Tag Archives: best practice

Microsoft Outlook blocks more extensions

Microsoft Outlook blocks more extensions – 38 extensions added

Microsoft Outlook Blocks

Electronic communication is an intergral part of an enterprise’s infrastructure.

Microsoft Outlook blocks more extensions that can no longer be attached as email attachments.  When communicating with others, files often need to be sent.  If they fall into this list, and the recipient is an Outlook user they will not be able to access these attachments.

The new ones to be added are are:

  • Java files: “.jar”, “.jnlp”
  • Python files: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
  • PowerShell files: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”
  • Digital certificates: “.cer”, “.crt”, “.der”
  • Files used to exploit vulnerabilities in third-party software: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”

There currently 104 extensions that are blocked.  The new total of extenstions that will be blocked will be upped to 142.  The current list includes:

  • .ade – Access Project Extension (Microsoft)
  • .adp – Access Project (Microsoft)
  • .app – Executable Application
  • .asp – Active Server Page
  • .bas – BASIC Source Code
  • .bat – Batch Processing
  • .cer – Internet Security Certificate File
  • .chm – Compiled HTML Help
  • .cmd – DOS CP/M Command File –  Command File for Windows NT
  • .cnt – Microsoft Help Workshop Application
  • .com – Command
  • .cpl – Windows Control Panel Extension (Microsoft)
  • .crt – Certificate File
  • .csh – csh Script
  • .der – DER Encoded X509 Certificate File
  • .diagcab – Microsoft Support diagnostic tools
  • .exe – Executable File
  • .fxp – FoxPro Compiled Source (Microsoft)
  • .gadget – Windows Vista gadget
  • .grp – Microsoft program group
  • .hlp – Windows Help File
  • .hpj – AppWizard Help project
  • .hta – Hypertext Application
  • .inf – Information or Setup File
  • .ins – IIS Internet Communications Settings (Microsoft)
  • .isp – IIS Internet Service Provider Settings (Microsoft)
  • .its – “Internet Document Set –  Internet Translation”
  • .jar – Java Archive
  • .jnlp – Java Network Launch Protocol
  • .js – JavaScript Source Code
  • .jse – JScript Encoded Script File
  • .ksh – UNIX Shell Script
  • .lnk – Windows Shortcut File
  • .mad – Access Module Shortcut (Microsoft)
  • .maf – Access (Microsoft)
  • .mag – Access Diagram Shortcut (Microsoft)
  • .mam – Access Macro Shortcut (Microsoft)
  • .maq – Access Query Shortcut (Microsoft)
  • .mar – Access Report Shortcut (Microsoft)
  • .mas – Access Stored Procedures (Microsoft)
  • .mat – Access Table Shortcut (Microsoft)
  • .mau – Media Attachment Unit
  • .mav – Access View Shortcut (Microsoft)
  • .maw – Access Data Access Page (Microsoft)
  • .mcf – Media Container Format
  • .mda – “Access Add-in (Microsoft) –  MDA Access 2 Workgroup (Microsoft)”
  • .mdb – “Access Application (Microsoft) –  MDB Access Database (Microsoft)”
  • .mde – Access MDE Database File (Microsoft)
  • .mdt – Access Add-in Data (Microsoft)
  • .mdw – Access Workgroup Information (Microsoft)
  • .mdz – Access Wizard Template (Microsoft)
  • .msc – Microsoft Management Console Snap-in Control File (Microsoft)
  • .msh – Microsoft Shell
  • .msh1 – Microsoft Shell
  • .msh2 – Microsoft Shell
  • .mshxml – Microsoft Shell
  • .msh1xml – Microsoft Shell
  • .msh2xml – Microsoft Shell
  • .msi – Windows Installer File (Microsoft)
  • .msp – Windows Installer Update
  • .mst – Windows SDK Setup Transform Script
  • .msu – Windows Update file
  • .ops – Office Profile Settings File
  • .osd – Open Software Description
  • .pcd – Visual Test (Microsoft)
  • .pif – Windows Program Information File (Microsoft)
  • .pl – Perl script
  • .plg – Developer Studio Build Log
  • .prf – Windows System File
  • .prg – Program File
  • .printerexport – Printer backup file
  • .ps1 – Windows PowerShell
  • .ps1xml – Windows PowerShell
  • .ps2 – Windows PowerShell
  • .ps2xml – Windows PowerShell
  • .psc1 – Windows PowerShell
  • .psc2 – Windows PowerShell
  • .psd1 – Windows PowerShell
  • .psdm1 – Windows PowerShell
  • .pst – MS Exchange Address Book File – Outlook Personal Folder File (Microsoft)
  • .reg – Registration Information/Key for W95/98 – Registry Data File
  • .scf – Windows Explorer Command
  • .scr – Windows Screen Saver
  • .sct – “Windows Script Component –  Foxpro Screen (Microsoft)”
  • .shb – Windows Shortcut into a Document
  • .shs – Shell Scrap Object File
  • .theme – Desktop theme file settings
  • .tmp – Temporary File/Folder
  • .url – Internet Location
  • .vb – VBScript File or Any Visual Basic Source
  • .vbe – VBScript Encoded Script File
  • .vbp – Visual Basic project file
  • .vbs – VBScript Script File – Visual Basic for Applications Script
  • .vsmacros – Visual Studio .NET Binary-based Macro Project (Microsoft)
  • .vsw – Visio Workspace File (Microsoft)
  • .webpnp – Internet printing file
  • .website – Pinned site shortcut from Internet Explorer
  • .ws – Windows Script File
  • .wsc – Windows Script Component
  • .wsf – Windows Script File
  • .wsh – Windows Script Host Settings File
  • .xbap – Browser applications
  • .xll – Excel add-in
  • .xnk – Exchange Public Folder Shortcut

 

 

Please follow and like us
error

Depending on Goggle Risky

Depending on Goggle Risky

Depending on Goggle Risky

Independence is  a core requirement for IT Governance and Infrastructure definition.

Depending on Goggle Risky – Depending on Internet, hardware, and software companies is a mistake. Enterprises  are impacted as they drop product support, are purchased by other companies, and/or have security breaches and system failures of their own.

For example, Google – Customer who installed Haiku ceiling fans, which were supported  with the Nest thermostat device via the “Works with Nest” program were left out in the cold. This was driven by Google’s decision to end the program and go with the “Google Net”.  They said this was to focus on supporting its own hardware business.  As a result, there was a loss of support for any device on that program. Not a good omen for people who installed them in their homes.

Another similar situation occurred for Comcast email users. Users who had comcast.net email accounts were not made aware of the limitation of services that Comcast’s spam protection process effected. What happens is as an email is sent to a comcast user email account, if the email has multiple recipients, the email is placed on hold (based on the comcast user’s usage). The user is NOT notified that the email was held and not delivered. It is up to the sender to contact the user and re-send it with the email going to a single recipient.

The less that you depend on Internet companies for proprietary offerings, the more you can be assured that you can continue to operate when they change their corporate strategy.

How long will it be before a company like Goggle decides to charge for their free email services. Wait a minute they already do that with their offering G Suite.

Order IT Governance Infrastructure Strategy Download Selected Pages

Read on:

 

Please follow and like us
error

10 Easy Steps to Stop Robocalls

10 Easy Steps to Stop Robocalls – or at least reduce the number

10 Easy Steps to Stop Robocalls

10 Easy Steps to Stop Robocalls -The policy that will improve the security of mobile devices and stop robocalls

10 Easy Steps to Stop Robocalls that every cell phone and text messaging user can follow to kill the call and stop calls and text messages from coming in the future.

  1. Put a do not disturb after normal work hours except for people already in your contact list
  2. Do not answer calls from blocked or unknown numbers.
  3. Do not answer calls identified as spam by your carrier
  4. Don’t answer calls from numbers you don’t recognize.
  5. For Text spams, forward them to 7726 (spells SPAM) and your carrier will be made aware of them and stop them
  6. If someone calls you and claims to be with XYZ company, hang up and call the company yourself. Use the company’s website to find an official number.
  7. If you answer a call an no one is on the line immediately hang up
  8. If you do answer a call and hear a recording such as “Hello, can you hear me?” just hang up.
  9. The same goes for a call where you’re asked to press a number before being connected to a representative.
  10. Do not engage as soon as you answer the call – i.e. Goggle’s Call Screening feature is cool but still identified you number a real person

In addition you shoul check with your carrier to see the services they provide – all of them soon will provice FREE services to support FCC requirements

See also:

Please follow and like us
error

Top 10 BYOD Security Best Practices

Top 10 BYOD Security Best Practices Implemented  by “World Class” CIOs

Top 10 BYOD Security Best PracticesTop 10 BYOD Security Best Practices have been implemented by almost all “World Class” CIOs and CTOs.  The importance of these is only magnified by the implementation of Blockchain and DLT applications.

The Best Practices are:

  1. Implement a formal written BYOD policy
  2. Set up a locking password on each device
  3. Implement a phone locater on all devices
  4. Protect the access point of your network
  5. Implement anti-virus – utilize VPNs
  6. Manage authorized applications.
  7. Utilized data encryption on e-mails and enterprise data
  8. Utilize the cloud as a back up source
  9. Be wary of applications like QR coder readers
  10. Monitor access and data usage by device and by user

Read  BYOD Security  Order BYOD Policy BYOD Policy Download Selected Pages

Top 10 Security Best Practices take effort to implement

Too many companies have found out the hard way that their most valuable assets are exposed and vulnerable to hacker attracts, theft and destruction. They now have learned a very expensive lesson, a company’s valuable information cannot be undone, and also often leads to significant damage to your company’s reputation.

See Also:

Please follow and like us
error

Cloud Security Vulnerabilities

Top 10 Cloud Security Vulnerabilities

Top 10 Cloud Security Vulnerabilities have been identified and ranks by level of importance and impact by a panel of 57  CIOs, CTOs, and CSOs.

Cloud Security Vulnerabilities

Top 10 Security Vulnerabilities have been identified by a 100 plus CIOs, CTOs, and CSOs from Fortune 500 companies

The top 10 are:

  1. Data breaches
  2. Weak Security
  3. Non-Secure Interfaces & API
  4. OS vulnerabilities
  5. Account hijacking
  6. Insider breach as System Administrator
  7. Parasitic code on server
  8. Data Destruction
  9. Denial of service (DoS).
  10. Ransomware

All of these are addressed in Janco’s How to Guide for Cloud Process and Outsourcing.

Order Cloud Outsourcing  Download Selected Pages

Top 10 best practices address Cloud Security Vulnerabilities

Top 10 best practices for cloud Security – The cloud is great technology that helps organizations to improved productivity, reduce costs, and simplify the user’s life. However it does raise significant security risks. Here are 10 best practices that if followed minimize those risks.

  1. Utilize a SDM (System Development Methodology) to design, test and implement changes in the both the source and object level code.
  2. Implement a disaster recovery and business continuity plan that includes a focus on security of the data and application assets that are cloud based.
  3. Implement metrics and cloud application monitoring which can help to detect potential security violations and breaches in the cloud based data and applications
  4. Utilize a secure access and change management system to manage revisions to the cloud application.
  5. Utilize a patch management approach to install revisions to the cloud data and application.
  6. Implement a log management system to have an accurate audit trail of what occurs on the cloud.
  7. Implement firm security policies via a formal security management system (see https://www.e-janco.com/Security.htm and https://www.e-janco.com/Cloud.htm).
  8. Review latest published cloud vulnerabilities and make appropriate changes to cloud applications and access rules
  9. Contract with independent 3rd parties to find security vulnerabilities in your cloud based applications
  10. At least annually, conduct a security compliance audit on the total cloud based application from development to user access.

See also:

Please follow and like us
error

10 reasons why new hires fail

10 reasons why new hires fail

IT Hiring Kit

One of the best ways to avoid this problems for IT Prfessional new hires is to implement Janco’s IT Hiring Kit.  Rather they are an individual contributor

10 reasons why new hires fail have been identified in a recent study by Janco Associates, Inc. They are as follow:

  1. The Job descriptions used in the recruiting process are not accurate and/or are out of date
  2. The new hire is not a team player
  3. The skills and experiences presented by the new hire are inflated.
  4. The new hire causes friction with the organization
  5. The skill the the new hire has are not a fit to the enterprises requirements
  6. The new hire is not motivated to meet the needs of the organization.
  7. The new hire is looking towards expanding their own resume not to meet the requirement of the position.
  8. The new hire has to have things their own way and are not very adaptive.
  9. The new hire is careless and not very attentive
  10. The new hire is a prima donna

In the recruiting and hiring process, steps need to be taken  to see that none of the items above are part of the new hire’s characteristics

Solution to minimize hiring mistakes for 10 reasons why new hires fail

IT Pro’s Hiring Kit – Includes latest IT Salary Data, Interview and Hiring Guide, and 300 Job Descriptions – In today’s economy, nearly every organization faces pressure to have the right talent in place, run at peak efficiency and “do more with less”. With the economy improvement and lowest unemployment numbers in several years, HR departments are pressured to get qualified professionals on board now.

Read on IT Hiring Kit Order IT Hiring Kit

See also:

Please follow and like us
error

Backup Policy Updated

Backup Policy Updated

Backup Policy

Backup Policy includes everthing that is need to be in full compliance with all mandated security requirement.

Backup Policy Updated as well as the CIO IT Infrastructure Policy Bundle. The policy has just been updated to take into account everything from GDPR to cloud storage and security implications.

The Backup Policy addresses the issues that you struggle with including:

  • How safe are your information assets in transit and at reset?
  • What protections are in place to prevent hacker access?
  • Does your backup and retention process meet all of your compliance requirements?
  • Who can gain access to your data?
  • What KPI metrics do you have in place?
  • Will the use of the data ensure successful recovery?

Managing backup and recovery in today’s environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy). But these improvements do not replace the need to execute and deliver on a long term data retention strategy which includes:

  • Business and Regulatory Requirements Demand a Long-term Plan
  • Manage and Contain Your Total Cost of Ownership (TCO)
  • Encrypt Your Data for Secure Long-term Retention
  • Weigh the Environmental Impacts and Minimize Power and Cooling Costs
  • Simplify Management of the Entire Solution

Best of Breed solution

A “Best of Breed” backup policy and strategy considers how to:

  • Back up critical application data – across mixed operating systems and storage configurations
  • Restore desktops and mobile users quickly
  • Restore systems to dissimilar hardware or virtual systems
  • Back up data and system information to off site locations, so that you can quickly recover your business even from a total loss of your facility
  • Leverage new cloud based backup offerings to properly secure, back up,and archive critical data.

Order Backup Policy Backup Policy Download Selected Pages

See also:

Please follow and like us
error

Chief Experience Officer (CXO) Job Description

Chief Experience Officer (CXO) Job Description

CXO - Chief Experience Officer Job Description

The CX is one of the hottest jobs on the market

Chief Experience Officer (CXO) Job Description.  The Chief Experience Officer (CXO) drives the enterprise’s growth in the user experience arena.  They oversee operations in all user experience sectors like marketing, image setting, mobile applications, social media, related technologies, and virtual goods, as well as web-based management and marketing.

The CXO is not only a user experience expert but also a seasoned marketing, brand, and product manager. As the role is transformational, the CXOs is responsible for the adoption of consistent user interfaces across the entire business. As with most senior executive titles, the responsibilities are set by the organization’s board of directors or other authority, depending on the organization’s legal structure.

Order Chief Experience Officer Job Description

C-Level Job Description Bundle

Order

The C-Level job description bundle contains the top eight (8) IT job descriptions. Each is between 5 to 8 pages long and is at the level of detail that KPI performance metrics can be defined and related directly to both employment contracts and compensation/bonus levels.

  • Chief Information Officer(CIO)
  • Chief Information Officer (CIO) – Small Enterprise
  • Chief Experience Officer (CXO)
  • Chief Security Officer (CSO)
  • Chief Compliance Officer (CCO)
  • Chief Mobility Officer
  • Chief Technology Officer (CTO)
  • Chief Digital Officer (CDO)

See also:

Please follow and like us
error

Top 10 Millennial Considerations

Top 10 Millennial Considerations for Recruiting Managers

Top 10 Millennial Considerations change the way companies recruit.   There are factors that are different that recruiters and managers need to consider.  We have identified the top 10 things factors when look at this portion of the labor pool.

Top 10 Millennial recruiting considerations identified

Top 10 Millennial Considerations

Recruiting Millennials was a key factor is the redesign of the IT Hiring Kit

  1. Millennials typically are not looking for long-term career positions. Many are looking to gain knowledge that they can leverage in their next position. The company, the product, or the service provided is not as important as what the millennial can gain for their experience. During the recruiting process, care must be given to understanding exactly what the millennial is looking for in a position,  Will it be a short employment opportunity or one they can stick with for a 3 to 5 year period?
  2. The company website is one of the first places that millennials will look for information before they do anything else.
  3. Millenials prefer to submit electronic resumes and apply for positions via the internet (company website) or Social Media accounts.
  4. Social media reputation is a key consideration in their decision to accept or reject a job offer.
  5. Millennials prefer companies that are forward-thinking and digitally tuned. Social media presence is important.
  6. They often will not consider an environment where they are at a desk in football field-sized office versus a telecommuting environment.
  7. Communication and training are key components of the culture that millennials need to understand. These individuals look for companies that have an experience base they can learn from, Typically, millennials do now what to create from scratch.  Therefore, they need to have a way to connect with those who have gone before them.
  8. Millennials expect and require modern technology to do their jobs and will specifically look for employers that offer cutting edge tools.
  9. Millennials require that they are in-the-know on company performance and how their contributions have helped the company meet its goals and objectives.
  10. People in this group place person life over work life.  Work is only a means to make a living, a long-term career with a company is not the top priority.

Recruiting Process Readings

IT Hiring KitOrder IT Hiring Kit

Please follow and like us
error

IT Job Descriptions

Well written IT Job Descriptions are key to staffing

IT Job Descriptions

2019 Version of the  HandiGuide contains 300 2 to 8 page descriptions. They every position for CIO to Blockchain programmer and System Administrators

IT Job Descriptions that are complete and well written. For example, each job description is 2 to 8 pages in length and well structured. In addition, they all follow the same format and utilize standard style sheets. As a result, they are key to setting functional pay grades, defining career paths, and recruiting qualified staff.

Janco’s descriptions are current and comprensive.  Also, they are compliant with all mandated requirements including PCI-DSS, GDPR, ISO, Sarbanes-Oxley, HIPAA, CobiT, and the ITIL standards.

The position descriptions are structured to focus on “Best Practices”.  These have been defined by the IT Productivity Center. Also, the descriptions meet the requirements for World Class Enterprises. Foremost, they are ready to use and easily modified to meet an enterprise’s unique requirements. In addition, the descriptions all are reviewed at least annually and updated accordingly. Therefore, those with the subscription service recieve frequent updates.

They are provided in MS WORD, PDF, and ePub formats.  Also, a subscription service to update them is offered. The lenght of the upddate sevice is 1-year to 2 years.

The 300 positions include all of the functions within the IT group. They are structured to focus on “Best Practices” as defined by the IT Productivity Center.  In addition, they meet World Class Enterprise requirements. They are ready to use and easily modified to meet your enterprise’s unique requirements.

Purchase IT Job DescriptionsSample job DescriptionDownload Selected job descriptions

Job Description Format and Strucuture

The position descriptions in this book contain information regarding a given job and its functionality within an Information Systems Organization.  This includes a position purpose statement, problems and challenges of the position. In addition, an itemized list of principal accountabilities, and the authority boundaries afforded the holder of the position.  Aslo listed are job contacts of the position, and specifications of experience needed for the position. Finally, the career opportunities available to the position holder in the future.

MS Word style sheets are used so all of the job descriptions are in the same consistent format.

Position Purpose

The Position Purpose section of the position description gives an overview of the responsibilities of the position.  This provides a summary of the most important aspects and duties of the position.

Problems and Chalenges

The Problems and Challenges section outline specific challenges facing the holder of the position.  If these challenges are met efficiently and effectively, the opportunity for advancement to a higher position, offering greater challenges, will occur.

Essential Position Functions

For each position, essential position functions are defined.  There are additional factors that impact a position. With this in mind, all of the positions have been developed with four items to identify these essential position functions.  They are:

  • Principal Accountabilities,
  • Authority,
  • Contacts, and
  • Position Requirements

Principal Accountabilities

The Principal Accountabilities section itemizes the separate duties and responsibilities of the position.  This section fully details each major task or responsibility necessary to perform the job function.  The tasks are ranked from those most crucial in the beginning of the section to those which are more routine are listed at the end of the section.

Authority

The Authority section of the position description delineates the amount of latitude the position holder has in influencing personnel and decision making within the department.  This section also outlines which departmental personnel the position holder needs to interface in order to successfully perform this job.

Contacts

The Contacts section of the position description identifies the primary and secondary contacts with whom this position deals with on a day to day basis.

Position Requirements

The Position Requirements section sets forth hiring requirements for the specified position, as well as necessary educational, experiential, and other requirements necessary for the position.

Career Ladder

The Career Ladder section proposes future career track opportunities for the position holder.  This provides a goal for the position holder to achieve and should, therefore, increase motivation levels.

ADA Implications

The ADA does not limit an employer’s ability to establish or change the content, nature, or functions of a job.  It is the employer’s role to establish what a job is and what functions are required to perform it.  The ADA simply requires that an individual with a disability have their qualification for a job evaluated in relation to the job’s essential functions.

The ADA does not require that an employer conduct a job analysis or any particular form of job analysis to identify the essential functions of a job.  The information provided by a job analysis may or may not be helpful in properly identifying essential job functions, depending on how it is conducted.

To identify essential job functions under the ADA, a job analysis should focus on the purpose of the job and the importance of actual job functions in achieving this purpose.  A job analysis will be most in-line with the spirit of the ADA, if it focuses on the results or outcomes of a function, not solely on the way it customarily is done.

IT Job Description Bundles

For those clients who do not want to acquire the entire HandiGuide there is an option to select subsets of our complete offering. These subsets are focused around particular areas of interest and provide you a way to get the benefits of Janco’s expertise in a limited and lower cost manner. All of the bundles have been updated within the last six months. They include:

Also, to see more view the following posts:

 

 

 

Please follow and like us
error