Latest news of interest from the CIO's primary news feed
Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA
News of interest from CIO's primary news feed - The Janco News feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed the options that you have are:
- IT Standard News Feed
- Service Requests Policy
- Service Request Standard
- Help Desk Policy
- Help Desk StandardsITIL Service Management
- Help Desk Procedures
- Help Desk Service Level Agreement
- Change Control Standard
- Change Control Quality Assurance Standard
- Change Control Management Workbook
- Documentation Standard
- Application Version Control Standard
- Version Control Standard
- Internet Policy
- e-mail Policy
- Electronic Communication Policy
- Blog & Personal Web Site Policy
- Patch Management and Version Control Policy
- Travel and Off-Site Meeting
- Sensitive Information Policy
- Work From Home and Telecommuting Policy
- Make security an executive directive
- Implement clear security guidelines
- Provide specifics for security compliance
- Enforce that everyone follows the rules
- Provide formal training program
- Communicate Security
- Monitor security compliance
- Establish security compliance metrics
- Provide security compliance feedback
- Audit security with a third party
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy
- BYOD Policy Template
- Google Glass Policy
- Incident Communication Plan Policy - Includes Pandemic Checklist and considerations
- Internet, e-mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy
- Mobile Device Access and Use Policy
- Outsourcing and Cloud Based File Sharing Policy
- Patch Management Policy
- Physical and Virtual Server Security Policy
- Privacy Compliance Policy - California Privacy Act
- Record Classification, Management, Retention, and Destruction Policy
- Safety Program
- Sensitive Information Policy
- Service Level Agreement (SLA) Policy Template with KPI Metrics
- Social Networking Policy
- Technology Acquisition Policy
- Text Messaging Sensitive and Confidential Information
- Travel, Electronic Meeting, and Off-Site Meeting Policy
- Wearable Device Policy
- WFH & Telecommuting Policy
- IT Infrastructure Electronic Forms
IT Service Management (ITSM) Service Oriented Architecture (SOA)
Tools that the CIO, CSO, CTO, and CFO can use for Infrastructure, Disaster Recovery, Security, Job Descriptions, ITSM, Salary, Change Control, and Help Desk.
ITSM - SOA - Change Control - Help Desk - Service Requests Blog - Personal Web Site - Sensitive Information
When a system defect or workplace disruption hits, you need to act fast to ensure the enterprise can continue to function, your employees and associates are informed and productivity is maintained . And where better to designate the first responder than your service - help desk with a focus on IT Service Management (ITSM).
KPI metrics have taken off as measurement of the quality of IT's service has become a priority. Currently 67% of all organization have implemented the KPI approach. In a survey of 205 organizations that have these metrics in place we found that user perception is the top metric that most are focused on.
The IT Service Management Policy Template MS Word document that contains policies, standards, procedures and metrics that comply with the ITIL Standard. Chapters of the template include:
EvilProxy - phishing as a service attacks
EvilProxy addressed in Security Manual Template - 2023 Edition
EvilProxy functions as a reverse proxy, where the service is positioned between the user and the real login page, relaying requests and responses back and forth between them. From the victims perspective, its like theyre interacting with the real website, but the attacker gets to see everything that gets transmitted between the two parties, including the login credentials and MFA codes. EvilProxy claims to be able to bypass MFA on Apple, Gmail, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and other popular websites.
Out of hundreds of accounts that were accessed by attackers, 39% were C-level executives, 17% were chief financial officers, and 9% were presidents and CEOs. When it came to lower-level management and personnel, the attackers focused on users with access to financial assets or sensitive information.
Supply Chain ISO Mandates defined
ISO 28000:2007 is necessary for support of an organization implementing and managing a Supply Chain Security Management System
The Security Management Standard (SMS) requirements standard, a specification for an SMS against which organizations can certify compliant.
Standard specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.
ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:
· Establishes, implements, maintains, and improves a security management system.
· Assures conformance with stated security management policy.
· Demonstrates such conformance to others.
· Seeks certification/registration of its security management system by an Accredited third-party Certification Body.
· Makes a self-determination and self-declaration of conformance with ISO 28000:2007.
Hiring of IT Pros slowing - Recession?
4.19 Million individuals are employed as IT Pros in the US
YTD, the IT job market grew by 3,400 jobs in the first five months of 2023. That is in contrast with 97,300 jobs that were created in the same period of 2022. The number of unfilled jobs for IT Pros shrank from 200K plus in December to just under 80K at the end of May.
The growth of the IT job market stopped in January with a decline of 2,600 jobs and the BLS initially reported there was a loss of 11,600 jobs in February and a slight gain of 500 jobs in March. They revised their data to show a gain of 4,900 jobs in February and 7,700 in March. Currently, there is an excess of 145K unfilled jobs for IT Pros due to a lack of qualified candidates.
How to implement "World Class" Security
10 Step Process to Implement "World-Class" Security
10 step security implementation process that Janco has utilized successfully in hundreds of organizations includes:
Unemployed IT Pros
Over 4.18 Million individuals are employed as IT Pros in the US
The unemployment rate in the technology job market in the U.S. is about half that of other fields just 1.5%. 2022 saw an increase of about 264,500 new jobs to the I.T. job market, according to industry consultancy Janco Associates. Those new jobs came atop the 213,000 I.T. jobs created in 2021.
465 tech companies have fired a total of 126,057 employees in 2023. And, according to another survey, in 2023 608 tech companies have announced layoffs, affecting 162,541 people (or 2,426 people per day). In 2022, there were 1,535 layoffs at tech companies with 241,176 people let go.
While tech companies have laid off hundreds of thousands of workers over the past six months or so, the majority of those employees did not hold I.T. positions. And even when companies did reduce their headcount through layoffs, the number let go was typically no more than 5% to 6% of the total workforce.
Compliance Management Kit - 2023 Edition Released
2023 Edition Compliance Management Kit contains ISO 28000 Compliance Tools
Recent cyberattacks focused most C-Level executives on asset security and compliance as more business is conducted on the Internet. In addition, not meeting compliance mandates exposes enterprises to damaged reputations and fines. The Compliance Management Kit provides tools that are properly implemented minimize those risks. The Compliance Management Kit is the must-have tool to meet mandated governmental and industry compliance objectives.
The Kit comes in three versions. Each version contains the Compliance Management White Paper, ISO 28000 Security Audit Program (Supply Chain Management), a self-scoring Security Audit Program, a PCI Audit Program, and 31 key job descriptions including one for the Chief Compliance Officer which is six pages in length.
2023 Edition of IT Infrastructure Policies bundle released
IT Infrastructure Policies and Procedures 2023 Edition
The policies, job descriptions and forms in the 2023 Edition comply with all mandated requirements and include electronic forms that can be e-mailed, filled out completely on the computer, routed and stored electronically.
CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)