Independence is a core requirement for IT Governance and Infrastructure definition.
Depending on Goggle Risky – Depending on Internet, hardware, and software companies is a mistake. Enterprises are impacted as they drop product support, are purchased by other companies, and/or have security breaches and system failures of their own.
For example, Google – Customer who installed Haiku ceiling fans, which were supported with the Nest thermostat device via the “Works with Nest” program were left out in the cold. This was driven by Google’s decision to end the program and go with the “Google Net”. They said this was to focus on supporting its own hardware business. As a result, there was a loss of support for any device on that program. Not a good omen for people who installed them in their homes.
Another similar situation occurred for Comcast email users. Users who had comcast.net email accounts were not made aware of the limitation of services that Comcast’s spam protection process effected. What happens is as an email is sent to a comcast user email account, if the email has multiple recipients, the email is placed on hold (based on the comcast user’s usage). The user is NOT notified that the email was held and not delivered. It is up to the sender to contact the user and re-send it with the email going to a single recipient.
The less that you depend on Internet companies for proprietary offerings, the more you can be assured that you can continue to operate when they change their corporate strategy.
How long will it be before a company like Goggle decides to charge for their free email services. Wait a minute they already do that with their offering G Suite.
10 Point Power Checklist Disaster Recovery and Business Continuity
10 point power checklist that adddresses the issues associated with power after an event that disrupts a network, availability of power to recover and run the network often is critical.
10 Point Power Checklist Disaster Recovery and Business Continuity needs to be incorporated into the disaster recovery – business continuity plan. The Disaster Recovery Business Continuity template contains many checklists and best practices to follow. The checklist includes:
Electricity, water, broken wires do not mix. Review all electrical and plumbing plans in detail.
Understand the minimum power requirements to be operational.
Have an adequate fuel supply to operate backup power sources. If the outage lasts for more than 30 days will the faciulity be ale to continue operations.
Set reasonable response times for standby generator.
Maintain your equipment and test it operations. Test at least once a quarter and review supplies on hand.
Understand your environment and geography.
Set up generators in an “open environment”. Carbon monoxide fumes can build up and poison people.
Compliance Mandates come from multiple sources. How companies are impacted by them varies by size of company and the markets they serve.
Compliance Mandates impact every company that does business on the Internet. Few companies are impacted by all of the mandates. In the U.S. the most impactful is the CaCPA inacted by Califorinia and the GDPR from the EU
The EU has implemented a single privacy and compliance mandate. In the U.S. that is not the case as of yet. The U.S. Congress has talked about it but, as of yet, there is no consensus on what that legislation will look like. Until that occurs the various states, and California in particular, will set the rules.
The standards for user privacy and control drove the released of an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. Janco reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated. The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates. These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular. The compliance deadline is January 1, 2020.
Compliance Management is one of the top concerns of CIOs and other C-Level exeutives.
Compliance Management Kit was just released. All of the components of the kit were just updated to meet privacy and security madatesdue to GDPR for the EU and CaCPA for the state of California.
The kit comes in 3 versions: Silver, Gold, and Platinum. Each can be acquired with either 1 year or 2 years of update service. Janco feels mandates will continue to be added due to this high volume of cyber-attacks and privacy issues that are of concern to individuals and corporations.
First, he Silver version of the kit comes with the Compliance Management White Paper, a self-scoring Security Audit, a PCI Audit Program, and 31 key Job Descriptions including Chief Security Officer (CSO). Second, the Gold version of the kit come with all of that plus two full policies. The policies are the Record Classification and Management Policy and a Privacy Compliance Policy with a detail implementation work plan. The detail wok plan can be utilized right out of the box to ensure that privacy and security are implemented fully within the enterprise. And third, the Platinum version of the kit comes with everything in the first two, plus Janco’s Security Manual Template.
What is HIPAA and how can an enerprise comply with the mandated requirements
What is HIPAA Privacy Rule – provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
There also is a HIPAA Security Rule – It specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic protected health information. This places unique challenges to the Business Continuity and Disaster Recovery Planning processes.
What is HIPAA and how does it impact overall Compliance Management?
Federal and state government regulations (see state compliance requirements) can be a big problem for today’s organizations. There are more than 100 such regulations in the U.S. alone, and that number continues to grow. These are in addition to industry-specific mandates. They are all designed to safeguard the confidentiality, integrity, and availability of electronic data from information security breaches. So, what are the consequences if your organization fails to comply? Heavy fines and legal action. In short, it’s serious.
Top 10 Reasons Disaster Recovery Fails have been identified by Janco.Over 90% of all mid-sized to large enterprises have disaster recovery and business continuity plans in place — that is not enough to avert disaster as only 40% of those plans have not major defects. The top 10 causes for those failures are:
Disaster Recovery and Business Continuity are necessary enterprise infrastructure processes that have correctable defects that can make plans fail.
Backups do not work
Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends
Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity
Not including a communication processes which will work when your communication infrastructure is lost
Not having sufficient backup power – both capacity and durations
Having a recovery plan in place but not listing priorities of which resources need to be restored first
No physical documentation of your Disaster Recovery and Business Continuity plan
Disaster Recovery and Business Continuity plan that has not been tested adequately
Passwords are not available to the Disaster Recovery and Business Continuity team
Disaster Recovery and Business Continuity plan is not up to date