Chief Information Officer and IT Managers Areas of Interest

Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA

Chief Information Officer and IT Managers Areas of Interest - The CIO and IT management news feed is one that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.

If you wish to subscribe to this news feed add the link below to your reader:

Janco RSS Newsfeed  Chief Information Officer News Feed


Free hacker tools make it easy to compromise weak passwords

Security Manual defines compliant password rules

Janco finds that over 30% of all users use the same passwords for multiple sites.  With that knowledge in hand hackers can target individual users to find their favorite passwords and use that information to more easily compromise secure business and personal data. 

Security Policies Procedures

Some of the tools they have available are:

  • Custom Word List Generator - Spiders a site or users social network postings to  determine unique words in site or in an individual's profile.
  • RSMangle - Takes a word list and generates mangled combinations and manipulations of those words.
  • Assocaited Word List Generator - Generates word lists based on search terms for a particular site or user profile.
  • Common User Password Profiler - A word list generator based on answers to questions that users submit to various web sites.
  • Userpass.py - A script that generates customized word list for a specific target so that a search is launched to find users in a company and then search profiles in social networks to generate a common word list.

Read on Order Security Manual Template Download sample

- Free hacker tools make it easy to compromise weak passwords


Security Best Practices

Security Best Practices

  1. Security ManualUnderstand who is accessing data via frequent auditing and real-time monitoring of data access.
  2. Keep current records on data access permissions .
  3. Classify data by sensitivity.
  4. Minimize and remove global access rights.
  5. Identify data owners and users.
  6. Include data access reviews when individuals are transferred, promoted, or terminated .
  7. Align groups to data ownership and management.
  8. Audit permissions and group changes.
  9. Lock down, delete or archive stale, unused data.
  10. Clean up security groupings.

Order Security Manual Template Download Sample

- Security Best Practices


Privacy is lost to those who want a visa to visit the US

Privacy Compliance Policy Roadmap

Privacy Compliance PolicyUnder new rules the US State Department now requires new visitors to the United States to hand over their social media account names as well as email addresses and phone numbers used over the past five years.

All fo the revised application forms for those seeking potential residency, education, work, or a tourist visa will have to supply the data. Roughly 15 million visa applicants who visit the country each year will be required to do this.

Order Privacy Policy Download Selected Pages

- Privacy is lost to those who want a visa to visit the US


Tip for Stopping Microsoft Updates

Controlling Microsoft Updates

If your are doing something critical or just too busy to deal with the latest Windows 10 update right now you have options. Hit Pause to delay Windows Update for up to five weeks. This option even cancels pending updates, leaving you free to keep working without fear of interruption.

For example, if you're about to hit the road on a business trip, the last thing you want is to deal with an unexpected update when you're rushing to finish packing or finalize an important presentation.

To avoid that unpleasant possibility, go to Settings > Update & Security > Windows Update > Advanced Options and click the Pause Updates button. (Beginning with Windows 10 version 1903, the Pause Updates button moves to the main Windows Update page, as shown here.)

That action immediately stops all updates, with the exception of Windows Defender definitions (which are typically small and don't require a restart).

Order Patch Management PolicyDownload Version control Selected Pages

- Tip for Stopping Microsoft Updates


Goverment Shut Down Effects Web Security

Goverment TLS Cets not renewed due to shutdown - Websites Down

TLS Certs not workingOver 80 TLS certificates used by US government websites have expired without being renewed, leaving some websites inaccessible to the public.

Websites with expired certificates where admins followed proper procedures and implemented correctly-functioning HSTS (HTTP Strict Transport Security) policies are down for good, and users can't access these portals, not even to browse for basic information.

Government websites with expired TLS certificates but which didn't implement HSTS show an HTTPS error in users' browsers, but this error can be bypassed to access the site via HTTP.

Security Manual TemplateOrder Security ManualDownload Selected Security Manual  Pages

- Goverment Shut Down Effects Web Security