Latest news of interest from the CIO's primary news feed

Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA

News of interest from CIO's primary news feed - The Janco News feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.

If you wish to subscribe to this news feed the options that you have are:

  • IT Standard News Feed

  • IT Service Management (ITSM) Service Oriented Architecture (SOA)

    Tools that the CIO, CSO, CTO, and CFO can use for Infrastructure, Disaster Recovery, Security, Job Descriptions, ITSM, Salary, Change Control, and Help Desk.

    ITSM - SOA - Change Control - Help Desk - Service Requests Blog - Personal Web Site - Sensitive Information

    ITSM - SOA - Service DeskWhen a system defect or workplace disruption hits, you need to act fast to ensure the enterprise can continue to function, your employees and associates are informed and productivity is maintained . And where better to designate the first responder than your service - help desk with a focus on IT Service Management (ITSM).

    KPI metrics have taken off as measurement of the quality of IT's service has become a priority. Currently 67% of all organization have implemented the KPI approach. In a survey of 205 organizations that have these metrics in place we found that user perception is the top metric that most are focused on.

    The IT Service Management Policy Template MS Word document that contains policies, standards,  procedures and metrics that comply with the ITIL Standard. Chapters of the template include:  

    • Service Requests Policy
    • Service Request Standard
    • Help Desk Policy
    • Help Desk StandardsITIL Service Management
    • Help Desk Procedures
    • Help Desk Service Level Agreement
    • Change Control Standard
    • Change Control Quality Assurance Standard
    • Change Control Management Workbook
    • Documentation Standard
    • Application Version Control Standard
    • Version Control Standard
    • Internet Policy
    • e-mail Policy
    • Electronic Communication Policy
    • Blog & Personal Web Site Policy
    • Patch Management and Version Control Policy
    • Travel and Off-Site Meeting
    • Sensitive Information Policy
    • Work From Home and Telecommuting Policy

    Order ITSM Template  Download ITSM TOC


    EvilProxy - phishing as a service attacks

    EvilProxy addressed in Security Manual Template - 2023 Edition

    Security Audit ProgramEvilProxy functions as a reverse proxy, where the service is positioned between the user and the real login page, relaying requests and responses back and forth between them. From the victim’s perspective, it’s like they’re interacting with the real website, but the attacker gets to see everything that gets transmitted between the two parties, including the login credentials and MFA codes. EvilProxy claims to be able to bypass MFA on Apple, Gmail, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and other popular websites.

    Out of hundreds of accounts that were accessed by attackers, 39% were C-level executives, 17% were chief financial officers, and 9% were presidents and CEOs. When it came to lower-level management and personnel, the attackers focused on users with access to financial assets or sensitive information.

    Read on Order Security Manual Template Download sample

     


    Supply Chain ISO Mandates defined

    ISO 28000:2007 is necessary for support of an organization implementing and managing a Supply Chain Security Management System

     

    The Security Management Standard (SMS) requirements standard, a specification for an SMS against which organizations can certify compliant.

    Standard specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. Security management is linked to many other aspects of business management. Aspects include all activities controlled or influenced by organizations that impact on supply chain security. These other aspects should be considered directly, where and when they have an impact on security management, including transporting these goods along the supply chain.

    ISO 28000:2007 is applicable to all sizes of organizations, from small to multinational, in manufacturing, service, storage or transportation at any stage of the production or supply chain that wishes to:

    ·         Establishes, implements, maintains, and improves a security management system.

    ·         Assures conformance with stated security management policy.

    ·         Demonstrates such conformance to others.

    ·         Seeks certification/registration of its security management system by an Accredited third-party Certification Body.

    ·         Makes a self-determination and self-declaration of conformance with ISO 28000:2007.

    Order Security Manual Template Download Sample


    Hiring of IT Pros slowing - Recession?

    4.19 Million individuals are employed as IT Pros in the US

    YTD, the IT job market grew by 3,400 jobs in the first five months of 2023.  That is in contrast with 97,300 jobs that were created in the same period of 2022.  The number of unfilled jobs for IT Pros shrank from 200K plus in December to just under 80K at the end of May.

    Hiring of IT Pros Slowing

    The growth of the IT job market stopped in January with a decline of 2,600 jobs and the BLS initially reported there was a loss of 11,600 jobs in February and a slight gain of 500 jobs in March.  They revised their data to show a gain of 4,900 jobs in February and 7,700 in March. Currently, there is an excess of 145K unfilled jobs for IT Pros due to a lack of qualified candidates.

    Hiring Trend shows slowing - possible recession


    How to implement "World Class" Security

    10 Step Process to Implement "World-Class" Security

    World Class Security Implementation10 step security implementation process that Janco has utilized successfully in hundreds of organizations includes:

    1. Make security an executive directive
    2. Implement clear security guidelines
    3. Provide specifics for security compliance
    4. Enforce that everyone follows the rules
    5. Provide formal training program
    6. Communicate Security
    7. Monitor security compliance
    8. Establish security compliance metrics
    9. Provide security compliance feedback
    10. Audit security with a third party

    Read On Order Security Manual Template Sample


    Unemployed IT Pros

    Over 4.18 Million individuals are employed as IT Pros in the US

    The unemployment rate in the technology job market in the U.S. is about half that of other fields — just 1.5%.  2022 saw an increase of about 264,500 new jobs to the I.T. job market, according to industry consultancy Janco Associates. Those new jobs came atop the 213,000 I.T. jobs created in 2021.

    465 tech companies have fired a total of 126,057 employees in 2023. And, according to  another survey, in 2023 608 tech companies have announced layoffs, affecting 162,541 people (or 2,426 people per day). In 2022, there were 1,535 layoffs at tech companies with 241,176 people let go.

    IT Pros employed

    While tech companies have laid off hundreds of thousands of workers over the past six months or so, the majority of those employees did not hold I.T. positions. And even when companies did reduce their headcount through layoffs, the number let go was typically no more than 5% to 6% of the total workforce.

     


    Compliance Management Kit - 2023 Edition Released

    2023 Edition Compliance Management Kit contains ISO 28000 Compliance Tools

    Compliance-management-2-in.pngRecent cyberattacks focused most C-Level executives on asset security and compliance as more business is conducted on the Internet. In addition, not meeting compliance mandates exposes enterprises to damaged reputations and fines. The Compliance Management Kit provides tools that are properly implemented minimize those risks. The Compliance Management Kit is the must-have tool to meet mandated governmental and industry compliance objectives.

    The Kit comes in three versions.  Each version contains the Compliance Management White Paper, ISO 28000 Security Audit Program (Supply Chain Management), a self-scoring Security Audit Program, a PCI Audit Program, and 31 key job descriptions including one for the Chief Compliance Officer which is six pages in length.

    Order Compliance Management Kit  Download Selected Pages


    2023 Edition of IT Infrastructure Policies bundle released

    IT Infrastructure Policies and Procedures 2023 Edition

    The policies, job descriptions and forms in the 2023 Edition  comply with all mandated requirements and include electronic forms that can be e-mailed, filled out completely on the computer, routed and stored electronically.

    CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)

    Order IT Infrastructure Policies  Download Selected Pages