IT Hiring IT Job Descriptions Salary Survey IT Salary Survey IT Job Descriptions

Chief Security Officer

What is the Chief Security Officer (CSO)?  The title Chief Security Officer (CSO) was first used inside the information technology department and function to identify the person responsible for IT security. At many enterprises, the term CSO is still used in this way.

The CSO title is also used in many enterprises to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. This individual often holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate departments.

The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, HIPAA, and ISO 27000 (formerly ISO 17799) 27001 & 27002 standards, desire an enterprise-wide view of operational risk.

Chief Security Officer - Position Purpose

The Chief Security Officer (CSO) is responsible for overall direction of all security functions associated with Information Technology applications, communications (voice and data), and computing services within the enterprise.  At the same time the CSO must be aware of the implications of legislated requirements that impact security for the enterprise.  This includes but is not limited to Sarbanes Oxley Section 404 requirements.

The CSO has the responsibility for global and enterprise-wide information security; he/she is also responsible for the physical security, protection services and privacy of the corporation and its employees.

The CSO oversees and coordinates security efforts across the enterprise, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards. The CSO works closely with the chief information officer and must have strong working knowledge of information technology.

A full 6 page Chief Security Officer (CSO) job description can be found by clicking here;

 

Internet and IT
Position Descriptions HandiGuide®

273 Job Descriptions Descriptions and Organization Charts  

  
Format Print Modify Source Cut & Paste

Features

Cost**
PDF Yes No No The complete Internet and IT Position Descriptions HandiGuide which includes the Job descriptions in PDF formats which utilizes the Adobe search and bookmark features. Less than $3.44 each Order Job Desccriptions
Word
Files
Yes Yes Yes Individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD.docx)
Less than
$3.83each
Order Job Desccriptions
Word
Book
Yes Yes Yes Word Search Fully Bookmarked.  All job descriptions are contained in single word book - NOTE this is a complex document and the user needs to know WORD very well to extract and modify the individual job descriptions (WORD.docx) Less than $4.59 each  Order Job Desccriptions
PDF
and Word
Files
Yes Yes Yes The complete Internet and IT Position Descriptions HandiGuide plus individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD.docx) Less than $5.75 each Order Job Desccriptions

 


 

 

 

CIO - CTO Employment News


Mobility and computing recent articles

Mobility computing articles that are must reads

Mobility PolicySome recent articles on mobility and computing:

Order

- more info

Staffing Issues CIO Need to be Aware of

Staffing Issues the CIO Needs to be Aware of

Overseeing staffing, a hat that many CIOs wear, may mean having to make crucial decisions about hiring and policy, performance management and discipline, and employee terminations.

Five employment law issues should be on the radar of CIOs who oversee the staffing function.

  1. State and Local Wage and Hour Laws - Laws governing hours of work and payment of wages are a leading source of employee claims.
  2. Federal, State, and Local Leave Laws - Similarly, different states and cities may have medical leave and paid sick-time laws that differ significantly from what CIOs are familiar with under federal law or the law in the the company's headquarters state.
  3. Independent Contractors - Claims by individual contractors alleging that they were misclassified and should have been treated as employees are now very common.
  4. Separation Agreements - Using a one-size-fits-all separation agreement may result in paying an employee severance pay and not getting an enforceable release of all legal claims in return.
  5. Using Contracts to Protect Business Info and Customer Relationships -  CIOs of growth companies may need to be responsible for evaluating whether the company is taking the steps to ensure that, if necessary, restrictive employee contracts will be enforced by courts to the greatest possible extent.

Order IT Job Description

Sample job description

Download Selected IT Job Descriptions

- more info

Is your enterprise prepared for Brexit?

Is your enterprise prepared for Brexit?

Brexit issuesHere are some of the questions that need to be answered:

  • It will take at least two years for the UK to disentangle from the EU. How will this period of uncertainty affect our company? Compliance? Security?
  • How much business do we conduct with Europe?
  • Would a less regulation hurt us?
  • Would a delay in a new compliance rules with Europe hurt us?
  • Freedom of movement within the EU is already changing. What further outcomes could UK departure cause both for EU citizens who want to work here and UK citizens who work in Europe? Mobility issues?
  • Will there be any potential staffing problems?
  • Will Brexit have any impact on our suppliers and our supply chain?
  • If EU regulations no longer apply where might the UK government impose new regulations?
  • Could the swift decline in the value of the pound hurt us?

Order Compliance Kit

- more info

Will EU privacy requirements kill US based cloud processing

Will EU privacy requirements kill US based cloud processing

EU privacy requirementsEUs new privacy regulations require that data remain in the EU.  That means that companies must build on-premises applications in Europe to house this information. Costs are high include on-premises servers, in annual licensing fees, payroll and human resources systems, and additional head count, not to mention ongoing training and support expenses. and human resources systems, and additional head count, not to mention ongoing training and support expenses.

Order Cloud Outsourcing TemplateDownload Selected Pages

- more info

Password Security Tip

Password

Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info

Top 10 Cloud postings

Top 10 cloud postingsTop 10 Cloud postings

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Demand for wearable devices explodes

Demand for wearable devices explodes

Wearable vendors shipped 27.4 million devices in the fourth quarter of 2015. That is almost 130% more than the last quarter of 2014  For the whole year, worldwide wearable shipments amounted to 78.1 million devices, up 171.6 percent from 2014.

The triple-digit growth shows that "wearables are not just for the technophiles and early adopters.

Wearable Device Policy

The use of wearable devices that can capture and broadcast video, voice, data and location information is increasing at an accelerated rate

Janco addresses the security, privacy and reputation management issues for a world in which wearable devices have cameras, microphones, massive data storage and INTERNET connectivity


 Download Selected Pages


Mobility Policy Bundle
 (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
Order
- more info

Physical security now a major concern of CIOs

Terrorist AttackPhysical security now a major concern of CIOs

With the recent terrorist attack physical security is seen as growing concern for all organizations. Among the ranks of potential threats that organizations face, acts of terrorism is an increasing concern.

More than one half of all CIOs that we have talked to have expressed concern about the possibility of both an act of terrorism or a security incident such as vandalism, theft or fraud disrupting their organization.

Order Security Manual Download Selected Pages 

- more info

Ransomware is more common than you think

Ransomware is more common than you think

RansomewareRansomeware has grown in occurrence and sophistication in recent months. One of the best known forms, called CryptoWall, just had Version 4 released.  It has a greatly improved ability to hide from antivirus software and firewalls. It is estimated that the  distributors of CryptoWall made more than $25 million in 2015. There have been recent indications that the bad actors are concerned about maintaining the belief that paying the ransom will really allow for file recovery. As such, in some instances, they have been found on PC help forums, assisting victims with file recovery and payment issues. How big of them!

Ransomeware typically ignores local drives but attacks server drives.  It will encrypt the data files and accounting databases on the server.

Malwarebytes is a great tool you can use to eradicate the actual infection from any PCs. Once that is done you can began to plan for file recovery.

Order Security Manual Download Selected Pages

- more info

Some executive fight security practices

Some executive fight security practices

Security PoliciesEven today there are clashes with senior business executives that make it more challenging for CSOs and CISOs to create a secure environment.

Many of the conflicts that occur between security and business executives are due to ongoing philosophical differences regarding risk and convience.  Many of them feel they are above the standards and can do whatever they want.

Security incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data.

Order Security Manual Download Selected Pages

- more info

Why do CIOs move to the cloud?

The need to lower cost, increase efficiency and conserve cash has increased the motivation of companies to turn to Cloud Computing and increased the appeal of alternative delivery models. The disruptive shifts in new demand and supply patterns drives changes for how IT services are bought and from whom. Cloud computing requirements need to be well defined.

Reasons Why CIOs Recommend Outsourcing

Order Cloud Outsourcing Template  Download Selected Pages

- more info

Planning for Blackouts

Planning for Blackouts

The power grid failure need to be considered in DR BC planning. A power grid consists of a set of large power plants (hydro-power plants, wind farms, solar panel farms, nuclear power plants, etc.) all connected together by wires. A grid can be as big as half of the United States.


Most grids work very well as a power-distribution systems because they allow power sharing very economically. For example, a power company needs to take a power plant or a transmission tower off line for maintenance, the other parts of the grid can pick up the slack.  However that also is the greatest risk as weather can impact on part of the grid that can the trickle down and impact the rest of the grid.

 Order Disaster Plan Template Download Selected Pages

- more info

Setting the standard for IT Infrastructure

Setting the standard for IT Infrastructure

Infrastructure and governanceInformation infrastructure and governance is not on most our minds every day. Many CIO thing the enterprise operations staff will figure it out. Or maybe that three-ring binder of rules and policies will cover it.

Neither is true. Information infrastructure and governance is an all-in proposition. It requires diligence on the part of employees, oversight on the part of management, direction from the enterprise strategy, and true, firm support from company ownership levels. It ain’t easy.

But it’s mandatory. In this litigious age, the smallest infraction from information management policy can - and will - result in grievous penalty and even business-threatening consequences.

Order IT Infrastructure Kit Download Selected Pages

- more info

Most security breaches are not discovered for over 9 months

Security Breaches - Secrurity BreachesSecurity incidents are rising at an alarming rate every year. As the complexity of the threats increases, so do the security measures required to protect networks and critical enterprise data. CIOs, Data center operators, network administrators, and other IT professionals need to comprehend the basics of security in order to safely deploy and manage data and networks.

Most companies take over 9 months to discover a breach has occurred, often only when notified by outside parties. Surprisingly, a recent research study showed that more than 90% of successful breaches used only the most basic techniques. Today's advanced breaches can work over weeks or months, sending small, innocuous packets to command-and-control servers while
capturing secure or regulated information from your systems.

Order Security Manual Download Selected Pages 

 

- more info

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

10 Commandments of Disaster Recovery and Business Continuity that guarantee success

 Order Disaster Plan TemplateDisaster Plan Sample

Following  the 10 commandments of disaster recovery and business contunity are the keys to a successful planning and execution of those plans.

  1. Analyze single points of failure: A single point of failure in a critical component can disrupt well engineered redundancies and resilience in the rest of a system.
  2. Keep updated notification trees: A cohesive communication process is required to ensure the disaster recovery business continuity plan will work.
  3. Be aware of current events: Understand what is happening around the enterprise – know if there is a chance for a weather, sporting or political event that can impact the enterprise’s operations.
  4. Plan for worst-case scenarios: Downtime can have many causes, including operator error, component failure, software failure, and planned downtime as well as building- or city-level disasters. Organizations should be sure that their disaster recovery plans account for even worst-case scenarios.
  5. Clearly document recovery processes: Documentation is critical to the success of a disaster recovery program. Organizations should write and maintain clear, concise, detailed steps for failover so that secondary staff members can manage a failover should primary staff members be unavailable.
  6. Centralize information – Have a printed copy available: In a crisis situation, a timely response can be critical. Centralizing disaster recovery information in one place, such as a Microsoft Office SharePoint® system or portal or cloud, helps avoid the need to hunt for documentation, which can compound a crisis.
  7. Create test plans and scripts: Test plans and scripts should be created and followed step-by-step to help ensure accurate testing. These plans and scripts should include integration testing— silo testing alone does not accurately reflect multiple applications going down simultaneously.
  8. Retest regularly: Organizations should take advantages of opportunities for disaster recovery testing such as new releases, code changes, or upgrades. At a minimum, each application should be retested every year.
  9. Perform comprehensive recovery and business continuity test: Organizations should practice their master recovery plans, not just application failover. For example, staff members need to know where to report if a disaster occurs, critical conference bridges should be set up in advance, a command center should be identified, and secondary staff resources should be assigned in case the event stretches over multiple days. In environments with many applications, IT staff should be aware of which applications should be recovered first and in what order. The plan should not assume that there will be enough resources to bring everything back up at the same time.
  10. Defined metrics and create score cards scores: Organizations should maintain scorecards on the disaster recovery compliance of each application, as well as who is testing and when. Maintaining scorecards generally helps increase audit scores.

Order Disaster Plan TemplateDisaster Plan Sample

 

- more info

Security issues that CIOs need to manage

Security Manual

Security is a critical issues as related in several posts:

Order Security ManualTable of Contents

- more info

SEC requires security threats to be reported in 10-Ks

SEC now requires Companies now have to report cybersecurity risks in their 10-Ks, and asdvises them to include even possible threats whose disclosure are not currently mandated by state breach-notification laws.

The SEC feels that it is better to make disclosures if a company has had a number of incidents, even if they are not individually material.

Security Policies - Procedures - Audit Tools

- more info

GPS puts us closer to 1984 as predicted in Sept 2000 in PSR Reviews

Back in September of 2000, M V Janulaitis in PSR Reviews predicted that we were moving into a period when Orwell’s 1984 would be a reality.  Today with the new legislation for the USA Freedom Act (replacement for the Patriot Act), NSA data gathering, and even TV shows that show how we all can be and are tracked.  Privacy is now a luxury that is only available in areas where there is no cell or wifi coverage.  Two historic issue that you may want to read are:

  • 2000 is Closer to 1984 Than You Think
  • Face Recognition By Computer is a Reality

  • Electronic Sensitive Information Policy

    With identify theft and cyber attacks on the rise, you’re facing new pressures to protect sensitive information. In fact, in 46 states have now passed data security laws that apply to companies that do business with residents of those states. These laws are designed to protect residents against identity theft by mandating security practices
    such as:

    • Implementing an information security program
    • Encrypting data
    • Notifying customers in the event of a security breach that compromises unencrypted personal information
    Order Sensitive Information PolicySensitive Information policy
    - more info

    C-Level executives within IT Articles

    C-Level executives within IT Related Articles

    Chief Information Officer - Chief Technology Officer

    Order CIO Job Description
    1. IT Job Descriptions Released  IT Job Descriptions have just been updated in the IT Position Descriptions HandiGuide Janco announced today the release of IT Job Descriptions in...
    2. Is It Time To Appoint a Chief Mobility Officer  Is the time right to create a Chief Mobility Officer (CMoO) position The time has arrived to legitimize and define the role of the chief...
    3. Is a Chief Mobility Officer necessary  Chief Mobility Officer now almost a necessity The idea of a company having a chief mobility officer (CMO) is not a new one. But as...
    4. 10 reasons why organizations need a Chief Mobility Officer (CMoO) Chief Mobility Officer (CMoO) business case Here are ten reasons your company needs a chief mobility officer: To deliver mobility solutions for the enterprise to...
    5. Released Internet and Information Technology Position Descriptions HandiGuide,  Internet and Information Technology Position Descriptions HandiGuide, Janco has released the Internet and IT Position Descriptions HandiGuide® which is over 700 pages; includes...
    - more info

    CFO to hold back on spending - Will that mean a pull back in IT

    CFO Magazine reports that April 2015 Corporate Cash Indicators more financial executives will be a little less freer with their cash expeditures this quarter.  Since over 40% of all CIOs report to the CFO this could mean there will be a pull back on IT expenditures.

    Threat Vulnerability AssessmentDownload Threat AssessementDownload Threat Assessement
    - more info

    CIO Best Practices Digest

    CIO Best Practices Digest

    1. Top 10 issues for CIOs in 2014 Top 10 issues for CIOs in 2014 The top 10 issues that CIOs need to address in 2014 are driven by the current economic and...
    2. Top 10 CIO Leadership and Management Traits CIOs and IT Managers who are successful have some common leadership  and management traits Are one of the people and able to get their hands...
    3. Top 10 Things a CIO Needs to Add Value  Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
    4. Top 10 CIO Productivity and Budgeting Issues  CIO – Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
    5. CIOs Drive Enterprise Management Processes  IT Infrastructure is key to CIOs leading enterprises in their management processes CIOs and other members of the IT management team could be the reason...
    Order CIO Job Description
    - more info

    H-1B program runs amuck

    H-1B program runs amuck

    Information technology workers at Southern California Edison (SCE) are being laid off and replaced by H-1B workers from India. Some employees are training their replacements, and many have already lost their jobs.

    Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

    Order Salary Survey    Free Salary Survey

    Many US IT pros are upset and say they can't understand how H-1B guest workers can be used to replace US workers given the current economic conditions.

    The SEC IT organization is expected to layoff about 400 , with another 100 or so employees leaving voluntarily.

    - more info

    21 States have unemployments rates of 6% or higher

    States with High Unemployment - 21 States have 6.0% or greater unemployed 

    High unemployment states

    Salary Survey Job Descriptions IT Job Families IT Hiring Kit Interview Guide

    Order Salary Survey    Free Salary Survey
    - more info

    Many companies lack basic security protocols, such as two-factor authentication

    Companies are increasingly reliant on third-parties to notify them that their security has been compromised.

    Companies are continuing to find cyber attackers sooner. In the latest annual cyber-threat report the average time a company takes to detect a data breach fell to 205 days in 2014, down from an estimated 229 in 2013 and 243 in 2012.

    But as cyberattacks increase in complexity and sophistication, companies don’t always have the in-house resources to detect them. As a result, only 31% of organizations discovered they were breached through their own resources last year, compared with 33% in 2013 and 37% in 2012.

    Business and professional services and retail operations saw the most online intrusions from malicious hackers in 2014. A common thread in these breaches is a lack of basic security protocols, such as two-factor authentication. Without two-factor authentication safeguards, a single stolen credential - obtained through phishing campaigns or social engineering — can leave an entire network vulnerable.

    Order Security ManualTable of Contents

  • Security Manual Template (Policies and Procedures) (ISO Compliant)
  • Security Manual Template and Audit Program
  • Security Manual Template and Disaster Recovery Business Continuity Template Bundle
  • Security Manual Template, Disaster Recovery Business Continuity Template, and Safety Program Bundle
  • Security Manual Template and Disaster Recovery Business Continuity Template Audit Bundle
  • Payment Card Industry (PCI) Data Security Audit Program
  • Payment Card Industry (PCI) Data Security Standard PCI-DSS Compliance Kit
  • Security Audit Program
  • Patriot Act Security Bundle
  • Compliance with HIPAA Standards
  • Compliance with FIPS 199
  • Threat and Vulnerability Assessment
  • Threat Risk Assessment Extended Service
  • - more info

    Disasater Recovery and the Cloud best and worst practices defined

    Outsourcing TemplateDisasater Recovery and the Cloud best and worst practices are defined in the articles listed below
    1. Outsourcing top 10 reasons why it fails  Top 10 reasons why outsourcing fail 10 reasons why outsourcing arrangements fails No clearly defined long-term strategic organizational objective is defined – the outsourcing arrangement...
    2. Top 10 Reasons Cloud Solutions are Expanding  Top 10 Reasons Cloud Computing is Exploding As CIOs and businesses move organizations towards cloud solutions and processing there are many benefits.  The top 10...
    3. Disaster Plans now include cloud  More CIOs opt for Disaster Plans that include the cloud Once a CIO includes a cloud provider in their disaster plans the flood gates are...
    4. Many CIOs have not addressed cloud security issues  Less than 50% of all organizations have policies in place that for vetting cloud computing applications for possible security risks before deploying them. The number...
    5. 10 reasons to move Disaster Recovery to the Cloud  Top 10 reasons why the cloud makes sense for disaster recovery planning Cloud data disaster recovery protection solutions offer a combination of the latest advancements...
    Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract
    - more info