Janco Associates, Inc.

Travel and Off-Site Meeting PolicyTravel Off-Site Meeting Policy

Protect your data from lost and theft

Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other  employees, contractors, suppliers and customers data and software can be compromised.  This policy is seven (7) page in length and covers:

  • Laptop and PDA Security
  • Wireless and Virtual Private Networks (VPN)
  • Data and Application Security
  • Public Shared Resources
  • Minimizing attention
  • Off-Site Meetings
  • Remote Computing Best Practices

This policy has been updated to reflect the requirements of PCI-DSS, Sarbanes-Oxley, HIPAA, and ISO.  The policy comes as both a WORD file and a PDF file utilizing a standard CSS style sheet.

Order Policy

Laptops can and do get lost or stolen. In studies conducted by several security firms, it has been found that over 50% of all lost or stolen laptops disappear at airport security checkpoints an departure gates. Unfortunately almost 70% of these laptops are never recovered.

Lost Laptops

Order Policy

Mobile Device Security Options

Mobile Device Security Options

Because mobile devices reside outside the company firewall and beyond the reach of corporate security policies, they are often where unauthorized activity can occur. Users can inadvertently pass viruses, spyware, and other malware to the company network through the VPN. It still matters that a network has a formidable configuration of layered security, but when a notebook or SmartPhone is lost or stolen, the data stored on the notebook’s is exposed.

Mobile Device Security Policy

Your organization needs to identify and develop mobile security policies to be deployed which will provide adequate protection. The level of protection has to be aligned with the level of risk that your organization is willing to accept. These policies should ensure that the many regulatory or compliance concerns that might be applicable are addressed. The mobile security policy should be integrated within your overall information security policy framework. Key elements to address in the mobile device security policy are:

  • Physical security of the device
  • Address lost or stolen devices
  • Acceptable uses of the device
  • Encryption
  • Password protection
  • Storage
  • Backup
  • Access Control
  • Authentication
  • Monitoring

Like every other security policy, your organization must regularly review its mobile device security policy, particularly after the acquisition of new mobile devices, configuration changes and in the wake of security incidents involving mobile devices. Enterprises have to have ways to protect that data regardless of its location or place of breach. Options available to the enterprise include:

  • VPN - Many enterprises use Internet Protocol Security (IPSec) VPNs, but the fact that IPSec works at the network layer can add exposure of the entire network to malware found on remote machines. Secure Sockets Layer (SSL) VPN technology works at the transport layer of the Transport Control Protocol/Internet Protocol (TCP/IP) stack and is session-oriented, offering more precision in granting access -  even down to a specific application, file or window of time. Some vendors are offering all-in-one appliances that package not only VPN working on both layers, but also firewall, intrusion prevention and network antivirus.

  • Network Access Control (NAC) - NAC gives the network the ability to grant access to a device based on preset criteria, and then monitor it throughout its connection cycle. If the device behaves in a way that is out of line with policies, it is quarantined, given an opportunity to remediate and then disconnected if it remains noncompliant.

  • Encryption - A data-level form of protection, encryption is centrally managed and updated. It works by jumbling data according to a complex algorithm that machines are able to unlock once they have been authenticated. Everything from a single file to the entire hard disk can be encrypted.

  • Intrusion detection and prevention - Intrusion detection and prevention systems focus on identifying incidents, logging information about them, taking action to stop intrusions and reporting incidents to administrators for further review. These systems work well to stop unusual IPs and to block worms, botnets and other malware. They add an additional layer of security between the firewall and antivirus software.

  • Remote Lock Down and Data Destruction - Credentials and devices that are tagged as inactive can have "self destruct" or "remote lock down" code downloaded and activated in such a way that all of the "sensitive data" on the remote device is "erased" and the device put in such a state that it is not usable with intervention by the enterprise. Extreme care should be used if this option is used and the help desk should have procedures in place so that devices remotely locked down in such a manner can be re-activated.

  • Data leakage protection - You can secure data, regardless of where it is in relation to the network, with data leakage prevention (DLP) technology. DLP solutions tag data based on a set of criteria such as location of data, application type, file type, keywords and common data strings. These tags alert IT when the data is being used in a certain manner. DLP can prevent the data from being copied, e-mailed, sent via IM, printed, saved to a different device, changed to a different file type or otherwise altered.

Order Policy


Individual Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in MS WORD format for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.







IT Policies and Procedures News

CIO Recent Articles and Best Practices

CIO Recent Articles and Best Practices

  1. 10 BYOD Best Practices for CIOs
  2. Top 10 issues for CIOs in 2014
  3. Budgeting Puts Fear Into Many CIOs and IT Managers
  4. CIOs now have HITECH compliance to add to HIPAA
  5. CIOs Drive Enterprise Management Processes

    IT Job DescriptionsCIO - CTO  Changing Role

    Chief Information Officer - Chief Technology Officer

    Order CIO Job Description

    The chief information officer's (CIO) influence is growing in today's boardroom. And the role of the IT organizations that they lead is expanding as well. The CIOs of the next decade face many challenges.   The CIOs who will succeed will have a common set of skills.

- more info

Compliance Management Toolkits

Compliance is a challenge for most organizations today but it has increased in difficulty with the widespread adoption of cloud. For businesses in heavily regulated industries like finance, healthcare, the public sector, and retail the inability to adhere to compliance standards can lead to major repercussions.

Compliance Process

Compliance Kits

Order Compliance Kit
- more info

Security policies are key to infrastructure success

Security ManualIs your access infrastructure too complicated with too many products requiring different ways to access information? Do you have multiple types of internal and external users needing access with special access requirements? Can you control a user's access, based on where they are, their device type, or device status? Do you currently use (or wish to use) any cloud applications but aren't happy with the security model and access not being under your control? Are you concerned about user-owned mobile device (BYOD) security? Do your users have too many different credentials for different applications? Is all this costing you too much time and money?

Order Security ManualTable of Contents

- more info

Flash storage compay lays off 100 employees

Flash memory technology developer Violin Memory said it is restructuring to focus on the flash storage market, a move that could result in job cuts and a sale of its PCIe flash memory card business.

IT Job Descriptions
Salary Data

IT Job Descriptions IT Hiring Kit IT Salary Survey

The restructuring comes in the wake of Violin Memory's lackluster IPO as well as the appointment of a new CEO.

Violin Memory's board has authorized a review of "strategic alternatives" for the PCIe flash memory card business as a way to better focus on "markets where Violin has proven technology leadership and significant growth opportunities," the company said in a statement.

- more info

BYOD is key to explosion of mobile computing

The predictions that many industry pundits have been making about the rise of BYOD (bring your own device) are coming to fruition. The surprise is that it is happening at a much faster rate at businesses of all sizes, around the world. While BYOD is increasingly important for employee satisfaction, it poses significant challenges to IT in terms of security risks, productivity loss, support issues and costs.

BYOD Policy

Bring Your Own Device Sample

By adopting desktop as a service (DaaS), businesses can embrace BYOD while ensuring security of corporate data. Employees will be able to easily access their desktops from any - and multiple - devices, and IT can set clear policies around usage and support that make sense for your users and your company.

- more info

What tools do the feds have to fight cypercrime?

Security Manual

Testifying before a Congressional hearing entitled: "Protecting Consumer Information: Can Data Breaches Be Prevented?" US Secret Service Criminal Investigative Division Deputy Special Agent in Charge said: "While there is no single solution to prevent data breaches of U.S. customer information, legislative action could help to improve the Nation's cybersecurity, reduce regulatory costs on U.S. companies, and strengthen law enforcement's ability to conduct effective investigations."

One of the most poorly understood facts regarding data breaches is that it is rarely the victim company that first discovers the criminal's unauthorized access to their network; rather it is law enforcement, financial institutions, or other third parties that identify and notify the likely victim company of the data breach by identifying the common point of origin of the sensitive data being trafficked in cyber crime marketplaces.

Order Security ManualTable of Contents

The Secret Service has as one of its primary roles to protect the US financial system, is now leading the investigation into the Target and Neiman Marcus breaches. It is in fact the Secret Service who alerted Target to the problem.  The New York Times wrote: Target had no clue until the Secret Service alerted the company about two weeks before Christmas. Investigators who had been tracking these criminals overseas and monitoring suspicious credit activity spotted in December one common thread: charges and payments made at Target.

While he didn't detail the exact systems the agency uses during the hearing, the Secret Service said "proactively investigates cyber crime using a variety of investigative means to infiltrate these transnational cyber criminal groups."

- more info

Getting BYOD Management Under Control

As employees bring their own personal devices to work, they are demanding access to corporate data in real time. IT must respond to BYOD, balancing productivity gains with security and user privacy. A recent IDG Research survey found many IT professionals saw advantages in cloud-based Mobile Workspace Management (MWM) technology.

BYOD include consumer SmartPhones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but it’s also risky. How can you say ‘yes’ to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?

With the advent of Bring-Your-Own-Device - BYOD and the ever increasing mandated requirements for record retention and security CIOs are challenged to manage in a complex and changing environment.

Bring Your Own Device Sample


- more info

2014 starts with a security beach

Security ManualPhone numbers paired with user names of over 4.6 million alleged Snapchat users were posted online by hackers, a few days after a security research group claimed a vulnerability in the social sharing service that could allow attackers to match phone numbers to Snapchat accounts.

"This database contains username and phone number pairs of a vast majority of the Snapchat users," said a post on website SnapchatDB.info. The account has since been suspended, apparently by the hosting service.

Many organizations fail to realize the benefits of security information management due to the often exhaustive financial and human resource costs of implementing and maintaining the software. However, Janco's Security Manual Template  - the industry standard - provides the infrastructure tools to manage security, make smarter security decisions and respond faster to security incidents and compliance requests within days of implementation. The template provides a framework for evaluating SIM services and shows how they could be applied within your organization.

Order Security ManualTable of Contents

- more info

CIO concerns digest - top 5 current articles

Top 5 current articles on CIO concerns:

Order CIO Job Description
  1. Budgeting Puts Fear Into Many CIOs and IT Managers Budgeting for 2014 is challenge for many CIOs Budgeting can be a harrowing experience or an opportunity to show that you are an executive who...
  2. Data Center Trends for 2014 Budgets for 2014 reveal Data Center Trends New technologies and applications are impacting the data center management processes.  This includes cloud computing, social media, mobile...
  3. Top 10 Things a CIO Needs to Add Value Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
  4. CIO Issues with workload, budgeting, and staffing CIO issues are made more complex as staffing levels and budgets remain flat As the 2014 budgeting cycle starts, CIOs clearly have their hands full...
  5. Top 10 CIO Productivity and Budgeting Issues CIO – Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
- more info

Will Smartphones and Tablets become the cameras of 1984?

The sophistication of our mobile devices has grown in the last decade - but they are set to predict our next move, purchase and action in the future.

Within 5 years smartphones and tablets will utilize cognizant computing - the next step in personal cloud computing - rendering them capable of predicting our next move based on what it knows.

IT Infrastructure PoliciesInfrastructure Policy Sample

Smartphones are becoming smarter, and will be smarter than you by 2017according to some researchers. For example, if there is heavy traffic, it could wake you up early for a meeting with your boss, or simply send an apology if it is a meeting with your colleague. The smartphone will gather contextual information from its calendar, its sensors, the user's location and personal data.

Mobile Device Use By adding an array of features to mobile devices including GPS trackers, cameras, apps and sensors that can improve and record our daily lives and browsing habits, the addition of personal cloud computing gives applications the opportunity to acquire knowledge over time and predict what we need and want in real-time.

The first services that will be performed will generally revolve around simple tasks - such as creating a weekly to-do list or sending birthday messages. However, this type of activity outsourcing will eventually allow a greater array of applications and services to take control of other aspects of a user's life.

Before 2020, as cognizant computing develops to perform these tasks, data stored in the cloud will also allow devices to make sense of information gathered.

- more info

Backup infrastructure is critical in today's environment

Many companies are acutely aware of the costs and risks associated with lost or unrecoverable data on employee devices, including desktops, laptops, and mobile devices. While mobility initiatives, including bring your own device (BYOD), are gaining popularity, Janco Associates (www.e-janco.com) has discovered that many firms do not have adequate protection, recovery policies or tools in place to manage their ever-increasing volumes of data.

Backup Policy  BYOD Policy

Janco believes there is a critical requirement to protect sensitive data residing on desktops, laptops, and mobile devices. It is more critical than ever, to have a a backup infrastructure in place along with formal BYOD procedures.

Must Have Policies

All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.

- more info

Mobile Computing Digest - Summary of Current Articles

Mobile Device UseMobile Computing Digest

Order Mobile Device Access Use PolicySample Outsourcing Policy

- more info

Best Practices Breifs

Best Practices for CIOs

  1. Social media policy needed to meet internal audit requirements Social Media Policy is Missing in Over 50% of all Organizations Internal audit has never been easy, and a recent survey shows that 43% of...
  2. 10 Compliance Best Practices 10 Corporate Compliance Best Practices Compliance is a major issue that organizations of all sizes need to address.  In the information technology field they range...
  3. Top 10 Best Practices for BYOD Best practices for  BYOD Janco has defined the following 10 best practices to follow as BYOD is implement. Have a BYOD policy in place before...
  4. 10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations.  CIOs are in the cross hairs and need to follow...
  5. Top 10 Best Practices for Omni Commerce and ERP Omni Commerce and ERP top 10 best practices CIOs should follow   As the new model Omni Commerce and its associated ERP solutions are implemented,...
- more info

Weak spending - a drag on IT Growth

IT Performance Metrics

Consumers spent more in March without raiding savings accounts, despite a smaller-than-expected bump in income, but the data still point to a slowly growing economy on the verge of stalling.

Spending climbed just 0.2% in March after a 0.7% surge in February, the Commerce Department said Monday. But that was better than forecasts for 0.1%.

Personal income also rose 0.2%, down from 1.1% in the prior month and below expectations for 0.4% growth. And while consumers didn't dip into rainy-day funds, they didn't add much to them either. The savings rate held at a modest 2.7%.

Lower gas prices probably helped households stay out of their savings accounts, said the president of Naroff Economic Advisors. But that's not a sustainable path to growth.

Metrics for ITMetrics for IT

- more info

CIOs worry about SmartPhones becase they are full blown comuters

Smartphones are computers and have associated risks

Security ManualThe new era of smartphones and the Internet of Things can be a dangerous place to do business. It is enough to make a CIO long for the days when the biggest security threats were passwords written on sticky notes attached to computer monitors or the “Stoned” virus that made PC screens images jiggle.

While the new threats are real - although at times overblown as the white hat hacker economy depends on a questionable relation between hackers wanting to turn their digital cracking prowess into a business and vendors who want to keep bad publicity to a minimum - CIOs and corporate technology execs need to focus on the big security picture rather than sink into a morass of fixing every new vulnerability. Here are some lessons learned from attending this yearÂ’s Black Hat conference.

  • Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info...)

Electronic Communication Mobile Device Use

Order Mobile Device Access Use PolicySample Outsourcing Policy

- more info

Disaster Recovery Hot Topics

DRP/BCP Security Templates
Current posts on disaster recovery and business continuity.

  1. Disaster Recovery and Business Continuity Top 10 Disaster Recovery and business continuity are all about being ready for everything.  The question that every IT manager and CIO has to answer every day...
  2. Options for a data center disaster recovery strategy Data Center disaster recovery strategy – options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy — Hot...
  3. Sandy shows that not being prepared can be fatal to an enterprise Business Continuity Plans Are Expensive A companyÂ’s disaster recovery and business continuity programs would be incomplete without covering compliance risks and without using compliance tools...
  4. High Availability Versus Disaster Recovery High Availability High Availability is when A machine that can immediately take over in case of a problem with the main machine with little down...
  5. Top 10 Selection Criteria for a Disaster Recovery Cloud Provider Cloud disaster recovery business continuity When looking for cloud providers of Disaster Recovery and Business Continuity Services you need to establish that they will be...
Order DRP BCP SecuritySample DRP Security Manual


- more info

Cloud and BYOD Digest

BYOD Policy

Recent cloud and BYOD blog postings

Bring Your Own Device Sample
- more info

Mobile computing drives CIOs to focus on many compliance issues

Mobile devices let you do business any time and from almost anywhere. Share with colleagues from the beach, respond to a vendor from an airport, and close deals from commuter trains. But the enormous power of anywhere/anytime business comes with risks, especially if you work in a regulated industry or if your company is subject to corporate governance requirements.

Janco's Mobility Policy Bundle provides set of rules of the road that address issues like

  • Best practices on usage of mobile devices including security compliance
  • How to use social media compliantly on mobile devices
  • Engaging effectively with your social connections
  • How to untangle the complicated web of regulatory, legal, and corporate compliance requirements related to usage of mobile devices
  • How the Mobility Policy Bundle helps you be compliant

Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
- more info

Cybercrime watch

Security ManualCybercrime watch

Order Security ManualTable of Contents

- more info

Health IT funding is hot

Funding for health IT startups hit nearly $500 million during the first quarter of 2013, according to a new report from Mercom Capital Group, and the number of companies receiving funding more than doubled from last year.

IT Hiring KitJob Descriptions ITIT Salary Survey

Some of the areas getting funding include telehealth, mobile health and scheduling apps for patients

The most important aspect of any business is recruiting, selecting, and retaining top people. Research shows those organizations that spend more time recruiting high-caliber people earn 22% higher return to shareholders than their industry peers. However, most employers do a miserable job selecting people. Many companies rely on outdated and ineffective interviewing and hiring techniques. This critical responsibility sometimes gets the least emphasis.

Order Interview Hiring GuideSample Policy
- more info