Tag Archives: security

Top 10 BYOD Security Best Practices

Top 10 BYOD Security Best Practices Implemented  by “World Class” CIOs

Top 10 BYOD Security Best PracticesTop 10 BYOD Security Best Practices have been implemented by almost all “World Class” CIOs and CTOs.  The importance of these is only magnified by the implementation of Blockchain and DLT applications.

The Best Practices are:

  1. Implement a formal written BYOD policy
  2. Set up a locking password on each device
  3. Implement a phone locater on all devices
  4. Protect the access point of your network
  5. Implement anti-virus – utilize VPNs
  6. Manage authorized applications.
  7. Utilized data encryption on e-mails and enterprise data
  8. Utilize the cloud as a back up source
  9. Be wary of applications like QR coder readers
  10. Monitor access and data usage by device and by user

Read  BYOD Security  Order BYOD Policy BYOD Policy Download Selected Pages

Top 10 Security Best Practices take effort to implement

Too many companies have found out the hard way that their most valuable assets are exposed and vulnerable to hacker attracts, theft and destruction. They now have learned a very expensive lesson, a company’s valuable information cannot be undone, and also often leads to significant damage to your company’s reputation.

See Also:

Please follow and like us
error

Cloud Security Vulnerabilities

Top 10 Cloud Security Vulnerabilities

Top 10 Cloud Security Vulnerabilities have been identified and ranks by level of importance and impact by a panel of 57  CIOs, CTOs, and CSOs.

Cloud Security Vulnerabilities

Top 10 Security Vulnerabilities have been identified by a 100 plus CIOs, CTOs, and CSOs from Fortune 500 companies

The top 10 are:

  1. Data breaches
  2. Weak Security
  3. Non-Secure Interfaces & API
  4. OS vulnerabilities
  5. Account hijacking
  6. Insider breach as System Administrator
  7. Parasitic code on server
  8. Data Destruction
  9. Denial of service (DoS).
  10. Ransomware

All of these are addressed in Janco’s How to Guide for Cloud Process and Outsourcing.

Order Cloud Outsourcing  Download Selected Pages

Top 10 best practices address Cloud Security Vulnerabilities

Top 10 best practices for cloud Security – The cloud is great technology that helps organizations to improved productivity, reduce costs, and simplify the user’s life. However it does raise significant security risks. Here are 10 best practices that if followed minimize those risks.

  1. Utilize a SDM (System Development Methodology) to design, test and implement changes in the both the source and object level code.
  2. Implement a disaster recovery and business continuity plan that includes a focus on security of the data and application assets that are cloud based.
  3. Implement metrics and cloud application monitoring which can help to detect potential security violations and breaches in the cloud based data and applications
  4. Utilize a secure access and change management system to manage revisions to the cloud application.
  5. Utilize a patch management approach to install revisions to the cloud data and application.
  6. Implement a log management system to have an accurate audit trail of what occurs on the cloud.
  7. Implement firm security policies via a formal security management system (see https://www.e-janco.com/Security.htm and https://www.e-janco.com/Cloud.htm).
  8. Review latest published cloud vulnerabilities and make appropriate changes to cloud applications and access rules
  9. Contract with independent 3rd parties to find security vulnerabilities in your cloud based applications
  10. At least annually, conduct a security compliance audit on the total cloud based application from development to user access.

See also:

Please follow and like us
error

Cyber Threats are on the rise

Cyber Threats are on the rise – cyber crime is here to stay

Cyber Threats are on the rise and cybercrime is here to stay

Cyber Threats are on the rise and cyber crime is here to stay

Cyber threats are on the rise, in 2017 there was over $600 billion globally of costs associated with cyber crime.  Other key facts:

  • The forecast for 2019 is that $11.5B billion in damage costs due to ransomware
  • 94% of all data breaches begin with a click on a link in an email
  • In 2017 consumers lost over $20 Billion due to cyber crime
  • In 2015 businesses lost over $20 billion due to email accounts being compromised

In 2016 over 20 billion people had records stolen or compromised

Things that consumers and business should do are:

  • Implement device monitoring and protection
  • Conduct frequent Dark web scans to identify breaches
  • Utilize VPNs and avoid public free Wi-Fi connections
  • Implement a secure password safe process
  • Harden devices to protect against cyber security
  • Implement bio metric and dual factor authentication
  • Scan connected IoT devices
  • Monitor credit reporting systems
  • Implement secure backups with a long retention cycle.

Security Manual Template – Cyber Threats are on the rise

Many organizations fail to realize the benefits of security information management due to the often exhaustive financial and human resource costs of implementing and maintaining the software. However, Janco’s’ Security Manual Template – the industry standard – provides the infrastructure tools to manage security, make smarter security decisions and respond faster to security incidents and compliance requests within days of implementation.

Read on Order Security Manual Template Download sample

See also:

Please follow and like us
error

Backup Policy Updated

Backup Policy Updated

Backup Policy

Backup Policy includes everthing that is need to be in full compliance with all mandated security requirement.

Backup Policy Updated as well as the CIO IT Infrastructure Policy Bundle. The policy has just been updated to take into account everything from GDPR to cloud storage and security implications.

The Backup Policy addresses the issues that you struggle with including:

  • How safe are your information assets in transit and at reset?
  • What protections are in place to prevent hacker access?
  • Does your backup and retention process meet all of your compliance requirements?
  • Who can gain access to your data?
  • What KPI metrics do you have in place?
  • Will the use of the data ensure successful recovery?

Managing backup and recovery in today’s environment is a multi-dimensional challenge with both near and long term business requirements. Recent technological developments in disk backup have had a positive impact on short term data retention requirements (see also BYOD policy). But these improvements do not replace the need to execute and deliver on a long term data retention strategy which includes:

  • Business and Regulatory Requirements Demand a Long-term Plan
  • Manage and Contain Your Total Cost of Ownership (TCO)
  • Encrypt Your Data for Secure Long-term Retention
  • Weigh the Environmental Impacts and Minimize Power and Cooling Costs
  • Simplify Management of the Entire Solution

Best of Breed solution

A “Best of Breed” backup policy and strategy considers how to:

  • Back up critical application data – across mixed operating systems and storage configurations
  • Restore desktops and mobile users quickly
  • Restore systems to dissimilar hardware or virtual systems
  • Back up data and system information to off site locations, so that you can quickly recover your business even from a total loss of your facility
  • Leverage new cloud based backup offerings to properly secure, back up,and archive critical data.

Order Backup Policy Backup Policy Download Selected Pages

See also:

Please follow and like us
error

Top 10 Reputation Management Rules

Top 10 Reputation Management Rules

Top 10 Security Management rules

Top 10 Security Management rules are defined in Janco’s Security Manual Template.

Top 10 Reputation Management Rules are defined in detail in Janco’s Security Manual Template.

Without constant vigilance, your company is vulnerable to attack. The first step to take is to assess your current security stance, then make a plan to increase security with proper best practices and technologies.

Top ten commandments of security management for CSOs, CIOs, and IT Managers

  1. Limit access to information to those who need to have it. People can’t misuse information that they don’t have.
  2. Conduct frequent and deep security audits. Identify who has access to what – and how their actions could weaken the protection of valuable data/information.
  3. Set limits to information access. Do not exclude all information from access – data exclusion locks down access. Limits set authorizations so specific people can do specific things under specific circumstances.
  4. Limit administrative rights to as few individuals as possible. Very few individuals need them to do their jobs.
  5. Ignore organizational hierarchy when setting access capabilities. Access and authorization should be based upon responsibilities, not position.
  6. Make Security Invisible. Minimize extra commands, screens, pop-ups for employees; if an action is allowed, just let it happen.
  7. Analyze Security End back doors. Compliance logs reveal threat patterns, and show how security steps are hurting productivity.
  8. Monitor information access and updates. User-initiated application information updates can invite vulnerabilities.
  9. Educate everyone on security policies and procedures. The more that people know about the rules the better
  10. Make security best practices the watch word for everyone. IT and the general workforce must address the constantly changing nature of security breaches.

Security Manual Template

Security Policies and Procedures Manual for the Internet and Information Technology is over over 230 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address GDPR, CaCPA, ISO, Sarbanes Oxley and CobiT compliance).

Security Manual TemplateOrder Security ManualDownload Selected Security Manual Pages

See Also:

Please follow and like us
error

GDPR Compliance

GDPR Compliance is at risk with 3rd Party providers

GDPR Compliance

GDPR Compliance Management is more complex with the increased use of 3rd Party providers

Security and GDPR Compliance risks from third parties are on the rise. A security compliance study found that 56 percent of companies admitted to a security incident caused by a third party.

With GDPR now in place, security of third-party vendors and consultants is more important than ever. Their security failure will impact your company and could result in a breach of your data.

So how do you approach third-party security in a GDPR world? The first step is to know who your vendors are and other outsiders with access to your network. These tiers are based on the level and volume of data they have access to, determining which are the most critical. Companies need to know who has any access to their data and get an accurate understanding of exactly what information they can access, why, and how often. With this information in hand, you can then develop an accurate response plan.

GDPR compliance plans should also take into consideration all of your third-party vendors. Thus, when establishing a dedicated Data Privacy Officer (DPO), that person will help the company meet GDPR requirements and should keep tabs on third-party practices and data systems as they affect your business. Lunetta added:

To support the DPO with additional expertise on making decisions such as, “We need X solution to address Y compliance/security requirement,” it’s imperative for IT security teams to conduct regular self-assessments for uncovering gaps and determining options for remediating them.

GDPR Tips

Some tips for ensuring that your third parties are staying in GDPR compliance:

  • Address cybersecurity governance because while it’s one thing to invest in security solutions that help address personal data protection, it’s another to use them in a manner that is also GDPR-compliant.
  • Access Policy Governance – Having robust access controls isn’t good enough to comply with GDPR. Instead, you also need a set of policies that can be defined, implemented and enforced around how your enterprise controls access to personal data.
  • Pay attention to privileged.  Users, such as systems administrators, can circumvent standard controls inside of an application or a database. Identify those users, establish governance controls, and implement enforcement mechanisms through technology solutions such as network access control.

See also:

Please follow and like us
error

Compliance Management

Compliance Management Kit Released

Compliance Management

Compliance Management is one of the top concerns of CIOs and other C-Level exeutives.

Compliance Management Kit was just released.  All of the components of the kit were just updated to meet privacy and security madatesdue to GDPR for the EU and CaCPA for the state of California.

The kit comes in 3 versions: Silver, Gold, and Platinum.  Each can be acquired with either 1 year or 2 years of update service.  Janco feels mandates will continue to be added due to this high volume of cyber-attacks and privacy issues that are of concern to individuals and corporations.

First, he Silver version of the kit comes with the Compliance Management White Paper, a self-scoring Security Audit, a PCI Audit Program, and 31 key Job Descriptions including Chief Security Officer (CSO). Second, the Gold version of the kit come with all of that plus two full policies. The policies are the Record Classification and Management Policy and a Privacy Compliance Policy with a detail implementation work plan. The detail wok plan can be utilized right out of the box to ensure that privacy and security are implemented fully within the enterprise.   And third, the Platinum version of the kit comes with everything in the first two, plus Janco’s Security Manual Template.

To learn more about the kit go to https://www.e-janco.com/Compliance.htm.

Order Compliance management KitDownload Selected Pages

Other related posts on this blog:

Please follow and like us
error

CIO Infrastructure Policy Bundle

CIO Infrastructure Policy Bundle Update 2019-02 now available

CIO IT Infrastructure Policy Bundle contains 20 full polices that are easily modified to meet an enterprise’s unique operation environment.

CIO Infrastructure Policy Bundle has just been updated. It inclues both the updated  Record Classification, Management, Retention and Disposition Policy and the BYOD Access and Use Policy. This is all part of the annual review process which Janco is going through for its entire product like of CIO and IT Management tools to validate they meet all of the compliance, security and privacy mandates.

The policies are all part of the overall IT Governance  Model. That model addresses the issues associated with the overall processes associated the design, developement, implementation , and ongoing operation of technology in the ever changing Internet based operational enviroment.

Currently, data classification is an area that CIOs need to address in light of GDPR and CaCPA.

Each of the polices in the CIO IT Infrastructure Policy Bundle can be acquired separately.  See Policy offerings.

Recently Updated:

  1. Blog and Personal Website Policy (revised 01/2019)
  2. BYOD Access and Use Policy (revised 03/2019)
  3. Mobile Device Access and Use Policy (revised 01/2019)
  4. Physical and Virtual Server Security (revised 01/2019)
  5. Record Classification, Management, Retention, and Disposition Policy (revised 03/2019)
  6. Sensitive Information Policy (revised 1/2019)
  7. Travel, Laptop, PDA and Off-Site Meeting Policy (revised 01/2019)

Updated in 2018 – Scheduled to be updated within the next three (3) months:

  1. Backup and Backup Retention Policy
  2. Google Glass Policy
  3. Incident Communication Policy
  4. Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  5. Outsourcing and Cloud-Based File Sharing Policy
  6. Patch Management Version Control
  7. Privacy Compliance Policy
  8. Service Level Agreement Policy including sample metrics
  9. Social Networking Policy
  10. Technology Acquisition Policy
  11. Telecommuting Policy
  12. Text Messaging Sensitive and Confidential Information
  13. Wearable Devices

Order IT Infrastructure PoliciesDownload Selected Pages

See also: Record Classification

Please follow and like us
error

Record Classification

Record Classification, Management, Retention, and Destruction Policy Updated

Record Classification was just added to the Data Management Policy.  The purpose of the addition was to reduce the sensitive data footprint to meet the most recent rigorous compliance standards,

Record Classification and Management

Record Classification, Management, Retention, and Disposition Policy can be acquired separately or with the CIO IT Infrastructure Policy Bundle.

Most other data classification tools don’t go the extra mile. Their technology only looks for specific terms in your documents; it doesn’t provide the intelligence you need to secure the personal information of your customers or employees. Janco’s Record Classification, Management. Retention and Disposition Poicy provides visibility into where sensitive files are, what content is inside, who can access the files and who actually uses them.

Included with the policy is a crisp definition of data classification.

The foundation of any good record management program is developing a consistent records classification system across the organization.

While there are many record classification systems, one recommended best practice is a three-tier classification based on business function, record class, and record type.

The first step toward developing  a records classification system is taking an inventory or a comprehensive and accurate listing of locations and contents of all records within the organization.

The second step is grouping the records in the inventory according to business functions, record class, and record type:

  • Common business functions include operations, finance, legal, marketing, human resources, and others.
  • The top-level business functions are broken down into record classes. For instance, two record classes of record-function accounting are accounts payable and accounts receivable.
  • Record types are a further subdivision of record classes. For instance, the accounts payable record class can be further broken down into accounts payable aging reports, accounts payable distribution reports, cash disbursement reports, and other categories.

Read on Record Classification, Management, Retention, and Disposition Policy

Order Record Management PolicyDownload Selected Pages Record Management policy

Other Posting of a similar nature

Please follow and like us
error

BYOD Best Practices

Security Top 10 BYOD Best Practices

BYOD Best Practices

BYOD Best Practices to ensure the security of enterprise sensitive an confidential information

BYOD Best Practices – BYOD (Bring Your Own Device) now is standard practice for most individuals working for companies.  Device  include everything from laptop computer to tablets and smartphones. 10 Best Practices to secure BYODs – More employees and enterprise associates are bringing their own iPhones and tablets to the office. How sure are you that they are secure. While these oersonal devices are great for employee productivity, they can introduce security risks to your organization.

  1. Implement a formal written BYOD policy that clearly states which devices and applications are supported.
  2. Set up a locking password on each device. Integrate password usage with wipe the phone after x number of invalid tries. At the same time have a way to restore the phone if the phone is wiped.
  3. Implement a phone locater on all SmartPhones. In the case of the iPhone use the “Find My Phone” application.
  4. Protect the access point of your network so that only devices that meet your stringent security requirements are allowed access to you network and data.
  5. Implement anti-virus where possible. In the case of iPhone there is not anti-virus. That means that you email service provider needs to do the scan BEFORE emails are sent to the device.
  6. Manage authorized applications so the contact and other sensitive data is not extracted from the device by the applications.
  7. Utilized data encryption on e-mails and enterprise data
  8. Utilize the cloud as a back up source
  9. Be wary of applications like QR coder readers. They can direct the user to sites that can take control of the device.
  10. Monitor access and data usage by device and by user. Have processes in place that actively inform management of any potential ares were the network and data can be compromised.
Order BYOD PolicyBYOD Policy Download Selected Pages

Read on BYOD Policy Template

 

Please follow and like us
error