Best Practices for Chief Information Officer - CIO
The Best Practices news feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed the option that you have is:
Ransomware – IT Governance Infrastructure Key to Protection
CIO Resource Site News Feed
US Health sector targeted by Royal and BlackCat Ransomware attacks
Royal was first observed in early 2022.They are believed to have very experienced operators, previously belonging to other infamous cybercriminal groups including Conti Team One
It is a 64-bit executable written in C++ whcih targets Windows systems by encrypting files and appends ".royal or
".royal_w" extensions to filenames and creates "README.TXT ransom note.BlackCat ransomware, AKA ALPHV, AlphaVM, Noberus, Coreid, FIN7, Carbon Spider was first detected in November 2021; per the FBI, they compromised at least 60 victims in four months. It is written in Rust; highly adaptable; Ransomware-as-a-service and conducts triple extortion (ransomware, threats to leak stolen data and distributed denial of service attacks.
Read on Order Security Manual Template Download sample
- Ransomware – IT Governance Infrastructure Key to Protection
IT Job Descriptions - 2023 Edition Released
324 Job Descriptions included in 324 Edition of theInternet and Information Technology Positions Description HandiGuide
The 324 positions include all of the functions within the IT group. The Job Descriptions have been updated to be compliant with PCI-DSS, GDPR, Sarbanes-Oxley, HIPAA, CobiT, and the ITIL standards. The job descriptions are all structured to focus on "Best Practices" as defined by the IT Productivity Center to meet the requirements of World Class Enterprises. They are ready to use and easily modified to meet your enterprise's unique requirements.
Each job description is between two (2) to six (6) pages in length and has been created utilizing CSS style sheets. As such they are "out of the box" ready to use with little or no modification other than organization specific customization.
324 Internet and IT Job Descriptions as individual files in MS WORD and ePub formats. Long file names have been used to make customization easier.
Order IT Job Description HandiGuide Sample Description Download TOC
- IT Job Descriptions - 2023 Edition Released
IT Governance Management Team
IT Governance Management Team job descriptions
To support the process the IT Governance HandiGuide includes ten (10) full job descriptions:
- Chief Technology Officer (CTO)
- Chief Information Officer (CIO)
- Chief Information Officer (small enterprise)
- Chief Compliance Officer (CCO)
- Chief Experience Officer (CXO)
- Chief Security Officer (CSO)
- Chief Data Officer
- Chief Digital Officer
- Chief Mobility Officer (CMO)
- Digital Brand Manager
Read On Order Strategy Download TOC
- IT Governance Management Team
Password Managers provide false sense of security
Most password managers are insecure eventhough they are comprehensive, detailed, and customizable
The most popular password managers for Windows can actually leak your login credentials to the PC's memory. A hacker could potentially snatch up the sensitive data when the password manager turns on.
The research examined the security of four products including 1Password, Dashlane, KeePass, and LastPassFree at LastPass. The company was surprised to find that the products didn't always encrypt and then delete password data in the PC's background processes. Even the master password, which can be used to unlock all your stored passwords, can be exposed.
Order Security Manual Template Download Sample
- Password Managers provide false sense of security
China continues to be a security threat
Security Policies - Procedures - Audit Tools
An employee is alleged to have stolen trade secrets from her two employers 9 (including Coca-Cola and availed these to a Chinese company that her co-conspirator managed. The theft was carried out in a straightforward manner: She uploaded information to Google Drive; for the more sensitive documents she used her smartphone's camera to take screenshots of the documents, avoiding detection from the security team.
This occured after the employee left Coca-Cola. The individual signed a statement that attested they did not retain trade secret information owned by Coca-Cola and in exchange received a check for $39,912 - which appears to have been the last paycheck from the company.
Read on Order Security Manual Template
- China continues to be a security threat
Top 10 Social Network Security Tips
Top 10 Social Networking Tips
Top 10 tips to improve social networking securitySocial Networking Policy
- Educate employees
- Have employees use different passwords for different system
- Mandate strong passwords
- Have employees change passwords regularly
- Do not share accounts
- Implement two factor authentication
- Educate employees to NOT open email attachments or go to links where the originator is not known
- Utilize antivirus and security software
- Don't friend people you do not know
- Validate and verify
Order social networking Policy Download Selected Pages
- Top 10 Social Network Security Tips
Technology Resilience and Business Continuity
Technology resilience and DRP and BCP
Technology resilience is defined as an organizations ability to maintain acceptable service levels through, and beyond, severe disruptions to its critical processes and the IT systems which support them.
Seven (7) factors C-level executives can use to get a clear grasp of what their enterprise's technology resilience is.
- Technology Resilience and Business Continuity
- Awareness is having the knowledge of what are the normal business operation requirements are; what dependencies there are on
- Protection is more than having physical and system access and security controls.
- Discovery is to know when a failure occurs.
- Preparedness means having specific action steps and plans in place to address the effects of a disruption.
- Recovery focuses on returning services and operations to business as usual levels within defined timescales and with minimal acceptable data loss following an event causing disruption or failure.
- Review and Assessment is essential for every technology resilience program, and includes post-incident reviews to identify the root causes of disruptions.
- Improvement is the process of taking the knowledge gained from all the above and taking steps to improve systems and increase resilience, and to continuously refine disaster recovery and business continuity plans.
IT Job Families Define Structure of IT Teams
System Analyst Job Classes defined - Added to IT Professional Job Family
A modern IT structure includes team members who are representative of customers or the people engaging customers. For example, a consumer banking IT team should include a teller or bank manager, she contends, and a retail enterprise should enlist a store manager as part of an IT delivery team. Being a business leader means understanding the customer, and you can't do that if all you're doing is wearing an IT hat. You have to create a team that includes some unconventional players.
The first step is have a structure which provides a framework that is easy to implement. For example, one job family defined in the IT Job Family Classification and Pay Grade System, the IT System Technology Professional Family. With that in place the creation of pay grades to include the System Analyst Class is straight forward.
Read On Order Classification Pay Grade System Download Selected Pages
- IT Job Families Define Structure of IT Teams