Criminal Justice Information Services (CJIS)

Criminal Justice Information Services, or CJIS, is a division of the FBI that provides criminal justice information needed to perform law enforcement duties. It “serve[s] as the focal point and central repository for criminal justice information services in the FBI.” – FBI. In Texas this information is disseminated via the DPS and includes details such as vehicle registration, criminal history, driver’s license, license plate, firearm, etc. Because this information is highly sensitive and needs to be protected, CJIS provides security compliance requirements and performs audits to ensure these requirements are being met. Below are just a few example requirements of the Security Policy…

  • Security Awareness Training
  • Perimeter Intrusion Detection
  • Advanced Authentication
  • Maintain Log History
  • Change Management
  • Device Encryption

Failing a single audit flags an agency as non-compliant. If compliance is not achieved, the agency can lose access to the information and tools needed to perform their duties.

Read More

Ah Budgeting… The least favorite thing we can do in both our personal and business lives.  Although it isn’t fun, it tends to make our lives much easier in the long run.  Let’s break down the basics to getting you and your organization onto a budget plan that will work for your business goals.

Read More

Working remotely may seem rather quick and easy. You head on over to your local coffee shop, order your triple-shot, half-caff, no foam, extra hot latte and sit at your favorite table in the corner.  You double check to make sure no one is looking over your shoulder, pop open your laptop and get to work. Right? Well, it’s actually a little more complicated than that. Staying secure in a non-secure work place comes with some much needed extra steps to keep your company data away from prying eyes.

Read More

In our last post we talked about the Pros and Cons of moving your systems to the cloud vs. keeping them in your office.

As you can see, it can really be a toss-up. Some systems are better kept at your office and some should be moved to the cloud. It really depends on your business’s current and future needs.

Read More

What is “the cloud?” This is certainly a question you’ve asked or wondered. You may have received a few explanations too. When searching online, the first resulting definition used the words “Paradigm” and “Ubiquitous” … this does not clear things up for me. Let’s take care of that. If you’ve hear about “the cloud” you’ve likely heard the phrase “on premise” as well. If not, that’s ok. Defining both will help understanding each of them. So what exactly do those terms mean?  Simple.  Cloud vs On Premises is where your data is stored or resides.  On premises data is housed locally in an environment that you (or your trusted IT vendor) maintain.  Data is on your computers or servers and is easily accessible.  Cloud is similar to its name.  Data in the cloud resides offsite, somewhere outside of your home or office. Typically it is on a server, in a data center, miles away from you. Cloud data is accessible to you via a web browser or application.

Read More

Most of us look at that update notification from our devices and think, “I’ll do that later.” When we finally get around to it, there are multiple updates that have been sitting there for weeks. We continue with this behavior because nothing has happened to me yet. In order to change those behaviors, let’s begin to think of updates like you would your car insurance. If you waited to cover yourself, that fender-bender might have cost you a LOT more in the long run.

Read More

Ok, I have followed all the steps in last week’s blog post. I have identified my critical functions and reviewed my backups, but I still don’t have a recovery plan in place.

How do I create a plan based on the loss tolerance decisions that have been made?

Now that you’ve done some research and made critical business decisions that best fit your Disaster Recovery needs, let’s document it! You can simultaneously begin to implement some of the changes you will need to engage your plan when disaster strikes, but if there is no user manual then no one will know how to use it. You want to create a write-up that is comprehensive and easy to understand and to follow. At a high level, you want to make sure your plan covers the Who, What, When, Where, Why & How?

Read More

Disaster Recovery – what does it mean to your business? Heck, what does it even mean in general, and do you have to do something about it?

One of the more popular business-critical terms you might have heard before is Disaster Recovery (DR). The term Disaster Recovery first started floating around business communities in the 1970’s when organizations began to realize their dependence on computer systems and technology could potentially be harmful to their viability if they didn’t have a plan to address a system outage. So, what exactly does DR mean and how critical is it in the modern business? Let’s break down the terms.

Read More

Its been two weeks and the Northeastern US is still trying to recover from the effects of Hurricane Sandy. The reports of damage and residual effects are well known by now. Large areas along the East Coast have been shutdown without power since the hurricane hit on 10/30. Communications networks have been disrupted. Fuel shortages are effecting all modes of transportation.
Are we in at risk? Even though we are over 100 miles inland, Hurricane Sandy was 1000 miles wide. A storm of that size would affect large parts of Texas up to several hundred miles inland with torrential rains, tornadoes, and winds.

OK, so if there were a big storm we need to be ready, What do we do? First the things you can do now. Make sure your key employees are briefed on your company’s emergency plans and on what you expect them to do during and after the storm. Make sure you have all current employee cell and land-line phone numbers. Also, document your critical functions and cross train your employees. If one of your employees isn’t available you still need to make sure that your key business processes still function. If you have employees who absolutely must be at a work then find a way to get them there and if you really want to have an effective and motivated employee, make sure you have a way to take care of their families.

Next, make sure you test your system backups. If you employ 3rd party off-site backups then make sure these are tested and you know how to recover your business from them. Also, make sure you have something and someplace to restore to. If you have alternate networks, then test them. Storms like Sandy don’t come out of nowhere so we’ll always have a lot of warning leading up to this storm. If you absolutely have to be functional then you should have a backup generator, and always remember to monitor your fuel levels and test the generator periodically.

Determine the likelihood that your office will be adversely affected. Never ever have a window in your server room. Make sure your server room isn’t in the basement or on the 1st floor.

Do you have any key cloud services? Even if a storm isn’t nearby you could still be affected. Where are these services located?  What does their disaster recovery plan look like? How will they recover if they are effected. To make sure that they are covered ask for a SAS 70 report or its replacement, SSAE16. These reports certify that your cloud vendor’s data center security is high and that they have a disaster recovery plan in place.  Don’t be afraid to ask them for a copy of it. This is not an unusual request. All banks and credit unions required it of their larger key vendors that are critical to the success of a disaster recovery.
If your business depends on the Internet to access data and send and receive messages then be sure to let your customers and vendors know that there may be communications issues. A large portion of the network traffic passes through major metro areas in the US. While these network centers are well protected against failure, that doesn’t mean that the networks they feed are equally well connected. You could find major network outages during and after the storm. Fortunately the Internet was built to bypass network damage even if it’s extensive but the chances are good that if this happens, you’ll be routed on slower more complex routes.

Whether you’re in the affected area or simply watching from afar, Hurricane Sandy can be a great lesson. First, it explains the necessity of geographical diversity when it comes to looking for cloud or co-location services. New York and Philadelphia or even Boston are just too close to each other to be safe from the same natural disaster. Second, Sandy demonstrates the necessity of backup power and off-site data backup as well as the necessity of testing both of them regularly. Finally, this event demonstrated that a catastrophe can happen anywhere, even where you are. You can’t afford to ignore the possibility.