Tag Archives: best practice

Top 10 Hiring Best Practices

Top 10 Hiring Best Practices

Top 10 Hiring Best Practices - Job Interview and Hiring Guide

Job Interview and Hiring Guide includes Top 10 Hiring Best Practices as well as best practices for the interview candidate.

Top 10 Hiring Best Practices – the Interview id critical first step in building a world class organization.  The Interview and Hiring Guide provides best practices that both the candidate and the entrerprise should follow.

In today’s employment market, it is critical to make every hire count. There is little room for error. It is crucial for senior-level leadership, human resources and hiring managers to all be on the same page and do the right things.

IT Hiring KitOrder IT Hiring Kit

Top 10 Best Practices for the Hiring Process are:

  • Know how each job supports your organization’s key objectives
  • Consider both internal and external candidates for open positions.
  • Use objective evaluation criteria based on known outstanding performers in that job.
  • Ensure compensation is competitive, based on current market rates for the job.
  • Apply a consistent selection process to filling all positions.
  • Include key stakeholders in your employee selection process.
  • Train your interviewers in your employee selection process.
  • Give your interviewers guidance to help them probe deeper into a candidate’s suitability.
  • Review public social media accounts of all candidates.
  • Conduct comprehensive reference and background checks on job candidates.
  • Ensure that your orientation process helps new hires become productive faster.

 

See also:

 

 

Please follow and like us

CIO Infrastructure Policy Bundle

CIO Infrastructure Policy Bundle Update 2019-02 now available

CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.

CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated  Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.

The policies are all part of the overall IT Governance  Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.

Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.

Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately.  See Policy offerings.

Recently Updated:

  1. Blog and Personal Website Policy (revised 01/2019)
  2. BYOD Access and Use Policy (revised 03/2019)
  3. Mobile Device Access and Use Policy (revised 01/2019)
  4. Physical and Virtual Server Security (revised 01/2019)
  5. Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
  6. Sensitive Information Policy (revised 1/2019)
  7. Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)

Updated in 2018 – Scheduled to be updated within the next three (3) months:

  1. Backup and Backup Retention Policy
  2. Google Glass Policy
  3. Incident Communication Policy
  4. Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  5. Outsourcing and Cloud-Based File Sharing Policy
  6. Patch Management Version Control
  7. Privacy Compliance Policy
  8. Service Level Agreement Policy including sample metrics
  9. Social Networking Policy
  10. Technology Acquisition Policy
  11. Telecommuting Policy
  12. Text Messaging Sensitive and Confidential Information
  13. Wearable Devices

Order IT Infrastructure PoliciesDownload Selected Pages

See also: Record Classification

Please follow and like us

BYOD Best Practices

Security Top 10 BYOD Best Practices

BYOD Best Practices

BYOD Best Practices to ensure the security of enterprise sensitive an confidential information

BYOD Best Practices – BYOD (Bring Your Own Device) now is standard practice for most individuals working for companies.  Device  include everything from laptop computer to tablets and smartphones. 10 Best Practices to secure BYODs – More employees and enterprise associates are bringing their own iPhones and tablets to the office. How sure are you that they are secure. While these oersonal devices are great for employee productivity, they can introduce security risks to your organization.

  1. Implement a formal written BYOD policy that clearly states which devices and applications are supported.
  2. Set up a locking password on each device. Integrate password usage with wipe the phone after x number of invalid tries. At the same time have a way to restore the phone if the phone is wiped.
  3. Implement a phone locater on all SmartPhones. In the case of the iPhone use the “Find My Phone” application.
  4. Protect the access point of your network so that only devices that meet your stringent security requirements are allowed access to you network and data.
  5. Implement anti-virus where possible. In the case of iPhone there is not anti-virus. That means that you email service provider needs to do the scan BEFORE emails are sent to the device.
  6. Manage authorized applications so the contact and other sensitive data is not extracted from the device by the applications.
  7. Utilized data encryption on e-mails and enterprise data
  8. Utilize the cloud as a back up source
  9. Be wary of applications like QR coder readers. They can direct the user to sites that can take control of the device.
  10. Monitor access and data usage by device and by user. Have processes in place that actively inform management of any potential ares were the network and data can be compromised.
Order BYOD PolicyBYOD Policy Download Selected Pages

Read on BYOD Policy Template

 

Please follow and like us

Hot Topics

Hot Topics February 2019

Hot Topics - CIO Management Toolkit

CIO Management Tool Kit address all of the areas presented on this blog this past month. This is a complete set of tools that every top-level IT professionals from the CIO down needs to have.

Hot Topics February 2019 that had posts and comments. The CIO Management Tool Kit is a must have.  It is the foundation for IT Managers who are “World Class” performers.

  • IT Job Market Growth – A look back at 2018 and prior years. IT Job Market growth exploded in 2018 with over 107,000 new jobs added.
  • Cloud Based ERP –  Cloud based ERP,projects typically increase costs, take a long time to implement and require large and specialized staffs.
  • Top 10 Disaster Recovery Best Practices – Top 10 Disaster Recovery Best Practices as defined by over three decades of DR and BC practice by Janco Associates.  Experience is based on having operated in earthquake zones, hurricanes, and terrorist attacks.
  • IT organization Building Process – Over the past three decades Janco Associates and its principles have created a set of 300 IT Job descriptions that are viewed by many as the industry standard. As a natural extension of that offering Janco has documented its IT job classification system.
  • Top 10 Net Neutrality Issues – Top 10 Net Neutrality advantages for the general public are all centered around the factor that without it the Internet will not longer be a universally accepted standard infrastructure.
  • CIO Posts from January 2019 – CIO Posts are those that we know are related to the management of the IT function and how they relate to what is important.

Download Table of Contents CIO  Management Kit Order CIO  Management Kit

Please follow and like us

Top 10 Disaster Recovery Best Practices

Top 10 Disaster Recovery Best Practices every organization needs to follow

Disaster Recovery Plan

DR / BC planning requires a robust program that is constantly updated and monitored

Top 10 Disaster Recovery Best Practices as defined by over three decades of DR and BC practice by Janco Associates.  Experience is based on having operated in earthquake zones, hurricanes, and terrorist attacks.

Janco’s principles created the Disaster Recovery Plan that was implemented by Merrill Lynch (ML) on 911.  The plan was activated within minutes of the attack and only 52 seconds of transactions were lost.  The top 10 best practices that are followed in all DR/BC plans that have been created by us are.

  1. Focus on operations – people and process that drive the enterprise are the primary issues that DR and BC are controllable. Implementing a planning and recovery environment is an ideal time to define an approach based on best practices that address the process and people issues effectively.  In the case of ML the plan was activated in the computer room while the CIO was on a plane over the Atlantic.
  2. Have at least one recovery site in place – Before an event there need to be plans in place for not only operation of computer but also for location of operations staff. Cloud managed computer operations can work when a disaster is in a limited ares.  However it is is wide ranged like a hurricane the issues can be problematic.
  3. Train everyone on how to execute the DR and BC – People are the front line when it comes to supporting the enterprise. A staff that has not been properly trained in the use of the DR and BC when an event occurs will we hindrance. Everyone must have the knowledge and skills to provide the right support. The primary focus is to reduce downtime, it also delivers better performance and a faster ROI through better and wiser use of IT assets.
  4. Have a clear definition for declaring when a disaster or business interruption occurs that will set the DR and BC process into motion – There needs to be a clear processes for allocating resources based on their criticality and availability requirements. This will define the “rules of the road” for who does what and when while minimizing the factors that can negatively impact enterprise operations.
  5. Integrate DRP and BCP with change management – Changes are inevitable in any sizable environment. It is difficult to keep up with the flood of new applications, technologies, and new tools. That is why it is essential to design, implement, and continuously improve change and configuration management processes.
  6. Focus on addressing issues BEFORE they impact the enterprise – When you are aiming to operate at the speed of business, after-the-fact fixes do not make the grade. These days, you need to anticipate trouble and head it off before it happens. It is important to identify risks across people, process, and technology so that appropriate countermeasures can be implemented. You should also make sure that vendors provide an appropriate level of support including proactive features such as critical patch analysis and change management support.
  7. Have an Incident Communications Plan in place – The incident communication plan should cover all interested parties from customers to employees and investors.
  8. Validate that all technology is properly installed and configured right from the start – a technology solution that is properly implemented in terms of its hardware, firmware, and software will dramatically reduce problems and downtime in the future. Proper initial configuration can also save time and reduce issues with upgrades, hot patches, and other changes.
  9. Monitor the processes and people to know what critical – many of today’s enterprises are experiencing a capacity crisis as they reach the limits of reduced budgets, older facilities and legacy infrastructures. Space is tight. Power and cooling resources are over-burdened. Implementing new solutions in inefficient environments may limit their ability to recover from an event. An assessment that examines and analyzes the enterprises environment’s capabilities and requirements can provide valuable information to help improve efficiency.
  10. Test often – a DR BC plan is not a static document.  Things change and new individuals are involved as staff changes.

Disaster Recovery Plan Template DRP Sample DRP Template

Disaster Recovery Plan TemplateOrder Disaster Plan TemplateDownload Selected Pages Disaster Plan Template

Please follow and like us

Top 10 Net Neutrality

Top 10 Net Neutrality Reasons Why

Top 10 Net Neutrality advantages for the general public are all centered around the factor that without it the Internet will not longer be a universally accepted standard infrastructure.

  1. Only way to keep the internet open for small to mid-sized companies.
    If net neutrality is not made the basis for connectivity and access, the large companies like Google, Amazon and Twitter will have a complete monopoly in their markets.  Also the large carriers like AT&T and Verizon will have no incentive to create better and faster access to the Internet.

    Top 10 Net Neturality Pros

    Net Neutrality is a core requirement for IT Governance and Infrastructure definition.

  2. Creates an open playing field.
    With net neutrality in place, Internet Service Providers (ISP) have do not control what passes through the devices that are used by customers to access the Internet. This means an ISP under net neutrality cannot block access, change services, or alter the flow of data simply because there is something that goes on which they don’t like.
  3.  Remain as an international channel without governmental interference.
    Recently whenever there has been civil unrest, governments have taken over or eliminated access.  Without small players in the space, there can be no alternative sources for access.  Add to that the recent moves by the Russian government to to close down all connectivity to the general Internet in “troubled political” situations will only be enhanced without net neutrality.
  4. Fosters innovation.
    Innovation is encouraged and protected with the internet remains neutral. Big companies still have the same access as SMBs or freelancers and this allows everyone come with new and creative solutions.  Just look at companies that started with a video and audio attached to door bells.  Now and entire new segment of the security industry has been created with “self-service” security.  No longer do companies like ADT have a monopoly on that sector of the industry.
  5. Freedom of expression is fostered.
    Blogs, services, businesses, and any website that can operate legally is able to do so and be available because of net neutrality. There isn’t any censorship available as long as the content being offered meets legal obligations. If illegal content is discovered, it can be immediately reported to law enforcement officials. Without this freedom of expression, it could become easier for illegal content, such as child pornography, to become more available. If a small ISP blocked access to all and approved of such a thing, it could hamper keeping our communities safe.
  6.  Illegal activities are monitored.
    ISPs, are like utilities as they provide everyone with the services they need. For example , illegal file sharing, due to the fact that each ISP is treated as a regulated common carrier.
  7.  Unlimited data is available to everyone equally.
    In the 1990s, internet users had a good time being online in AOL chat rooms or waiting 20 minutes for a cool website to load. Today, there are real-time video calls. Companies like Netflix providing legal streaming. YouTube has grown into an educational and entertainment network.
  8. Income from internet uses has moved to a subscription base.
    There are certain businesses and high-use individuals who consume large amounts of bandwidth every month. Entire industries have been created that generate revenue based on service provided not access.  It is like the Interstate Highway System, everyone benefits.
  9. Competition thrives.
    There are numerous online streaming services that offer live TV today: Hulu, PlayStation Vue, and Sling by Dish Network are just three examples. If a customer must choose Comcast as their ISP, then these streaming services could be given a lower priority because they are rival organizations. Comcast could choose to offer the highest speeds to the networks and services it owns and slow down the signals provided by the competition. This would effectively limit consumer choice.
  10. Free internet access is Free.
    When the internet becomes a place where profitability is the primary concern, the idea of providing free internet access to those who cannot afford it goes away. Providers could charge whatever they wanted and restrict access to whomever they please. This could lead to demographic discrimination, socioeconomic discrimination, or prioritize content to the wealthiest who are willing to pay high prices for the fastest data streams.

This is an ever evolving area as Net Neutrality is not in the area of political influence. Time will only tell what will happen.

See also:

 

Please follow and like us

CIO Posts

CIO Posts critical review points

CIO Posts

CIO Posts – Management Tool Kit has everything a new CIO needs on day one in a new job

CIO Posts are those that we know are related to the management of the IT function and how they relate to what is important.  Last week we added 4 posts that you should look at.

They were:

  • Top 10 in Demand IT Skills Important review of the IT skills which are the hardest ti find in this tight IT job market.
  • CIOs Management Focus Janco conducted a survey of C-Level executives to get a clear understanding of what CIOs are focusing their management talents
  • AnyConnect Windows 10 An example of a best practice for patch management and version control.  An issue arose after an update by a major vendor and how to implement a best practice to have  a solution in place for a critical application.
  • Technology Acquisition How to select a cost effective piece of technology by looking alternative providers.

CIO Management Tool Kit

This tool kit has been updated to meet all of the EU’s GDPR mandated requirement. In addition, it now reflects all of the requirements of the newly enacted California Privacy Act and contains the Privacy Compliance Policy with its associated electronic forms and job descriptions.

Download Table of Contents CIO Management Kit Order CIO Management Kit

Other topics that are timely include:

Please follow and like us

AnyConnect Windows 10

AnyConnect Windows 10 Fail

AnyConnect Windows 10 fails with the newest version of the VPN client software.  After a windows update we encountered a problem when we wanted to connect to our VPN.

Patch Management and Version Control Policy

Patch management and version control policy needs to be reviewed in light of issues like AnyConnect Windows 10 failure.

The symptoms were the service was running on the client  PC (Windows 10 Pro 64 bit) and when we went to run AnyConnect, the hour class would appear but we did not get the dialog to connect to the firewall.  We also noticed there was a Microsoft update that occurred since the last time we used the program.

Based on suggestions from our provider, we uninstalled the current version the program, rebooted the client and reinstalled the current version.  The same problem occurred as before. We searched the internet, including Cisco’s trouble shooting suggestions. We found no solution, rather we see that there were a number of instances where AnyConnect Windows 10 failed.

The  problem did not exist before the update by windows.  We then did the following to fix the problem.

  • Uninstalled the current version of the program
  • Rebooted the client with a power on and off
  • Installed a prior version that worked on the client
  • Ran the program and the dialog to set up the connection came up
  • The program did an automatic update to the current version
  • AnyConnect then worked

What caused the problem

We think that with the Microsoft update some registry entry or other setting was altered or removed. The re-installation of the program with the current version did not correct the issue.  When we installed an earlier version the setting was correctly added or modified.

Lessons Learned

As a best practice, versions of programs and updates should be saved. With the constant updates by both hardware and software vendors the chance of a similar problem  occurring are high. When it is time to solve a problem,  the vendors often lack easily obtainable solutions. In our case when we talked to our providers help desk, their repsonse was that was an interesting problem and they would communicate it to Cisco if they saw several customers with the same problem.  Ergo Cisco does not know the problem exists so they will not fix the offending software.

Order Patch Management PolicyDownload Version control Selected Pages

Read also

Please follow and like us