CIO - Job Description - Salary - IT - News


Staffing Issues for CIO concern

Staffing Issues the CIO Needs to be Aware of

Overseeing staffing, a hat that many CIOs wear, may mean having to make crucial decisions about hiring and policy, performance management and discipline, and employee terminations.

Five employment law issues should be on the radar of CIOs who oversee the staffing function.

  1. State and Local Wage and Hour Laws - Laws governing hours of work and payment of wages are a leading source of employee claims.
  2. Federal, State, and Local Leave Laws - Similarly, different states and cities may have medical leave and paid sick-time laws that differ significantly from what CIOs are familiar with under federal law or the law in the the company's headquarters state.
  3. Independent Contractors - Claims by individual contractors alleging that they were misclassified and should have been treated as employees are now very common.
  4. Separation Agreements - Using a one-size-fits-all separation agreement may result in paying an employee severance pay and not getting an enforceable release of all legal claims in return.
  5. Using Contracts to Protect Business Info and Customer Relationships -  CIOs of growth companies may need to be responsible for evaluating whether the company is taking the steps to ensure that, if necessary, restrictive employee contracts will be enforced by courts to the greatest possible extent.

Order IT Job Description

Sample job description

Download Selected IT Job Descriptions

- more info

Poor Network Control Policies

Security Manual Template and Compliance Tools

Using Plain FTP

It’s way too cheap and easy to download a free FTP tool off the Internet,  or even use a command-line for those savvy computer users. Plain FTP is sent “in the clear” across the network, prime for a man-in-the-middle  attack or to assist bad actors with a data breach. Organizations that use  plain FTP open themselves up to attack, giving intruders free reign in  their network.

Not Keeping Systems and Software Up to Date

Microsoft and other software organizations release frequent updates. They don’t release these updates out of the goodness of their hearts;  they do it because security holes were found in their code, in Java, or in  OpenSSL, and they need to patch the software. Not keeping systems  and software up to date is just shooting yourself in the foot. It’s worth  the temporary annoyance to make your data a little more secure. This  includes keeping certificates current.

Not Knowing What’s Happening on Your Network

If you are monitoring what’s coming into and going out of your network,  as well as who is connecting and when, that’s a big step in controlling  your network. Also, if you have multiple systems to manage, it’s much  easier to get a clear picture of what is going on if all of the data is monitored in one location.  You should include in your security policy a requirement for periodic  reports, email alerts, and other real-time indicators of activity on  the network.

Download Selected Pages

- more info

VPNs are not the endall for security

VPN Security an Issue that needs to be addressed

It is a common belief that the best way to protect one's privacy online is to use a VPN (virtual private network). VPNs theoretically let you use the public internet as if you were on a private network. They let you hide and encrypt your online activity, even from your own ISP. And they enable you to spoof your location, so you can say you're going online in another city or country.

However, a recent study found that an alarmingly high number of VPN services offered through Android apps violate your privacy, rather than protect it.

The study found that 38% of Android VPNs are infected with malware, 18% don't have encryption and 75% track user activity. Some Android VPNs inject JavaScript programs for tracking or for redirecting online shopping queries to paid partners of the app creator.

Order Security ManualDownload Selected Pages

- more info

Email Privacy Act would require more warrants

Email Privacy Act would require more warrants by police

A bill reintroduced in the U.S. House of Representatives would require law enforcement agencies to get a warrant before they poke around users’ emails and other communications in the cloud that are older than 180 days.

If the Email Privacy Act becomes law, government agencies will have to obtain a warrant based on a showing of probable cause to compel service providers to disclose emails and other electronic communications of Americans, regardless of the age of the mails or the means of storage. In the original version of the legislation, the government also had to notify the person whose account is disclosed, along with a copy of the search warrant and other information, within a stipulated period.

Order Security ManualDownload Selected Pages

- more info

Tech focus of new administration job creation and repatriation of profits

2017 Tech focus of new administration job creation and repatriation of profits

Job creation for American workers, international trade barriers, U.S. trade and access to the Chinese market, lower taxes, repatriation of profits held overseas, improving U.S. physical and digital infrastructure, cybersecurity, protecting intellectual property rights, government software, technology in education, improved vocational training, reducing government bureaucracy and greater accountability in the government procurement process.

The repatriation of profits has been a hot-button issue, with U.S. tech companies unwilling to bring back profits held overseas because they would have to pay U.S. taxes. New administration signaled some sympathy for corporations by describing the taxes as "prohibitive."

Order IT Job DescriptionSample job description Download Selected IT Job Descriptions

 

- more info

Mobility and computing recent articles

Mobility computing articles that are must reads

Mobility PolicySome recent articles on mobility and computing:

Order

- more info

Is your enterprise prepared for Brexit?

Is your enterprise prepared for Brexit?

Brexit issuesHere are some of the questions that need to be answered:

  • It will take at least two years for the UK to disentangle from the EU. How will this period of uncertainty affect our company? Compliance? Security?
  • How much business do we conduct with Europe?
  • Would a less regulation hurt us?
  • Would a delay in a new compliance rules with Europe hurt us?
  • Freedom of movement within the EU is already changing. What further outcomes could UK departure cause both for EU citizens who want to work here and UK citizens who work in Europe? Mobility issues?
  • Will there be any potential staffing problems?
  • Will Brexit have any impact on our suppliers and our supply chain?
  • If EU regulations no longer apply where might the UK government impose new regulations?
  • Could the swift decline in the value of the pound hurt us?

Order Compliance Kit

- more info

Will EU privacy requirements kill US based cloud processing

Will EU privacy requirements kill US based cloud processing

EU privacy requirementsEUs new privacy regulations require that data remain in the EU.  That means that companies must build on-premises applications in Europe to house this information. Costs are high include on-premises servers, in annual licensing fees, payroll and human resources systems, and additional head count, not to mention ongoing training and support expenses. and human resources systems, and additional head count, not to mention ongoing training and support expenses.

Order Cloud Outsourcing TemplateDownload Selected Pages

- more info

Password Security Tip

Password

Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info

Top 10 Cloud postings

Top 10 cloud postingsTop 10 Cloud postings

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Demand for wearable devices explodes

Demand for wearable devices explodes

Wearable vendors shipped 27.4 million devices in the fourth quarter of 2015. That is almost 130% more than the last quarter of 2014  For the whole year, worldwide wearable shipments amounted to 78.1 million devices, up 171.6 percent from 2014.

The triple-digit growth shows that "wearables are not just for the technophiles and early adopters.

Wearable Device Policy

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity


 Download Selected Pages


Mobility Policy Bundle
 (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
Order
- more info

Physical security now a major concern of CIOs

Terrorist AttackPhysical security now a major concern of CIOs

With the recent terrorist attack physical security is seen as growing concern for all organizations. Among the ranks of potential threats that organizations face, acts of terrorism is an increasing concern.

More than one half of all CIOs that we have talked to have expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization.

Order Security Manual Download Selected Pages 

- more info

Ransomware is more common than you think

Ransomware is more common than you think

RansomewareRansomeware has grown in occurrence and sophistication in recent months. One of the best known forms, called CryptoWall, just had Version 4 released.  It has a greatly improved ability to hide from antivirus software and firewalls. It is estimated that the  distributors of CryptoWall made more than $25 million in 2015. There have been recent indications that the bad actors are concerned about maintaining the belief that paying the ransom will really allow for file recovery. As such, in some instances, they have been found on PC help forums, assisting victims with file recovery and payment issues. How big of them!

Ransomeware typically ignores local drives but attacks server drives.  It will encrypt the data files and accounting databases on the server.

Malwarebytes is a great tool you can use to eradicate the actual infection from any PCs. Once that is done you can began to plan for file recovery.

Order Security Manual Download Selected Pages

- more info

Some executive fight security practices

Some executive fight security practices

Security PoliciesEven today there are clashes with senior business executives that make it more challenging for CSOs and CISOs to create a secure environment.

Many of the conflicts that occur between security and business executives are due to ongoing philosophical differences regarding risk and convience.  Many of them feel they are above the standards and can do whatever they want.

Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data.

Order Security Manual Download Selected Pages

- more info

Why do CIOs move to the cloud?

The need to lower cost, increase efficiency and conserve cash has increased the motivation of companies to turn to Cloud Computing and increased the appeal of alternative delivery models. The disruptive shifts in new demand and supply patterns drives changes for how IT services are bought and from whom. Cloud computing requirements need to be well defined.

Reasons Why CIOs Recommend Outsourcing

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Planning for Blackouts

Planning for Blackouts

The power grid failure need to be considered in DR BC planning. A power grid consists of a set of large power plants (hydro-power plants, wind farms, solar panel farms, nuclear power plants, etc.) all connected together by wires. A grid can be as big as half of the United States.


Most grids work very well as a power-distribution systems because they allow power sharing very economically. For example, a power company needs to take a power plant or a transmission tower off line for maintenance, the other parts of the grid can pick up the slack.  However that also is the greatest risk as weather can impact on part of the grid that can the trickle down and impact the rest of the grid.

 Order Disaster Plan Template Download Selected Pages

- more info

Setting the standard for IT Infrastructure

Setting the standard for IT Infrastructure

Infrastructure and governanceInformation infrastructure and governance is not on most our minds every day. Many CIO thing the enterprise operations staff will figure it out. Or maybe that three-ring binder of rules and policies will cover it.

Neither is true. Information infrastructure and governance is an all-in proposition. It requires diligence on the part of employees, oversight on the part of management, direction from the enterprise strategy, and true, firm support from company ownership levels. It ain’t easy.

But it’s mandatory. In this litigious age, the smallest infraction from information management policy can - and will - result in grievous penalty and even business-threatening consequences.

Order IT Infrastructure Kit Download Selected Pages

- more info

Most security breaches are not discovered for over 9 months

Security Breaches - Secrurity BreachesSecurity incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks.

Most companies take over 9 months to discover a breach has occurred, often only when notified by outside parties. Surprisingly, a recent research study showed that more than 90% of successful breaches used only the most basic techniques. Today's advanced breaches can work over weeks or months, sending small, innocuous packets to command-and-control servers while
capturing secure or regulated information from your systems.

Order Security Manual Download Selected Pages 

 

- more info

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

 Order Disaster Plan TemplateDisaster Plan Sample

Following  the 10 commandments of disaster recovery and business contunity are the keys to a successful planning and execution of those plans.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

- more info

Security issues that CIOs need to manage

Security Manual

Security is a critical issues as related in several posts:

Order Security ManualTable of Contents

- more info