CIO Infrastructure Policy Bundle Update 2019-02 now available
CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.
CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.
The policies are all part of the overall IT Governance Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.
Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.
Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately. See Policy offerings.
Blog and Personal Website Policy (revised 01/2019)
BYOD Access and Use Policy (revised 03/2019)
Mobile Device Access and Use Policy (revised 01/2019)
Physical and Virtual Server Security (revised 01/2019)
Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
Sensitive Information Policy (revised 1/2019)
Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)
Updated in 2018 – Scheduled to be updated within the next three (3) months:
Backup and Backup Retention Policy
Google Glass Policy
Incident Communication Policy
Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
Outsourcing and Cloud-Based File Sharing Policy
Patch Management Version Control
Privacy Compliance Policy
Service Level Agreement Policy including sample metrics
Social Networking Policy
Technology Acquisition Policy
Text Messaging Sensitive and Confidential Information
Record Classification, Management, Retention, and Destruction Policy Updated
Record Classification was just added to the Data Management Policy. The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,
Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.
Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.
Included with the policy is a crisp definition of data classification.
The foundation of any good record management program is developing a consistent records classification system across the organization.
While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.
The first step toward developing a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.
The second step is grouping the records in the inventory according to business functions, record class, and record type:
Common business functions include operations, finance, legal, marketing, human resources, and others.
The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.
Formal media and incident communications plan needs to be in place before an event occurs.
Top 10 Press Release Best Practices – Whenever enterprises are impacted by negative (cyberattacks) or positive events communication with the media is critical – Press Releases should be the first source for factual and informational communication with the media.
Top 10 best practices are:
Perform extensive research – get your facts straight
Don’t assume anything – double check everything
Don’t belittle or talk down to anyone
Don’t oversell your product or service
Don’t over-write or bloat the release
Create a clever subject line
Don’t jump the gun when sending your release
Optimize the Press Release for Internet Search Engines
Maintain an internal list of trusted reporters and editors
Be available and responsive right after a press release is issued
Supply of Qualified IT Professionals Low – Starting Salaries Higher
Supply of Qualified IT Professionals Low as CIO and recruiters look to add the skill sets necessary to meed the demands of seamless information flow via ERP and Blockchain. This shortage is not limited to these skill sets, programmers and business analysts of all stripes are also in high demand.
IT job market growth is marked bu shortages of qualified professionsal. Still Janco forecasts that over 89,000 new IT jobs will be created in 2019.
The political turmoil and lack of any material progress on the trade talks with China and the EU adds a level of risk on the direction of the economy. However, even with all those factors in play there still is positive IT job market growth. CIOs are still planning on expanding the size of their organizations.
Most of the hiring that is occurring is at staff levels. Based on our current data we believe the hiring that will be done this year will be completed by June or July. Demand for consultants and contract employees will still be above average, however, there is a tendency to move towards in-house staff. This data is compiled by reviewing public data, open/filled positions at our client organization, and interviews with selected CIOs, Recruiters and our clients’ internal HR staffs.
CIO Hiring plans for the next year show the focus is on meeting the skill shortage need at the staff level
In order to assist its clients, Janco has just released it 2019 version of the IT Hiring Kit – https://www.e-janco.com/ITHirePack.htm. the Kit contains the over 300 full IT job descriptions, the 2019 IT Salary Survey, and the Interview and Hiring which is packed full of electronic forms and best practices.
IoT Challenges are varied and unique to the capture of real-time data
IoT Challenges – IoT is more than internet enabled sensors and analytics. It is a way to get real-time information. There is a very good chance that the IoT device can be remotely controlled, monitored, updated and maintained using remote management tools, sensors and predictive analytics that continually collect device data that can identify problems before they happen.
Granted most of these devices are not critical in life or death situations. However, there can be property loss when a device fails, does not have the current BIOS or software, or is used in an inappropriate manner. In addition the implications on data storage in order to meet the mandated records management requirements have not been understood to their fullest.
Add that to the fact that typically IoT data is proprietary and enterprise confidential, security is a major concern.
Driver Support Review is mixed. The product / service is a good offering but there are some areas of concern that you need to be aware of if you use this producrt.
Functionality – the product does not work with a number of software virus / malware checkers. For example. the service will NOT run with Malwarebytes without modifications to the the exclusion file which is understandable. However the issue is that Driver Support (DS) does not give you any help on the files that need to be put in the exclusion file. In addition, to get this to work it took several phone calls to their customer service group. It did not help that the CS staff is located in Jamaica and their English skills are poor at best.
Registration key issues – We purchased the premium version of the product which was to allow us to register up to 5 PCs. When we tried to register the 4th PC, the program told us that we had exceeded the number of machines that could be registered.
We went to the customer portal. It showed that we had 3 PC installed and that we had one registration left to use. 3 plus 1 does not equal 5. Also there is no way for the user to delete a machine.
Now the really interesting process follows. We tried to contact the company and got ah email message that the “Office was closed”. We sent several email over the next few days and go NO response. We finally called them when they said their office was open. The first two people we talked to have very poor English and we were disconnected in the transfer process. Finally we got to the CS technicain in our 4th call. There was an ECHO on the line on all of the phone calls.
We explained the issue to the person and were told they had to route the problem to their engineers who were in the US and it would take 24 hours for them to get back to me.
We cannot in good judgement recommend this product eventhough the driver update service they offer is excellent.
What is HIPAA and how can an enerprise comply with the mandated requirements
What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.
What is HIPAA and how does it impact overall Compliance Management?
Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.
BYOD Best Practices to ensure the security of enterprise sensitive an confidential information
BYOD Best Practices – BYOD (Bring Your Own Device) now is standard practice for most individuals working for companies. Device include everything from laptop computer to tablets and smartphones. 10 Best Practices to secure BYODs – More employees and enterprise associates are bringing their own iPhones and tablets to the office. How sure are you that they are secure. While these oersonal devices are great for employee productivity, they can introduce security risks to your organization.
Implement a formal written BYOD policy that clearly states which devices and applications are supported.
Set up a locking password on each device. Integrate password usage with wipe the phone after x number of invalid tries. At the same time have a way to restore the phone if the phone is wiped.
Implement a phone locater on all SmartPhones. In the case of the iPhone use the “Find My Phone” application.
Protect the access point of your network so that only devices that meet your stringent security requirements are allowed access to you network and data.
Implement anti-virus where possible. In the case of iPhone there is not anti-virus. That means that you email service provider needs to do the scan BEFORE emails are sent to the device.
Manage authorized applications so the contact and other sensitive data is not extracted from the device by the applications.
Utilized data encryption on e-mails and enterprise data
Utilize the cloud as a back up source
Be wary of applications like QR coder readers. They can direct the user to sites that can take control of the device.
Monitor access and data usage by device and by user. Have processes in place that actively inform management of any potential ares were the network and data can be compromised.
Top 10 Reasons Disaster Recovery Fails have been identified by Janco.Over 90% of all mid-sized to large enterprises have disaster recovery and business continuity plans in place — that is not enough to avert disaster as only 40% of those plans have not major defects. The top 10 causes for those failures are:
Disaster Recovery and Business Continuity are necessary enterprise infrastructure processes that have correctable defects that can make plans fail.
Backups do not work
Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends
Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity
Not including a communication processes which will work when your communication infrastructure is lost
Not having sufficient backup power – both capacity and durations
Having a recovery plan in place but not listing priorities of which resources need to be restored first
No physical documentation of your Disaster Recovery and Business Continuity plan
Disaster Recovery and Business Continuity plan that has not been tested adequately
Passwords are not available to the Disaster Recovery and Business Continuity team
Disaster Recovery and Business Continuity plan is not up to date
2019 Version of the HandiGuide contains 300 2 to 8 page job descriptions. They every position for CIO to Blockchain programmer and System Administrators
IT Job Descriptions HandiGuide was just updated to reflect latest compliance requirements. The HandiGuide was completed in 2019. It is over 800 pages; which includes sample organization charts, a job progression matrix, and 300 individual descriptions. The book addresses all mandated requirements, including the ADA, and is in an easy to use format.
Also included with the HandiGuide are tools to help you expand, evaluate and define your enterprise’s Human Resource requirements. Those tools include:
Job Evaluation Questionnaire
Position Description Questionnaire
Job Progression Matrix (Job Family Classifications)
Sexual Harassment and other key employment issues
Best Practices for resume screening
Best Practices for phone screening
Employee Termination Checklist (Electronic Form)
This offering is fully vetted by the IT Productivitive Center, the Society for Human Resources Management, and the 3 major accounting firms (in the U.S and the EU).
The eReader version of the job descriptions can be loaded directly on an enterprises “Intranet”, searched and printed directly via tablets and SmartPhones.