PSRINC.com & IT Toolkits Partnership

Big brother compliance requirement killed in Hawaii

webmaster — Sat, 28 Jan 2012 06:03:07 -0700

Lawmakers in Hawaii on Thursday killed a bill that would have required Internet service providers to collect the detailed browsing histories of Internet users in the state and store the data for at least two years. The bill would have required anyone providing access to the Internet in Hawaii to maintain "consumer records" of every Internet user's subscriber information and data such as the IP addresses, domain names and host names of the sites they visit. It would have covered not only ISPs but also libraries, coffee shops and employers.

One of those opposing the bill was the U.S. Internet Service Provider Association, which earlier this week sent a letter to the committee's chairman. The bill was overbroad, raised a "myriad privacy concerns," and would be hugely expensive to comply with, wrote the ISP association's Executive.

Disaster Recovery Planning is Required for Business Continuity Planning

webmaster — Sun, 08 Jan 2012 15:41:38 -0700

Disaster Recovery Plans are part of a larger, more extensive planning process known as Business Continuity Planning. Disaster Recovery plans should be tested frequently so that the as many individuals as possible are familiar with the specific actions they will need to take when a disaster occurs. Disaster Recovery plans must also be adaptable and updated frequently, e.g. if new people, a new branch office, or new hardware or software are added to an organization they should promptly be incorporated into the organization's disaster recovery plan. Enterprises must consider all these facets of their organization as well as update and practice their plan if they want to maximize their recovery after a disaster.

Disaster Recovery and Business Continuity Planning are the process an organization uses to recover access to their enterprise operations; software, data, and/or hardware that are needed to resume the performance of normal, critical business functions after the event of either a natural disaster or a disaster caused by humans. While Disaster Recovery and Business Continuity plans, or DRPs & BCPs, often focus on bridging the gap where data, software, or hardware have been damaged or lost, one cannot forget the vital element of work force that composes much of any organization. A building fire might predominantly affect vital data storage; whereas a pandemic or epidemic illness is more likely to have an effect on staffing. Both types of disaster need to be considered when creating a Disaster Recovery and Business Continuity Plans. Thus, enterprises should include in their DRPs & BCPs contingencies for how they will cope with the sudden and/or unexpected loss of key personnel as well as how to recover their data.

Disaster Rcovery Plan First Steps

webmaster — Wed, 21 Dec 2011 14:16:38 -0700

Companies of all sizes have realized how critical it is to have a DR plan in place, and many have given top priority to developing one. But organizations need to know that developing a DR plan is not an overnight process but rather something that takes thorough consideration and numerous steps.

Janco's Disaster Recovery - Business Continuity Templated can help get you on the right track with creating a disaster recovery as over 3,000 enterprises around the globe of all sizes already have.

Public cloud poses a major security risk for CIOs

webmaster — Thu, 10 Nov 2011 17:04:01 -0700

Using some clouds like Amazon's EC2 (Elastic Compute Cloud) can pose a security threat to organizations and individuals alike, according to researchers. Some third parties evidently are not following best security practices when using preconfigured virtual machine images available in public catalogs, leaving users and providers open to such risks as unauthorized access, malware infections, and data loss.

The underlying message is that for all the power and opportunity of public clouds, providers and users alike need to approach with caution and embrace best security practices. Cloud infrastructure providers can't be expected to assess the security of every image, bit, and transaction that occurs on their machines any more than an apartment landlord can be responsible for everything that happens within his or her complex -- that is, what tenants do behind closed doors in the spaces they rent.

These vulnerabilities leave users exposed to malware, as well as to unsolicited connections, which malicious hackers could use to gather information about usage and to collect IP target addresses for future attacks through a backdoor.

A malicious hacker could use tools such asextundeleteandWinundelete to recover previously deleted data.

Researchers' stressed the importance of users being properly trained in using public cloud server images. Although public cloud server images are highly useful for organizations, if users are not properly trained, the risk associated with using these images can be quite high. The fact that these machines come pre-installed and pre-configured may communicate the wrong message, i.e., that they can provide an easy-to-use 'shortcut' for users that do not have the skills to configure and setup a complex server. The reality is quite different. Many different security considerations must be taken into account to make sure that a virtual image can be operated securely.

How to maximize data protection

webmaster — Sat, 05 Nov 2011 07:07:00 -0700

The top must-do tasks for maximizing data protection.

Audit Data Access - IT should keep a current list of data business owners and the folders and SharePoint sites under their responsibility. By having this list - at the ready, IT can expedite a number of the previously identified tasks, including verifying permissions revocation and review, and identifying data for archival. The net effect is a marked increase in the accuracy of data entitlement permissions and, therefore, data protection.
Inventory Permissions and Directory Services Group Objects - Effective management of any data set is also impossible without understanding who has access to it. Access controls lists and groups (in Active Directory, LDAP, etc.) are the fundamental protective control mechanism for all unstructured and semi structured data platforms, yet too often IT cannot easily answer fundamental data protection questions like, - Who has access to a data set? and - What data sets does a user or group have access to? Answers to these questions must be accurate and accessible for data protection and management projects to succeed.
Prioritize Which Data Should Be Addressed - While all data should be protected, some data needs to be protected much more urgently than other data. Some data sets have well known owners and well defined processes and controls for their protection, but many others are less understood. With an audit trail, data classification technology, and access control information, organizations can identify active and stale data, data that is considered sensitive, confidential, or internal, and data that is accessible to many people. These data sets should be reviewed and addressed quickly to reduce risk.
Remove Global Access Groups from ACLs (like "Everyone") - especially where sensitive data is located - It is not uncommon for folders on file shares to have access control permissions allowing - Everyone, or all - domain users‖ (nearly Everyone) to access the data contained therein. SharePoint has the same problem (with authenticated users). Exchange has these, as well as - Anonymous User‖ access. This creates a significant security risk; for any data placed in that folder will inherit those - exposed permissions, and those who place data in these wide-open folders may not be aware of the lax access settings. When sensitive data, like credit card information, intellectual property, or HR information are in these folders, the risks can become very significant. Global access to folders, SharePoint sites, and mailboxes should be removed and replaced with rules that give access to the explicit groups that need it.
Identify Data Owners - IT should keep a current list of data business owners and the folders and SharePoint sites under their responsibility. By having this list - at the ready,‖ IT can expedite a number of the previously identified tasks, including verifying permissions revocation and review, and identifying data for archival. The net effect is a marked increase in the accuracy of data entitlement permissions and, therefore, data protection.
Perform Regular Data Entitlement (ACL) Reviews and Revoke Unused and Unwarranted Permissions - Every file and folder on a Windows or UNIX file system, every SharePoint site, and every mailbox and public folder has access controls assigned to it which determine which users can access the data and how (i.e. read, write, execute, list). These controls need to be reviewed on a regular basis and the settings documented so that they can be verified as accurate by data business owners and security policy auditors.
Users with access to data that is not material to their jobs constitute a security risk for organizations. Most users only need access to a small fraction of the data that resides on file servers. It is important to review and then remove or revoke permissions that are unused.
Align Security Groups to Data - Whenever someone is placed in a group, they get file system access to all folders that list the group on its ACL. Unfortunately, organizations have completely lost track of what data folders contain which Active Directory, LDAP, SharePoint or NIS groups. This uncertainty undermines any access control review project, any Role Based Access Control (RBAC) initiative. In Role Based Access Control methodology, each role has a list of associated groups into which the user is placed when they are assigned that role. It is impossible to align the role with the right data if the organization cannot verify to what data a group provides access.
Audit Permissions and Group Membership Changes - Access Control Lists are the fundamental preventive control mechanism in place to protect data from loss, tampering, and exposure. IT requires the ability to capture and report on access control changes to data - especially for highly sensitive folders. If access is incorrectly assigned or changed to a more permissive state without good business reason, IT and the data business owner must be quickly alerted, and be able to execute remediation.
Directory Groups are the primary entities on Access Control Lists (Active Directory, LDAP, NIS, etc.); membership grants access to unstructured data (as well as many applications, VPN gateways, etc.). Servers also have their own - local groups that should be audited. Users are added to existing and newly created groups on a daily basis. Without an audit trail of who is being added and removed from these groups, enforcing access control processes is impossible. Ideally, group membership should be authorized and reviewed by the owner of the data or resource to which the group provides access.
Lock Down, Delete, or Archive Stale, Unused Data - Much of the data contained on unstructured and semi-structured platforms is stale. By archiving stale or unused data to offline storage or deleting it, IT reduces risk that stale data will be accessed by inappropriate parties, and makes the job of managing the remainder simpler and easier while freeing up expensive resources.
Clean Up Legacy Groups and Access Control Artifacts - Unneeded complexity slows down performance and makes mistakes more likely. Organizations create so many groups that they often have as many as they do users - many are empty, unused or redundant. Some groups contain other groups, which contain other groups, with so many levels of nesting (that they sometimes create circular a reference when they contain a group that contains itself). Access control lists often contain references to previously deleted users and groups (also known as - Orphans). These legacy groups and misconfigured access control objects should be identified and remediated.

Ten commandments of security management

webmaster — Thu, 27 Oct 2011 06:49:12 -0700

The ten commandments of security management are:

Limit access to information to those who need to have it -- People can't misuse information that they don't have.
Conduct frequent and deep security audits Identify who has access to what and how their actions could weaken the protection of valuable data/information.
Set limits to information access do not exclude all information from access data exclusion locks down access and limits set authorizations so specific people can do specific things under specific circumstances.
Limit admin to as few individuals as possible -- very few individuals need them to do their jobs.
Ignore organizational hierarch when setting access capabilities access and authorization should be based upon responsibilities, not
position.
Make Security Invisible -- Minimize extra commands, screens, pop-ups for employees; if an action is allowed, just let it happen.
Analyze Security End back doors -- Compliance logs reveal threat patterns, and show how security steps are hurting productivity.
Monitor information access and updates-- User-initiated app updates can invite vulnerabilities.
Educate everyone on security policies and procedures The more that people know about the rules the better
Make security best practices the watch word for everyone -- IT and the general workforce must address the constantly changing nature of security breaches.

Disaster Recovery Must Do Steps

webmaster — Sun, 16 Oct 2011 14:27:59 -0700

The must do things that your company must do to make sure the disaster recovery and business continuity plan will work when they are need are:

Distribute the disaster recovery and business continuity plan or a HandiGuide'® to all decision makers and key operating employees who will need access to it when the event occurs.
Define the chain of command with single leader but do not limit the people who would have to implement the disaster recovery business continuity plan when the event occurs if that leader is unavailable.
Conduct frequent tests and address all areas where shortcomings are found.
Conduct the tests in an unannounced mode
Validated that mission critical data is at sites other than the primary data center
Establish a communication plan that can be implemented after the disaster.

HandiGuide is a Janco Associates registered trademark

Records Management Policy is Key to e-discovery

webmaster — Mon, 10 Oct 2011 04:26:44 -0700

This explosion of electronic communications has opened new and creative ways of conducting business, but it has also created new challenges in the way litigation and investigations are conducted. Since communications and other records relevant to any legal matter are often found in electronic format, the methods for collecting, processing and reviewing potentially relevant evidence has changed. The process of finding, identifying, holding, searching, reviewing, producing and presenting electronic data to be used as evidence in a legal or investigative matter is called electronic discovery, or simply e-discovery.

The scope of an e-discovery effort can include any form of ESI, but the overwhelming majority of e-discovery is performed against email systems and data. In fact, email data has quickly become the de facto standard for prima facie evidence and affirmative defense in litigation or investigative matters. Unfortunately, searching against email systems often results in enormous amounts of data, which must then be processed and reviewed for relevance, typically by paralegals and attorneys who charge by the hour. Therefore, email processing and review is typically the most costly part of an e-discovery project.

Endpoint data is security and compliance risk

webmaster — Sat, 01 Oct 2011 12:55:52 -0700

CIOs all agree that endpoint information is a potential liability. The big question is, where do CIOs find a non-intrusive way to protect and classify endpoint data to minimize risk, all while making sense economically?

With compliance requirements and external threats on the rise, no business can afford to leave its data unprotected, especially at the endpoint. Fortunately, IT leaders understand the risk: Fifty-nine percent of recent survey rate backup and protection of desktop and laptop data as crucial or high priority. Unfortunately, even though the majority of survey respondents have something in place, many fall short in terms of meeting needs for identification, classification and discovery. As a result, these firms leave themselves in a position of vulnerability - especially those in highly regulated industries.

Sixty-one percent currently using or planning to use a desktop and laptop backup solution consider improving the accessibility and availability of user data a critical or very important objective.
Fifty percent rate the ability to quickly find endpoint data for discovery and compliance purposes a critical or high priority.
Forty-seven percent expect an improvement in the ability to improve compliance with industry and government regulations as a result of the efforts their companies are making to effectively backup, protect and manage endpoint data.

FEMA emergency response first steps

webmaster — Thu, 08 Sep 2011 06:44:37 -0700

For companies just starting to develop emergency-response plans, or reviewing the plans they have, FEMA and the Small Business Administration recommend focusing on the following questions:

Who is responsible for backing up critical records, including tax, accounting, payroll, and production? Store these records, including a copy of the business-continuity plan, site maps, insurance policies, and bank-account information, both on-site and at a second site at least 100 miles away.
How will the company protect its computer hardware, software, and databases?
How will the company communicate with employees during an emergency?
Has the CFO or risk-management chief met with the company's insurance providers to review coverage? Most policies do not cover flood damage, for instance.
Does the company have a shelter-in-place plan to protect employees in the event they need to remain inside the building during an emergency? Do employees know the plan?

Working at home works in the Singapore

webmaster — Mon, 05 Sep 2011 12:28:11 -0700

Singapore companies offering flexible and home-based work arrangements are reporting a 10 per cent increase in productivity, on top of savings in rental and transportation costs.

Such arrangements also allow them to tap into the more than one million economically-inactive residents in Singapore.

And according to a Manpower Ministry survey last year, 35 per cent of employers offer at least one form of flexible work arrangement, up from 25 per cent in 2007.

Policies that you could use include:

CIO IT Infrastructure Policy PDF (All of the policies below which come as individual MS Word files)
Backup and Backup Retention Policy
Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
Incident Communication Plan Policy (Updated to include social networks as a communication path)
Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy (Includes 5 electronic forms to aid in the quick deployment of this policy)
Mobile Device Access and Use Policy
Outsourcing Policy
Record Management, Retention, and Destruction Policy
Sensitive Information Policy (HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
Service Level Agreement (SLA) Policy Template with Metrics
Social Networking Policy
Telecommuting Policy
Travel and Off-Site Meeting Policy

Disaster Recovery is Area of Cost Cutting Focus

webmaster — Sun, 14 Aug 2011 15:24:30 -0700

Disaster Recovery (DR) is a tough game. It's a critical component of IT and risk mitigation strategies, and compounded in difficulty by ever growing data volumes, distributed computing, and new technologies. Unfortunately, DR is often one of the first line items hit by budget cuts. How can you get creative in protecting more data, recovering more swiftly, but also saving some money at the same time?

According to an AT&T Survey of 100 Chicago firms (revenues <$10M), 81 have DR plans, but only 43% have fully tested their plans within the last 12 months and 12% admitted they have never tested their business continuity plans.

Next to personnel, data is your most irreplaceable asset. Networks, application hosting platforms, and end user computing environments can be replaced quickly. However, without your customer lists, product catalogs, inventory, financial records, and other operational data your business cannot recover.

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention.

Elements of Mobility Security

webmaster — Thu, 11 Aug 2011 11:54:24 -0700

As the traditional enterprise boundaries begin to fade, it is paramount that mobile devices and the sensitive information they contain be managed and protected. As a result, security perimeters must also expand beyond the internal network to these numerous critical endpoints.

Mobile Device Management

Mobile Device Management within organizations becomes more complex and important as both the number of devices and the amount of sensitive data stored on the devices increases. A lost or stolen device may compromise the critical data stored on it, unless there are processes and tools in place to protect it.

Mobile Device Asset Discovery and Inventory

The first step in securing your mobile organization network is the identification of the current inventory of mobile devices and OS clients that exist within your infrastructure. Next, you must integrate the mobile devices that have been identified in this process into your existing asset inventory database. Consider the following as you develop or update your mobile device asset inventory:

How will you identify the mobile assets?
What are the related assets to this mobile device, for example, additional memory cards?
How do you identify the asset owner and the business purpose of each device?

Backup and Storage Medium

webmaster — Fri, 05 Aug 2011 15:43:40 -0700

Data is valuable and so it's no wonder that the evolution of storage media has been stubborn. No one wants his or her business-critical data stored on a new, untried medium. In the end, however, technological development has allowed IT professionals to adopt the media that best meets their needs.

Initially, tapes were the media of choice. Even today, many businesses rely on this old workhorse of storage. Tapes, however, are unwieldy in a recovery scenario and ultimately unreliable. With a failure rate exceeding 70 percent for data restorations from delicate tape systems, the standard media gradually became disk arrays.

More recently, however, flexible cloud storage and responsive virtual servers have emerged as the new, high-speed contenders in the storage medium space. This option brings significant advantages such as scalability and restoration speed to a disaster recovery - business continuity plan.

Retirement to be put off by many

webmaster — Thu, 21 Jul 2011 13:07:50 -0700

The retirement-savings forecast remains bleak, even as the economy recovers. Many workers say they arent at all confident about their retirement prospects, according to a survey from the Employee Benefit Research Institute. Worse, many are dipping into their retirement savings to pay for day-to-day needs. And the amount of savings socked away by workers remains extremely low.

One positive sign: participants in the research recognize the need to do better, often the first step to building a reasonable nest-egg. People are recognizing the level of savings realistically needed for a comfortable retirement, says the research director for the institute and co-author of the report. We know that far too many people had false confidence in the past. People's expectations still need to come closer to reality, so they will save more and delay retirement until it is financially feasible."

Disaster Planning Takes Good Staff

webmaster — Tue, 12 Jul 2011 16:28:32 -0700

Good business continuity planning needs to take a broad view, embracing people, human behavior, customers and other factors that lie outside the data center. It is also important to secure the vision and endorsement of executive management. A properly funded, well-prioritized business continuity plan, combined with a regular program of testing and recovery drills, will help to safeguard the organization. Read this white paper to understand the key elements of a successful business continuity plan, see how to develop a plan that clarifies what is critical, and set specific recovery requirements.

Failure does not have to impact IT Professional's career

webmaster — Thu, 07 Jul 2011 15:55:37 -0700

IT professionals, including CIOs who experience some kind of enterprise IT failure in the course of their careers - whether a high-profile security breach, massive network outage, or multi-million dollar ERP boondoggle - the incident can feel like a career killer. But unless the individual repeatedly makes the same mistake, or the failure stemmed from some illegal or "just plain stupid" action, it won't end a IT profesionnal's career.

IT professionals who wish to recover from failure just need to know how to address suboptimal work experiences in their job searches and during job interviews.

Admit and acknowledge the failure - Don't ever try to hide failure; you won't get away with it. If an employer doesn't already know about, say, the ERP catastrophe at your previous employer, they will find out about it eventually. Better you be the source of that information than someone else.
Anticipate prospective employers' concerns - When framing how you discuss your failure, put yourself in your prospective employer's shoes and think about the concerns they'd have with your candidacy.
Focus on the positive and lessons learned - One failed project among 10 successful ones is no big deal, rather what was learned is more importants.
Offer references who make you shine- Make sure your references will corroborate your explanation of events when employers and recruiters call them.

Weak passwords continue to abound

webmaster — Thu, 23 Jun 2011 07:10:21 -0700

While users can select strong passwords and control their reuse, the only gatekeeper that can force the requirement of password strength is the provider. User have some control over their own fates, but the online service provider has more, says Per Thorsheim, a researcher who has organized two conferences on the subject of passwords. After all, it's the service provider that sets the policy of what is an acceptable password.

Facebook links in email present a high security risk

webmaster — Sat, 18 Jun 2011 06:52:21 -0700

A user at a corporate desktop receives an email from Facebook that a friend has a new photo, so the user clicks the link and takes a look. There are many actions that happen during that one simple check:

The link within the email can be a fake (phishing or spear phishing)
The email can contain a worm disguised as a Facebook link
The specific Facebook server could be subject to a DNS redirection attack,sending the user to a false server
The Facebook page could be compromised and hosting a browser‐based attack
The advertisements on Facebook could be compromised and hosting Flashbased attacks

Security threats

webmaster — Sat, 04 Jun 2011 08:46:33 -0700

Today's cyber attacks can hit a website, a laptop, or a server. The increasing popularity of smart phones, iPads, and social networking sites only increases the security risks for businesses. A single security approach is no longer sufficient. This multilayered threat environment demands a multilayered approach to security.

Network security is a primary line of defense. The task at hand for CIOs today is to provide world-class firewall, virtual private network (VPN), intrusion prevention, anti-spam, anti-virus and Web filtering technologies to secure the network perimeter. But this doesnt mean a piecemeal approach. Rather, network security should be integrated so no threats are missed or overlooked. At the same time network security must also be flexible to allow a business to run seamlessly.

Data Security and Protection are a priority and Janco's Security template is a must have tool that every CIO and IT department must have. Over 3,000 enterprise worldwide have acquired this tool and it is viewed by many as the Industry Standard for Security Management and Compliance.

Virtualization can be costly with not plan

webmaster — Sun, 29 May 2011 16:31:44 -0700

Virtualization is being rapidly adopted, particularly in small to mid-sized businesses (SMBs) where time and money are always at a premium. It brings significant time, money and labor savings in a variety of areas, including procurement, administration, deployment, operation, reliability and recoverability. Virtualization can radically simplify management of the entire environment and enable the SMB administrator to ―do more with less.‖ Moreover, disaster recovery becomes significantly easier once a business has virtualized, provided the administrator adopts newer, more efficient technologies that are designed to work with the virtual infrastructure.

However, like any technology, virtualization brings challenges that can erode its cost benefits and leave the infrastructure less protected than before.

The need to lower cost, increase efficiency and conserve cash has increased the motivation of companies to turn to Cloud Computing and increased the appeal of alternative delivery models. The disruptive shifts in new demand and supply patterns drives changes for how IT services are bought and from whom. Cloud computing requirements need to be well defined.

Data protection a CIOs primary concern

webmaster — Wed, 25 May 2011 05:56:36 -0700

It is not an easy time for CIOs are they are tasked with protecting corporate information while budgets are constrained. Organizations are generating enormous amounts of new data - by everything from large-scale applications and heavy volumes of emails to massive files in new media formats. At the same time, user demands and service-level expectations continue to grow. And to intensify matters, IT operating environments are becoming more complex; they commonly comprise multiple sites around the world - each running its own unique blend of hardware, applications, and databases, as well as distinct business processes.

Despite facing these challenges, many enterprises are reluctant to invest in the very solutions that could better manage their environments. At the same time, government and industry overseers are not sympathetic to this frugality; they continue to legislate and enforce regulations mandating information integrity and access. And of course, data damaging disasters and outages are an ever-present threat.

Clound Outrsourcing for small business CIOs

webmaster — Sat, 14 May 2011 05:48:58 -0700

Small businesses are under increasing pressure to sharpen their business practices. Cloud computing and technology outsourcing provide affordable access to resources that can make a competitive difference. Liberating resources through effective IT investment will be especially important for firms looking to free capital to invest in new initiatives.

The Practical Guide for Cloud Outsourcing provides the tools necessary for managing the business drivers for this process.

Data center consolidation first steps

webmaster — Wed, 04 May 2011 08:36:07 -0700

The CIOs biggest challenges is to justify staffing and spending levels as they strive to improve IT efficiency. When assessing comparative benchmarks, it is hard to know which metrics to start with. The Metrics for the Internet, Information Technology and Service Management HandiGuide helps CIOs to understand and pick the appropriate comparative benchmarks to justify staffing and spending, improving IT operations and demonstrating the value of IT to the business.

Steps that CIOs should take in order to identify where there are saving potentials from data center consolidations.

Standardize data center definition
Agree on the metrics that matter most
Accurately consider all costs
Fund the mandate to enable optimum savings
Leverage data center savings to fund the cloud

SmartPhone security puts companies at risk

webmaster — Fri, 29 Apr 2011 10:39:57 -0700

Ponemon Institute released findings of the Smartphone Security Survey: A Study of U.S. Consumers sponsored by AVG Technologies. The goal of the research was to determine consumers' perceptions about the potential privacy and security risks when using their smartphones. In addition, they wanted to learn if participants in the study cared about these risks and if they take security precautions. They surveyed 734 consumers who were 18 years and older and own a smartphone.

The risks that were addressed in the survey concerned location tracking, transmission of confidential payment without the user's knowledge or consent, dialerware (specialized malware unique to smartphones), spyware, viruses from insecure Wi-Fi networks and others. The study found that most consumers were using their smartphones without understanding they were exposing their sensitive information to the risks listed above.

The findings of this study also signal a potential security risk for organizations because many of the consumers surveyed use their smartphones for both business and personal use. With business confidential information stored on these smartphones, organizations should make sure employees and contractors take appropriate precautions to secure such sensitive information. They also recommend that security policies state these precautions and ensure they are enforced.

Record management policy is critical

webmaster — Tue, 26 Apr 2011 08:50:04 -0700

Data volume is not just growing -it is exploding. The amount of data housed in large data warehouses and applications, such as ERP and CRM systems, is growing by more than 65 percent each year.

Keeping the ever-increasing level of data from adversely impacting system performance often means continually buying additional storage to accommodate this ongoing growth. As data storage grows, so does the cost of maintaining database license fees and conducting exhaustive proactive system maintenance.

Disaster Recovery Planning & Business Continuity Planning Quick Action Steps Defined

webmaster — Fri, 15 Apr 2011 07:59:01 -0700

The must do things that your company must do to make sure the disaster recovery and business continuity plan will work when they are need are:

Distribute the disaster recovery and business continuity plan or a HandiGuide^® to all decision makers and key operating employees who will need access to it when the event occurs.
Define the chain of command with single leader but do not limit the people who would have to implement the disaster recovery business continuity plan when the event occurs if that leader is unavailable.
Conduct frequent tests and address all areas where shortcomings are found.
Conduct the tests in an unannounced mode
Validated that mission critical data is at sites other than the primary data center
Establish a communication plan that can be implemented after the disaster.

HandiGuide is a Janco Associates registered trademark

Cloud computing a way to cut costs

webmaster — Wed, 06 Apr 2011 15:24:40 -0700

Cloud computing is one possible answer to the need for such flexibility,providinga highly automated,dynamic alternative for the acquisition and delivery of IT services.Today users are tapping into public and private clouds for computingresources and services without having to address the underlying technology.Companies are leveraging the massive scalability and collaboration capabilities ofcloud computing to solve problems in ways that just werent possible before.Theyare deploying new services with greater speed and without additional capitalinvestment.As IT budgets continue to be stretched,cloud computing is enablingCIOs to do more with less.Virtualization,standardization and other fundamentalfeatures of cloud are lowering the cost of IT,simplifying IT service managementand accelerating service delivery.

Such operational efficiency is helping companies capitalize on the globally net-worked world.It is enabling CIOs to leverage the infrastructure more effectively tosupport the business goals of their company.By lessening the drag on data centerresources,cloud computing is enabling IT to hone in on real value creation,namely innovation.Rapid,technology-enabled innovation is vital to staying afloatin a highly volatile and uncertain economy.Cloud computing provides the platformfor optimizing operations while creating and delivering the kind of innovative serv-ices that differentiate and propel the business forward.

Protecting you sensitive invormation

webmaster — Thu, 24 Mar 2011 11:02:36 -0700

Basic security precautions for all users should include:

Safeguarding financial and personal data
Educate yourself on best practices to protect sensitive data
Do not leave devices where others can use or access them
Implement more than one antivirus program
Do be lured by spammers and phishers with deals too good to be true
Be aware

Federal Hiring In IT Will Increase

webmaster — Sun, 13 Feb 2011 00:14:58 -0700

While budgets are tightening across the federal government, the outlook for information technology service contractors serving federal agencies is surprisingly upbeat ; moreover, the segment is likely to grow during the next four years, according to a new report today.

Demand for federal IT contracting services is expected to increase from $38 billion in 2010 to $52 billion in 2015, according to the report from Input Inc. market research firm in Reston, Va.

Key drivers of the upward trend are increased demands for efficient and energy-saving technologies, for transparency and open communication, and for innovation, wrote John Slye, Input principal analyst.

Ongoing growth in IT services contracting related to the Federal Data Center Consolidation Initiative by federal CIO Vivek Kundra. The program aims to decrease waste at underperforming agencies and re-allocate the savings to priority mission departments supported by IT. The ensuing reduction will become a huge propellant for the IT marketplace, requiring an increase in the need for systems operations upgrades in addition to consulting services.

IT services will be needed to manage growth in cybersecurity, business intelligence, process automation, data proliferation, and mobility and service-oriented architectures.

Although the anticipated fiscal 2012 budget request reportedly calls for a 10 percent reduction in professional and technical services, those reductions are likely to be in non-IT-related areas, such as cost benefit analysis, policy review, program evaluation and management services.

IPv4 to IPv6 impacts IT Infrastructure

webmaster — Thu, 03 Feb 2011 11:29:38 -0700

IPv4 addresses are 32-bit numbers, meaning that there are 4.3 billion possible addresses. IPv6 addresses are 128-bit numbers, meaning that the number of possible addresses soars vastly higher to 340,282,366,920,938,463,463,374,607,431,768,211,456, or 340 undecillion for short.

The first major issue with the change from IPv4 to IPv6 is that one variety of IP data can't travel on a network set up to handle the other variety. That means, for example, that a home computer and Internet service provider using IPv4 can't easily reach a Web server using IPv6, or a mobile phone connected to the Net with IPv6 can't reach a Web server available only over IPv4.

The second issue is that even though IPv6 was standardized more than a decade ago, there hasn't a strong incentive for IPv6 upgrades. Why should Web sites pay for new hardware, software, network equipment, and testing if almost nobody is using IPv6 yet? And why should people switch to IPv6 if there are no Web sites with IPv6 content? It's the IPv4 exhaustion that's finally providing the necessary incentive. There were some nice new features such as built-in secure networking that could have attracted people to IPv6 faster, but everything that was really useful, people backported to IPv4.

Mobile e-mail has reached about 78% of the smartphone population

webmaster — Sat, 29 Jan 2011 16:59:00 -0700

ComScore found that mobile phone and smartphone e-mail usage jumped 36% in the three months ending in November 2010, compared to the same period a year earlier. That meant 70.1 million mobile users used e-mail at least once in a month. Meanwhile, the number of people who used e-mail almost every day increased by 40% over the same period to 43 million users.

A ComScore spokeswoman said the findings refer to both e-mail accessed through a browser or through an application such as Exchange on a mobile phone or smartphone. The findings did not include laptops or tablets.

Over the same period, ComScore also found a 6% decline in the number of unique visitors to Web-based e-mail sites from desktop computers and laptops. The number of minutes and pages viewed this way also declined. ComScore did not study e-mail application usage such as Exchange on desktops and laptops.

A ComScore senior vice president for mobile, said that having so many ways to communicate on so many devices means a decline in Web-based e-mail use on desktops and laptops isn't surprising.

Outsourcing Does Not Always Work Out

webmaster — Mon, 24 Jan 2011 21:54:00 -0700

The $5.5 billion Clorox company brought in a new CIO because, among other things, it realized it wasn't getting what it wanted out of an extensive outsourcing deal with Hewlett-Packard.

In quick order, the new CIO and his reformed leadership team fixed some outstanding tech issues and re-established internal control of the company's tech direction.

Clorox is a 98-year-old company based in Oakland, Calif., that has 30-plus global brands. These brands include the namesake bleach and everything from Kingsford Charcoal to KC Masterpiece Barbeque Sauce, Glad bags, Hidden Valley Ranch Salad Dressing and Burt's Bees, a natural personal care product line. The company employs some 8,300 people, and has 120 people in IT. There are another 300 to 400 IT people working on the Clorox account at HP.

Busy Employees Are Happier

webmaster — Fri, 07 Jan 2011 14:47:23 -0700

Do you think employees want less work instead of more? Are they happier when they are goofing off than when they working hard?

Many bosses might think that their workers are happiest doing nothing, but a survey released recently by the attitude-research company Sirota Survey Intelligence of Purchase, N.Y., indicates that employees who are busy, even those with too much work to do, are more contented than those with little or no work to do.

According to Sirota, this indicates that most employees want to do something and not just get by on their jobs. These findings are based on a survey of 203,000 employees at various companies.

The findings:

Those who rated their job satisfaction at an average of 37 out of a possible 100 were those with "much too little work to do," according to the survey. These were the least happy workers.
Workers who had "just the right amount of work" rated their overall satisfaction at 68 out of 100.
Workers who had "much too much work" averaged 52 out of a possible 100 in job satisfaction.

The findings indicate that "Overworked people, in a sense, are getting feedback from the organization that their contributions are important."

Data Protection and Records Management CIO Concern

webmaster — Wed, 22 Dec 2010 17:39:57 -0700

Data Protection is a complex topic that has become a growing concern of most companies as they face increased quantities of critical information which must be stored, protected and archived to meet regulatory requirements, user expectations and business requirements. Consolidating storage and backup practices with Storage Area Networks gives customers a wide variety of ways to create point-in- time snapshots, clones and replicas of data to be used for disaster recovery and business continuity. The addition of data deduplication technologies has delivered on the promise of significant cost savings through backup data reduction and enlarged the scope of potential applications that can be protected effectively and affordably - both at central and remote sites.

Business continuity planning becomes more critical

webmaster — Sat, 11 Dec 2010 08:22:37 -0700

The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.

Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.

The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.

Outsouring kills IT job market

webmaster — Tue, 07 Dec 2010 17:51:59 -0700

In better economic times, about 3% to 4% of IT budgets on average were spent on offshore outsourcing. Today, IT departments allocate an average of 5% of the budget on offshoring, and that allocation is expected to rise to 7% in 2011.

The U.S. Department of Labor report found that IT employment increased by only 600 jobs in November on a base of 3.9 million jobs. Overall, U.S. employers added 39,000 jobs last month, according to the Department of Labor. The biggest jump in job losses came in 2009, with a net loss of 311,000 IT back-office jobs in the U.S. and Europe.

Some of the blame on offshore outsourcing, which it calls a contributor to a "jobless recovery. Researchers call the reduction in IT staff employment "the new reality. Companies shift jobs offshore to save anywhere from 30% to 70% of worker costs within a brief period, sometimes as quickly as a quarter.

If you are not competitive on a global landscape and your cost structure is too high and you are paying premium rates for your staff, then you're not going to survive.

The U.S. Department of Labor National Employment Report, showed a loss of IT-related jobs. Janco tracks ups and downs in employment in five key job categories IT services, computer systems design, data processing and telecommunications. Data for the past 12 months shows a gain in jobs for Information Services and computer systems design and related services.

Click on image to get a larger view of these tables

Based on this data and interviews that Janco has conducted. Janco predicts there will be more churn in IT staffs as CIOs accelerate their move to more flexible staffing models. CIOs are outsourcing more technical work, including managed IP services such as VoIP and VPNs. They are hiring more contractors for desktop and security services, and they are putting more applications such as remote backup in the cloud. At the same time, they are looking to hire IT people with business and analytical skills, such as risk management and project management. CIOs report that they're having trouble hiring IT people because either they can't find IT professionals with the right business skills or they can't afford them. All of this means more turnover in IT departments.

Offshoring is so pronounced that companies have taken that whole bottom level off the rung, referring to the lower-level IT positions. By doing so companies are creating a new problem by losing much of their pool of future senior IT managers.

In general, IT workers will need more than simply technical skills. From an employer's perspective, if you're just going to offer me technical skills, I might as well just go offshore and get it a lot cheaper.

Employers are now are seeking a good balance of skills from IT professionals, including technical skills, general business knowledge, industry knowledge, negotiation and communications skills, and a sense of ethics.

Some recovery in IT Job Market

webmaster — Fri, 19 Nov 2010 06:08:42 -0700

As of Nov. 1, technology job openings at financial companies are up 54 percent from a year ago on the eFinancialCareers site. In the United States, there are 1,553 opportunities; In the U.K., that number is almost double at 3,124. Asia has more than 2,400 job vacancies while Europe and the Middle East have more than 1,600. Its a good time to have experience in financial technologies, finds a report from the Dice-owned job board eFinancialCareers.

IT workers with experience in financial technologies are seeing a 50-plus percent boost in demand from 2009, and they are not afraid to tell you they expect larger bonuses and will jump ship to obtain a larger piece of the compensation pie to get it.

More than 40 percent of technology workers who work for Wall Street firms think compensation is the most important reason to work in financial fields, according to a new report. In a survey that polled 2,145 Wall Street professionals, 55 percent of technology survey respondents said compensation was important but not necessarily the most important reason to work for a financial firm.

Free hacker tools make it easy to compromise weak passwords

webmaster — Mon, 15 Nov 2010 05:44:44 -0700

Janco finds that over 30% of all users use the same passwords for multiple sites. With that knowledge in hand hackers can target individual users to find their favorite passwords and use that information to more easily compromise secure business and personal data.

Some of the tools they have available are:

Custom Word List Generator - Spiders a site or users social network postings to determine unique words in site or in an individual's profile.
RSMangle - Takes a word list and generates mangled combinations and manipulations of those words.
Assocaited Word List Generator - Generates word lists based on search terms for a particular site or user profile.
Common User Password Profiler - A word list generator based on answers to questions that users submit to various web sites.
Userpass.py - A script that generates customized word list for a specific target so that a search is launched to find users in a company and then search profiles in social networks to generate a common word list.

Greatest security threath is loss of key user PCs

webmaster — Wed, 10 Nov 2010 12:03:59 -0700

While most security measures address the top six layers of the familiar Open Systems Interconnect model (ISO/OSI), ignoring the physical layer can have catastrophic consequences. Imagine spending hundreds of thousands on firewalls, intrusion prevention, authentication, encryption and other security measures, and then leaving the door to the server room open so someone can steal the servers.

Eighty percent of companies admit that theyve experienced significant risk because they ignored the physical security of their company laptop computers. This tremendous risk exposure to your user base presents a critical opportunity to add a host of new security services and tremendous customer value to every projects that involves desktop, and particularly laptop, computers. Since the average company is now giving laptops to about a third of its personnel, and companies see that doubling to two-thirds over five years.

The cost of the laptop itself is only a fraction of the likely cost of the loss. Between the likelihood of data breaches, stolen intellectual property, lost productivity, replacement and reconfiguration of the device, legal, consultative and potential
regulatory expenses, the average total cost of a stolen laptop is estimated to be more than $49,000. In some industries, such as professional services, financial services, healthcare and pharmaceuticals, that cost can rise to $113,000. Depending on your business, failure to focus on physical security can be a very costly proposition.