Top 10 Security Management rules are defined in Janco’s Security Manual Template.
Top 10 Reputation Management Rules are defined in detail in Janco’s Security Manual Template.
Without constant vigilance, your company is vulnerable to attack. The first step to take is to assess your current security stance, then make a plan to increase security with proper best practices and technologies.
Top ten commandments of security management for CSOs, CIOs, and IT Managers
Limit access to information to those who need to have it. People can’t misuse information that they don’t have.
Conduct frequent and deep security audits. Identify who has access to what – and how their actions could weaken the protection of valuable data/information.
Set limits to information access. Do not exclude all information from access – data exclusion locks down access. Limits set authorizations so specific people can do specific things under specific circumstances.
Limit administrative rights to as few individuals as possible. Very few individuals need them to do their jobs.
Ignore organizational hierarchy when setting access capabilities. Access and authorization should be based upon responsibilities, not position.
Make Security Invisible. Minimize extra commands, screens, pop-ups for employees; if an action is allowed, just let it happen.
Analyze Security End back doors. Compliance logs reveal threat patterns, and show how security steps are hurting productivity.
Monitor information access and updates. User-initiated application information updates can invite vulnerabilities.
Educate everyone on security policies and procedures. The more that people know about the rules the better
Make security best practices the watch word for everyone. IT and the general workforce must address the constantly changing nature of security breaches.
Security Manual Template
Security Policies and Procedures Manual for the Internet and Information Technology is over over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address GDPR, CaCPA, ISO, Sarbanes Oxley and CobiT compliance).
GDPR Compliance is at risk with 3rd Party providers
GDPR Compliance Management is more complex with the increased use of 3rd Party providers
Security and GDPR Compliance risks from third parties are on the rise. A security compliance study found that 56 percent of companies admitted to a security incident caused by a third party.
With GDPR now in place, security of third-party vendors and consultants is more important than ever. Their security failure will impact your company and could result in a breach of your data.
So how do you approach third-party security in a GDPR world? The first step is to know who your vendors are and other outsiders with access to your network. These tiers are based on the level and volume of data they have access to, determining which are the most critical. Companies need to know who has any access to their data and get an accurate understanding of exactly what information they can access, why, and how often. With this information in hand, you can then develop an accurate response plan.
GDPR compliance plans should also take into consideration all of your third-party vendors. Thus, when establishing a dedicated Data Privacy Officer (DPO), that person will help the company meet GDPR requirements and should keep tabs on third-party practices and data systems as they affect your business. Lunetta added:
To support the DPO with additional expertise on making decisions such as, “We need X solution to address Y compliance/security requirement,” it’s imperative for IT security teams to conduct regular self-assessments for uncovering gaps and determining options for remediating them.
Some tips for ensuring that your third parties are staying in GDPR compliance:
Address cybersecurity governance because while it’s one thing to invest in security solutions that help address personal data protection, it’s another to use them in a manner that is also GDPR-compliant.
Access Policy Governance – Having robust access controls isn’t good enough to comply with GDPR. Instead, you also need a set of policies that can be defined, implemented and enforced around how your enterprise controls access to personal data.
Pay attention to privileged. Users, such as systems administrators, can circumvent standard controls inside of an application or a database. Identify those users, establish governance controls, and implement enforcement mechanisms through technology solutions such as network access control.
U.S. Job Market continues to improve. There now are 36 states (including the District of Columbia) that have an unemployment rate that is 4.0% or lower. That is one more state than in the prior month.
U,S. Job Market – the unemployment rate continues to hover around 3.8% to 4.0%. The current rate is the lowest it has been in several years.
Looking at the data for individual states for a year to year comparison, the picture is even brighter.
Only two states of the states with low unemployment rates, have higher unemployment rates this than last. Those are Coloarado and Hawaii.
Hawai was at such a low rate last year that the shortage of workers slowed the economy there. The fact that it is an island only magnifies the issues it has to deal with when it low unemploymnent and high unemployment.
Janco continues to monitor the U.S. Job Market and the IT Job Market continually. To see this analysis as it is updated look at the Employment Data on Janco’s main web site.
10 Point Power Checklist Disaster Recovery and Business Continuity
10 point power checklist that adddresses the issues associated with power after an event that disrupts a network, availability of power to recover and run the network often is critical.
10 Point Power Checklist Disaster Recovery and Business Continuity needs to be incorporated into the disaster recovery – business continuity plan. The Disaster Recovery Business Continuity template contains many checklists and best practices to follow. The checklist includes:
Electricity, water, broken wires do not mix. Review all electrical and plumbing plans in detail.
Understand the minimum power requirements to be operational.
Have an adequate fuel supply to operate backup power sources. If the outage lasts for more than 30 days will the faciulity be ale to continue operations.
Set reasonable response times for standby generator.
Maintain your equipment and test it operations. Test at least once a quarter and review supplies on hand.
Understand your environment and geography.
Set up generators in an “open environment”. Carbon monoxide fumes can build up and poison people.
Compliance Mandates come from multiple sources. How companies are impacted by them varies by size of company and the markets they serve.
Compliance Mandates impact every company that does business on the Internet. Few companies are impacted by all of the mandates. In the U.S. the most impactful is the CaCPA inacted by Califorinia and the GDPR from the EU
The EU has implemented a single privacy and compliance mandate. In the U.S. that is not the case as of yet. The U.S. Congress has talked about it but, as of yet, there is no consensus on what that legislation will look like. Until that occurs the various states, and California in particular, will set the rules.
The standards for user privacy and control drove the released of an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. Janco reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated. The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates. These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular. The compliance deadline is January 1, 2020.
Compliance Management is one of the top concerns of CIOs and other C-Level exeutives.
Compliance Management Kit was just released. All of the components of the kit were just updated to meet privacy and security madatesdue to GDPR for the EU and CaCPA for the state of California.
The kit comes in 3 versions: Silver, Gold, and Platinum. Each can be acquired with either 1 year or 2 years of update service. Janco feels mandates will continue to be added due to this high volume of cyber-attacks and privacy issues that are of concern to individuals and corporations.
First, he Silver version of the kit comes with the Compliance Management White Paper, a self-scoring Security Audit, a PCI Audit Program, and 31 key Job Descriptions including Chief Security Officer (CSO). Second, the Gold version of the kit come with all of that plus two full policies. The policies are the Record Classification and Management Policy and a Privacy Compliance Policy with a detail implementation work plan. The detail wok plan can be utilized right out of the box to ensure that privacy and security are implemented fully within the enterprise. And third, the Platinum version of the kit comes with everything in the first two, plus Janco’s Security Manual Template.
Job Interview and Hiring Guide includes Top 10 Hiring Best Practices as well as best practices for the interview candidate.
Top 10 Hiring Best Practices – the Interview id critical first step in building a world class organization. The Interview and Hiring Guide provides best practices that both the candidate and the entrerprise should follow.
In today’s employment market, it is critical to make every hire count. There is little room for error. It is crucial for senior-level leadership, human resources and hiring managers to all be on the same page and do the right things.
Top 10 Best Practices for the Hiring Process are:
Know how each job supports your organization’s key objectives
Consider both internal and external candidates for open positions.
Use objective evaluation criteria based on known outstanding performers in that job.
Ensure compensation is competitive, based on current market rates for the job.
Apply a consistent selection process to filling all positions.
Include key stakeholders in your employee selection process.
Train your interviewers in your employee selection process.
Give your interviewers guidance to help them probe deeper into a candidate’s suitability.
Review public social media accounts of all candidates.
Conduct comprehensive reference and background checks on job candidates.
Ensure that your orientation process helps new hires become productive faster.
How to Guide for Cloud Processing and Outsourcing 2019 Version Released
How to Guide for Cloud Processing and Outsourcing 2019 Version Released with new fearures. It now is available in ePub format. The version is provided with the basic product.
As interest in cloud computing continues to gain momentum,there is increasing confusion about what cloud computing represents. Without a common, defined vocabulary and a standardized frame of reference, organizations cannot have a cogent discussion about cloud computing. The practical guide for cloud computing outsourcing addresses this challenge by providing a context for productive discussion and a structure for planning, both short and long term, for a successful implementation.
In a recent study, Janco identified the 5 major reasons why CIOs, and enterprises in general, are moving towards Cloud and Outsourcing as processing solutions.
10 Things to Avoid in your resume. The market is competitive and your resume has to stand out or you will not even be phone screened.
10 Things To Avoid In Your Resume – Top 10 Resume mistakes that many IT Professionals make.
Keep it short – Keep your total resume to 2 pages or less.
Resume that does not represent you in the best first impression. Make sure that the resume looks good.
Resume that is not structured well. Bullets, limited bold text, and a summary at the top are key directions to take.
Eliminate spelling errors. This is direct path to the circular file.
Resume that contains grammatical and tense errors – Do not user complex sentences and avoid starting with prepositions.
Resume that does not agree with your “social profile”. Resume needs to be in agreement with what the rest of the world see about.
Photo is a bad idea. Do not include anything that shows your age, race, or appearance.
100% accurate. Everything needs to be truthful and accurate.
Resume that is the same for each job and company. With word processors and email you should at least have a custom cover letter that address the “specific” job or company that you are sending the resume to.
Not following up. If you do not hear back from a company and have sent a resume in, it is a must to follow up and see if the job is still open.
H-1B Visa make up a major portion of the IT Job Market. Just the visa holders who were approved in 2018 make a total compenstation of close to $15 billion dollars. Those are all high wage jobs with the mean compensation of $91,604.
On an annual basis the mean compensation for the holders continues to rise. Since most of these are “temporary” postions, the long term value for the enterprises is questionable.
H-1B Visa applicants typically go to larger companies. In addition, most of the companies requesting visas are the same year after year. Question is that a way for them to get unique skills or to hold salaries down