IT Management Knowledge Base

CIO and IT Management Planning Tools

It is essential to have a proper backup strategy in place in case something goes wrong. Below are articles and links to tools that can help you in the Disaster Recovery and Business Continuity Planning and execution process. This knowledge base has been developed by Janco Associate, Inc.

  • News Feed

  • IT Job Descriptions - 2024 Edition Released

    CIO Resource Site News Feed

    326 Job Descriptions  included in the latest Edition of theInternet and Information Technology Positions Description HandiGuide

    Job Descriptions - 2023 EditionThe 326 positions include all of the functions within the IT group. The Job Descriptions have been updated to be compliant with PCI-DSS, GDPR, Sarbanes-Oxley, HIPAA, CobiT, and the ITIL standards. The job descriptions are all structured to focus on "Best Practices" as defined by the IT Productivity Center to meet the requirements of World Class Enterprises. They are ready to use and easily modified to meet your enterprise's unique requirements.

    Each job description is between two (2) to six (6) pages in length and has been created utilizing CSS style sheets. As such they are "out of the box" ready to use with little or no modification other than organization specific customization.

    326 Internet and IT Job Descriptions as individual files in MS WORD and ePub formats. Long file names have been used to make customization easier.

    Order IT Job Description HandiGuide  Sample Description  Download TOC


    Technology Resilience and Business Continuity

    Technology resilience - DRP and BCP

    Technology Resilience and Business ContinuityTechnology resilience is defined as an organization's ability to maintain acceptable service levels through, and beyond, severe disruptions to its critical processes and the IT systems which support them.

    Seven (7)  factors C-level executives can use to get a clear grasp of what their enterprise's technology resilience is.

    1. Awareness is having the knowledge of what are the normal business operation requirements are; what dependencies there are on
    2. Protection is more than having physical and system access and security controls.
    3. Discovery is to know when a failure occurs.
    4. Preparedness means having specific action steps and plans in place to address the effects of a disruption.
    5. Recovery focuses on returning services and operations to business as usual levels within defined timescales and with minimal acceptable data loss following an event causing disruption or failure.
    6. Review and Assessment is essential for every technology resilience program, and includes post-incident reviews to identify the root causes of disruptions.
    7. Improvement is the process of taking the knowledge gained from all the above and taking steps to improve systems and increase resilience, and to continuously refine disaster recovery and business continuity plans.

    Order Security Manual Template Download Sample


    Supply Chain Cyber Attacks on the rise

    Managing a Supply Chain Security Management System (SCSMS)

    Supply Chain Security Audit ProgramA hot topic is the impact of Software supply chain (SSC) attacks with data showing these attacks rising more than 742% over the past three years.

    With such continued growth, organizations continue to look for ways to mitigate the risks of SSC attacks, and various industry organizations continue to publish guidance to help organizations. The latest release comes from the US National Institute of Standards and Technology (NIST), in its special publication 800-204, also known as Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines.

    Order Supply Chain Audit Program Download sample

     


    CIO Planning Priorities

    Top CIO Management and Planning Priorities

    CIO priorities

    Janco conducted a survey of 274 IT functions across multiple industries and from mega corporations to companies with as few as 50 IT professionals.  In 2023 the top 10 priorities:

    1. Security and Hacking
    2. Compliance
    3. Budget Management
    4. Access Management
    5. Privacy / Identity Protection
    6. Productivity of IT
    7. Mobile Computing
    8. Blockchain, ERP, and Cloud
    9. Work From Home
    10. AI Implemtations

    Download  TOC IT Mgt Tool Kit  Order IT Management Tool Kit

     


    Top 10 Social Network Security Tips

    Top 10 Social Networking Tips

    Top 10 Social Networking TipsTop 10 tips to improve social networking securitySocial Networking Policy

    1. Educate employees
    2. Have employees use different passwords for different system
    3. Mandate strong passwords
    4. Have employees change passwords regularly
    5. Do not share accounts
    6. Implement two factor authentication
    7. Educate employees to NOT open email attachments or go to links where the originator is not known 
    8. Utilize antivirus and security software
    9. Don't friend people you do not know
    10. Validate and verify

    Order Social Networking Policy  Download Selected Pages


    Data Scientist Job Description and Salary Data

    Data Scientist Job Description

    Order Data Scientist Job Description

    Data Scientist Job Description - Hot New Job Title - In a recent article in the Harvard Business Review, the sexiest job of the 21st Century is that of Data Scientist. The job description created Janco has provides a clear definition of that role the individual plays in an organization.

    Data Scientist Job Description

     

     


    Ransomware – IT Governance Infrastructure Key to Protection

    have US Health sector targeted by Royal and BlackCat Ransomware

    Royal was first observed in early 2022.They are believed to have very experienced operators, previously belonging to other infamous cybercriminal groups including Conti Team One

    It is a 64-bit executable written in C++ whcih targets Windows systems by encrypting files and appends ".royal or
    ".royal_w" extensions to filenames and creates "README.TXT” ransom note.

    BlackCat ransomware, AKA ALPHV, AlphaVM, Noberus, Coreid, FIN7, Carbon Spider was first detected in November 2021; per the FBI, they compromised at least 60 victims in four months.  It is written in Rust; highly adaptable; Ransomware-as-a-service and conducts triple extortion (ransomware, threats to leak stolen data and distributed denial of service attacks.

    Read on Order Security Manual Template Download sample


    IT Governance Management Team

    IT Governance Management TeamIT Governance Management Team job descriptions

    To support the process the IT Governance HandiGuide  includes ten (10) full job descriptions:

    Read On  Order Strategy  Download TOC


    Password Managers provide false sense of security

    Most password managers are insecure eventhough they are comprehensive, detailed, and customizable

    Password ManagerThe most popular password managers for Windows can actually leak your login credentials to the PC's memory. A hacker could potentially snatch up the sensitive data when the password manager turns on.

    The research examined the security of four products including 1Password, Dashlane, KeePass, and LastPassFree at LastPass. The company was surprised to find that the products didn't always encrypt and then delete password data in the PC's background processes. Even the master password, which can be used to unlock all your stored passwords, can be exposed.

    Order Security Manual Template Download Sample


    China continues to be a security threat

    Security Policies - Procedures - Audit Tools

    China a security threatAn employee is alleged to have stolen trade secrets from her two employers 9 (including Coca-Cola and availed these to a Chinese company that her co-conspirator managed. The theft was carried out in a straightforward manner: She uploaded information to Google Drive; for the more sensitive documents she used her smartphone's camera to take screenshots of the documents, avoiding detection from the security team.

    This occured after the employee left Coca-Cola. The individual signed a statement that attested they did not retain trade secret information owned by Coca-Cola and in exchange received a check for $39,912 - which appears to have been the last paycheck from the company.

    Read on Order Security Manual Template