Current Information Techolology News

Internet Misuse Concerns CIOs

- June 30th, 2009 10:22 AM

When employees and enterprise associates misuse the Internet there are ramifications for and to your enterprise:

• Higher operating expenses and reduced productivity
• Exposure to security problems such as malware
• Exposure to legal risks due to inappropriate material  
• Wasted bandwidth to support the misuse
• Unlicensed software when users download and install software from the internet
• Reputation risk from social networking which can create opportunities for employees to leak confidential information or spread damaging rumors online

more information

 

Expenditures Closely Watched by CIOs and CFOs

- June 18th, 2009 11:14 AM

In today's economy, all purchases are carefully scrutinized to ensure that each new piece of hardware and software can produce a rapid return on investment (ROI). However, even attractive and accelerated paybacks are not enough to justify additional expenditures as cautious CIOs and CFOs must continue to slow their technology spending in order to ensure weathering the current economic conditions.

According to an annual survey of top CIOs from multinational Fortune 1000 companies conducted by Goldman Sachs & Co., networking equipment emerged as one of the greatest potential areas for cost reductions in 2009. The CIOs surveyed also indicated an intensified focus on projects involving total cost of ownership (TCO) reductions, such as server virtualization and server consolidation. Faced with severe budget constraints, many CIOs also are delaying product upgrades and technology refreshes, despite the fact that OEMs continue to release next-generation products in increasingly rapid-fire succession.

As a result, increasing numbers of corporations are embracing asset recovery strategies as part of their recession survival tactics. Corporate network budgets, in particular, can be willing recipients of a welcome boost from asset recovery since high-end routers and switches retain more value than many other types of hardware. The keys to maximizing the value of surplus technology in a down economy are determined by how, when and where to offload unwanted gear as well as identifying the partner that can offer top dollar for extraneous equipment along with unparalleled responsiveness and superior customer attention.

more information

 

Metrics Key to CIO Success

- June 10th, 2009 02:06 PM

CIOs frequently ask what IT should measure and report to business executives. The key to success is choosing a small number of metrics that are relevant to the business and have the most impact on business outcomes.  The basis for  metrics that work are that they meet the criteria for relevance and impact are investment alignment to business strategy, business value of IT investments, IT budget balance, service level excellence, and operational excellence.

Metrics should form the core of an IT performance scorecard and should center around:

• Alignment of IT initiatives, investments, and operational support to the strategy of the enterprise
• Value added that IT brings to the enterprise
• Cost of new initiatives versus the cost of maintenance of existing processes
• System availability and ease of use
• Health of systems and IT function

more information

 

Easier to Cut Salaries than Lay-off Staff

- June 4th, 2009 02:04 PM

Here's the good news: While companies certainly have laid off huge numbers of employees since the economy first started to implode, it appears many of them are doing everything they can to minimize the number. From the Challenger, Gray & Christmas, Inc. press release:

... employers announcing job cuts have initiated more cost-cutting measures than employers that have not cut payrolls. Companies that made permanent job cuts averaged an additional six cost-cutting measures. Meanwhile, companies that have avoided layoffs averaged less than three cost-cutting measures.

"There is a perception out there that some companies have not made sufficient efforts to avoid layoffs by making cutbacks in other areas. This perception is fueled, in part, by a handful of examples of companies announcing job cuts while, at the same time, rewarding top executives with large salaries, bonuses and extravagant perks. However, these examples represent the exception," said Challenger chief executive officer.

"It would also be a mistake to assume that companies avoiding layoffs are doing so out of kindness. While forging good will is certainly part of the decision for some companies, many have simply cut to the bone already or never fully ramped up after the last downturn. Other companies may have more workers than they need for current business levels but are reluctant to enact widespread layoffs, knowing that a recovery will mean recruiting and training all new workers.

"This may be why we have seen an increase in the number of companies cutting salaries and other perks. It is a lot easier to restore compensation and benefits than it is to re-hire and re-train workers when the economy improves."

more information

 

PCI Compliance Has Benefits Beyond Mandated Requirements

- June 2nd, 2009 09:34 AM

PCI compliance is used as a basis for guidance on fulfilling management responsibility in relation to audits, and information on ensuring continual improvement of IT security efforts.  There is merchant confusion about all of the PCI DSS’s six main themes: Building and maintaining a secure network, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, monitoring and testing networks, and maintaining an information security policy.

PCI as a robust security standard has potential benefits beyond its immediate requirements. A generic application of its principles can fulfill other regulatory requirements for information security and privacy.  PCI compliance is mostly information security best practices. However, there is quite a bit of devil in the details of the PCI requirements. There are over 250 detailed testing procedures.

Penalties for noncompliance include higher transaction processing fees, fines, and, in extreme cases, denial of credit card processing capabilities. Violators also face legal fees, civil lawsuits, customer rejection and related revenue loss, and other costs and losses.  Understanding the PCI authority structure is important in maintaining control over PCI strategy and audits.

The PCI DSS security requirements apply to all "system components." A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.

more information

 

Virus Targets Federal Law Enforcement

- May 25th, 2009 09:37 AM

Federal law enforcement systems have been targeted by a virus. The FBI and the U.S. Marshals Service were forced to shut down parts of their computer networks after a mystery virus struck the law-enforcement. The virus' type and origin are unknown, but spokespeople for both agencies said agencies' access to the Internet and e-mail was shut down while the issue was evaluated.

The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem.

In addition to their external networks, most federal law enforcement agencies have an internal-only network to prevent cyber-snoopers from sensitive data. Government regulations require agencies to report any security issues to US-Computer Emergency Readiness Team (US-CERT).

To protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances. 

more information

 

Office 2000 is at End of Life

- May 21st, 2009 03:44 PM

Microsoft told Office 2000 users that it will discontinue security updates for the aged suite in July as it drops all support for the software.

At the same time, the company also reminded users that it's dumping the Office Update site at the end of July, part of an effort to streamline update options.

Office 2000 falls off the support list on July 14 -- which is also Microsoft's "Patch Tuesday" for that month -- as it leaves what the company calls "extended" support. From that point on, Microsoft will no issue fixes, not even ones for critical vulnerabilities; instead, it expects users to move on to a newer suite.

By policy, Microsoft supports business software such as Office for a total of 10 years, half in "mainstream" support and the second half in the more limited support. Security updates are delivered for the entire 10-year stretch.

Microsoft launched Office 2000 in June 1999.

more information

 

Security Risk Faced by Business Due to Lost of Laptops

- May 18th, 2009 03:39 PM

Anytime and anywhere employees, temporary employees and contractors can access and store enormous amounts of confidential data about customers, employees and their organizations’ operations on laptops. When these laptops are lost due to negligence or theft, the data is at risk if the organization has failed to use such safeguards as encryption or anti-theft technologies. Janco recommends implementing and monitoring strong Security Policies and Procedures.

Most executive managements and IT professionals believe the risk of having lost or stolen laptops will most likely increase or stay the same (i.e., not improve) over the next 12 to 24 months.

more information

 

Business Record Management is Difficult at Best for Many CIOs

- May 5th, 2009 10:16 AM

Several studies have found that knowledge workers spend between 15 and 35 percent of their time finding information. The requirement to find information quickly and easily makes search technology a practical and essential tool with a measurable return on investment (ROI).

However, search engines are optimized to search web pages and documents and they still fall short inside the enterprise when you consider the additional IT assets stored in applications and other real-time sources of information like databases and ERP Systems. These systems remain "unsearchable" by many current search solutions and largely remain the domain of operational reporting and business intelligence software.

more information

 

IT Metrics

- May 4th, 2009 05:01 PM

The average company that spends about 1.5% (varies by industry) of its revenue on IT and you are spending a significant amount of money on IT personnel.  Personnel expenses account for the largest segment of your IT operational budget.  Considering both employees (43%) and outside contractors (7%), the average cost of personnel in the IT operational budget is about 50% according to Computer Economics.  The majority of the IT staff spends approximately 80% of their time on:

• Application maintenance and support
• QA and testing
• Application development and migration
• Technical and database support
• Helpdesk support

The remaining time is spent primarily on desktop, network and security support.
Moreover, the average IT operational budget for application software is about 14.5%. 70% of the average application software budget is spent on application maintenance and support, while about 30% of the application budget is spent on new development.

more information

 

What you should do when you get a new job as CIO

- April 20th, 2009 04:50 PM

The first few weeks on the job set the tone for your long term success or failure in your new job.  Her are some things that you may consider as "must do's" in you first 100 days.

• Develop relationships - Learn the culture - On the first few days on the job you should spend over 50 percent of your time outside of your office listening to the people who are there.  Go to lunch with your peers, direct reports, superiors, and key players in your user community.
• Get away from the IT Department  - You have replaced someone who either was a star or a "loser" understand why your predecessor succeeded or failed and why.  Your user community will tell you and at the same time you will an insight in their mind set are as well as how easy or difficult it will be to deal with them.
• Get an independent assessment of the IT function  - Everyone has their own opinion of how good (or bad) the function is, your job is to quickly gain an understanding of it.  By using a third party you can insulate yourself from calls that there are disagreements.  You in essence become a tie breaker and can show that you are in charge.
• Learn the infrastructure  - Understand how things are done, review job description, review the chage control process, and understand the prioritization process.
• Develop a plan which will let you create some wins quickly  - This will be one of the only times that you can set the agenda and at the same time you can get yourself some breathing room.  Be careful to not over commit.

more information

 

Tweeter and Other Applications Put Enterprise at Risk

- April 17th, 2009 05:31 AM

E-mail and instant messaging (IM) afford easy to use communication and collaboration by taking advantage of the Internet's abilities, but they require networks to allow a certain amount of un-controlled internet access in order for these applications to function. IT administrators must keep their enterprises connected, yet safe, by enacting measures that allow them to monitor what comes in and goes out via Internet protocol (IP) traffic. With good management CIO have the right tools in place so IT administrators can detect threats before malicious code can take root in the network. Securing the network does not mean removing all contact with the outside world.

Because e-mail and IM applications are operated by individual users who can make bad calls on which files are safe to open, network defenses can be circumvented. Viruses sent via e-mail spread very quickly, overcoming workers’ computers and creating unplanned Disaster Recovery activity for IT departments.

As quickly as e-mail viruses spread, IM worms spread even faster. Although an e-mail virus can send itself to entire address books, they require some action by the user before the malware is activated. IM applications, however, are open channels, and a link or file pops right into someone’s desktop from a friend or colleague.

The business world is dependent on e-mail. More businesses are starting to rely on IM in their internal and external communication strategies. These platforms are not going away anytime soon. So, to take advantage of them and stay connected, spam filters and antiviral measures that scan incoming and outgoing e-mails address part of the security risk. Add IM management software and integration with firewall, secure remote connectivity, intrusion detection and prevention, and you’re well on your way to a productive, safe network for your business.

more information

 

Metrics are the key to a CIO's Success

- April 14th, 2009 01:00 PM

Metrics and the other ways to measure performance are very popular among CIOs and IT Managers. Almost every aspect of a computer's performance can be and is measured, however when it comes to service metrics for IT personnel and organizations this is one area that companies pay close attention to.

Computers or machines are easier to measure since there are little to no subjective factors. But with organizations, and especially with people, the subjective factor becomes more and more important and frequently, even if the best methodology is used, the results obtained from metrics are, to put in mildly, questionable.

Who Needs IT Service Management Metrics

Metrics are used in management because they are useful. Metrics are not applied just out of curiosity but because investors, managers and clients need the data.

There is no doubt that metrics are useful only when they are true. I guess you have heard Mark Twain's quote about "lies, damned lies, and statistics" (or in this case - metrics). True metrics are achieved via using reliable methodologies. It is useless just to accumulate data and show it in a pretty graph or in animated slideshow. This might be visually attractive but the practical value of such data is null.

However, even when the best IT Service Management metrics methodology is used, deviations are inevitable. Therefore, one should know how to read the data obtained from metrics. It is also true that metrics, including IT Service Management metrics, can be used in a manipulative way, so one should be really cautious when he or she reads metrics and above all - when making decisions based on these metrics.

more information

 

CIO face compliance issues with older unsecured PCs

- April 5th, 2009 03:29 PM

Enterprises of all sizes are hesitant to replace f existing notebook PCs due to the reluctance to spend money, and the cost of migration.

There is substantial pressure and scrutiny on all IT expenditures. However, despite this increased attention, organizations must still comply with ever more strict privacy and audit demands. One of the areas that need the most attention is the unsecure notebook PCs population that is at high risk of theft or loss. The amount of data and the ability to access corporate systems places old notebook computers among the greatest risks that an organization faces.

With the cost of hardware plummeting, and the cost of compliance issues and breaches skyrocketing, "saving money" by running a risky end-user computing environment may not make sense. CIOs can and should make the  case for the twin benefits of meeting compliance and audit demands, while reducing operating costs by deploying new laptops for your mobile workforce.

more information

 

Search Engines Part of Enterprise Infrastructure

- April 1st, 2009 12:03 AM

Recent studies have found workers spend between 15 and 35 percent of their time finding information. The requirement to find information quickly and easily makes search technology a practical and essential tool with a measurable return on investment (ROI). However, search engines are optimized to search web pages and documents and they still fall short inside the enterprise when you consider the additional IT assets stored in applications and other real-time sources of information like databases and ERP Systems. These systems remain "unsearchable" by many current search solutions and largely remain the domain of operational reporting and business intelligence software. more information

 

Drivers of Strong Security Policies and Procedures

- March 17th, 2009 12:32 PM

There are strong security implications and relationship between mandated compliance (Sarbanes-Oxley, HIPAA, ITIL, and PCI-DSS), sensitive information protection, and theft recovery. Organizations must consider all of these factors when defining security policies. It is no longer enough to attempt to address compliance issues without addressing data protection. Protection of sensitive information on mobile and remote computers requires an understanding of the issues surrounding computer theft and transmission interception. Having a broader understanding of how these areas inter-relate allows organizations to build a more robust security policy that addresses the issues of regulatory compliance, sensitive information protection and theft recovery.

Today, accepting the loss or theft of one laptop, PDA, SmartPhone, USB storage device, or tablet computer is simply not an option. A missing device can result in compliance and sensitive data protection issues that may be very costly to an enterprise's reputation and bottom line. Enterprises need to be able to accurately track their computers, know who is using them, what is installed on them, and be able to prove the actions taken to secure computers remain deployed and intact until the computer can be located.

more information

 

Government Sites Source of Many Massive Data Breaches

- March 9th, 2009 01:46 PM

The Federal Aviation Administration (FAA) was doing such a good job at protecting data in its computer systems that the Office of Management and Budget chose it in January to be one of four agencies to guide other federal agencies in their cyber security efforts.

The FAA announced the theft of personal information on employees and retirees. Two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAA’s rolls as of the first week of February 2006.

The server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system, and the FAA has no indication those systems have been compromised in any way.

more information

 

Challenges for CIOs

- March 3rd, 2009 04:32 PM

As the economic recession continues to deepen, double-digit budget cuts, hiring freezes and layoffs are becoming a fact in many IT departments. However, some CIOs are managing to keep both their staffs and their rosters of ongoing IT projects largely intact - due partly to a desire on the part of business executives to use technology to reduce corporate costs and boost revenues.

   

CIOs are now challenged more than any time in the past with the economic earthquake around the globe CIOs have to be smarter, creative and innovative. The only way for CIOs to survive the world economic reset in a knowledge age is to capitalize on our human capital, put their staff’s creativity to work, stoke our innovative furnace. There are many ways to fuel the creative fires - from management techniques, to team building, and effectively leveraging existing and emerging technological investments.  However, the key is infrastructure.  CIOs that have a one that address metrics, change management, version control, system development methodology, service management, and human resources have a better chance to make it through these tough times.

more information

 

Secrutiy Policies to Protect Against Data Breaches

- February 23rd, 2009 01:10 PM

In a world driven by PDAs, laptops, and Internet connectivity, data breaches are common and costly. The cost per record of a data breach has gone from $138 in 2005 to $202 in 2009 according to the Ponemon Institute in its fourth annual U.S. Cost of a Data Breach Study. 

Privacy violation statistics indicate that the number of incidences and costs associated with data breaches are increasing steadily, proving that organizations across industries need to take a more pragmatic approach for protecting information, especially in highly vulnerable non-production (development, testing and training) environments. Data in non-production can be more susceptible to a breach when it is used in development and testing activities, accessed by mobile employees or outsourced.

There are a number of best practices action steps that should be followed:

• Define responsibilities as to who is the “center post” in security for data.
• Define privacy and security requirements for your enterprise
• Inventory data, both electronic and physical
• Implement policies, procedures, and process to secure data
• Test robustness of policies, procedures, and processes
• Review at least annually

more information

 

Productivity Metrics Defined

- February 18th, 2009 07:48 AM

Disengaged employees produce an average of 50% less revenue than an engaged employee. By knowing who is on board, who is not and why, you can invest in areas that have the greatest impact in the shortest period of time. Increased productivity provides a greater return on your payroll investment. 

At the heart of an improved productivity is an effective Service Level Agreement (SLA) and performance metrics process that:

• Measures the right performance characteristics to ensure that the client is receiving its required level of service and the service provider is achieving an acceptable level of profitability
• Can be easily collected with an appropriate level of detail but without costly overhead
• Ties all commitments to reasonable, attainable performance levels so that "good" service can be easily differentiated from "bad" service, and giving the service provider a fair opportunity to satisfy its client.

The Metrics for the Internet, Information Technology and Service Management HandiGuide® is over 300 pages, defines 540 objective metrics, and contains 83 metric reports that show over 240 objective metrics.  Order Now

 

 

more information