Category Archives: Security

CIO Posts

CIO Posts critical review points

CIO Posts

CIO Posts – Management Tool Kit has everything a new CIO needs on day one in a new job

CIO Posts are those that we know are related to the management of the IT function and how they relate to what is important.  Last week we added 4 posts that you should look at.

They were:

  • Top 10 in Demand IT Skills Important review of the IT skills which are the hardest ti find in this tight IT job market.
  • CIOs Management Focus Janco conducted a survey of C-Level executives to get a clear understanding of what CIOs are focusing their management talents
  • AnyConnect Windows 10 An example of a best practice for patch management and version control.  An issue arose after an update by a major vendor and how to implement a best practice to have  a solution in place for a critical application.
  • Technology Acquisition How to select a cost effective piece of technology by looking alternative providers.

CIO Management Tool Kit

This tool kit has been updated to meet all of the EU’s GDPR mandated requirement. In addition, it now reflects all of the requirements of the newly enacted California Privacy Act and contains the Privacy Compliance Policy with its associated electronic forms and job descriptions.

Download Table of Contents CIO Management Kit Order CIO Management Kit

Other topics that are timely include:

Please follow and like us
error

Cyber Currency Hacker Target

Cyber Currency Hacker Target – Risk is High

Security Manual TemplateCyber Currency Hacker Target as the population of Blockchain applications expands.In the last year there was a boom in malicious cryptocurrency mining. That is where cyber attackers secretly hijack the processing power of computers, servers and even IoT devices and use it to mine for cryptocurrency. While it is not very lucrative in the short term, it is stealthy and can be sustained over a long period of time. Typically it is taking very little from each PC, most users don’t even know their machine’s processor is being used to line someone else’s pockets.

Ransomware a much more aggressive approach: pay up, or risk having your files permanently locked.

Both cryptojacking and ransomware continue to be widespread threats, other attackers are quietly deploy a potentially much more damaging threat: trojan malware.

Trojan malware sneaks onto your PC by disguising itself as something else, often hidden in a malicious attachment that’s distributed with a phishing email.

Trojan attacks range from those using commodity malware, with phishing emails spammed out in bulk in the hope of scooping up victims for the purposes of stealing their login credentials, banking information or other private information. Other attacks are far more precise, targeting organisations or even individuals to gain access to specific data or information: this can be for creating a persistence presence on their network for espionage, stealing data and selling it, or loading other malware onto the system.

Order Security Policies and ProceduresDownload TOC security policies

See also:

Please follow and like us
error

Top 10 Security Weakness

Top 10 Security Weakness Issues Enterprise-Wide

Top 10 Security Weakness Issues – In a review of over 100 enterprises we identified the security weakness issues that CIOs, CSOs, and IT pros need to address. There are:

  1. Using only single level verification for access to sensitive data
  2. Having “public” workstations or access point is connected to a secure network
  3. Weak Passwords
  4. Sharing login credentials
  5. Static Passwords
  6. Data validation for forms is contained in client-side JavaScript
  7. Connect to network from an unsecure access point
  8. Corporate web site is encrypted but the login process is not
  9. Using weak encryption for back end management
  10. Using unencrypted or weak encryption for Web site or Web server management
Top 10 Security Weakness

Top 10 Security Weakness Issues Identified

Order Security Policies and ProceduresDownload TOC security policies

Janco’s Security Manaual provides tools that IT Professionals can use to address these  issues.  In addition, there are a number of articles that have been published on Janco’s main web site.  To see them go to the site and under the main menu bar there is a search option.  With that you will be able to see all the web pages that have the term security weakness or any sub-set of the seach term.

See also

Please follow and like us
error

Blockchain Payment System

Blockchain Payment System

Universities Work Together On Payment System – Shades of Internet Development

Universities Work Together On Payment System just like they did when the Internet was developed by them in the late 1960’s with ARPAnet.

Blockchain payment system must smoothly collect, process, and protect sensitive personal information

Several universities, including MIT and Stanford, are working together to develop a digital currency network that solves blockchain’s scalability and performance problems before public confidence in the technology erodes.

Funded by a Swiss-based non-profit organization, the cryptocurrency application, called Unit-e, and its blockchain-based payment system is expected to launch in the second half of this year; if successful, it would surpass even mainstream financial networks like Visa’s VisaNet in transactional capability.

This is very similiar to how the Internet was first developed.  Universitiy staff and associates worked together to create a common netwok which was in competition with the then exisiting TimeSharing services.  None of which exist today.

The question is will propritary systems like VisaNet exist after the public university system is operational. Research shows that well-run companies are most productive, suffer the least loss of sensitive data, and have less downtime of operations if they have good policies in in place.

Read on Information Technology Infrastructure…

 

 

Please follow and like us
error

Security Manual Template

Security Manual Template – 2019 Version Released

The 2019 Version of the Security Manual Template was just released.

Security ManualThere now are new standards for user privacy and control according to Janco Associates – Janco has just released an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. The CEO of Janco, Mr. M. Victor Janulaitis said, “We have reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated.  The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates.  These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular.  The compliance deadline is January 1, 2020.”

The Security Manual Template is now distributed in a segmented format with five (5) specific directories. They are:

  1. Security Manual Template directory – containing the full editable MS WORD and pdf versions of the template;
  2. Forms directory – containing all the forms that are needed to implement a “World Class” security infrastructure;
  3. Policy directory with 5 policies in MS WORD and pdf versions – Blog and Personal Website Policy – Mobile Use Policy – Sensitive and Confidential Information Policy – Server Security Policy – Travel and Off-Site Meeting policy;
  4. eBook directory (with the author’s name as the directory name)- with eBook versions of the Security Manual Policy and the supporting policies; and
  5. Tools directory with the Business Impact Analysis Tool, Threat and Vulnerability Assessment Tool, Security Checklist, and PCI Audit Program.

See also Security and Compliance…

Please follow and like us
error