Tag Archives: Council

What type of testing is right for your website – Understanding the difference in website testing

In the last few weeks there has been a rise in reported malware and malicious attacks on small municipalities. Testing of three small municipality websites in recent weeks by our team has resulted in failures on all sites basic security parameters. We often hear small organizations saying they don’t need to worry about attacks, they aren’t “big enough” but anyone can be a target.

Regular testing your website for known vulnerabilities and emerging threats should become a part of your Cyber Security Road Map. The first step is identifying the type of web testing that is right for your infrastructure. Here are a few key questions to consider;

1) Where is your website hosted – do you host it yourself? Is it hosted by a third-party?
2) Who is responsible for the security of the host system, the operating system?
3) Do you have a web application firewall such as CloudFlare in front of your website?
4) Is your website a static page with content?
5) Do you have a login and if so what type of data is behind the login? Customer, pricing, private personal?
6) Do you have any API interactions with other applications?

When you start down the road of testing your website you want to consider the host operating system and the application. There are two key types of testing available, fully automated scanning and manual testing. Fully automated scanning is used for both host operating systems and web applications. The host operating system scan will scan for all currently known vulnerabilities affecting that operation system. It will report back on the CVE, the risk and usually suggested remediation tips. The same is true for the web application scanning. The fully automated web application scanner will scan your website at a minimum for the OWASP top 10 vulnerabilities and report back on risks and remediation. https://owasp.org/www-project-top-ten/.

Manual testing means that you have an actual person who is using various methods to determine the security of a host or the application and If the rules of the engagement permit, they will attempt to exploit a vulnerability and gain access, modify content or download information. There are varying degrees of manual testing, the simplest is one tester and one day and the more extensive 2 testers and 5 days of testing.

The type of test that is required for your website really depends on two main factors –

 

1. Have the host and application ever been tested before?

2. What is the criticality of the data being processed or stored on this site?

 

For example, if you have a very static page of content that is hosted by a third party, chances are a good OWASP 10 scan of you site will be sufficient to let you know if you have any glaring misconfigurations that could lead to a website defacement or potential attack on your site. If your website has a login and you allow users to sign up for accounts and host dynamic content, you would want to make sure you consider a manual test at least for the first test. Once a thorough baseline has been established for the site, testing can become more routine and automated.

We recommend you develop a plan for testing and make sure to include the above considerations. There might be special notifications you have to give in writing to a third party before you test an application, you might have to have a testing IP whitelisted in a web application firewall, you may need special accounts set up in the application for testing.

If you are unsure what type of test is right for your website, reach out to us and we will be glad to discuss options with you.

http://www.mi613.ca

Share

Public Sector Leadership Series – muniSERV & Supply Chain Canada, Ontario Institute

MUNISERV IS PROUD TO PARTNER WITH SUPPLY CHAIN CANADA, ONTARIO INSTITUTE TO INVITE YOU TO THE LEADERSHIP SERIES: PUBLIC SECTOR.

Supply chain although a core function of the public sector organizations, have been traditionally treated as a back-office function. However the compounded impacts of COVID-19, subsequent responsibility of public sector towards the citizens’ health and sustainability, made public sector organizations recognize that success links inextricably to supply chain performance. That is why we once again collaborated with Supply Chain Canada, Ontario Institute to deliver the Leadership Series: Public Sector on June 17, 2021 in partnership with OPBA and CPPC for the very first time.

What is the Leadership Series:

The Leadership Series – a flagship offering from Supply Chain Canada, Ontario Institute has already garnered participation from 1,300+ supply chain professionals across Canada this year through 3 of its installments, namely:

  • Digital Transformation in Supply Chain
  • Sustainable Supply Chain
  • Women in Supply Chain

With 70+ supply chain leaders who have spoken at these installments, the Leadership Series delivers excellence and relevancy through leading-edge content and virtual networking opportunities.

Owing to the demand of the hour, we are proud to present to you the Leadership Series: Public Sector in collaboration with Supply Chain Canada, Ontario Institute.

Details:

Date: June 17, 2021

Time: 8:45 am – 4:00 pm EST

Price:

Members (Supply Chain Canada, CPPC & OPBA): CAD 149 + HST.

Non-members: CAD 199 + HST

MUNISERV members get 12% of non-member price with code MUNI12

Group Pricing (for a team of 4 or more): CAD 99 + HST per person. SAVE 50% (the group offer cannot be bundled with the 12% discount offer)

REGISTRATION

Topics on the agenda include:

  • Procurement’s Influence on Organizational Effectiveness
  • How have Government Agencies Dealt and Learnt from COVID: Improving Citizen Experience
  • Sustainable Procurement
  • Sustainable Goods Movement
  • Impact of Trade Agreements/Trade Agreements in a COVID world

 

Confirmed speakers include:

See newly added Speakers too!

REGISTER HERE

For registration enquiries, please reach out to Alisha Seguin at [email protected]

PARTNER WITH SUPPLY CHAIN CANADA LEADERSHIP SERIES: PUBLIC SECTOR

Be the voice of significant issues impacting public sector. Join some of your well-known peers in the industry to be recognized as a thought-leader in public sector and increase your brand reach.

For partnership or sponsorship enquiries, refer to the attached brochure or reach out to Kim Sforza at [email protected] .

 

 

Share

Customer Service Excellence – Maximizing Efficiency and Improving Customer Service

April 15th 12pm – 1 pm EST

Customer Service Excellence – Maximizing Efficiency and Improving Customer Service

AccessE11 Citizen Issue ManagementMunicipal 311 Software Designed for Local Government

Produce better relationships with citizens through automated status updates with a highly-integrated platform your staff will love.

  • Is your municipality looking for ways to improve your complaint and service request management?
  • Do you want to better understand the issues citizens are bringing to your municipality?
  • Would you like for your citizens to be able to view and update the issues they bring to your municipality?
  • Would you like valuable reports for your department heads and council?
  • How about collaborating with staff on the issues they are managing?
  • Want to streamline services requests and effectively manage them?

AccessE11 is a cloud-based, easy-to-use software solution to assist municipalities in better managing, tracking and reporting citizen inquiries, issues and complaints impacting your community.

Register for our April Webinar to learn about all of this and more!

Presented in Partnership with The Ontario Municipal Leadership Institute

           

Share

Digital Speaker Series – Supplier Performance & Management

Building a strong and productive relationship with suppliers is a key element to successful procurement. Supplier performance is a key aspect of that relationship. Laura Case will be discussing how supplier performance and management can impact your procurement process, and what you need to know to run a successful Supplier Performance Program. 

This one-hour session will discuss:

  • The differences between supplier management & performance,
  • The benefits of having a centralized supplier management platform,
  • Who maintains the information, 
  • Who creates and manages performance criteria, and
  • Tips on creating a Supplier Performance Program.

Join us Tuesday, May 4 at 10:00 AM ET to learn more! 

Learn More & Register Here.

Share

Digital Speaker Series – bids&tenders Information Session

Douglas Faulkner, Account Executive with bids&tenders, will be doing a high-level presentation on the functionality and features of our eProcurement platform, with time to answer any questions you may have. 

This thirty-minute session will cover how bids&tenders can help:

  • Bring procurement processes entirely online
  • Reduce spend through competitive bidding, reduced labour costs, etc. 
  • Save time in every aspect of the procurement process
  • Reduce or eliminate late and non-compliant bids

Join us Tuesday, May 4 at 1:00 PM ET to learn more!

Learn More & Register Here.

Share

Digital Speaker Series – Debrief is Not a Dirty Word!

bids&tenders – Digital Speaker Series – Debrief is Not a Dirty Word!

Join Doreen Wong, Principal Consultant with Robinson Global Management, for a webinar shining a spotlight on public sector debriefs.

Do you ever wonder why you have to give debriefs or what you should or should not say in debriefs? Does the thought of conducting debriefs cause you to break out in a cold sweat? Then, join Doreen as she offers the “real talk” on:

  • WIIFM – What’s in it for me (my organization)?
  • Do’s & Don’ts in Delivering Debriefs
  • Move the Needle on Debriefs: From Dodgy & Disturbing to Diligent & Defensible 

Register to join us Thursday, April 29 at 1:00 PM ET to learn more! 

Share

The Importance of Third Party Vendor Assessments

Lessons learned from Cyber Incident Response

We are finding many companies that have experienced a Cyber Incident are not performing even the most basic Third Party Vendor Risk Assessment.

It is absolutely imperative that if you engage with a vendor you understand the associated risks.

5 simple questions can lead you to be a better understanding of your Vendor risks and a quicker recovery from an Incident:

 

  1. Is there an identifiable Leadership team?
    • Who is accountable?
    • Would you be able to escalate or contact them?
    • Where are they located?
  2. Do they have an Incident Response plan and Reporting Structure?
    • Do they have a response plan?
    • Are there dedicated phone numbers or emails for reporting incidents?
    • Are ticket numbers assigned and tracked?
  3. Who is responsible for security within their Organization?
    • Is there someone who is responsible for security?
    • Is there a defined role or is it an off the side of the desk of another role?
    • Does the company reside in a country that has Breach Reporting responsibilities?
  4. Do you have a Service Level Agreement for responding to incidents?
    • Do you have a defined Incident/Severity matrix with set response times?
    • How do you escalate an Incident?
    • What is your communication cadence?
  5. Can they demonstrate their current level of Cyber Security Compliance?
    • Can they demonstrate the framework they adhere to? (NIST/CIS)
    • Do they disclose if and when they do vulnerability/penetration testing?
    • Do they have any risk reports (SOC 1, SOC 2, PCI or DSS) they can share?
    • Do they have patch management?

It is important to develop a Third Party Cyber Security Screening Assessment before engaging in a new contract. We can walk you through the process and helping you to understand your Cyber Risks.

 

Let’s talk Cyber!

http://www.mi613.ca

Share

You will never change my mind in a negotiation

I’ve been negotiating contracts for so long now that it’s impossible for me to remember every moment in every negotiation

 

But there’s one thing I remember vividly from every single negotiation, because it’s probably the one thing that’s remained constant through all these years

 

I’ve never had my mind changed in a negotiation

 

I’ve agreed to things and made compromises, all for the sake of getting a deal done, but no one’s ever convinced me that they were right and I was wrong…about anything

 

And likewise, I’ve never changed anyone’s mind in a negotiation, because that’s not the purpose of a negotiation

 

Our goal as negotiators is to compromise, give and take, until we arrive at a deal that’s mutually beneficial…that makes good business sense for both sides

 

However, too often I see negotiators become preachers who start lecturing the other side on the “truth of the matter”

 

Well the truth of the matter is that if I come into a negotiation believing a supplier’s software was worth no more than $10K, there’s absolutely nothing they can say that’ll convince me it’s worth a penny more than that

 

Now I may agree to pay more than $10K, but not because I’ve seen the error of my wicked ways and repented for doubting the honesty of a software vendor

 

I’ll pay more because there’s other factors impacting my decision

 

Maybe I know that they’ll never sell me the software for $10K so I’ll try to get other things thrown into the deal…longer warranty period, better indemnities, a cap on annual increases

 

The point is, I’m not focused on convincing them that I’m right and they’re wrong in a negotiation

 

The “truth of the matter” is that I couldn’t care less what they believe, as long as I get everything I need to make this a good deal for my organization

 

And I realize that’s a lot easier said than done. We’re human beings and we’re constantly looking for validation of our beliefs

 

Just turn on the news and see what’s going on in the world…right vs. left, liberal vs. conservative, republican vs. democrat

 

People yelling and screaming, lying and acting violently…just to show that they’re right and the other side’s wrong

 

Thankfully no one’s ever been violent with me in a negotiation, but I’ve been yelled at and I’m constantly being lied to

 

But none of that’s going to change my mind

 

I may walk away from a deal if I find out I’m being lied to, but more often I’ll use that as leverage in the negotiations

 

And the minute someone raises their voice it’s like they flipped on a flashing neon sign that says “I have no more valid arguments so I’m just going to start screaming like a petulant 5 year old”

 

So how do we achieve that zen-like state where we can just tune out the noise and focus on getting a good deal?

 

Well, the first thing you need to do is define what a “good deal” means for your organization…what’s your BATNA?

 

Is it driven by price… does have to be less than a certain dollar amount or you’ll walk away from the deal?

 

Is it driven by timelines… does it have to be done by a certain date or you’ll walk away?

 

Is it driven by features and functionality… it has to do these things or there’s no deal

 

Next, you need to set your threshold of acceptability, like how much you’re willing to compromise on certain terms and conditions

 

Or how much screaming and lying are you willing to put up with

 

All of these things create the foundation for a strong negotiating strategy and, when you have that, the rest is just noise

 

Now all of the things I’ve just talked about, and much more, are covered in the Sourcing Essentials Course my colleague, Mark Morrissey, and I launched a few months ago (https://oneviewnow.com/training)

 

And I truly believe that anyone who gets involved in Procurement, Vendor Management or Negotiations for their organization would benefit from this course

 

But it doesn’t matter what I believe, it only matters what you and your organization need right now

 

So I’m not going to try convincing you to believe me…instead, I’ll show you

 

In January of 2020 I launched a course called the “7 Skills of the Elite Negotiator” and I made it free

 

Almost 250 procurement professionals, legal professionals and senior executives took the course

 

I’ve reopened that course for 90 days, you can sign up here -> https://mop.mykajabi.com/7-skills-signup

 

So if you’re on the fence about the Sourcing Essentials Course, sign up for the free one and decide for yourself whether or not this type of training is for you

 

And when you’re ready to take the Sourcing Essentials Course, feel free to reach out to me directly at [email protected] to learn about our corporate group rate

 

Mohammed Faridy

CEO, OneView

 

 

 

 

 

 

 

Share

Key Considerations for Local Government Software Adoption

When it comes to adopting new software, local governments have historically been somewhat cautious. And you can understand why. Government authorities face a number of unique challenges and must operate under certain constraints that do not always apply to others.

For instance, local government systems that are public-facing must be highly reliable because they have to be online 24/7/365. They must also be private and secure, particularly where personally identifiable information for residents comes into play.

Furthermore, they must have the ability to serve a large number of users. Unlike commercial businesses, a local authority’s target audience is the entire population of a region. Meaning systems have to be capable of supporting multiple languages and accessibility needs and be able to withstand unexpected surges in demand.

Civic Pulse recently conducted a survey asking local officials what they look for in government software. In order of importance, their top criteria included affordability, low “total cost of ownership”, and local government fit. Ease of use was important too, as were strong service and support.

The results indicate a clear pattern. Local governments are not averse and, in fact, are looking to implement better software. But successful solutions must easily adapt to existing processes, constraints, and practices. Otherwise, most local officials will be reticent to implement them.

Local Government Fit

Local governments want software that provides them with extra “capabilities” but that doesn’t necessitate massive changes to existing processes. However, unless they are built from the ground up with municipalities in mind, off-the-shelf solutions rarely mesh well with existing municipal operations and often fail during implementation. And even if they can be customized to do what is necessary, the amount of work, risk and cost usually increases to the point of being untenable – particularly for smaller municipalities.

The problem is this: local governments can’t make do with one-size-fits-all software anymore. As the Civic Pulse research shows, local authorities differ from each other significantly across multiple dimensions.

Total Cost of Ownership (TCO)

More than ever, municipalities are dealing with severe budget constraints. COVID-19 continues to affect our communities in terms of public-health, socially and economically, and local governments are bearing the brunt of this. Reduced revenues coupled with the need to maintain existing services and direct more money to public health have come at a significant cost.

Not surprisingly municipalities are looking for ways to control their expenses, including how they are choosing to implement new software solutions.

What is TCO?

Simple: it’s the sum of all direct and indirect costs associated with buying, implementing and managing the software over its duration of use.

There is a wide range of factors that impact TCO. For instance, easy-to-use software lowers TCO because staff time to learn and use the software is reduced. Software with exceptional vendor service and support also has a lower TCO because resolution of software issues or response to user queries happens quickly.

Software vendors that will appeal to local government brands feature comprehensive knowledge bases for self-help, online training, and dedicated remote support capabilities. Increasingly, vendors are moving to show government departments their return on software investments in real-time. Measuring the TCO against labour-saved by the solution gives local governments the data they need to justify continued spending.

Affordability

Affordability is perhaps the biggest constraint for government departments looking to purchase software. Local governments need to keep their infrastructure costs low to continue providing high-quality, front-line services to the public.

Consistent with what is happening in the private sector, local governments are embracing cloud-based solutions that minimize large capital purchases and the need for additional in-house IT resources. This has the added benefit of allowing the infrastructure to scale with demand, ensuring that any unnecessary spend on infrastructure is avoided. Flexible pricing models that allow local governments to choose the capabilities they need a la carte are also attractive.

AccessE11 – Built for Local Government

A large number of local governments have selected AccessE11’s citizen request software precisely for the reasons described above. With AccessE11, local governments get a solution that is:

• Created with municipal operations in mind

• Extremely simple to adopt and use

• Adaptable to each municipality’s unique needs without costly software development

• Cloud-based and accessible from anywhere on any device

• Affordable for municipalities of any size

Share

Free Webinar – Customer Service Excellence – Maximizing Efficiency and Improving Customer Service

Customer Service Excellence – Maximizing Efficiency and Improving Customer Service

March 23rd  12pm – 1pm EST

AccessE11 Citizen Issue ManagementMunicipal 311 Software Designed for Local Government

Is your municipality looking for ways to improve your complaint and service request management? Do you want to better understand the issues citizens are bringing to your municipality? Would you like for your citizens to be able to view and update the issues they bring to your municipality?

Would you like valuable reports for your department heads and council? How about collaborating with staff on the issues they are managing? Want to streamline services requests and effectively manage them?

AccessE11 is a cloud-based, easy-to-use software solution to assist municipalities in better managing, tracking and reporting citizen inquiries, issues and complaints impacting your community.

Register for our March Webinar to learn about all of this and more!

Presented in Partnership with The Ontario Municipal Leadership Institute

                 

 

Share