CIO Areas of Interest
Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA
The Janco News feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.
If you wish to subscribe to this news feed the options that you have are:
- IT Standard News Feed - 30 items
Cost of security breaches escilates
May 26th, 2016
Cost of security breaches escalates
The top 10 drivers of security shortcomings include:
- Insufficient funding for security
- Lack of commitment by senior executive management
- Lack of leadership in the security arena by the CIO
- Belief that the organization will not be targeted
- Lack of internal resources who are "security" experts
- Lack of an effective IT security strategy
- Lack of an action plan on how to implement a solution before an event
- Infrastructure for IT that does not easily lend itself to security implementation including complex and disjointed applications and data
- No central focus with the enterprise that focuses on security
- Lack of a good termination policy for employees and contractors
Privacy lost with new audio fingerprint tracking
May 20th, 2016
It no longer is just the NSA, now some websites using audio fingerprinting for identifying and monitoring web users. A number of sites use the AudioContext API to identify an audio signal that reveals a unique browser and device combination.
The method doesn't require access to a device's microphone, but rather relies on the way a signal is processed. The researchers, Using the AudioContext API to fingerprint does not collect sound played or recorded by your machine. An AudioContext fingerprint is a property of your machine's audio stack itself.more info
In addition, researchers have found 715 of the top one million websites are using WebRTC to discover the local IP address of users. Most of these are third-party trackers.
WYOD a top concern of C-Level executives
May 2nd, 2016
WYOD a top concern of C-Level executives
Anyone can purchase a wearable device. If there is an open wi-fi connection that the device can map to sensitive personal and enterprise infromation is at risk.
Rules and policies need to be put in place to mitigate this risk. The question is where to start. Janco has answered that in its wearable device policy template. It includes robust rules on wearable devices. In addition, it provides a specifice road map to be followed when developing a strategy on how to deal with this new potential threat.
Wearable Device Policy - It is 17 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant Wearable Devices device and use process. Included are forms defining the mobile device environment.
Record Management, Retention, and Destruction Policy
April 28th, 2016
The volume of documents within organization is exploding, managing these documents is a real and pressing challenge. If your organization is like many others, paper documents, emails, faxes, PDFs, CAD and other office documents are left unmanaged and stored in filing cabinets, on file servers or on desktop PCs around the office. This exposes your organization to compliance risks, service delays, cost overruns and a host of other challenges.
Today, software solutions are available that combine document and records management capabilities into a single, complete offering. These solutions enable you to reduce the time, cost and complexity of storing and accessing your documents throughout the information lifecycle. They also give you the power to improve access to critical documents, enhance customer service and operational efficiency - all while reducing risks and addressing compliance demands.- more info
Contract terms for outsource agreemeents
April 8th, 2016
Specific contractual provisions to minimize cyber risk in outsourcing contracts are:
- Setting security standards for the vendor;
- Restricting on subcontracting;
- Employee related protections, such as background checks and training;
- Security testing;
- Security audits;
- Security incident reporting and investigation;
- Data retention and use restrictions;
- Customer data access rights; and
- Vendor liability for cyber incidents.