CIO - Job Description - Salary - IT - News

Reading for CIO candidates

Recommended Readings

- more info

IT Jobs are an important part of the US job market

IT Jobs are an important part of the US job market

IT High-tech is an important part of the U.S. economy, employing nearly 3.3 million. While this accounted for about 3 percent of total employment, the IT high-tech sector is one of the highest paying sectors.

IT Job Market 

According to a study, the high-tech sector can be defined as industries having high concentrations of workers in STEM (Science, Technology, Engineering, and Mathematics) occupations.

Salary Survey
 Job Descriptions IT Job Families IT Hiring Kit Interview Guide

Order Salary SurveyDownload Selected PagesDownload Selected Pages


- more info

Infrastructure will be key to long term success

Digital Brand Manager

IT Expertise goes mainstream with the moves towards the digital market place

Digital Brand ManagerBusinesses need to rethink their fundamental approach to the future of work.

In an effort to better market to the millennial generation - now the largest subset of the American workforce - businesses are adopting an ever-growing avalanche of new social, mobile,  and collaboration tools. But does adoption equal efficiency?

Today employees use fewer than half of installed enterprise collaboration tools on a regular basis. Others project that by 2017, 25% of companies will lose their market position as a result of digital business incompetence and an ineffective response to how consumerization trends have changed the way work is best accomplished.

Order digital brand manager job description

- more info

Top 3 challenges in metrics montioring

Top 3 challenges in metrics montioring

Metrics monitoringCIO and their staffs have major challenges in monitoring and metrics programs:

  1. There is too many factors to set metrics for and monitoring all of them is too costly.

    This means it can be really easy to ignore or overlook the need for true performance monitoring. IF there is so much to review nothing is reported in a timely manner.  In addition, if the organization is relying on old metrics measiurement tools that only do some of the job, like monitoring only legacy applications or applications running on a certain network.
  2. The tools use to monitor metrics are just not good enough.

    Many legacy metrics reporint tools don’t have the right features to monitor web applications and provide the CIO with actionable information. 
  3. Custom in-house solutions that are not update frequently to meet KPI objectives are limitied at best.

    Relying on instinct to solve performance problems, or building your own metrics monitoring tool that seems like it’ll be good enough, will both likely backfire espically if they are not contstantly updated.

Metrics for ITDownload Selected Pages

- more info

Average cost of a data breach is over $7 million

Data Breach and Network Intrusion Detection Tools

Experian has serviced nearly 17,000 breaches over the last decade. In 2015 alone, they serviced 3,550 different incidents. The company actually spends most of its time doing pre-breach work, helping clients and cyber insurance carriers prepare for data breaches. With data breaches preparation is key to getting through the experience with minimal impact to the business.

Cost of data breaches

The average total cost of a data breach is now $7.01 million. The average cost per lost or stolen record is now $221.

Some of those costs are associated with response activities, such as sending out notices and performing a forensics analysis.

Companies that do business in other countries have to keep in mind that every country has its own laws and requirements for breach response. In the EU, 38 countries outline notification and/or consumer privacy requirements, and they can differ from country to country. The General Data Protection Regulation, scheduled to go into effect in May 2018, will supersede those individual laws. Until then, a multinational breach will require specific knowledge of each country's laws, complicating the response activities.

Order Data Breach & Network Intrusion ToolsDownload Selected Pages

- more info

Hackers are attacking mobile devices

Primarily because mobile device applications have the potential to interact with confidential or sensitive information, many organizations see this area as a primary technology challenge to address and a main focus for security initiatives. Hackers have taken notice to this fact and have started targeting these mobile applications - which can ultimately lead to decreased trust in an application or an organization that uses it.

  • Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Mobile Device Access and Use Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Travel and Off-Site Meeting Policy (more info...)
- more info

Cloud Computig shifts computing model for many corporatrions

IT InfrastructureCloud computing, specifically Infrastructure-as a-Service, has shifted from a new but unproven approach to an accepted, even inevitable, model. Driven by flexibility and efficiency, the question facing most organizations is not whether the cloud is part of their infrastructure plans, but which applications and workloads to move to the cloud and when. But even as the benefits of cloud and hosted models have become apparent, concerns persist about security, and an assumption lingers that the cloud is inherently less secure than an enterprise data center environment.

Order Outsourcing PolicySample Outsourcing Policy
- more info

Microsoft goes after pirates

According to Microsoft Comcast has an IP address that have activated thousands of copies of Microsoft's products including MS Office and Windows 7.  They have asked a federal judge permission to serve Comcast with a subpoena to identify alleged software pirates using stolen or abused codes.

Microsoft said in its court filing that, "For an unknown period of time -- but for at least the past three years -- the Infringing IP Address has been used to activate thousands of Microsoft product keys."

Security Manual Template and Compliance Tools

Order Security Manual 


- more info

Every Business Needs Security

Every Business Needs Security


Every business needs securityOf the hundreds of data breaches that occurred in 2015, most people can only name those that targeted major corporations: BlueCross BlueShield, Experian, Ashley Madison, etc. However, just because these massive thefts were the only ones to make the news doesn’t mean smaller businesses are safe from cyberattacks; in fact, oftentimes they are even more vulnerable to digital disasters.


A majority of small businesses are woefully under-protected against cyberthreats, but erroneous feelings of invincibility are preventing businesses from correcting their cybersecurity mistakes. Learning why security is important for every business - no matter how small - will help companies stay alive in this dangerous digital climate.


Order Security Manual Download Selected Pages

- more info

Cost of averge security breach $3.8 million

Cybersecurity threats are on the rise. In 2015 the average cost of a data breach was $3.79 million, and that figure is expected to grow to close to $5 million by the end of this year.

Security RisksAreas of concern are:

  • Cloud Services - danger that they’re bypassing security protocols and systems in the process
  • Ransomware - Kits for this software are now readily availalbe. The attack encrypts important files, rendering data inaccessible until you pay the ransom.
  • Spear phishing - Phishing attacks are growing more sophisticated all the time, as official-looking messages and websites, or communications that apparently come from trusted sources, are employed to gain access to your systems.
  • Known vulnerabilities - Once these are published everyone is exposed
  • Internet of Things - As connectivity spreads into every corner of our lives and businesses, it becomes more and more challenging to maintain a clear view of entry points and data flow.

Order Security Manual Download Selected Pages

- more info

FBI can demand web history without a warrant

FBI can demand web history without a warrant

The FBI can compel companies and individuals to turn over vast sums of personal data without a warrant. The FBI has used its authority to force companies and individuals to turn over complete web browsing history; the IP addresses of everyone a person has corresponded with; online purchase information, and also cell-site location information, which he said can be used to turn a person's phone into a "location tracking device.

Security Policies - Procedures - Audit Tools

Order Security Manual Download Selected Pages

- more info

Cybercrime costs businesses millions of dollars

Cybercrime costs businesses millions of dollars.

A recent survey of US companies reports an average cost at $15 million and in Russian the average cost at $2.4 million. Part of the differance is the dependance of US companies on the Internet.

Order Security Manual Download Selected Pages

Security Policies - Procedures - Audit Tools

Order Security Manual Download Selected Pages

- more info

World Class CIOs are focusing on wearable device Security

Wearable Device Security -- Janco Associates has determined that most mobile devices have some major vulnerabilities. They include:

  • Insufficient User Authentication/Authorization
  • Data Encryption Missing
  • Insecure Interfaces
  • Software/Firmware Updates Not Secure
  • Privacy Controls are missing

The purpose of the Wearable Device Policy Template is to define standards, procedures, and restrictions for end users who have specific and authorized business requirements to use the devices connected via a wireless or unmanaged network outside of ENTERPRISE’s direct control.

Wearable Device Policy - It is 17 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant Wearable Devices device and use process. Included are forms defining the mobile device environment.

 Download Selected Pages

- more info

Disaster Recovery Digest

Disaster Recovery Digest

Disaster Business Continuity Preparation
  1. Google data center security & disaster recovery This is a great video on physical security as well as the the software security. This is a great primer which all CIOs and Data...
  2. 10 best practices for cloud disaster recovery Cloud Disaster Recovery 10 Best Practices Creating out a complete cloud disaster recovery infrastructure can be cost prohibitive for many organizations.  Ten best practices are:...
  3. Will your disaster recovery provider be in business when you need them? Disaster Recovery plans that depend on outsourcers face significant additional risk What if your were in Florida and the Hurricane season was in full swing...
  4. Options for a data center disaster recovery strategy Data Center disaster recovery strategy – options A critical component of a disaster recovery business continuity is the data center disaster recovery strategy — Hot...
  5. Infrastructure Key to Data Center Management and Disaster Recovery Infrastructure is key to data center management Data Center Management Issues – Your data centers are stuck in a rut. While 90 per cent have...


- more info

IT hiring takes off - Over 140,000 jobs added in the last 12 months

The IT Job Market job market kicked into higher gear in May, with more than 14,000 new jobs added in the field nationwide.

Janco Associates, which tracks IT jobs and CIO hiring trends, crunched the latest employment data released by the Bureau of Labor Statistics and found hiring in the IT sector once again on an upswing after the relative doldrums of the first quarter.

IT Hiring IT Job Descriptions IT Salary SurveyIT Salary SurveyJob Descriptions
Order IT Hiring Kit
- more info

BYOD management key concern of many C-Level executives

BYOD management key concern of many C-Level executives

Bring Your Own Device Sample

Three concerns for management of BYOD are:

  • Take control of BYOD costs by automatically tracking and billing work-related spend on employee-owned devices on almost any network
  • Enable employees to be more productive by eliminating time-consuming manual processes
  • Reduce the effort and cost of monitoring, processing and reporting BYOD expenses

BYOD Policy Template meets all mandated compliance requirements

Janco, in concert with a number of world class enterprises had created a BYOD Policy Template that addresses these issues and provides solutions for the following questions:

  • What are the legal implication of BYOD - What is the impact of the Stored Communication Act - Record Retention and Destruction?
  • What happens to the data and audit trail on a BYOD when an employee leaves the company?
  • What about a lost or stolen BYOD?
  • How is the BYOD configured to receive and transmit corporate data?
  • What kind of passwords are acceptable to use on a BYOD?
  • What kind of encryption standards are acceptable for BYOD?
  • What types of BYOD are allowed and what types are not?
  • What about jail broken, rooted or compromised BYOD?
- more info

16 States have 6% unemployment rates

In the month of April ther are 16 states with an unemployment rate of over 6%.  In addition there are 11 states where the unemployment rate has risen in the last 3 months. The states with the greatest increase in unemployment are West Virgina (from 6.1% to 7.0%) and Alaska (from 6.3% to 6,7%.

Order Salary Survey    Free Salary Survey
- more info

Will the information agecontinue to disrupt old ways

The information age is upon us and will continue to disrupt old ways of doing things and replace them with new digitally driven processes. Will this transformation be like the Industrial Revolution, painful but ultimately democratizing by increasing incomes and leisure time for the vast majority of Americans? Or will it escalate inequality and continue to hollow out the middle class?

IT Infrastructure Policies and Procedures

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

IT Infrastructure PoliciesInfrastructure Policy Sample

- more info

Over 42 million security incidents occured in 2014 - Even the White House was hacked

2014 had 42.8 million reported security incidents. That is a 48 percent increase over the previous year. The average size of the financial impact attributed to those incidents was $2.7 million, and the number of organizations reporting incident-related losses of more than $20 million increased 92 percent last year. But the true cost may never be known. As many as 71 percent of compromise victims did not detect the breach themselves, according to a 2014 report.

Policy and Procedure Manual
Compliance Management Made Easy
ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant

Supports Meaningful Use Compliant Stage Implementation

Includes PCI DSS Audit Program PLUS 24 Electronic Forms that are ready to use

Order Security ManualTable of ContentsVersion History
- more info

Information risk management defined

Information risk management defined

The components of this IT Management suite are all ready to use as soon as you download them. 

There is both a individual license for each item and an enterprise license which allows you to to place the product on your enterprise's INTRANET (not INTERNET) and they can be shared by groups/ divisions/data centers within a single Country / DUNS number.

CIO Management Suite

Information risk management involves eight steps:

  1. Identify all the assets that contain or transmit the information you are trying to protect. It may be PII (personal identification information), PHI (protected health information), PCI (payment card information), or any other proprietary or sensitive information important to the business. Those information assets include not only applications but the “media” that contains those applications, such as servers, back-up tapes, desk tops, laptops, and thumb drives.
  2. Identifiy threats to those assets. There are typically four categories for threats:  environmental (floods, lightning, fires), structural (infrastructure or software failure), accidental (uninformed or careless users), and adversarial (hackers, malicious insiders).
  3. Identify the vulnerabilities to those assets. For example, no data backup, no encryption, weak passwords, no remote wipe, no surge protection, no training, no access management, no firewalls, no business continuity plans.
  4. Determine the probability of each threat exploiting every vulnerability. What makes this step particularly hard (in addition to the volume) is the lack of specific data to support a calculable percentage of likelihood.  Some organizations use a simple high/medium/low ranking. But there are many metrics for assessing likelihood, including industry breach statistics, data-type breach statistics, data loss statistics by cause, industry complaint statistics, the breach and/or complaint history of your own organization, and the details of any security or privacy incidents.
  5. Determine thepotential  impact on your organization. There are many methods for determining the impact, the easiest being the $200 per breached record as annually determined by the Ponemon Research Institute, or calculating the cost more specifically for your organization using the free Excel model on the ANSI website which provides values for a variety of cost variables involved in a breach. Basically the costs include: remediation (the cost of the control/safeguard that should have been put in before the breach) plus mitigation, remuneration, legal costs, fines or penalties, business distraction, and reputational costs.
  6. Generate a risk-rating list, with high likelihood/high impact risks at the top, low likelihood/low impact risks at the bottom, and everything else in between.
  7. Find solutions and determine costs for all risks that have scored above the organization’s risk tolerance line.
  8. Reach a decision on the risk treatment. Let’s take, for example, lost or stolen laptops as the risk, which represents about 20% of the health-care breaches listed on the Health and Human Services websites. An unencrypted laptop used in the field could be considered high risk, depending on what safeguards (other than encryption) are in place.  The risk can be accepted, transferred (for example, outsourced to clinician group firms), avoided (no more laptops in the field), or mitigated (extra-strong passwords, remote wipe, tracking software, and so on).
- more info