Tag Archives: security

Top 10 Security Weakness

Top 10 Security Weakness Issues Enterprise-Wide

Top 10 Security Weakness Issues – In a review of over 100 enterprises we identified the security weakness issues that CIOs, CSOs, and IT pros need to address. There are:

  1. Using only single level verification for access to sensitive data
  2. Having “public” workstations or access point is connected to a secure network
  3. Weak Passwords
  4. Sharing login credentials
  5. Static Passwords
  6. Data validation for forms is contained in client-side JavaScript
  7. Connect to network from an unsecure access point
  8. Corporate web site is encrypted but the login process is not
  9. Using weak encryption for back end management
  10. Using unencrypted or weak encryption for Web site or Web server management
Top 10 Security Weakness

Top 10 Security Weakness Issues Identified

Order Security Policies and ProceduresDownload TOC security policies

Janco’s Security Manaual provides tools that IT Professionals can use to address these  issues.  In addition, there are a number of articles that have been published on Janco’s main web site.  To see them go to the site and under the main menu bar there is a search option.  With that you will be able to see all the web pages that have the term security weakness or any sub-set of the seach term.

See also

Please follow and like us
error

Blockchain Payment System

Blockchain Payment System

Universities Work Together On Payment System – Shades of Internet Development

Universities Work Together On Payment System just like they did when the Internet was developed by them in the late 1960’s with ARPAnet.

Blockchain payment system must smoothly collect, process, and protect sensitive personal information

Several universities, including MIT and Stanford, are working together to develop a digital currency network that solves blockchain’s scalability and performance problems before public confidence in the technology erodes.

Funded by a Swiss-based non-profit organization, the cryptocurrency application, called Unit-e, and its blockchain-based payment system is expected to launch in the second half of this year; if successful, it would surpass even mainstream financial networks like Visa’s VisaNet in transactional capability.

This is very similiar to how the Internet was first developed.  Universitiy staff and associates worked together to create a common netwok which was in competition with the then exisiting TimeSharing services.  None of which exist today.

The question is will propritary systems like VisaNet exist after the public university system is operational. Research shows that well-run companies are most productive, suffer the least loss of sensitive data, and have less downtime of operations if they have good policies in in place.

Read on Information Technology Infrastructure…

 

 

Please follow and like us
error

Security Manual Template

Security Manual Template – 2019 Version Released

The 2019 Version of the Security Manual Template was just released.

Security ManualThere now are new standards for user privacy and control according to Janco Associates – Janco has just released an update to its Security Manual Template which identifies mandated user rights and enterprise responsibilities related to privacy protection. The CEO of Janco, Mr. M. Victor Janulaitis said, “We have reviewed in detail the California Consumer Privacy Act of 2018 (CaCPA) and generated a detail list of user rights and business responsibilities that are mandated.  The CaCPA requirements are very complex and significant resources will have to be allocated for organizations to comply with these new mandates.  These mandates will impact all organizations that have an Internet presence in the U.S. and California in particular.  The compliance deadline is January 1, 2020.”

The Security Manual Template is now distributed in a segmented format with five (5) specific directories. They are:

  1. Security Manual Template directory – containing the full editable MS WORD and pdf versions of the template;
  2. Forms directory – containing all the forms that are needed to implement a “World Class” security infrastructure;
  3. Policy directory with 5 policies in MS WORD and pdf versions – Blog and Personal Website Policy – Mobile Use Policy – Sensitive and Confidential Information Policy – Server Security Policy – Travel and Off-Site Meeting policy;
  4. eBook directory (with the author’s name as the directory name)- with eBook versions of the Security Manual Policy and the supporting policies; and
  5. Tools directory with the Business Impact Analysis Tool, Threat and Vulnerability Assessment Tool, Security Checklist, and PCI Audit Program.

See also Security and Compliance…

Please follow and like us
error