Category Archives: Security

Record Classification

Record Classification, Management, Retention, and Destruction Policy Updated

Record Classification was just added to the Data Management Policy.  The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,

Record Classification and Management

Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.

Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.

Included with the policy is a crisp definition of data classification.

The foundation of any good record management program is developing a consistent records classification system across the organization.

While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.

The first step toward developing  a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.

The second step is grouping the records in the inventory according to business functions, record class, and record type:

  • Common business functions include operations, finance, legal, marketing, human resources, and others.
  • The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
  • Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.

Read on Record Classification, Management, Retention, and Disposition Policy

Order Record Management PolicyDownload Selected Pages Record Management policy

Other Posting of a similar nature

Please follow and like us
error

IoT Challenges

Internet of Things – IoT Challenges

IoT Challenges

IoT Challenges are varied and unique to the capture of real-time data

IoT Challenges – IoT  is more than internet enabled sensors and analytics. It is a way to get real-time information. There is a very good chance that the IoT device can be remotely controlled, monitored, updated and maintained using remote management tools, sensors and predictive analytics that continually collect device data that can identify problems before they happen.

Granted most of these devices are not critical in life or death situations. However, there can be property loss when a device fails, does not have the current BIOS or software, or is used in an inappropriate manner. In addition the implications on data storage in order to meet the mandated records management requirements have not been understood to their fullest.

Add that to the fact that typically IoT data is proprietary and enterprise confidential, security is a major concern.

Managements concerns are

  • Security Threats – 38%
  • Data Privacy – 28%
  • Access Management – 9%
  • External Attacks – 9%
  • Meeting Compliance Requirements – 7%
  • BYOD and user devices – 6%
  • 3rd Party Data Requests – 2%
  • Other concerns – 3%

Order Manager IoT Job Description

See also:

Please follow and like us
error

What is HIPAA

What is HIPAA and how can an enerprise comply with the mandated requirements

What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.

There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.

What is HIPAA

What is HIPAA and how does it impact overall Compliance Management?

Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.

Read On HIPAA Compliance

Order DRP BCP SecurityDownload Table of Contents Security and DRP templates

 

Please follow and like us
error

CIO Posts

CIO Posts critical review points

CIO Posts

CIO Posts – Management Tool Kit has everything a new CIO needs on day one in a new job

CIO Posts are those that we know are related to the management of the IT function and how they relate to what is important.  Last week we added 4 posts that you should look at.

They were:

  • Top 10 in Demand IT Skills Important review of the IT skills which are the hardest ti find in this tight IT job market.
  • CIOs Management Focus Janco conducted a survey of C-Level executives to get a clear understanding of what CIOs are focusing their management talents
  • AnyConnect Windows 10 An example of a best practice for patch management and version control.  An issue arose after an update by a major vendor and how to implement a best practice to have  a solution in place for a critical application.
  • Technology Acquisition How to select a cost effective piece of technology by looking alternative providers.

CIO Management Tool Kit

This tool kit has been updated to meet all of the EU’s GDPR mandated requirement. In addition, it now reflects all of the requirements of the newly enacted California Privacy Act and contains the Privacy Compliance Policy with its associated electronic forms and job descriptions.

Download Table of Contents CIO Management Kit Order CIO Management Kit

Other topics that are timely include:

Please follow and like us
error

Cyber Currency Hacker Target

Cyber Currency Hacker Target – Risk is High

Security Manual TemplateCyber Currency Hacker Target as the population of Blockchain applications expands.In the last year there was a boom in malicious cryptocurrency mining. That is where cyber attackers secretly hijack the processing power of computers, servers and even IoT devices and use it to mine for cryptocurrency. While it is not very lucrative in the short term, it is stealthy and can be sustained over a long period of time. Typically it is taking very little from each PC, most users don’t even know their machine’s processor is being used to line someone else’s pockets.

Ransomware a much more aggressive approach: pay up, or risk having your files permanently locked.

Both cryptojacking and ransomware continue to be widespread threats, other attackers are quietly deploy a potentially much more damaging threat: trojan malware.

Trojan malware sneaks onto your PC by disguising itself as something else, often hidden in a malicious attachment that’s distributed with a phishing email.

Trojan attacks range from those using commodity malware, with phishing emails spammed out in bulk in the hope of scooping up victims for the purposes of stealing their login credentials, banking information or other private information. Other attacks are far more precise, targeting organisations or even individuals to gain access to specific data or information: this can be for creating a persistence presence on their network for espionage, stealing data and selling it, or loading other malware onto the system.

Order Security Policies and ProceduresDownload TOC security policies

See also:

Please follow and like us
error

Top 10 Security Weakness

Top 10 Security Weakness Issues Enterprise-Wide

Top 10 Security Weakness Issues – In a review of over 100 enterprises we identified the security weakness issues that CIOs, CSOs, and IT pros need to address. There are:

  1. Using only single level verification for access to sensitive data
  2. Having “public” workstations or access point is connected to a secure network
  3. Weak Passwords
  4. Sharing login credentials
  5. Static Passwords
  6. Data validation for forms is contained in client-side JavaScript
  7. Connect to network from an unsecure access point
  8. Corporate web site is encrypted but the login process is not
  9. Using weak encryption for back end management
  10. Using unencrypted or weak encryption for Web site or Web server management
Top 10 Security Weakness

Top 10 Security Weakness Issues Identified

Order Security Policies and ProceduresDownload TOC security policies

Janco’s Security Manaual provides tools that IT Professionals can use to address these  issues.  In addition, there are a number of articles that have been published on Janco’s main web site.  To see them go to the site and under the main menu bar there is a search option.  With that you will be able to see all the web pages that have the term security weakness or any sub-set of the seach term.

See also

Please follow and like us
error

Blockchain Payment System

Blockchain Payment System

Universities Work Together On Payment System – Shades of Internet Development

Universities Work Together On Payment System just like they did when the Internet was developed by them in the late 1960’s with ARPAnet.

Blockchain payment system must smoothly collect, process, and protect sensitive personal information

Several universities, including MIT and Stanford, are working together to develop a digital currency network that solves blockchain’s scalability and performance problems before public confidence in the technology erodes.

Funded by a Swiss-based non-profit organization, the cryptocurrency application, called Unit-e, and its blockchain-based payment system is expected to launch in the second half of this year; if successful, it would surpass even mainstream financial networks like Visa’s VisaNet in transactional capability.

This is very similiar to how the Internet was first developed.  Universitiy staff and associates worked together to create a common netwok which was in competition with the then exisiting TimeSharing services.  None of which exist today.

The question is will propritary systems like VisaNet exist after the public university system is operational. Research shows that well-run companies are most productive, suffer the least loss of sensitive data, and have less downtime of operations if they have good policies in in place.

Read on Information Technology Infrastructure…

 

 

Please follow and like us
error

Security Manual Template

Security Manual Template – 2019 Version Released

The 2019 Version of the Security Manual Template was just released.

Security ManualThere now are new standards for user privacy and control according to Janco Associates – Janco has just released an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. The CEO of Janco, Mr. M. Victor Janulaitis said, “We have reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated.  The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates.  These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular.  The compliance deadline is January 1, 2020.”

The Security Manual Template is now distributed in a segmented format with five (5) specific directories. They are:

  1. Security Manual Template directory – containing the full editable MS WORD and pdf versions of the template;
  2. Forms directory – containing all the forms that are needed to implement a “World Class” security infrastructure;
  3. Policy directory with 5 policies in MS WORD and pdf versions – Blog and Personal Website Policy – Mobile Use Policy – Sensitive and Confidential Information Policy – Server Security Policy – Travel and Off-Site Meeting policy;
  4. eBook directory (with the author’s name as the directory name)- with eBook versions of the Security Manual Policy and the supporting policies; and
  5. Tools directory with the Business Impact Analysis Tool, Threat and Vulnerability Assessment Tool, Security Checklist, and PCI Audit Program.

See also Security and Compliance…

Please follow and like us
error