IT Hiring IT Job Descriptions Salary Survey IT Salary Survey IT Job Descriptions

Chief Security Officer

What is the Chief Security Officer (CSO)?  The title Chief Security Officer (CSO) was first used inside the information technology department and function to identify the person responsible for IT security. At many enterprises, the term CSO is still used in this way.

The CSO title is also used in many enterprises to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. This individual often holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate departments.

The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, HIPAA, and ISO 27000 (formerly ISO 17799) 27001 & 27002 standards, desire an enterprise-wide view of operational risk.

Chief Security Officer - Position Purpose

The Chief Security Officer (CSO) is responsible for overall direction of all security functions associated with Information Technology applications, communications (voice and data), and computing services within the enterprise.  At the same time the CSO must be aware of the implications of legislated requirements that impact security for the enterprise.  This includes but is not limited to Sarbanes Oxley Section 404 requirements.

The CSO has the responsibility for global and enterprise-wide information security; he/she is also responsible for the physical security, protection services and privacy of the corporation and its employees.

The CSO oversees and coordinates security efforts across the enterprise, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards. The CSO works closely with the chief information officer and must have strong working knowledge of information technology.

A full 6 page Chief Security Officer (CSO) job description can be found by clicking here;


Internet and IT
Position Descriptions HandiGuide®

270 Job Descriptions Descriptions and Organization Charts

Order Job DesccriptionsDownload Job DesccriptionsSample Job Desccriptions
Format Print Modify Source Cut & Paste


PDF Yes No No The complete Internet and IT Position Descriptions HandiGuide which includes the 243 Job descriptions in PDF formats which utilizes the Adobe search and bookmark features. Less than $3.44 each Order Job Desccriptions
Yes Yes Yes Individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD.docx)
Less than
Order Job Desccriptions
Yes Yes Yes Word Search Fully Bookmarked.  All job descriptions are contained in single word book - NOTE this is a complex document and the user needs to know WORD very well to extract and modify the individual job descriptions (WORD.docx) Less than $4.59 each  Order Job Desccriptions
and Word
Yes Yes Yes The complete Internet and IT Position Descriptions HandiGuide plus individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD.docx) Less than $5.75 each Order Job Desccriptions





CIO - CTO Employment News

IT salaries are moving up across the board according to Janco

January 24th, 2015

2015 IT Salary Survey shows that salaries for IT Pros are moving up as 112,000 jobs were added in 2014

The 2015 Salary Survey, just released by Janco Associates and, is good news for IT Professionals.  The survey shows that hiring and salaries have improved for IT positions in most North American metropolitan areas.

The CEO of Janco Associates, Mr. Victor Janulaitis said, “For the first time in over 6 years salaries for IT Pros have moved up almost across the board.  We believe that this is due to the fact that over 112,000 new IT jobs were created in the last 12 months and that the economy seems to be in a recovery mode.”

The findings presented in Janco’s 2015 IT Salary Survey include:

    • In 2014 the IT job market grew by 112,800 versus 74,900 and 62,500 in 2013 and 2012 respectively according to the Bureau of Labor Statistics (BLS).
  • IT Job Market Growth

    • IT compensation for all IT Professionals has increased by 2.81% in the last 12 months. 
      • Between January 2014 and January 2015 the total mean compensation for all IT Professionals has increased from $79,352 to $81,583.  This puts overall compensation back at the levels they were at in January 2008 and 2007.
      • In mid-sized enterprises, the mean total compensation for all positions has increased by 3.23% from $76,198 to $78,656.   
      • In large enterprises, the median compensation has risen from $83,197 to $84,550.

    • CIOs compensation has moved up (2.28%) in larger companies and slightly less (2.15%) in smaller and mid-sized companies in the past 12 months.  The mean compensation for CIOs in large enterprises is now $185,359 and $175,205 in mid-sized enterprises.
      • Media CIO tenure has increased from 4 years and 3 months to 4 years and 4 months.  In companies of all sizes fewer CIOs have changed jobs in the last 12 months than in prior years.
    • Positions in highest demand are all associated with the quality control, BYOD implementation, capacity planning and service level improvement.
    • Over the long term IT executives have fared better in mid-sized companies than large companies.
      • In mid-sized companies IT executive salaries have recovered all of the losses sustained in the recession and in some cases exceeded prior highs.
      • In large companies IT executive salaries are where they were in 2008.
    • Cost control is still the rule of the day; however we have seen an increase in the number of "part-timers" and contractors who are focused on particular critical projects. 
    • On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
      • A number of enterprises are moving help desks and data center operations in-house which has resulted in an increase demand for data center managers.
    • Mandated requirements for records management systems and electronic medical records have increased the demand for quality control staff and custodians (librarians) of mechanized records.
    • Companies are continuing to refine the benefits provided to full time IT professionals. Though benefits such as health care are available to 80%, IT professionals are now paying a greater portion of that cost.
    Order Salary Survey  Provide Salary Data  Free Salary Survey
    IT Job Market Growth
  • IT compensation for all IT Professionals has increased by 2.81% in the last 12 months. 
    • Between January 2014 and January 2015 the total mean compensation for all IT Professionals has increased from $79,352 to $81,583.  This puts overall compensation back at the levels they were at in January 2008 and 2007.
    • In mid-sized enterprises, the mean total compensation for all positions has increased by 3.23% from $76,198 to $78,656.   
    • In large enterprises, the median compensation has risen from $83,197 to $84,550.

  • CIOs compensation has moved up (2.28%) in larger companies and slightly less (2.15%) in smaller and mid-sized companies in the past 12 months.  The mean compensation for CIOs in large enterprises is now $185,359 and $175,205 in mid-sized enterprises.
    • Media CIO tenure has increased from 4 years and 3 months to 4 years and 4 months.  In companies of all sizes fewer CIOs have changed jobs in the last 12 months than in prior years.
  • Positions in highest demand are all associated with the quality control, BYOD implementation, capacity planning and service level improvement.
  • Cost control is still the rule of the day; however we have seen an increase in the number of "part-timers" and contractors who are focused on particular critical projects. 
  • On shore outsourcing has peaked and companies are looking to bring IT operations back into their direct control and reduce operating costs.
    • Order Salary Survey    Free Salary Survey
- more info

Cloud based application improve productivity

January 14th, 2015

Accounting systems must be up-to-date in order to provide the fastest and most efficient reporting.  Cloud-based financial management solutions let companies:   

  • Eliminate tedious, error-prone, reports from Microsoft Excel.
  • See up-to-date and accurate data on every area of your business.
  • Easily create and share customized reports across your organization.
  • Achieve unprecedented agility to ensure your business keeps up with change.

How to Guide for
Cloud Processing and Outsourcing

ISO Compliant - Including ISO 31000

Order Cloud Outsourcing Template    Sample Cloud Outsourcing Contract

"How to Guide for Cloud Processing and Outsourcing provides EVERYTHING that is needed to select a vendor, enter into an agreement, and manage the relationship," says a CIO of a Fortune 100 company.

- more info

Mobile computing explosion causes security risks to multiply

November 29th, 2014

Global mobile traffic grew 60 percent in 2013 alone and is projected to increase 11-fold by 2018. With limited IT budgets and resources, how will CIOs and IT Managers succeed in managing and securing thier network in the mobile workplace revolution?

Mobility Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable

  • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
  • Mobile Device Access and Use Policy (more info...)
  • Record Management, Retention, and Destruction Policy (more info...)
  • Social Networking Policy (more info...) Includes electronic form
  • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
  • Travel and Off-Site Meeting Policy (more info...)
- more info

What is the cost of a business iinterruption?

November 27th, 2014

Four steps that must be taken to determine if a business continuity plan is worth the investment are listed below. This will allow the organization to determine real dollar cost per downtime event, calculate acceptable data recovery points and return to operation goal. This data will then allow an organization to align itself to a particular disaster recovery organization(s) skill sets and capabilities.

 Order Disaster Plan TemplateDisaster Plan Sample

MTO Disaster Timeline

  • Conduct a Business Impact Analysis -- The first step is to conduct a business impact analysis. A BIA maps the interdependencies between each system (physical and virtual), application, and component with each business process and service provided. Based on the information collected in that process, a determination can be made on the consequences to the business as a result of disruption. This analysis should prioritize the importance of each process, application, and components in terms of cost to the business when they are no longer accessible. Those costs should include but are not limited to the following:
        1. Lost productivity
        2. Lost revenue
        3. Complicance risk
        4. Reputation loss
  • Determine Recovery Time Objective -- The next step is to determine the Recovery Time Objective (RTO). RTO is the amount of time that a business process must be restored in order to meet Service Level Objectives (SLO) for the business. Organizations need to meet Recovery Time Objectives in order to avoid catastrophic consequences when a process or application continues to be unavailable. While system and component RTOs are important, the application RTO is what is important to the customer, whether internal or external. The RTO is established during the Business Impact Analysis portion of the Business Continuity Plan (BCP).
  • Determine Recovery Point Objective - Next you need to determine the Recovery Point Objective (RPO). RPO is the amount of data loss that is acceptable for a certain time period as part of Business Continuity Planning (BCP). A certain amount of data loss for some processes is tolerable (i.e. a data entry clerk types data in manually to process sales orders, if the data entry clerk keeps the paper files for one day, then the RPO would be 24 hours). Recovery Point Objectives should be carefully planned for each process and application, as traditional backup and restore methods may not meet today's demanding business environments. Snapshot and replication technology enablers are needed in most environments to meet shrinking RPO time requirements. Calculate Cost of Downtime per Hour - How Much Does It Really Cost?
        1. Labor cost per employee multiplied by percentage of employees affected by application or service interruption.
        2. Average revenue per hour multiplied by percentage of revenue affected by outage.

 Order Disaster Plan TemplateDisaster Plan Sample

- more info

Recent CIO and IT Management Articles

November 8th, 2014

Recent IT Management Articles

- more info

Vendor Management - CIOs need to magage vendors more effectively

October 2nd, 2014

CIOs should not under estimate or under value the time that needs to be spent managing the vendors.  CIOs need to managing vendor expectation, performance, and the vendor's understanding of your priorities.

CIOs need a clear plan to define metrics, evaluate, and manage the day to day performance of vendors. If they do this it will ensure problems are spotted early and actively managed so they don't blow up into relationship damaging crisis. In addition CIOs need an exit plan for each vendor to ensure any transition is smooth with the vendors obligations clearly defined.

Order CIO Job Description

- more info

CIO tools readings and posts

August 22nd, 2014

CIO tools readings and posts

Related posts:

  1. 10 Best Practices for Staffing 10 Best Practices to Staff – Hire and Retain World Class Creative IT Professionals 10 Best Practices  - Janco Associates has found the top ten...
  2. Top 10 Project Manager Challenges Top 10 Project Manager Challenges Top 10 Project Manager Challenges have been identified in a survey that was conducted by Janco Associates.  One of the...
  3. IT Job Descriptions Update Service is Announced by Janco IT Job Descriptions Update Service is Announced by Janco Janco’s IT job descriptions are constantly being updated to meet the latest technology and compliance requirements....
  4. 2014 IT Job Descriptions Released IT Job Descriptions have just been updated in the 2014 IT Position Descriptions HandiGuide Janco announced today the release if 263 IT Job Descriptions in...
  5. Released Internet and Information Technology Position Descriptions HandiGuide Internet and Information Technology Position Descriptions HandiGuide, Janco has released the Internet and IT Position Descriptions HandiGuide® which is over 700 pages; includes...

CIO - CTO  Changing Role

Chief Information Officer - Chief Technology Officer

Order CIO Job Description
- more info

Productivity on the upswing - Is the economy finally recovering

August 13th, 2014

The Deparment of Labor (DOL) released a report showing that U.S. worker productivity has risen in the second quarter of 2014. This is a greater increase than expected based on previous estimates.

Productivity increased at a 2.5% annualized rate, after a revised 4.5% decrease in the prior three months that was the biggest since 1981, according to the DOL.

The positive news comes a month after July’s favorable jobs report, which showed that employers added more than 200,000 workers to payrolls for a sixth straight month, the first time that’s happened since 1997.

  IT Hiring KitIT Salary Data  IT Job Descriptions

- more info

Drive Business Success via Inovation

July 25th, 2014

With the advent of Big Data driving swift transformation in many organizations' IT functions, uncertainty and fear of change can put the brakes on the vital ability to innovate. How can IT leaders help their teams to conquer uncertainty and embrace change in order to drive innovation and unlock the potential of data-informed decision making?

Creativity and Innovation in the Organization prepares you to foster a creative mindset across your enterprise - and to exploit uncertainty and chaos to unleash powerful ideas that drive results.

IT Infrastructure PoliciesInfrastructure Policy Sample

The policies that Janco has created are a must have that every enterprise needs. They can all be accessed by going to thePolicy Master Page (more info...) or the individual policies can accessed directly by clicking on the links below.

  • CIO IT Infrastructure Policy Bundle (more info...) All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy (more info...)
    • Blog and Personal Web Site Policy (more info...) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template (more info...) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template (more info...) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy (more info...) Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (more info...) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info...)
    • Patch Management Policy (more info...)
    • Outsourcing Policy (more info...)
    • Physical and Virtual Security Policy (more info...)
    • Record Management, Retention, and Destruction Policy (more info...)
    • Sensitive Information Policy (more info...) HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics (more info...)
    • Social Networking Policy (more info...) Includes electronic form
    • Telecommuting Policy (more info...) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information (more Info...)
    • Travel and Off-Site Meeting Policy (more info...)
    • IT Infrastructure Electronic Forms (more info...)

IT Infrastructure PoliciesInfrastructure Policy Sample

- more info

Europe's CIO brace for a recovery

July 11th, 2014

The European tech market has been down for several years. With most European economies emerging from recession, and Germany, Poland, and the UK doing better than that, CIOs in Europe can at last think about growing their tech budgets in 2014 and especially in 2015. Customer-facing technologies for sales and marketing and mobile and analytics technologies will see the strongest growth, contributing to relatively strong growth in software and communications equipment. Growth will solidify in 2015.

Order Salary Survey    Free Salary Survey

- more info

Top 10 Lists for Disaster Recovery and Business Continuity

April 26th, 2014
Disaster Recovery
  1. Top 10 tips for Disaster Recovery in a Small Business – best way to protect your data Disaster Recovery for a Small Business Baseline for best practices defined in Janco’s Disaster Recovery Business Continuity Template. As requirements for avoiding downtime become increasingly...
  2. Top 10 Disaster Recovery Best Practices As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help them plan, design, and implement disaster recovery strategies that...
  3. 10 Commandments of Disaster Recovery and Business Continuity 10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...
  4. violates 10 commandments of business continuity plan fails business continuity plan non-functional Failed Business Continuity – This morning about 2:00 AM MST one of the largest providers of cloud services went down. ...
  5. 10 tips for surviving a natural disaster Failing to prepare for a natural disaster is not an option for businesses. That’s because 75 percent of companies without business continuity plans fail within...

 Order Disaster Plan TemplateDisaster Plan Sample

- more info

Security is key to keeping cybercriminals at bay

March 27th, 2014

To catch a sophisticated cybercriminal in today's age, IT departments must look deeper into their web traffic and examine many sources of information about web visitors and sessions to determine what behavior is typical and what is not. Existing solutions for detecting and analyzing online criminal behavior usually identify either pre-authentification threats , or post authentification threats (fraud products) but unfortunately not both.

Security Manual Purchase Options

Order Security Manual
Sample DRP
- more info

Security News Digest

March 10th, 2014

Security Manual

Security News Digest

  1. Cybersecurity IT Pros are in short supply  IT Pros who can handle cybersecurity are in short supply Cybersecurity specialist are not being trained by our educational system and this shows with high...
  2. Top 10 Data Security Risks for Cloud Storage  There is tremendous anxiety about security risks in the cloud. CIOs and CSOs worry whether they can trust their users (both internal and external to...
  3. 10 Certifications for Cloud Professionals  10 Certifications for Cloud Professionals Hear are 10 certifications for Cloud professionals.  Some are hardware and software specific and others are independent of hardware and...
  4. ERP Job Descriptions  ERP – Enterprise Resource Planning Job Description Bundle Released Janco has just released 15 Enterprise Resource Planning Job Descriptions in its ERP Job Description Bundle. ...
  5. IT Security Decision Process  IT Security Decision Process The IDG Enterprise Role & Influence of the Technology Decision-Maker survey helps CIOs understand their evolving roles and influence in today’s...
Order Security ManualSample DRP
- more info

Business continuity objectives

February 19th, 2014

Disaster Plan

Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives exist? What are they used for? How are they set?

Purpose of business continuity objectives

Victor Janulaitis, the CEO of Janco Associates, said, "What gets measured gets managed.: The same goes for business continuity – if you don't know how well you are doing, you will have a very difficult time steering your business continuity in the desired direction. And it is exactly this desired direction that is an essential part of measurement: setting the objectives.


Types of objectives

There are at least two levels for which you need to set objectives:

1)  Strategic objectives – for your whole Business Continuity Management System, and

2)  Tactical objectives – Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs),  Minimum Business Continuity Objectives (MBCOs), and exercising and testing objectives.

Of course, depending on the size and complexity of your organization, you can choose to add another layer of objectives – e.g., at the level of individual organizational units (departments, business units, etc.)

- more info

Using spreadsheets to manage risk is risky

February 12th, 2014

Spreadsheets are universally loved. Why? Because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects.

When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed.  Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that does not work:

  • Lack of integrity – spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation once it has happened, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light.
  • No audit trail – you can’t easily check who changed what when.  You have no guarantee of the provenance of data supplied, and you can’t see how it may have changed over time.
  • Deadlines missed – spreadsheets don’t have any workflows or processes built into them. So while someone may request a review, some information or an audit, if there is no response, there is no mechanism to highlight missed deadlines.
  • No consistency – with no formal structure, each time a new spreadsheet is set up the formatting will be different.
  • Difficult to compile information – risk management information could be held within hundreds of spreadsheets across the organization.  Compiling them is a very long and arduous task.
Threat Vulnerability AssessmentDownload Threat Assessement
- more info

Does it pay to get Certification

January 24th, 2014

Certification a scam or a help?

Most of the certifications being sold to job seekers are unregulated, making it hard for individuals and employers to measure their worth. There are clear metrics on the size of the certification industry but there are estimates that less than 10% of the more than 4,000 personnel certifications that exist have been accredited by a third party.

Salary Survey Job Descriptions IT Hiring Kit Interview Guide

Certifications porcesses and schools are a huge industry.  There are courses and accreditation promoted and sold by professional associations, software vendors, commercial training companies, and even formal educational institutions. In some cases, professionals may end up spending several thousand dollars in pursuit of a certification. Demand seems to be high, with certification requirements often being mentioned in help-wanted ads.

Whether or not they pay may depend upon the types of jobs and levels of demand in a particular economic environment. For example, Janco Associates says that there are no appreciable premiums paid for certifications in recent years, especially when the recession set in around 2009. However, in the most recent quarter, the researchers say average pay premiums for IT certifications rose 1.5%in the third quarter of 2013 -- the largest quarterly gain since 2005 and the first time since 2006 that there has been two consecutive quarters of positive growth in pay for certifications.

Order Salary Survey    Free Salary Survey

Certifications are recognized as a badge of accomplishment in many industries, and Marte indicates that work in underway in some sectors to standardize these programs. Also, employer endorsements of programs is key.

In a competitive era when there is acute demand for highly qualified professionals in a range of areas, certification programs are a way to ensure more training and skills updates. Lifelong learning -- not education that stops on graduation day -- is essential to both working professionals and organizations. The skills that are in demand five years from may be entirely different than today. 

- more info

Password Security Tip

January 23rd, 2014


Use a password in only one place. Reusing passwords or using the same password all over the place is like carrying one key that unlocks your house, your car, your office, your briefcase, and your safety deposit box. If you reuse passwords for more than one computer, account, website, or other secure system, keep in mind that all of those computers, accounts, websites and secure systems will be only as secure as the least secure system on which you have used that password. Don't enter your password on untrusted systems. One lost key could let a thief unlock all the doors. Remember: Change your passwords on a schedule to keep them fresh.

Order Security ManualSample DRP
- more info

CIO Best Practices Digest

December 16th, 2013

CIO Best Practices Digest

  1. Top 10 issues for CIOs in 2014 Top 10 issues for CIOs in 2014 The top 10 issues that CIOs need to address in 2014 are driven by the current economic and...
  2. Top 10 CIO Leadership and Management Traits CIOs and IT Managers who are successful have some common leadership  and management traits Are one of the people and able to get their hands...
  3. Top 10 Things a CIO Needs to Add Value  Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies...
  4. Top 10 CIO Productivity and Budgeting Issues  CIO – Productivity Kit The best companies, and their CIOs, recognize the importance of ready access to the right information to drive the right choices...
  5. CIOs Drive Enterprise Management Processes  IT Infrastructure is key to CIOs leading enterprises in their management processes CIOs and other members of the IT management team could be the reason...
Order CIO Job Description
- more info

Chief Security Officer now a key role in many organizations

November 14th, 2013

A few years ago, hiring a Chief Security Officer (CSO) would have been superfluous. However, as companies continue to expand their technological footprint, they are also more vulnerable to cyber attacks. Having a CSO on board is necessary to alleviate cyber-security risks.

Job DescriptionsMuch of the challenge to hiring one comes from defining the CSO's role against that of the chief information officer's. Indeed, the job responsibilities of a CIO are quite different from those of a CSO. The common misconception is that the two positions would be adversarial, but the reality is they often collaborate.

CIOs ensure that the information-technology infrastructure enables employee functionality. They use technology to create efficiencies in the company. CSOs safeguard intellectual property or protect against data breaches. For the most part, the CSO helps C-suite executives make judgments by lending an independent voice to the discussion.

 BuyTable of Contents

The main function of a CSO is to lower a company's risk in respect to the security compromises that can happen via a network. From a board-level perspective, CSOs give visibility to and quantify the risks in a company. It’s helpful to have a role dedicated to those responsibilities, Carpenter says.

Typically, CSOs ensure there are adequate policies and procedures in place for cyber and physical security. Then, they assess the security risk relative to those policies and procedures. From there, they are responsible for identifying to the C-suite and the board those gaps in policies and procedures.


- more info

Personalization is key to OmniCommerce

October 7th, 2013

According to a recent study by IDG Research Services, personalization is recognized as a key differentiator among online businesses, for both e-commerce and non-commerce sites. Companies with an online presence are learning that they need to take action to learn more about their customers in order to increase customer loyalty, gain new followers and outshine the competition. More than 60 percent of the companies surveyed are prioritizing investments over the next year that will enable a more personalized Web experience.

Omni Commerce

There are several benefits companies can realize by creating a more personalized website experience. Cited by 69 percent of survey respondents, improved website engagement is at the top of the list. When businesses employ website personalization techniques, the visit becomes a two-way interaction. Instead of solely clicking or pushing his or her way through the site, the user is enticed or pulled through the site via personalization, thus increasing website engagement.

The second benefit, according to 62 percent of survey respondents, is improved brand image. Visitors think highly of businesses that anticipate their needs and appeal to their individual interests. Finally, coming in third and fourth, 44 percent of respondents cite improved lead generation and decreased customer or website abandonment rates.

In order to provide a personalized Web experience and realize these benefits, companies need information about their visitors. Yet there are gaps identified when it comes to the information companies are currently able to collect. These gaps primarily exist around location, which inhibits the ability to offer visitors a personalized Web experience.

 Order Omni Commerce Planning Toolkit
Disaster Plan Sample

- more info

Internert users are masking their identities

September 13th, 2013

Security ManualA Pew Internet and American Life study released last week showed that 86 percent of Internet users have made steps to remove or mask their identities online. Meanwhile, some companies are even trying to be open about their activities: Acxiom Corp., which collects and sells data about individuals to companies, just launched, a site where Internet users can see and manage what Acxiom knows about them.

Generally speaking, fields such as statistics, computer science and the hard sciences don’t teach ethics. There are privacy concerns, such as how much corporations and the government should know about individuals…. But software engineers are taught about the elegance or the mathematical beauty of the thing that they’re building, not how it will affect people’s lives.

Order Security ManualTable of Contents

A computer science professor at the University of Illinois at Urbana-Champaign, says that she teaches her students how to sample data ethically and protect subjects in academic studies. For example, in a Facebook study, the researcher should replace all the participants’ names, all their friends’ names and all their friends of friends’ names with numbers.

If you do these large social network studies, you don’t have what they call participant-informed consent. Let’s say I have you in one of my Facebook studies, and you’re coming to my lab and we are analyzing the strength of the connections between you and your friends. I’m getting information about your friends and their friends without their consent. It’s a very, very ethically sensitive area.

Many ethics guidelines come from the Belmont Report, created in 1978 to protect human research subjects. It requires universities that receive funding from the government to have what’s called an Institute Review Board perform an ethics review of proposed studies involving human subjects.

If academics find that big data allows them to obtain more information than they would be able to gather when dealing with subjects in person, imagine what companies like Google and Facebook know. They are forming their own policies, which tend to be that you “pay” for a service, particularly a free service, by giving up some privacy. The fact people are so used to this may be why, after the initial shock over the NSA news, many people effectively shrugged. According to a Washington Post-ABC poll in late July, 58 percent said they support this intelligence gathering in the effort to identify potential terrorists, compared to 39 percent opposed.

- more info

10 questions that need answers in an interview

August 26th, 2013

Interview Guide

In the inerview process a uniform front is important.. Before you start recruitng you should have answers prepared for questions like the following:

  • Are responsibilities for this job completely defined?
  • How would you describe the someone who is successful in that role?
  • What is it like working at the company?
  • How are responsibilities defined within the team that this position is in?
  • How would you describe a typical week/day in this position?
  • Is this a new position? If not, why did the previous employee leave?
  • Is travel expected?
  • Is relocation a possibility?
  • What is the typical work week like?

·       Will there be overtime?

Order IT Job DescriptionsIT Job Descriptions

- more info

Business Continuity Digest

August 21st, 2013
  1. Disaster Recovery Plan TemplateTop 10 Reasons Why Disaster Recovery Business Continuity Plans Fail  In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as...
  2. Include Social Media in Your Business Continuity Plans  6 Ways to Utilize Social Media Before a Disaster Strikes by Adam Crowe When creating a disaster recovery plan include social media.  Simple things like...
  3. Business Continuity Planning for Survival Under Stress  Business continuity and disaster recovery planning took a real hit in the recession that started in 2008.  First many companies reduced the number and intensity...
  4. Cloud storage aids disaster recovery and business continuity  Cloud Storage is a next step to implement after the disaster recovery plan is created Cloud storage is a next step after the CIO creates a...
  5. 10 Commandments of Disaster Recovery and Business Continuity  10 commandments of disaster recovery and business continuity planning As requirements for avoiding downtime become increasingly stringent, administrators need tools and platforms that can help...

Business Continuity Plan Template

ISO 27000 ( formerly ISO 17799 ) - Sarbanes-Oxley - HIPAA - PCI-DSS Compliant

OrderDownload Table of ContentsLessons Learned

- more info

BYOD Challenges

August 5th, 2013

Blog Policy BYOD Policy Communication Plan

Mobility has revolutionized how we do business. Managing mobility and BYOD means knowing how to navigate changing operating systems, changing platforms and changing hardware to reap benefits like improved productivity, agility, growth and better customer service.

BYOD include consumer SmartPhones and tablets which are making their way into your organization. Going mobile makes employees happier and more productive, but it’s also risky. How can you say yes to a BYOD choice and still safeguard your corporate data, shield your network from mobile threats, and maintain policy compliance?

Bring Your Own Device Sample

With the advent of Bring-Your-Own-Device - BYOD and the ever increasing mandated requirements for record retention and security CIOs are challenged to manage in a complex and changing environment.

If your enterprise does not have a BYOD policy, then two types of things are happening:

  • BYOD blocked and your company is losing productivity associated with an employee making use of a BYOD or your company is paying for each employees access device.
  • BYOD are already accessing your corporate network, with or without your knowledge, and you are not doing anything to ensure that this is being done securely and is not in compliance with mandated federal, state, local, and industry requirements.
- more info

Mobile Device Use Policy Is Need

July 19th, 2013

Mobile Device UseThe consumerization of IT has wrought profound security issues and changes on how and where employees work. To unerstand the magnitude of this transformation, consider these statistics:

  • 3 out of 5 workers say they no longer need to be in the office to be productive.
  • The average mobile worker is now carrying 3.5 devices, up from 2.7 devices in 2011.
  • 64% of mobile users use a tablet for work, as of March 2012. Based on purchasing predictions from users, that number likely reached 80% by October 2012.
  • Apple iPhones and iPads and Google Android devices - all of them consumer devices - now make up more than 70% of the mobile devices used by mobilworkers.
  • Mobile workers are using smartphones for email, web conferencing, social media for work, accessing and editing Office documents, and note-taking.
  • In 2010, web-based email usage declined 6%, while mobile email access rose 36%

Order Mobile Device Access Use PolicySample Outsourcing Policy

- more info