infrastructure and Protecting the Privacy of Personally Identifiable Information
  • Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests
  • Improving Federal Oversight of Food Safety
  • Protecting Public Health through Enhanced Oversight of Medical Products
  • Transforming EPA’s Processes for Assessing and Controlling Toxic Chemicals
  • DOD Contract Management
  • DOE’s Contract Management for the National Nuclear
  • Security Administration and Office of Environmental Management
  • NASA Acquisition Management
  • Enforcement of Tax Laws
  • Managing Risks and Improving VA Health Care (new)
  • Improving and Modernizing Federal Disability Programs
  • Pension Benefit Guaranty Corporation Insurance Programs
  • Medicare Program
  • Medicaid Program

CIO IT Infrastructure Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • Backup and Backup Retention Policy (more info…)
  • Blog and Personal Web Site Policy (more info…) Includes electronic Blog Compliance Agreement Form
  • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
  • Google Glass Policy Template (more info…) Includes electronic Google Glass Access and Use Agreement Form
  • Incident Communication Plan Policy (more info…) Updated to include social networks as a communication path
  • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
  • Mobile Device Access and Use Policy (more info…)
  • Patch Management Policy (more info…)
  • Outsourcing and Cloud Based File Sharing Policy (more info…)
  • Physical and Virtual Security Policy (more info…)
  • Record Management, Retention, and Destruction Policy (more info…)
  • Sensitive Information Policy (more info…) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
  • Service Level Agreement (SLA) Policy Template with Metrics (more info…)
  • Social Networking Policy (more info…) Includes electronic form
  • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
  • Text Messaging Sensitive and Confidential Information (more Info…)
  • Travel and Off-Site Meeting Policy (more info…)
  • IT Infrastructure Electronic Forms (more info…)

IT Infrastructure PoliciesInfrastructure Policy Sample

IT job description bundles available in MS WORD format

IT job descriptions bundles are available in MS WORD format

IT job descriptions bundles have just been updated to meet the latest compliance and security requirements

IT Job DescriptionsIT job descriptions bundles have just been updated.  The bundles are:

  • C-Level IT Job Description Bundle \
    • Chief Information Officer(CIO), Chief Information Officer (CIO) – Small Enterprise, Chief Security Officer (CSO), Chief Compliance Officer (CCO), Chief Mobility Officer (CMO), Chief Technology Officer (CTO), and Chief Digital Officer (CDO)
  • Compliance Management Job Description Bundle
    • Chief Compliance Officer (CCO), Director Electronic Commerce, e-Commerce Specialist, Internet-Intranet Administrator, Manager BYOD Support, Manager Internet – Intranet Activities, Manager Internet Systems, Manager Point of Sale, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, BYOD support anaylst, On-Line Transaction Processing Analyst, PCI-DSS Administrator, PCI-DSS Coordinator, POS Coordinator, POS Hardware Coordinator, POS Senior Coordinator, Record Management Coordinator, System Administrators – UNIX – Windows Linix, Web Analyst, Web Site Designer, Webmaster, and Wireless Coordinator.
  • eCommerce, Wireless, and Internet Job Description Bundle
    • Director Electronic Commerce, e-Commerce Specialist, Internet-Intranet Administrator, Manager Internet – Intranet Activities, Manager Internet Systems, Manager Point of Sale, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, On-Line Transaction Processing Analyst, PCI-DSS Administrator, PCI-DSS Coordinator, POS Coordinator, POS Hardware Coordinator, POS Senior Coordinator, Record Management Coordinator, System Administrator – Linux, System Administrator – UNIX , System Administrator – Windows, Web Analyst, Web Site Designer, Webmaster, and Wireless Coordinator.
  • Enterprise Architecture and IT Executives Job Description Bundle
    • Vice President Strategy and Architecture, Chief Information Officer- CIO, Chief Information Officer – Small Enterprise – CIO, Chief Compliance Officer – CCO, Chief Mobility Officer(CMO), Chief Security Officer – CSO, Chief Technology Officer – CTO, Manager Change Control, Manager Competitive Intelligence, Manager Database, Manager Enterprise Architecture, Manager Sarbanes-Oxley Compliance, Manager Video and Website Content, Project Manager Enterprise Architecture, Capacity Planning Supervisor, Change Control Supervisor, Database Administrator, Enterprise Architect, PCI-DSS Coordinator, and Cloud Computing Architect
  • Enterprise Resource Planning (ERP) Job Description Bundle
    • Project Manager, Enterprise Resource Planning (ERP); Enterprise Resource Planning (ERP) – Architect; Enterprise Resource Planning (ERP) – Business Analyst; Enterprise Resource Planning (ERP) – Data Architect; Enterprise Resource Planning (ERP) – Decision Support Analyst; Enterprise Resource Planning (ERP) – Developer; Enterprise Resource Planning (ERP) – Functional Lead; Enterprise Resource Planning (ERP) – Infrastructure Administrator; Enterprise Resource Planning (ERP) – Master Data Analyst; Enterprise Resource Planning (ERP) – Process Owner; Enterprise Resource Planning (ERP) – Security Administrator; Enterprise Resource Planning (ERP) – Security Analyst; Enterprise Resource Planning (ERP) – Subject Matter Expert; Enterprise Resource Planning (ERP) – Team Lead; Enterprise Resource Planning (ERP) – Technical Lead; and Enterprise Resource Planning (ERP) – Trainer
  • Disaster Recovery and Business Continuity Job Description Bundle
    • Chief Information Officer; Chief Security Officer; Chief Compliance Officer; Chief Mobility Officer; VP Strategy and Architecture; Director Disaster Recovery and Business Continuity; Director e-Commerce; Director Media Communications; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Disaster Recovery Coordinator; Disaster Recovery – Special Projects Supervisor; Manager Database; Capacity Planning Supervisor; Manager Media Library Support; Manager Record Administration; Manager Site Management; and Pandemic Coordinator
  • IT Service Management – SOA Job Description Bundle
    • Director Sarbanes-Oxley Compliance; Manager Change Control; Manager Customer Service Center<; Manager Help Desk Support; Manager Metrics; Manager Quality Control; Manager Service Level Reporting; Manager User Support; Capacity Planning Supervisor; Change Control Analyst; Change Control Supervisor; Help Desk Analyst; Key Performance Indicatior Analyst; Metrics Measurement Analys; and Quality Measurement Analyst
  • Metrics, Service Level Agreement & Outsourcing Job Description Bundle
    • VP Administration; VP Strategy and Architecture; Director IT Management and Control; Manager Contracts and Pricing;Manager Controller; Manager Metrics; Manager Outsourcing; Manager Service Level Reporting; Manager Vendor Management; Key Performance Indicator Analyst; Metrics Measurement Analyst; Quality Measurement Analyst; System Administrator Linux; System Administrator Unix; and System Administrator Windows
  • Security Management Job Description Bundle
    • Chief Compliance Officer (CCO); Chief Security Officer (CSO); VP Strategy and Architecture; Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Facilities and Equipment; Manager Network and Computing Services; Manager Network Services; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems; Network Security Analyst; System Administrator – Linux; System Administrator – Unix; and System Administrator – Windows
  • Salary Survey Job Description Bundle
    • Executive – VP – Chief Information Officer (CIO), Chief Security Officer (CSO), VP – Administration, VP – Consulting Services, VP – Information Services, VP – Technical Services, Director – IT Planning, Director – Production/Data Center, and Director – Systems & Programming.
    • Middle Management: Manager Computer Operations, Manager Customer Service, Manager Data Communications, Manager Data Warehouse, Manager Database, Manager Internet Systems, Manager Network Services, Manager Office Automation Applications, Manager Operating Systems Production, Manager Production Services, Manager Production Support, Manager Quality Control, Manager Security and Workstations, Manager Systems and Programming, Manager Technical Services, Manager Training and Documentation, Manager Voice and Data Communications, Manager Voice/Wireless Communication, Project Manager Applications, Project Manager Distributed Systems, Project Manager Network Technical Services, Project Manager Systems, Capacity Planning Supervisor, Change Control Supervisor, Computer Operations Shift Manager Computer Operations Shift Supervisor, Hardware Installation Supervisor, Microcomputer Support Supervisor, Network Services Supervisor, Production Control Specialist, Production Services Supervisor, and Webmaster.
    • Staff: Change Control Analyst, Computer Operator, Data Center Facility, Administrator, Data Entry Clerk, Data Entry Supervisor, Data Security Administrator, Data Base Specialist, Disaster Recovery Coordinator, e-Commerce Specialist, Forms and Graphics Designer, Hardware Installation Coordinator, Internet Developer, IT Planning Analyst, LAN Application Support Analyst, Librarian, Network Control Analyst, Network Services Administrator, Network Specialist Senior, Network Technician, Object Programmer, Operations Analyst, Personal Computer Specialist, Production Control Analyst, Programmer/Analyst, Software Engineer, Systems Analyst, Systems Programmer, System Support Specialist, Technical Services Specialist, Technical Specialist, Voice/Wireless Communications Coordinator, and Web Analyst

For more information go to https://www.e-janco.com/jobdescriptions.html

Mobile Devices are how many start and end the day

Mobile Devices are in many bedrooms

How did you start your day today? How did you end your day yesterday? For many, starting or ending our day involves connecting in some way with a mobile application. In 2014, the number of Internet users worldwide has reached nearly 30 billion. While the majority of these users connect via fixed-line to a PC, the growth of mobile- and cloud-based solutions has skyrocketed. Industry experts estimate that mobile-only users (no laptop, no desktop) will hit 1 billion next year.

  • Mobility Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info…)
    • Record Management, Retention, and Destruction Policy (more info…)
    • Social Networking Policy (more info…) Includes electronic form
    • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info…)
Order

Best Articles of 2014 – CIO Challenges addressed

Top 10 Best Articles of 2014

Best Articles of 2014 – Janco in a review of the best articles and top 10 lists of this year, Janco highlights the role of the CIO and the challenges that the CIO faces.  Include in this years winners are:

Best articles of 2014

  1. A CIO’s guide to IT portfolio management
  2. Top 10 Manager Best Practices
  3. Top 10 Challenges faced by IT Project Managers
  4. Ten Best Practices to Hire and Retain World Class Creative IT Professionals
  5. Top 10 CIO Staffing Issues
  6. What does it take to become a CIO or CTO of a Fortune 100 company?
  7. ID Badges Challenge for CIOs
  8. Mobile Application Must Haves for the CIO
  9. Top 10 Interview Best Practices
  10. Internet of Things (IoT) Challenges

Top 10 CIO concerns

Top 10 CIO concerns for the New Year

Top 10 CIO concerns – Janco Associates has just completed an informal survey of 75 CIOs and developed a list of the top 10 concerns they have and will be the their driving forces for the next several months.

  1. Innovation and competitive edge over others in the same market
  2. Meeting management’s IT Portfolio alignment needs
  3. Security and privacy while meeting records management requirements
  4. Operational adaptability of IT infrastructure
  5. Improved productivity
  6. Simplified SDM to more rapidly deploy IT products and services
  7. Impact of market and business changes
  8. Controls and compliance cost improvements
  9. Staffing of talent for the newest technology
  10. Ways to generate revenue with IT technology deployments

Outsourcing TemplateHow to Guide for
Cloud Processing and Outsourcing

ISO Compliant – Including ISO 31000

Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract

“How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship,” says a CIO of a Fortune 100 company.

10 steps to World Class IT portfolio management

10 steps to World Class IT portfolio management

IT Portfolio Management is key to the success of every CIO and IT organization.  Janco Associates has found that many world class CIOs all follow these basic steps.

  1. Create an inventory of all business oriented applications
  2. Establish cost to run applications
  3. Collaborate with business units to determine value of applications
  4. Track investments costs and returns in concise reports that can easily be compared and contrasted.
  5. Identifying the relationship between investment performance and business projections and objectives, across time.
  6. Develop annual ROI summary and review with business units
  7. Make specific business and technology recommendations to maintain a healthy balance within the portfolio.
  8. Adjust portfolio based on newly available data and technologies
  9. Make long term strategic recommendations and establish a baseline budget based on performance and established objectives
  10. Identifying new investment opportunities that could fit into the established portfolio and the wider aims of the business

You can get all of Janco’s templates in its IT Management Suite. When you do that you save over $2,500 and when implemented your enterprise is positioned to have a “WORLD CLASS” Information Technology function. You will be in compliance with all mandated requirements including all US and International requirements.

Container Based Applications is the next big deal

Container Based Applications is the next big deal

The next major shift in the IT infrastructure market is here – container based applications. Historically, 10 years ago virtualization, currently public cloud, and now Containers are changing the way users interact with the Internet.

Containers are the next logical step beyond virtualization. Where virtualization slices a server up into many virtual machines, containers can run on top of bare system to allow many applications to run autonomously. It’s an additional layer of abstraction that can make applications portable across public and private clouds. Containers basically wrap an application to make them portable.

Containers with platform and infrastructure may be a big deal. The change today is limited to new application development. We are a few years from existing applications being rebuilt for containers, or from enterprises moving well-running applications into smaller containers, but for new web-scale applications development, the future is containers.

  • CIO IT Infrastructure Policy Bundle (more info…) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy (more info…)
    • Blog and Personal Web Site Policy (more info…) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template (more info…) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template (more info…) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy (more info…) Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info…)
    • Patch Management Policy (more info…)
    • Outsourcing and Cloud Based File Sharing Policy (more info…)
    • Physical and Virtual Security Policy (more info…)
    • Record Management, Retention, and Destruction Policy (more info…)
    • Sensitive Information Policy (more info…) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics (more info…)
    • Social Networking Policy (more info…) Includes electronic form
    • Telecommuting Policy (more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information (more Info…)
    • Travel and Off-Site Meeting Policy (more info…)
    • IT Infrastructure Electronic Forms (more info…)

IT Infrastructure PoliciesInfrastructure Policy Sample

HIPAA Omnibus Update

HIPAA Omnibus Update

The HIPAA Omnibus Update rules contain a number of changes to HIPAA Privacy, Security, and Breach Notification rules. Recently patient rights under HIPAA have been expanded to include several new rights of access: mental health records, electronic copies of records and laboratory test results. These changes must be respected by every covered entity and business associate to stay in compliance with the HIPAA rules through modifications to policies and procedures.

HIPAA Omnibus update

Not only the compliance rules but the enforcement rules have also changed. Now with the new four-tier violation schedule the mandatory fines for willful neglect of compliance starts at $10,000 even if the problem is corrected within 30 days of discovery. Violations that are not promptly corrected carry mandatory minimum fines starting at $50,000.

Compliance Process

ISO 31000 Compliance – Risk Management

ISO 31000 Compliance – Risk Management

Cloud processing and outsourcing add external risks to a business’ operation. The International Standards Organization (ISO) has implemented a new standard for risk management which needs to be considered when embarking on a cloud processing and/or outsourcing initiative.

ISO 31000 provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.

However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programs. Organizations using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.

A risk management policy should include the following sections:

  • Risk management and internal control objectives
  • Statement of the attitude of the organization to risk
  • Description of the risk aware culture or control environment
  • Level and nature of risk that is acceptable
  • Risk management organization including policies and procedures
  • Details of procedures for risk recognition and ranking
  • List of documentation for analyzing and reporting risk
  • Risk mitigation requirements and control mechanisms
  • Allocation of risk management roles and responsibilities
  • Risk management training topics and priorities
  • Criteria for monitoring and benchmarking of risks
  • Allocation of appropriate resources to risk management
  • Risk activities and risk priorities for the coming year
ISO 31000 Compliance

Cloud Technology Impacts Outsourcing

Cloud Technology Impacts Outsourcing

Cloud Technology

What makes cloud computing different from this “ordinary” system of computing is that the cloud functions as a collective computer that exists in the virtual world. The cloud uses resources and information from computers and servers, running these applications independently and making the specific hardware less important to how the applications work.

Janco Associates has just updated its CIO IT Infrastructure Policy Bundle. This is part of Janco’s continuing effort to create a set of standard ‘Best Practices’ procedures that CIOs can implement to meet the challenges they face as they adjust to the new ways that technology is being used. Included is a new policy “Outsourcing and Cloud Based File Sharing“.

The Outsourcing and Cloud Based File Sharing Policy defines everything that is needed for the data and/or application of a function, department, or area to be outsourced or file shared via the cloud.

The policy template is ready to use and is easily modified to meet the unique requirements of your company.

The policy comes as a Microsoft Word document that can be customized as needed.

The template has been updated to include an ISO audit program definition and electronic form. The policy template includes:

  • Outsourcing Management Standard
    • Service Level Agreement
    • Responsibility
    • Cloud Based File Sharing
  • Outsourcing Policy
    • Policy Statement
    • Goal
  • Approval Standard
    • Base Case
    • Responsibilities

Note: Look at the Practical Guide for Outsourcing over 110 page template for a more extensive process for outsourcing which includes a sample contract with a sample service level agreement

Order Outsourcing PolicySample Outsourcing Policy