PSRINC.com & IT Tool kits Partnership

Business continuity planning becomes more critical

webmaster — Sat, 24 Jul 2010 13:38:56 -0600

The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.

Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.

The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.

Security demands CIOs to adapt as new threats appear

webmaster — Tue, 13 Jul 2010 01:27:19 -0600

It is not easy to keep an enterprise successful and secure these days. Businesses all over the world are faced with a host of new challenges: an unsteady economy, growing competition, volatile global markets, shrinking budgets, and consumer uncertainty. Overworked IT departments are not only expected to respond to the demands of anxious business teams, theyre also responsible for securing the organization and its valuable data against a raft of sophisticated new threats they have never seen before; proving their processes are internally and externally compliant; and being fiscally responsible.

The security policies and procedures template by Janco is the perfect solution. It helps CIOs and IT Managers create the proper security environment.

Because of the way security has evolved over the years, it is rarely looked upon or "fulfilled the role" as a strategic business enabler. Some see it as an inescapable and often costly necessity. The approach to security is generally driven by the latest threats; it is reactive rather than proactive, tactical rather than strategic.

H-1B rule may help US IT job market

webmaster — Tue, 22 Jun 2010 22:17:29 -0600

Job Market maybe helped by a proposed new rule. A rule known as the 50/50 rule in a piece of 2009 Senate legislation (as well as a clause in the House in the Comprehensive Immigration Reform ASAP Act of 2009) seeks to balance out the numbers of foreign workers and U.S. workers in companies that employ more than 50 U.S.-based employees. If a company is using H-1B or L-1 visa workers or both, the legislation would limit the number of those workers to no more than 50 percent of the company's U.S.-based workforce.

Disaster Planning Takes Good Staff

webmaster — Fri, 18 Jun 2010 16:05:09 -0600

Good business continuity planning needs to take a broad view, embracing people, human behavior, customers and other factors that lie outside the data center. It is also important to secure the vision and endorsement of executive management. A properly funded, well-prioritized business continuity plan, combined with a regular program of testing and recovery drills, will help to safeguard the organization. Read this white paper to understand the key elements of a successful business continuity plan, see how to develop a plan that clarifies what is critical, and set specific recovery requirements.

Disaster Recovery is Area of Cost Cutting Focus

webmaster — Thu, 10 Jun 2010 12:43:19 -0600

Disaster Recovery (DR) is a tough game. It's a critical component of IT and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. Unfortunately, DR is often one of the first line items hit by budget cuts. How can you get creative in protecting more data, recovering more swiftly, but also saving some money at the same time?

According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

Next to personnel, data is your most irreplaceable asset. Networks, application hosting platforms, and end user computing environments can be replaced quickly. However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.

Disaster Recovery Planning is Required for Business Continuity Planning

webmaster — Thu, 27 May 2010 22:10:49 -0600

Disaster Recovery Plans are part of a larger, more extensive planning process known as Business Continuity Planning. Disaster Recovery plans should be tested frequently so that the as many individuals as possible are familiar with the specific actions they will need to take when a disaster occurs. Disaster Recovery plans must also be adaptable and updated frequently, e.g. if new people, a new branch office, or new hardware or software are added to an organization they should promptly be incorporated into the organization's disaster recovery plan. Enterprises must consider all these facets of their organization as well as update and practice their plan if they want to maximize their recovery after a disaster.

Disaster Recovery and Business Continuity Planning are the process an organization uses to recover access to their enterprise operations; software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. While Disaster Recovery and Business Continuity plans, or DRPs & BCPs, often focus on bridging the gap where data, software, or hardware have been damaged or lost, one cannot forget the vital element of work force that composes much of any organization. A building fire might predominantly affect vital data storage; whereas a pandemic or epidemic illness is more likely to have an effect on staffing. Both types of disaster need to be considered when creating a Disaster Recovery and Business Continuity Plans. Thus, enterprises should include in their DRPs & BCPs contingencies for how they will cope with the sudden and/or unexpected loss of key personnel as well as how to recover their data.

2010 Productivity Award Give to eJobDescription.com

webmaster — Wed, 26 May 2010 14:20:06 -0600

The IT Productivity Center (ITPC) has just awarded ejobdescription.com with its prestigious 2010 Productivity Award for the electronic Internet and IT Job Descriptions HandiGuide. The 2010 awards competition attracted 131 nominations for innovations and productivity improvements worth $40 million in cost savings, cost avoidances and increased revenue for the IT function of enterprises of all sizes.

The awardees electronic book met all of ITPCs criteria for improved productivity, as it is electronically based and is content rich. Not only does it include 231 fully ADA and ISO compliant IT job descriptions, it also contains a job progression matrix, sample organizational charts, set of best practices for screening resumes and phone screening, process for hiring and motivation employees, job evaluation questionnaires, and logs to be used in the hiring process.
In providing the award the CEO of the IT Productivity Center said, We have reviewed the job descriptions that are included in the HandiGuide and find them as complete and update as any that we have seen. They added, The best practices included are what really put this product over the top for http://www.ejobdescription.com. Every CIO and IT Manager should strive to achieve the processes contained within the HandiGuide.

The 2010 Productivity Award allows its recipients to the award logo on their web site as well as including it on any materials that that received the award.

In order to qualify for this award the product or service is required to Soar like and eagle as the logo depicts. The center is constantly looking for enterprises that seek to achieve this goal. Nominations are accepted from enterprises that can show measurable productivity improvements from the products or services that they nominate.

Recession drags on and on and....

webmaster — Tue, 11 May 2010 15:59:41 -0600

Per-hour worker productivity in the U.S. grew 2.5% in 2009, according to The Conference Board's Total Economy Database. At the same time, employment decreased by 3.6%, and hours worked per employee dropped by 1.5%. The rise in productivity last year, as well as the 3% increase that The Conference Board projects for 2010, is a reversal of a long downward trend. But the rise is entirely due to the stresses of the recession, the organization says.

In contrast, The Conference Board notes that per-hour worker productivity dropped 1% in Europe last year, and the chief economist for the organization, attributed the divergence to the way companies in the two parts of the world reacted to the recession.

Privacy Commissioners ask Google to respect national privacy laws

webmaster — Sat, 24 Apr 2010 10:49:08 -0600

The privacy commissioners of Canada, France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain, and the U.K. send and open letter to Google asking the company to respect national laws, and also to adhere to six guiding privacy principles:

Collect and process only the minimum amount of personal information necessary to achieve the identified purpose of the product or service;
Provide clear and unambiguous information about how personal information will be used to allow users to provide informed consent;
Create privacy-protective default settings;
Ensure that privacy control settings are prominent and easy to use;
Ensure that all personal data is adequately protected, and
Give people simple procedures for deleting their accounts, and honor their requests in a timely way.

"Privacy is a fundamental right that people value deeply," the letter concluded, calling on Google to promise to respect privacy and data protection requirements before the launch of future products.

Data Protection and Records Management CIO Concern

webmaster — Thu, 22 Apr 2010 22:56:07 -0600

Data Protection is a complex topic that has become a growing concern of most companies as they face increased quantities of critical information which must be stored, protected and archived to meet regulatory requirements, user expectations and business requirements. Consolidating storage and backup practices with Storage Area Networks gives customers a wide variety of ways to create point-in- time snapshots, clones and replicas of data to be used for disaster recovery and business continuity. The addition of data deduplication technologies has delivered on the promise of significant cost savings through backup data reduction and enlarged the scope of potential applications that can be protected effectively and affordably - both at central and remote sites.

Management concerns of CIOs and executive management

webmaster — Tue, 13 Apr 2010 22:48:54 -0600

The top security concerns of executive management, including CIOs are:

Regulatory compliance
Protecting data from outside access
Keeping secuirty cost to a minimum
Understanding and managing security risks
Enabling employee access to useful business data
Protecting data from unauthorized access by insiders
Protecting the securfty image of the enterprise

H1-B Cases not easy to prosecute

webmaster — Tue, 06 Apr 2010 14:33:21 -0600

More than a year ago, federal agents arrested 11 people in seven states for submitting false statements and documents in support of their H-1B visa petitions. The Department of Justice also issued indictments against IT services firm Vision Systems Group of New Jersey for conspiracy and mail fraud involving H-1B visas. A court finds federal investigators acted recklessly in the aftermath of last year's bust of an alleged nationwide H-1B scam ring, arresting 11 people in seven states and bringing a 10-count indictment against a New Jersey IT services firm, Vision Systems Group.

The federal investigation involved companies that sponsored primarily H-1B non-immigrants. Vision Systems officials claimed their H-1B workers have been brought to the United States to fill existing IT vacancies. The feds claim the companies have not always had jobs available for these workers, placing them in non-pay status after they arrive in the United States.

Vision Systems is suspected of visa fraud, mail fraud, wire fraud, money laundering and conspiracy.

Goverment to add new mandates on Internet companies

webmaster — Wed, 03 Mar 2010 14:59:27 -0600

Senator Richard Durbin, the assistant majority leader, is planning legislation that will require US Internet companies to uphold human rights abroad. "With a few notable exceptions, the tech industry seems unwilling to regulate itself, Durbin said. I will introduce legislation that will require Internet companies to take reasonable steps to protect human rights, or face civil and criminal liability."

Compliance concers of CIOs

webmaster — Wed, 24 Feb 2010 13:23:44 -0600

Major security legislation that CIOs should be concernted wtih are based on where they operate and who their customers are.

Enterprises doing business within the United States

SOX The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
HIPAA The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
GLBA The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.

Enterprises doing business with the US Federal Government

FISMA The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.

Enterprises doing business internationally

Basel II The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
UK Data Protection Act of 1998 The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.

64 bit processors take off

webmaster — Tue, 16 Feb 2010 16:51:32 -0600

Good news for fans of technological progress: Windows 7 is on track to become the first Microsoft desktop OS that's as popular in its 64-bit (x64) format as it is in the legacy 32-bit (x86) format that has dominated PCs for nearly two decades. The Infrastructure is changing.

A recent survey by the folks behind the Steam online gaming network shows that, at least among gaming enthusiasts, 64-bit is now the more popular way to go, with the majority of gamers running the x64 variants of Vista or Windows 7.

According to records drawn from its 23,000-strong user base, more than half of Windows 7 PCs are running the 64-bit version. This is remarkable in that the exo.performance.network user base consists primarily of enterprise IT users, not hardcore gamers like Steam's users. Moreover, it represents a significant uptick in 64-bit use versus that in Windows 7's immediate predecessor, Windows Vista. Of the thousands of Vista machines monitored by the network, less than one in five are running the x64 edition.

Security Risks and Compliance Requirement Defined

webmaster — Tue, 09 Feb 2010 15:05:50 -0600

For businesses today, managing IT security risk and meeting compliance requirements is paramount. The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information - resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security - creating further pressure for organizations to define, control and govern their IT infrastructure more effectively.

Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive information (specifically financial, non-public information and protected healthcare information). This has significantly impacted the underlying IT systems that support the applications and repositories holding this sensitive information. Organizations are continuously looking for help in preventing fraud and protecting sensitive information. The fact that key corporate executives carry personal liability in the event of non-compliance virtually ensures compliance to be a key initiative in any large organizations. Additionally, there are other internal cost-containment requirements that can be effectively met by defining and implementing a sound auditing and compliance methodology. Most corporations agree that compliance leads to better corporate governance and management.

Goverments sites hacked -- again

webmaster — Sun, 31 Jan 2010 16:55:35 -0600

Someone defaced the Web pages of nearly 50 members of the U.S. House of Representatives with an explicit insult to President Obama after he gave his State of the Union address on Wednesday night.

The 49 House Web sites, representing both Democrats and Republicans, were managed by a company called GovTrends, The Associated Press reported on Thursday.

Security Manual Template

ISO 27000 / HIPAA / SOX / CobiT Compliant

Includes PCI DSS Audit Program

The hacking occurred while GovTrends was performing an update, Jeff Ventura, spokesman for the House chief administrative officer, told the AP.

Last August, 18 House sites managed by GovTrends were also defaced, according to Ventura, who added that the House is reconsidering the business relationship with the Web site service provider.

How secure is your sensitive data?

webmaster — Wed, 27 Jan 2010 14:50:25 -0600

The prevailing model of enterprise network security is rooted in the axiom that being "physically inside is safe and outside is unsafe." Connecting to a network point within the enterprise is generally considered safe and is subject to weaker security controls. On the other hand, tight security controls are enforced at the network traffic entry and exit points using firewalls and VPNs. A WLAN breaks the barrier provided by the building perimeter as the physical security envelope for a wired network because invisible radio signals used by the WLAN cannot be confined within the physical perimeter of a building, and usually cut through walls and windows. Firewalls, VPN and 802.11i become ineffective at protecting the network from hackers, but there are certain security measures you can take.

This Security Manual for the Internet and Information Technology is over 240 pages in length and is ISO 27000 Compliant. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).

Outsourcing issues CIOs need to address

webmaster — Tue, 19 Jan 2010 17:25:11 -0600

CIOs need to avoid issues associated with their businesses as they operate in a crisis mode. Outsourcing decisions will be made in haste and be too simplistic and sudden to deliver real business advantage.

CIO should start their sourcing endeavor by building a solid sourcing strategy that focuses on creating short and long term value. This strategy should be aligned with the organization's sourcing management maturity and include business value scenarios, open options and a road map of value creation with a timeline of expected results.
CIOs must take a long-term view of the developing global presence of countries that can provide high-quality resources at the right price point. If your geographic presence is diverse, seek providers that are not exclusively focused on single country, so that you can mitigate risks (such as geopolitical instability) and also take advantage of the benefits of alternative countries, which may offer opportunities close to your own growth markets.
CIOs should actively monitor the market to determine the best combination of software and IT services and service provider options to meet their requirements and specify their appetite for risk.

Security a key issue

webmaster — Wed, 13 Jan 2010 07:22:27 -0600

Some industries inherently deal with extremely sensitive data financial services, healthcare and law firms are among some of the businesses that cannot risk a data breach due to an employee emailing a file that could be compromised en route. It is imperative that their knowledge workers and staff had a bullet-proof way to move files.

IT Professionals Not Happy

webmaster — Thu, 07 Jan 2010 08:46:54 -0600

The recession and its accompanying reorganizations, layoffs and corporate turns to outsourcing have been corrosive to IT employee job satisfaction.

And that job dissatisfaction is increasing concerns among many employment experts that key employees may leave current jobs as soon as they get what they perceive is a better offer.

A mid-2009 job satisfaction survey by the Corporate Executive Board, a Washington-based advisory firm that counts many Fortune 500 firms among its clients, found that the number of dissatisfied workers continues to increase. The firm surveys 150,000 workers each quarter, asking a battery of behavioral questions about their jobs. About 10,000 of the those surveyed work in IT jobs, board officials said.

Salaries Flat and Demand Low -- Where to Look for a Job

webmaster — Tue, 29 Dec 2009 15:56:09 -0600

For IT professionals who are either looking to get back into the workforce or mulling moves to greener pastures, here are the skills most in demand . Among companies that plan to hire, the top reason for doing so is to meet demand for new systems and projects. That could be why programming/application development is the skill set that's most in demand, by far, according to Janco.

Building the IT Staff your company needs to succeed requires offering the right jobs at the right salary levels. Only the IT Hiring Resource Kit provides the industry-standard job descriptions and up-to-date salary data you need to recruit top talent as effectively and efficiently as possible.

This indispensable resource provides up-to-date salary data gathered through an extensive survey of businesses throughout the United States and Canada, plus polished job descriptions for the 73 IT positions surveyed. This proprietary information will reduce the time it takes to recruit top talent and ensure that you get the right person for each job.

Security for laptop computers

webmaster — Wed, 09 Dec 2009 17:27:38 -0600

The simplest form of laptop computer security involves protecting the computer and its physical environment. More than 31% of organizations surveyed provide laptop users with cable locks to secure their computers when out of the office.

Nearly 94% reported the use of password-based authentication on laptop computers. Interestingly, this same survey group indicated that they believed employees were responsible for most incidents of data breach within their organizations. Clearly, many organizations believe that despite basic precautions such as providing laptop locks and password-protecting computers, employees remain the weakest link in security plans.

Unretired IT Pros source of talent

webmaster — Tue, 01 Dec 2009 08:08:14 -0600

(BusinessWeek) As the recession forces more older workers to postpone retirement, a major shift is under way in the makeup of the U.S. labor pool. Calls for "Tennis, anyone?" are going unanswered. Foursomes on the fairways are few and far between.

Retired Americans who thought they would be golfing or shopping with grandchildren are sharpening their tech skills, updating resumes, and scouring job boards instead. America's recent retirees are talented, innovative and energetic - and millions of them have found that retirement just isn't for them. They're joined by millions more who have realized they can no longer afford to stay retired, following last year's stock market and housing crash.

The AARP says that 8 out of 10 baby boomers will work part- or full-time past retirement age. That's 64 million unretiring Americans, the biggest demographic shift in the American workforce since WWII - and 93% of the growth in the American labor market from now until 2016, according to the Pew Research Center. Welcome to "Gen U" - Generation Unretired - America's newest, bona fide workforce segment. To sail through this sea change in the labor pool, managers need to recognize the unique set of opportunities that Gen U presents.

Securtiy threats aboud for mid-sized companies

webmaster — Mon, 30 Nov 2009 14:02:52 -0600

Midsized companies need a way to easily and cost-effectively manage threats, whether they originate inside or outside the business. Compromised data or malicious code can threaten profitability or even cripple critical systems. What's more, not being able to audit in-house data access can result in being out of compliance with many industry-specific regulations - which can bring fines.

During times of economic uncertainty as we are in now, security threats can rise. Midsize companies need a way to easily and cost-effectively manage threats, whether they originate inside or outside the business. On top of that hackers are now attacking RFID tags and readers, mobile devices and hardware drivers and using advanced information security threats such as rootkits and self-morphing Trojans to gain control of PCs.

Hackers proved in 2009 that social networks could be used to spread malware and trick users into giving up their data, but in 2010, according to two senior researchers, cybercriminals will turn to more sophisticated methods, including using social network architectures for the backbone of their attacks.

Researchers have seen changes in malware in 2009 with cybercriminals producing multiple variants to trick antivirus software. While 2010 malware will be similar, targeted or specialized malware will aim at embedded devices. Attackers will target ATM vulnerabilities, errors in electronic voting systems and even holes in systems that provide premium pay-per-view content to get access to streaming movies.

Security software makes new in roads

webmaster — Mon, 16 Nov 2009 17:08:34 -0600

(PC World) Worried about burglars? Then you probably keep your valuables in a safe, or at least in a safe place. And, if you're really worried, you'll scour the house from time to time, scooping up items that should be protected under lock and key. That's exactly the idea behind identity-theft prevention software Identity Finder Professional Edition 4.0 ($29.95 per year direct). It thoroughly scans your computer for valuable, unprotected personal information and makes it east to protect or delete it. If spyware weasels past your security software, it won't find any juicy tidbits to steal. Even a real-world burglar who carries off the whole computer won't get hold of your personal data.

Identity Finder Professional Edition 4.0 includes several improvements over Identity Finder Professional Edition 3.4. You can now define separate profiles for different users on the same computer or export a profile for use on another computer. The user interface is streamlined, as are the helpful wizards that walk you through the steps of protecting your private information. Identify Finder can now blank out just the sensitive data within many kinds of documents, not only text files. And it can now search for items containing specific combinations of personal data items - for example, a social security number plus either a phone number or a personal address.

Dell and HP users frustrated by Win 7 delivery delays

webmaster — Tue, 10 Nov 2009 07:58:56 -0600

Dell and Hewlett-Packard customers are angry that they have not yet received the Windows 7 upgrades promised them when they purchased new PCs earlier this year, according to messages on the companies' support forums.

Add to that that many drivers are not ready from HP. Users of HP and Dell are very frustrating. IT Service Management is not what it should be at both companies

The delays have exhausted the patience of some users. "I got tired of waiting & [and] purchased a copy of Vista Ultimate with the Windows 7 Upgrade Offer," said a user on the Dell thread. "I purchased the software, logged into Microsoft and put the offer key in. Got the Win7 Ultimate Upgrade DVD in the mail within 5 days with no charge."

Dell did not reply to a request for comment about its Windows 7 upgrade delays. An HP spokeswoman, however, acknowledged that the upgrades were behind schedule. "There has been a delay in shipping consumer notebook upgrade kits due to extra efforts made by HP's consumer notebook business to ensure customers will have an easy upgrade experience." She added that HP would begin shipping upgrades this week.

Access Control Lists - ACL - continue to evolve

webmaster — Sat, 17 Oct 2009 11:05:09 -0600

As computers and network access to data evolve, the meaning and application of of access control has changed. Access Control Lists (ACLs) came into the market and created a new security model that has proven to be very useful. In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited.

For each object; who can modify the object's ACL and what changes are allowed. ACL models are assigned to individual objects, or to a collection of objects, and correspond to what may or may not be permitted to "access" the object to which they have been assigned. Taking things even further, the access control model progressed into providing authentication, authorization, and audit solutions to oversee any given user during a session. For authentication, digital certificates, security tokens, smart cards, biometrics, and ID/Password functionality are all examples of the tools available.

For authorization, several access control methods can be implemented across a network. However, role-based access control (RBAC) has proven to be the best approach to ensure effective security policies are in place. RBAC enforces access control policies that are determined by the system and not the application or information owner.

DuPont has another security breach according to lawsuit

webmaster — Sun, 11 Oct 2009 23:25:11 -0600

In recent lawsuit, DuPont pointed it finger at a telecommuting worker and Peking University in Beijing in a data theft case. This is the second time in recent years that DuPont has been involved in an incident involving an alleged compromise of its trade secrets. In February 2007 a former research scientist at DuPont, admitted to stealing proprietary company information valued at $400 million.

DuPont in September filed a lawsuit in Delaware Chancery Court accusing and employee of stealing data on a new, thin-computer display technology called "organic light emitting diode" or OLED. DuPont claimed that the employee planned to use the stolen information to commercialize OLED products in conjunction with Peking University in Beijing, which is developing similar technology.

The employee had extensive access to cutting-edge OLED research information that DuPont considered a trade secret. The OLED research data was stored by DuPont in three separate Lotus Notes databases and could only be accessed by a limited number of employees using two-factor authentication. In June, the employee informed DuPont officials that he was resigning from the company and planned to join DuPont in China.

During a meeting with his supervisor, the employee asked for permission to transfer files from his company laptop to systems in DuPont China. Though he was denied permission to do so, the employee allegedly went ahead and copied over 500 files from his company-issued computer onto an external storage device.

Over 550 of those files were later found on his home computer, which DuPont investigators inspected with the employees permission. A forensic analysis of the home computer also showed that more than 175 of the DuPont files had been opened using the Internet Explorer browser, suggesting that the employee had accessed or sent the documents using a personal e-mail account, according to court documents.

The employee is also alleged to have downloaded a Microsoft Word document with information on a specific procedure invented by DuPont to improve the stability and performance of organic electronic materials, court documents said. According to court papers, DuPont has spent millions of dollars and put more than 17 years of research into developing OLED technology.

DuPont investigators also found evidence on the employees computers that he had accepted a position at the department of advanced materials and nanotechnology at Peking University's College of Engineering.

Google and Microsoft in seach engine war

webmaster — Mon, 05 Oct 2009 14:37:16 -0600

Google is as entrenched in the search engine market as Microsoft is in the browser market. It is hard to underestimate just how entrenched Google is as the default Internet search engine. It is not just top of mind for the vast majority of users; it is also built into many of the automated searches that are embedded into other Web sites. After gaining market share every month since its June unveiling, Microsoft's Bing search engine slipped a bit last month for the first time.

While Bing did not show a dramatic fall by any means, this latest report is its first shift in momentum. Web metrics firm Net Applications this week reported that Bing's share of the global search engine market slipped from 3.52% in August to 3.39% in September. The market share of the dominant search engine, Google, also dipped slightly between August and September, going from 83.33% to 83.13%, according to the latest Net Applications report. comScore Inc. said its research found that Bing increased its share of the competitive market by 4.5% between July and August to 9.3%. In addition, The Nielsen Co. last month said its survey found that Bing's share of the search market grew between July and August.

Data Encryption a CIO and IT Manager Issue

webmaster — Sun, 27 Sep 2009 17:42:33 -0600

Encryption continues to be the topic on every CIO and IT person's lips nowadays. No one wants to end up in the news as the next victim of a privacy breach or the next company that didnt protect its customers information. If you conduct a news search using the words personal data breach, you wll be alarmed at the number of instances where personal information such as social security and credit-card numbers have been exposed to possible theft. In a recent breach, a state government site allowed access to hundreds of thousands of records, including names, addresses, social security numbers and documents with signatures.

Whether it is government agencies, research facilities, banking institutions, credit card processing companies, hospitalsor your company's computers - the risk of compromising private information is very high. Since business relies so heavily on technology today, business risk becomes technology dependent. The possibility of litigation is part of business. It has always been a risk of doing business, but because technology and today's business are so intertwined, business risk has a higher threat level. This has prompted many to encrypt workstations and mobile computers in order to protect critical business data.

If you have rolled out encryption, how do you maintain your IT service quality when the hard disk drive fails? How do you plan and prepare for a data loss when the user's computer is encrypted? These are all issues that should be considered when putting together a data disaster plan. In addition, data recovery, one of the more common missing elements of a disaster recovery plan, should also be factored in because it can serve as the last ditch solution when all other options have been exhausted.

Data Recovery and Encryption

Business continuity and disaster planning are critical for businesses regardless of their size. Most archive and backup software have key features to restore user files, database stores and point in time snap-shots of users files. Software is becoming more automated so users dont have to manually backup their files. Some computer manufacturers have built-in backup systems that include dedicated hard disk drives for archive storage. Most external USB hard disk drives have some sort of third party software that provides data archiving during a trial time period. Such solutions, while solving the data backup need, create questions regarding how effective the systems are with respect to user data. What are your options when a users computer has a data disaster and the hard disk drive is fully encrypted?

Most IT security policies require a multi-pronged approach to data security. For example, when setting up a new computer for a user, the IT department will require a BIOS (Basic Input/Output System) password for the system before the computer will start. BIOS password security varies in functionality. Some are computer system specific, meaning that the computer will not start without the proper password. Other BIOS passwords are hard disk drive specific, meaning that the hard drive will not be accessible without the proper password. Some computer BIOS employ one password for access control to the system and the hard disk drive. To add a second level of protection, new IT security policies require full hard disk drive encryption. The most common of full hard disk encryption software operates as a memory resident program. When the computer starts up, the encryption software is loaded before the operating system starts and a pass-phrase or password prompt is required. After a successful login from the user, the software decrypts the hard disk drive sectors in memory, as they are needed. The process is reversed when writing to the hard disk drive. This leaves the hard disk drive in a constant state of encryption. The operating system and program applications function normally, without having to be aware of any encryption software.

Small Businesses expose consumers to virsuses

webmaster — Sat, 26 Sep 2009 17:44:36 -0600

Payment card companies mandate compliance, and most merchants are supposed to be compliant by now, according to information on the PCI Security Standards Council's Web site.

PCI DSS is in the process of being updated, and the survey will be used as input. The PCI Security Standards Council, which was set up by major credit card companies in 2006, is collecting feedback through Oct. 31 on changes to a new version of the standard, due for release in September 2010.

Around 10% of the respondents who said they were PCI DSS compliant said they weren't using basic security software such as antivirus, firewalls and SSL (Secure Sockets Layers), Shulman said.

PCI doesn't prescribe the use of specific software products but instead promotes practices and general advice, such as using a firewall and antivirus. In recent years, vendors have developed products to make the implementation of PCI DSS easier. Still, the result was surprising and indicative of perhaps continuing confusion or difficulty some businesses are having with PCI DSS.

Consumers face a greater risk of losing control of their data when doing business with smaller retailers, as many haven't made investments to comply with the Payment Card Industry's Data Security Standard (PCI DSS), according to a new survey.

The survey, which covered 560 U.S. and multinational organizations, asked respondents a variety of questions about their investments and deployment of technology to comply with PCI DSS, which was introduced in 2005. It's an industry standard created by major credit card companies that's designed to protect customer payment data.

Positive economic news on the hardware sector

webmaster — Fri, 18 Sep 2009 11:35:09 -0600

Enterprises and individual purchasers are snapping up new desktop and laptop PCs long before the launch of Windows 7, a sign of strong demand in the market.

Demand for PCs improved in July and August, which is good economic sign as the expectation was many enterprises and individuals would delay purchases until after Windows 7 came out in October. Consumers often wait until after the launch of a major new operating system to buy a new PC for fear of having to pay for the upgrade and to avoid the hassle of loading the new software themselves. This time, strong marketing free or discounted Windows 7 upgrades for new PC buyers ahead of the official launch of the OS appears to be working.

USB ports are a major security breach

webmaster — Fri, 11 Sep 2009 11:48:18 -0600

USB ports provide an overly convenient bridge for malware to creep from a portable media device onto an unsuspecting user's system. In many enterprises, computers have USB-infecting malware -- even trusted clients with otherwise stellar security histories.

The primary culprit are Microsoft Windows' autorun and autoplay features for portable media devices (USB keys, USB hard drives, camera memory flash cards, and so on). To make users' lives easier, Microsoft coded Windows to seek and deploy autorun and autoplay files on removal media. A user connects his or her device, and the program it contains launches automatically, if so designed by the software developer. It is what allows a CD or DVD to start playing the moment it is inserted or new software programs install routine to automatically commence.

Wi-Fi on Planes Coming - Slowly

webmaster — Tue, 01 Sep 2009 09:43:23 -0600

U.S. airlines are adding Wi-Fi to more of their planes, but it could still be years before the biggest carriers have their fleets fully equipped with the wireless technology and passengers can expect to have access to e-mail and the Internet when they board any flight.

Only one major airline, AirTran Airways, has equipped its entire fleet with Wi-Fi using a service called Gogo, which relies on ground-to-air gear over the 3 MHz spectrum from Aircell. AirTran has a fleet of 136 aircraft, and Aircell said Gogo is available on more than 500 aircraft on six U.S. airlines, including all 28 planes flown by Virgin America.

But AirTran's fleet is smaller than those of the biggest carriers, such as American Airlines, Delta Air Lines and United Air Lines. This week, American said it had nearly 115 planes equipped with Gogo. It also expects to have 300 more planes in its 500-plane fleet equipped with Gogo within two years.

In late July, Delta said it had 219 aircraft with Gogo and expected 330 of its planes to be have the technology installed this year. United has said it will only have Wi-Fi on 13 long-distance flights in the second half of 2009. US Airways has yet to roll out Gogo on its planes, saying it plans to do so early next year.

Some airlines, including Southwest Airlines and Alaska Airlines, are relying on Wi-Fi technology that connects planes to satellites from a vendor known as Row 44 Inc. Westlake Village, Calif.-based Row 44 is also working with two other unnamed airlines.

Both Southwest, which has more than 500 planes, and Alaska Airlines will move forward quickly to roll out service to their entire fleets. The two airlines recently concluded successful tests on several planes. Row 44 received authorization from the Federal Communications Commission for the Wi-Fi service in early August.

Cybercrime not being prosecuted

webmaster — Fri, 28 Aug 2009 10:45:58 -0600

Professional organized cybercrime started with the "king of spam" corporate giants in the late 1990s. These organizations often made millions under the guise of legitimate Internet marketing while sending billions of illegal e-mails. Many of the owners became and remained rich. They bought large houses and outrageous cars, got new beautiful wives, and sent their kids to expensive private schools. Heck, spammers aren't even considered in the top 200 spammers unless they are sending out hundreds of millions of illegal e-mails per day.

Crimeware gangs that steal tens (if not hundreds) of millions of dollars from unsuspecting Internet victims each year. We have not prosecuted a single person from any of these big online cybercrime syndicates, and have no reason to believe that will change over the next few years. We are getting better at prosecuting cybercriminals in countries such as the United States, but these large organizations are based in other countries, protected by those nations' political leaders.

Microsoft earnings at risk

webmaster — Mon, 24 Aug 2009 09:40:31 -0600

Microsoft Corp.warned lthat an injunction preventing it from selling Word in the U.S. after Oct. 10 would cause "massive disruptions" to sales of its Office software, as well as to key partners like Best Buy Co., Dell Inc. and Hewlett-Packard Co.

A U.S. District Court Judge has issued an injunction and ordered that Microsoft pay $290 million in damages and interest to Toronto-based i4i Inc. for infringing on that company's patent for a document system that uses XML custom formatting.

The i4i technology allows users of Word 2003, Word 2007 and Word for Mac 2008 to create custom XML documents.

In its emergency motion filed Aug. 18 with the U.S. Court of Appeals, Microsoft warned of the business disruption and asked that the injunction be stayed during the appeal.

"Even if Microsoft ultimately succeeds on appeal, it will never be able to recoup the funds expended in redesigning and redistributing Word, the sales lost during the period when Word and Office are barred from the market, and the diminished goodwill from Microsoft's many retail and industrial customers," Microsoft argued.

Microsoft to continue to support IE 6

webmaster — Fri, 14 Aug 2009 09:38:45 -0600

Microsoft responded to critics who have called for the death of Internet Explorer 6 (IE6), saying "dropping support is not an option" for the eight-year-old browser.

While acknowledging that Microsoft is eager for users to upgrade to a new version of IE, General Manager of the browser group, said the decision is out of its hands. "The choice to upgrade software on a PC belongs to the person responsible for the PC," said the General Manager.

And Microsoft has no intention of putting IE6 to sleep before its already-scheduled 2014 termination. "Dropping support for IE6 is not an option because we committed to supporting the IE included with Windows for the lifespan of the product," Hachamovitch said, referring to Windows XP, the operating system that included IE6 when the former shipped in October 2001.

Salaries continue to be cut

webmaster — Thu, 06 Aug 2009 14:57:47 -0600

Computerworld - Hewlett-Packard Co., the parent company of IT services firm EDS, has cut salaries for some EDS workers by more than 30%, media reports say.

The Dallas Morning News and the local NBC affiliate, near where EDS is headquartered in Plano, Texas, are reporting the news of pay cuts based on interviews with unidentified employees.

The cuts, which could be as high as 50% once previous wage cuts by HP are tallied, may affect longtime workers in particular.

HP isn't releasing any details of the size of the cuts or numbers of employees affected.

An HP representative issued a statement saying that the action is aimed at bringing EDS salaries in line with those at HP.

A project "was undertaken to ensure that employees in both EDS and HP, holding the same roles, receive comparable compensation based on market rates," HP said in the statement. "While pay will not be impacted for the majority of employees as a result of this process, some employees will receive pay reductions while others will benefit from salary increases. We understand that these changes personally impact our employees and we are working closely with them during this transition."

HP acquired EDS last fall for $13.9 billion. EDS employed 140,000 people at the time of the acquisition.

Many U.S. firms have cut wages over the last year, but there could be other factors influencing any decision to cut wages at EDS, in particular, competition from offshore vendors.

Pandemic Planning a Must for CIOs

webmaster — Mon, 03 Aug 2009 00:39:14 -0600

As at August 1, 2009, the number of confirmed cases was over 100,000 in the UK alone rising rapidly, with the virus present in over 120 countries. Since that date, the WHO has stopped producing global figures for the spread.

However, what must be acknowledged is that the virus itself, although extremely contagious, is at this stage only a moderate one, with infection in most cases resulting in relatively mild flu-like symptoms. According to a number of market commentators and viral specialists, expectations are that we are facing potentially the mildest pandemic in living history. While it cannot be ignored that H1N1 has the potential to mutate into a more virulent strain, at present there is no evidence that this evolution has yet taken place.

With infection levels predicted to peak in the northern hemisphere between October and November, all organizations should be taking full advantage of what is essentially the calm before the storm. Each company should be putting their pandemic plans through their paces, stress testing each component, from communication strategies, to containment procedures, to HR policies. Organizations should be particularly aware of the fact that as well as having to tackle the spread of the disease itself, they will also have to tackle the spread of fear among healthy workers, as absentee levels will undoubtedly rise as people seek to limit the risk of infection.