News

CTO Toolkits

Janco - Standard
Janco - 10
Janco -  5
Janco Historical

IT Productivity

IT Toolkits

eJobDescription

PSR

CIO and CTO

newsgroupworld

ntcity

disaster planning
template

disaster recovery planning
com

disaster recovery planning
org

disaster recovery
planning template


IT Hiring IT Job Descriptions IT Salary Survey

Metrics Internet IT

Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

 

Janco

RSS Standard XML
RSS Latest 25 items
RSS Latest 10 items
RSS Latest 5 items
RSS Historical Feed

Other Feeds

RSS IT Productivity Center
RSS eJobDescription
RSS psrinc
RSS IT-Toolkits
RSS Disaster Planning

 

CIO Areas of Interest

Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA

The Janco News feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.

If you wish to subscribe to this news feed the options that you have are:



Sensitive Information Policy Template released by Janco

The Sensitive Information Policy Template (Version 2.4) has just been released by Janco. This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers), co-location providers, and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

New with this version are updates that specifically define the mandates of most recent federal (Gramm-Leach-Bliley) and state (Massachusetts and California).

- more info


Which skills are in high demand and low demand

IT salaries are determined by the skills that are required.  Janco has determined the following are the skills in high demand and low demand.

Skills with a high demand

  • Project Management - especially large projects with short time frame for delivery
  • Security -  focus on mandated compliance issues
  • Network Administration - wireless and cloud administration
  • Virtualization (Cloud) - new applications and management of the IT infrastructure
  • Business and Operational Analysis - focus on business change
  • Productivity Improvement Analysis - metrics and operational analysis
  • Web 2 - interactive applications that add value
  • Database Management - applications that leverage enterprise assets
  • System Administration - Windows and UNIX management
  • Desktop Support - standardization and change management

Skills with a declining demand

  • COBOL
  • HTML
  • System Network Architecture - SNA
  • Siebel
  • Rapid Application Development - RAD
  • ColdFusion
  • Wireless Application Protocol - WAP
  • Visual J++
  • Novell NetWare
  • Asynchronous Transfer Mode - ATM
- more info


IBM outsourcing cost 2,000 US jobs

After shrinking its U.S. workforce by as many as 10,000 employees last year, IBM may be on its way to cutting another 2,000 workers.

As of last October, IBM employed 105,000 workers in the U.S., compared to 115,000 in 2008. In 2007, IBM had 121,000 U.S. employees. It employs about 400,000 globally.

IBM isn't commenting on its latest round of cuts and information about it comes from the Alliance union which gathers its data directly from IBM employees.

"IBM is clearly offshoring things where they can," said one IBM employee who received his notice and spoke on the condition of anonymity because he didn't want to jeopardize his severance. A 10-year veteran and UNIX administrator, this employee said his customer support team once had 15 U.S.-based workers. That staff was reduced over time to just three workers in the U.S., with other members of the customer support team now in Brazil, Argentina and India.

The employee said he was not given a good reason for his layoff. "Higher ups made a decision that a certain percentage had to be cut - it was not performance-based at all," he said. Although the employee said he's uncertain about the job market, "my sense is that it is not horrendous but I'll have to assume that I'll have to take a cut in pay."

- more info


Practical Guide for IT Outsourcing Released by Janco

Practical Guide for IT Outsourcing Released - Version 3.0 of the Practical Guide for IT Outsourcing has just been released. It includes a sample Outsourcing contract, Service Level Agreement with metrics, Risk Assessment - Business and IT Impact Questionnaire, and much more.

The guide is delivered electronically and is available in MS - Word and industry standard PDF.

- more info


CIOs are looking for more cost savings

The recession is impacting how IT is performing. Budgets for many IT organizations has been frozen for about two years, and CIO have been on this efficiency kick for about the same amount of time. IT organizations have virtualized, consolidated data centers, have cut hiring and outsourced.  There is no low-hanging fruit left.

Service level agreements are set however costs need to be reduced.

The only areas where cost savings can be made are in hardware and software maintenance.

- more info


CIO must protect critical data

CIOs need to focus on at least four areas in order to protect critical data:

  • Implement a  Business Continuity and Disaster Recovery Plan. This is the traditional solution for mitigating exposure to information loss. However it has grown more complicated as 24/7, global economy, and open source have become standard business mantras. Of paramount importance is overcoming the hurdles associated with backup window requirements, application performance, reliability and consistency, and recovery time.
  • Streamline IT Infrastructure and Increase Productivity. As staff and resources become overburdened, companies are refocusing on infrastructure management. Easing critical pressure points is often the catalyst to surviving a difficult fiscal climate.
  • Manage Storage and Server Costs  Closely. Controlling cost of operations has become a top priority for many organizations. With data growing at exponential rates, these costs can easily mushroom.
  • Support IT Infrastructure Consolidation. Today's data protection architecture seems to be intrinsically broken - as characterized by slow backups, complex recoveries, compromised application performance, and difficult resource administration. IT infrastructure consolidation including server virtualization magnifies the problems and elevates the rearchitecture of storage and data protection as a priority. Finding high performing, easy-to-use, scalable data protection remains a key imperative. Further, system migration of production servers and critical applications to a virtual environment are likely to be costly and painful unless an easy and minimum-impact solution to migration is built into the rearchitecture.
- more info


CIO and CTO Changing Role

In a recent study of over 2,000 CIOs a major firm defined high-growth and low-growth CIOs  who work in organizations with high Profit Before TaxProfit Before Tax growth as "High-growth CIOs" and to those working in organizations with low Profit Before Tax as "Low-growth CIOs."   The characteristics of the role played in each type of firm are different.


High Growth Companies

Low Growth Companies

Are members of most-senior management team

62%

46%

Integrate business and technology to innovate

64%

33%

Focus  time on enabling the business and corporate vision

28%

15%

Focus your time on providing core technology services

23%

40%

IT team uses collaborative tools 

53%

33%

IT team provide collaborative tools across the enterprise

41%

22%

Aggressively turn data into actionable information

58%

36%

Give customers excellent data integrity and transparency

68%

44%

Seek active input from your customers

87%

70%

Co-create business strategy with fellow execs

74%

61%

Co-present business strategy to senior management

66%

53%

Part of the team setting the organization's strategy

62%

46%

Business models unique and hard to imitate 

63%

49%

Business models include partnering alternative sourcing

60%

52%

Create IT centers of excellence

44%

26%

Data readily available for relevant users

67%

51%

Data reliable and secure

81%

66%

Manage change successfully

61%

43%

- more info


IT Infrasturcture Policy Bundle Released

Janco has combined the policies that it has developedin concert with some of the best IT organizations around the globe into a single package. With this bundle you get a PDF file that has all of the procedures in a single document that is over 210 pages long. It would take your staff months to develop these procedures from scratch. In addition you get a separate MS-Word document for each procedure which can easily be modified.

This bundle contains the following policies:

  • Backup and Backup Retention Policy
  • Blog and Personal Web Site Policy
  • Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
  • Outsourcing Policy
  • Record Management, Retention, and Disposition Policy
  • Sensitive Information Policy
  • Service Level Agreement Policy
  • Telecommuting Policy
  • Travel, Laptop, PDA and Off-Site Meeting Policy
- more info


Blackberrys with car chargers a key component of business continuity

Business interuptions caused by the East Coast blizzard of 2010 show that BlackBerry are a must have solution.  A blizzard with whiteout conditions, warnings to stay off the roads in the Washington metropolitan area and power interruptions have proven to be no match for teleworkers with access to a BlackBerry smart phone and a car charger.

Many federal employees were 100 percent on BlackBerrys during the outage.  With power losses to homes car chargers were the only way to keep the devices charged.

This is a strategy that gained attention during the one-two punch of blizzard conditions and multiple power outages in the Washington area. For three days in a row, the federal government and many local governments are closed while a second major snowstorm blew through on the heels of a historic snowfall Feb. 8. Utility companies in Washington and Baltimore reporting about 17,000 homes without power in the afternoon.

Many federal employees are relying on their BlackBerrys haven't slowed down one bit.

- more info


Feds to increase goverment IT budgets

President Barack Obama today requested $79.4 billion in spending on information technology projects for fiscal 2011, a 1.2 percent increase from what he proposed in fiscal 2010 and a slight decrease from the $80.6 billion the 2010 budget actually allocated.

The Obama administration has proposed increasing the number of major IT projects. Last fiscal year, the administration proposed handling 781 major IT projects with $40.3 billion. In fiscal 2011, it's proposing 809 major IT projects at $40.4 billion, according to the budget proposal.

Despite modest increases in the budget request, Obama wants IT efforts related to open government and technology modernization to continue in 2011.

For example, work on the General Service Administration’s Citizen Engagement Platform would continue under the 2011 request. Designed to be a resource for all federal agencies, that platform is a collaboration between GSA and the Office of Management and Budget. It is intended to increase the government’s ability to interact and collaborate with the public and provide a cost-effective way for agencies to access tools and guidance related to engagement.

- more info


IT Metrics HandiGuide Released by Janco

Janco Associates, Inc. has just released Version 4.0 of its Metrics for the Internet, Information Technology, and Service Management HandiGuide. New with this version is an indepth presentation of  Service Level Agreements for outsourcing and best paractices.  Janco has developed metrics for enterprises worldwide and is a leader in the field.  The CEO of Janco, Victor Janulaitis said, "With these difficult times many CIOs and CEOs are asking hard questions about the value that IT is contributing to the bottom line.  Metrics are once of the tools necessary to answer those questions.

The Metirics HandiGuide is delivered electronically as a PDF document that is fully bookmarked.  It is over 300 pages in lenght and has detail definitions of metrics as well as example reprorts for over 240 metrics.  A full table of  contents and selected pages can be download at http://e-janco.com/metrics.htm.

- more info


How companies protect laptops is an issue

More than 50% of organizations surveyed have indicated that they protected sensitive information with encryption software. A further 43% reported the use of asset tracking software. Simply knowing where all mobile computers are located is a powerful security measure, however, traditional IT asset management solutions are designed to track only those laptops that connect to a local area network (LAN) or virtual private network (VPN) connection. For a large proportion of laptop users, returning to head office is an intermittent event - allowing many laptop computers to remain below the radar of IT.

Encryption software is commonly referred to as the computer security fall back. In the event that a computer protected by organizational policy and physical deterrents is stolen, sensitive information on the laptop is made unreadable by encryption. For encryption software to be effective however, laptop users must consistently and accurately follow company encryption policy. Even more worrisome is the fact that more than 30% of companies believe employees are actively involved in the theft of company computers. Armed with the necessary passwords and encryption keys to access data, disgruntled or dishonest employees represent a threat that cannot be addressed by encryption alone.

The common failing of these laptop security measures is the fact that they are heavily reliant on the diligent action of laptop-using employees to remain effective. If a cable lock is not used, an authentication password is taped to the keyboard for convenience or a regular encryption process not completed, organizations remain unnecessarily vulnerable to public data breach. By the same token, complex, expensive and ultimately productivity-dampening security measures may be effective but greatly reduce the benefits of laptop computers. Endpoint security solutions complement other security measures by providing a final, user-independent layer of protection.

- more info


Data breaches continine to be CIO's concern

The FBI received a record number of complaints in 2008, and the associated direct cost of the frauds carried out with stolen data was $265 million versus $235million in 2007.  Adding to this is the challenge of securing personal information and intellectual property data.  Companies are granting access to more systems and information - bank customers access to account balances; workers maintain their own 401k and investment accounts; web shoppers place orders and make purchases with a single click; and business partners work on projects in a collaborative manner online.

To reduce the risk of a data breach or theft, organizations must adopt new tactics.  In addition, companies must address e-mail and Web security along with employing a functional data loss and prevention strategy.  The application of multiple security techniques is required to reduce risk. For example, there must be a way to control spam and block the downloading of malicious software from poisoned Web sites.  In today's open Web 2.0 and social networking environments, companies need a way to defend against attacks and protect secret or sensitive data.  At the same time, they must maintain a flexible and responsive infrastructure to support today's business working habits.

The Janco Security Manual Template has helped over 2,000 enterprises world-wide to  meet these requirements.

- more info


Pandemic Disaster Recovery Plans At Risk

Pandemic disaster recovery planning should consider the impact the H1N1 flu virus could have on the Internet if workers and students are forced to stay home because of the pandemic. Officials at the U.S. Government Accountability Office weighed in on the potential for clogged networks  in a 71 page preport.

Although the issue has been raised before by various ISPs and network carriers, recent worries have focused on securities firms that depend on third parties to clear trades and process payments over the Internet, according to the GAO.

"Internet congestion during a severe pandemic that hampers teleworkers is anticipated, but responsible government agencies have not developed plans to to address such congestion and may lack clear authority to act," the GAO warned.

Internet backbone congestion from a pandemic is not a major concern. The larger problem may be with the network "edge" or "last mile" in the residential portion of the Internet. Janco says that work-at-home strategies for organization may not work as advertized as residential Internet access may not be sufficient.  This is true both from a capacity and bandwidth at work at home sites.

Often many residential DSL users could share a single DSLAM connection at the carrier's switching office to reach the backbone, contributing to congestion problems. Last-mile DSL and cable modem networks are where remote access falls apart.

While the network edge impact would vary by neighborhood, the Centers for Disease Control planning guideline that assumes 40 percent of the workforce might not be in the workplace for an extended period of time during a pandemic.

- more info


Best Practices for CIOs and IT Departments

Business continuity is not just a good business practice - it can mean success or failure if data and applications on a production server are lost. Disaster recovery planning ensures organizations have the capability to continue essential functions across a wide range of situations that could disrupt normal operations. High availability is the cornerstone for most business continuity plans and is one of the reasons for evaluating and deploying data protection solutions. However, traditional data protection strategies focus on just the data and not the application.

CIOs and IT departments design the organization's infrastructure with continuity of business operations in mind. However, most organizations are not doing enough to protect mission-critical data, applications and systems from unexpected disruption and potential loss -- volatilities, such as viruses, power outages, natural disasters, corruption, human error and media failures can't always be prevented. Environments today are characterized by rapid data growth, complexity, stringent business requirements and the increasing government regulations, making it difficult for organizations to get their arms around their data protection strategies. In many cases, the focus is on just protecting data - not necessarily on recovering it. And when there is a focus on recovery, it usually involves just making data available to an application.

- more info


Audit Fatigue is Setting In for Some

(Internet Research Group) - Regulation is a part of business, regardless of company size, industry, or geography. In addition, for the most part, the larger the enterprise, the larger the potential for non-compliance risk. Non-compliance can mean a number of things - sanctions, fines, legal action, market value impact, and the cost of remediation may exceed the perceived cost of prevention. Audit program is required

The results are supportive of the term audit fatigue, that unmanaged IT Audit efforts within regulated organizations have a negative business impact on IT resources and reduce IT efficiency. However, respondents are largely aware of and interested in tools to automate audit processes and controls as a means of overcoming audit fatigue and freeing up IT budget and resources for innovation rather than compliance. This results in the following:

  • Compliance impact is increasing, resulting in high audit frequency and number: As can be expected, larger organizations must satisfy a number of IT audits. Small to mid-sized enterprises (SMB’s) are also subject to an increased level of compliance requirements - resulting in higher than expected IT audit engagements. Given the lack of consistent IT standards across industries and geographies for audit criteria and reporting, compliance efforts - i.e., IT audit and remediation - are largely manual.
  • Audit costs are unmanaged, resulting in increased cost: Many respondents conduct audits on an ad-hoc basis rather than as a scheduled effort of an enterprise risk-management program. Given the inability to forecast audit and remediation, spending, budgetary control is lost - exacerbating the perceived impact of compliance efforts.
  • Lack of controls automation, limited process maturity: Audit fatigue can be attributed to lack of controls automation and unmanaged IT Audit processes. Limited controls maturity - i.e., repeatable and sustainable controls enforcement and audit processes -  constrains IT innovation due to uncontrolled costs associated with IT Audit and issue remediation.
  • Security Policies and Procedures missing
- more info


CIOs controlling costs in the new year

As CIOs move into the New Year they are faced with reduced budgets and rising cost.  One of the first things that are doing is establishing standardized metrics to identify and control costs. Metrics are the key

As that process proceeds Janco suggests that CIO then do the following to control costs in the new year:

  • Justify hardware and applications - Underutilized or old systems should be taken out, and workloads should be shifted to more-efficient hardware. Rationalization and consolidation programs can reduce the number of servers deployed.
  • Consolidate data center sites and server farms - Financial savings often follow consolidation of multiple sites into a small number of larger sites.
    Manage energy and facilities cost. Tools and techniques include raising the temperature of the data center to 75 degrees Fahrenheit, using outside air when possible as an alternative to air conditioning, setting up hot aisle/cold aisle configurations and deploying server-based energy management software tools to run workloads the most energy-efficient way
  • Manage the employee and contractor costs - Workers remain the single largest cost element for most IT organizations, accounting for as much as 50% of overall costs.
  •  Eliminate or defer procurement of new assets - Servers' useful life often exceeds their amortized life, so monitor the condition of hardware carefully.
  • Monitor energy consumption - Advanced monitoring, modeling, and measuring techniques and processes are essential to the adoption of many new technologies and going green.
- more info


Security Manual Template

As enterprises move more of their business transactions online, they face the challenge of defending a perimeter that grows increasingly porous. The network firewalls that once locked down the enterprise perimeter are ineffective against Web-based threats such as SQL, Cross Site Scripting, and DDoS attacks. By exploiting common Web application security flaws, the attacks are able to cause tremendous business disruption, particularly through the theft of sensitive enterprise information as well as customer and employee personal data.

Security Manual Template

ISO 27000 / HIPAA / SOX / CobiT Compliant
Includes PCI DSS Audit Program
Table of ContentsOrder 

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Electronic Communication (email / Smartphones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Employee Termination Procedures and Forms
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document
  • Security Compliance Checklists
  • Massachusetts 201 CMR 17 Compliance Checklist

- more info


Safety Program Updated by Janco

Safety ProgramEffective management of worker safety and health protection is a decisive factor in reducing the extent and the severity of work-related injuries and illnesses. Effective management addresses all work-related hazards, including the potential hazards that could result from a change in worksite conditions or practices. Additionally, it addresses hazards whether or not they are regulated by government standards.

The electronic document includes proven written text and examples for the following major sections of a disaster recovery plan:

  • Policy Statement
  • Safety Rules - including a check list of standard proven rules
  • Accident Investigation Process
  • Hazard Recognition and Control
  • Safety Committee including membership and procedures
  • Training including guidelines for orientation, job instruction, Supervisor training as well as specialized training
  • Communication including for management and employees
  • Record Keeping including inspection; accident investigation; training and coordination with Safety Committee.
  • Job Description for Safety Director (ADA compliant)
  • Technical Appendix including definition of necessary phone numbers and contact points; and sample forms:
    • First Report of Injury
    • Safety Audit Checklist
    • Alternate Work site Safety Checklist (i.e. work at home)

Order Safety Program Download Safety Program

There is an extensive description that shows how a full test of the Safety Program can be conducted. 

 

- more info


Security Manual TemplategGives CIOs one more tool

Security PoliciesA business-driven approach to security is differant than a technology-centric approach in that the business goals drive the requirements in securing the enterprise. Many enterprises take a bottoms-up approach to security since security solution vendors, more often than not, promote this approach to their clients. To close identified security gaps, enterprises broaden and bolster their defenses by continually building on top of or adding to their existing security investments. This technology-centric methodology often creates an excessively complex and disjointed security infrastructure. It becomes difficult to manage and prone to unseen vulnerability gaps, needlessly escalates IT costs and eventually fosters unnecessary operational inefficiencies that inhibit business growth rather than enhance it.Instead of trying to protect against every conceivable threat, organizations should understand and prioritize the security risk management activities that make the most sense for their organization. By understanding the level of risk tolerance within an organization, the IT team can more easily focus on mitigating risks that the organization can’t afford to neglect. Overemphasizing certain risks leads to wasted resources and efforts, while underemphasizing others can have disastrous consequences.

The Janco Security Manual template addresses these issues and is a quick way for CIOs to overcome these issues.

- more info


How to establish a telecommunting policy - Infrastructure

Telecommuting infrastructureOrganizations that have or want to establish a companywide telecommuting program should establish a formal, written telecommuting policy document that is regularly reviewed and updated by IT, human resources, legal, and finance. This will ensure that managers and the corporate services and technical support groups within the organization are aware of their respective role and responsibilities for enabling and supporting telecommuting. It also will help ensure that telecommuting employees know about their responsibilities too, along with new company and approved third-party applications and support services available outside company facilities. - more info


Feds peg unemployment at beyond 10%

IT Salary SurveyThe federal government's recent jobs report pegs unemployment at 10 percent (arguable, maybe). So, what's the outlook in IT? Two recent studies tell us that it's still the winter of our recession.

Janco Associates' most recent report shows IT hiring and spending to be as frigid as the weather fronts sweeping across the U.S. -- and salaries are just as icy. A study from Computer Economics mirrors Janco's report in IT hiring. But then it offers a ray of sunshine, predicting that those who plan to spend more has jumped from 11 percent in 2009 to 52 percent in 2010.

- more info


IT Salaries Stay Flat According to Janco 2010 Salary Survey

IT Salary SurveyJanco has just released it January 2010 IT Salary Survey.  The major finding are:

Order Salary Survey     Free Salary Survey

  • Many companies have instituted hiring and spending freezes in addition to laying-off of staff.  This has been augmented by extensive outsourcing, bonus reductions, and elimination of IT contractors -- which has decreased the demand for IT professionals and in some cases lowered wages, with higher priced positions being eliminated.
    • Layoffs have focused on middle management and IT support staff
    • Many mid-sized enterprises have stopped hiring all together
    • There are over 200 IT professionals in the Metro New York are who earned well into six figures that are looking for work due to mergers, bankruptcies, and layoffs
  • Layers of middle management have been eliminated and the number of direct reports has increased for many IT Directors, Managers, and Supervisors.
  • Enterprises that have cut costs in lieu of laying staff off are now planning to institute a round of layoffs in order to meet “their numbers” for 2010.
  • Companies are continuing to reduce the benefits provided to IT professionals.
    • Personal and company bonuses have been reduced if not eliminated altogether.
    • Raises have be eliminated by many.  For example in a survey conducted by Redmondmag.com it was reported that 36.5% of Microsoft employees saw no raise in 2009.
  • Hiring is limited to a few selected positions as enterprise continue to cut costs
  • There now is a surplus of seasoned IT professionals available.  For the second time in less than ten years, retirements are being put off because of the downturn in the stock market and the resultant reduction in savings available to support IT professionals as they retire.  Added to this is an influx of retirees who are looking to get back into the job market due to of the massive reduction in their investment portfolio
- more info


Retirements put on hold for IT professionals

The IT career sector has been ravaged by the recession - however, experts say that it has weathered the storm better than most. (For example, data from the U.S. Bureau of Labor Statistics for the third quarter of fiscal year 2009 indicated that unemployment rates for several key IT positions averaged 5.8%, which is substantially lower than the overall Q3 U.S. average unemployment rate of 8.9% for all fields.)

But budget cuts and layoffs have forced many IT departments to make do with less, leaving older IT workers vulnerable to younger employees whose skills may be more up to date and who are often willing to take less pay, work more hours and take on less desirable assignments.

Benefits

Order Salary Survey     Free Salary Survey

Overall, the recession has had far more of an economic impact on late-middle-aged adults. In an April Pew Research Center study of 2,969 adults aged 50 to 64, nearly 75% said the nation's economic problems are making it difficult to afford retirement.

Nearly two-thirds of those surveyed in that age bracket said their 401(k) accounts or individual stocks have been clobbered, with two in 10 claiming that their investments have lost 40% of their value and another four in 10 saying nearly 20% to 40% of their retirement funds have been erased.

- more info


Copying music is not "fair use"

A federal judge approved a $675,000 fine that a jury assessed against Boston University doctoral student Joel Tenenbaum for illegally sharing 30 copyrighted songs.

But in an unusual decision, U.S. District Court Judge expressed "very,very" deep concerns at the "astronomical penalties" available to music companies under copyright laws. The court would have been willing to consider a fair use defense in the case but concluded that the manner in which the arguments were presented by the defense counsel made it all but impossible for her to do so.

In this case, the damages were assessed after he admitted to illegally downloading the contested songs during a brief jury trial in July. Before the trial had even begun, the judge had forbidden the defendant from asserting a "fair use" defense in the case.

The fair use doctrine allows for the use of copyrighted material without permission from the rights holders in certain circumstances, including nonprofit academic purposes, or if the copyrighted work is used in a different way for a limited purpose such as to comment or criticize something.

- more info


Users demand support for iPhone and Droid

Droid iPhoneCIOs indicate that 80% of their users are demanding – not requesting  - support for the iPhone and Droids. This is not too surprising given that, even in the face of an overall recession and cutback on discretionary spending, consumers are still purchasing iPhones and Droids at their own expense at unprecedented rates. Simply put, the iPhone and Droid are the most compelling mobile device ever made and users from the execuitive suite down are all demanding that their enterprises support it.

At the same time, nearly 30% of all CIOs say that they have already experienced a security breach due to employees’ use of unauthorized mobile devices. This puts CIOs in a difficult position. How can they respond to this overwhelming user demand for the iPhone and Droid while still meeting their strict requirements for security, management, and control on a device that they know users are already using and will continue to use extensively for personal purposes?

These new device platforms create opportunities for corporate IT to:

  • Simultaneously increase enterprise productivity and reduce the overall mobility spending
  • Embrace the "consumerization" of enterprise mobility in a controlled way

The key to taking advantage of these opportunities is bridging the gap between the "personal" and "protected" with a solution that enables IT to control and secure the devices in its organization.

- more info


Survey shows trade secrets are at risk from terminated employees

A recent survey  by the Ponemon Institute of almost 1,000  individuals who were laid off, fired or quit their jobs shows that 59% admitted to stealing company data and 67% used their former company's confidential information to leverage a new job.  Security policies help to mitigate the risk if they are implemented correctly. 

The firm found that 61% of respondents who felt negatively about the company took data while only 26% of those with a favorable view did. Only 31% of those surveyed said they had "trust" in their former employer to "act with integrity and fairness," 25% were "unsure" and 44% did not have trust. Of the individuals survyed 37% said they were asked to leave, 38% said they had found a new job and 21% moved on because they anticipated lay-offs.

The respondents described their work roles as 20% corporate information technology, 10% financial and accounting, 24% sales, 8% marketing and communications, and the remainder spread across fields that include general management, logistics and transportation, research and development, and human resources. They came from close to two dozen vertical industries, such as manufacturing or healthcare, as well as education and government

Trade secrets are increasingly becoming a company's most valuable assets, and not surprisingly, threats to those assets have increased concomitantly. The greatest threat to company data is, of course, not outsiders but a company's own employees A company's ability to protect against rogue employees (as well as against unintentional harm) is governed by both federal and state laws, which vary by jurisdiction and, worse, are in a state of flux in many of those jurisdictions.

- more info


Mobile workforce security and business continuity CIO issue

Providing IT support to employees is always a challenge, but now organizations have to contend with a multitude of factors that are complicating the support picture. Remote employees - those who travel, telecommute, or work in branch offices without dedicated IT staff - are growing in number. As the ranks of these employees increase, organizations need to contend with providing support and managing far-flung devices. Not only is end-user productivity at stake, but organizations had to deal with IT governance, regulatory compliance, and security issues. As the workforce becomes increasingly mobile, security concerns move beyond the traditional risks such as malware to include the considerably more significant threat posed by lost or stolen laptops.

Security policies and procedures along with disaster recovery / business continuity are necessary to ensure compliance with IT policies are now key to providing support and mitigating security risks posed by the remote workforce.

- more info


Security, for many IT organizations, is an afterthought

Security Policies ProceduresSecurity, for many IT organizations, is an afterthought

Security defects in the Web application layer can allow attackers to steal data, plant malicious code or break into other internal systems. Some of the most common vulnerabilities include SQL injection and cross-site scripting flaws and authorization and authentication errors. The massive data thefts at Heartland Payment Systems and several retailers recently resulted from SQL injection errors that allowed intruders to insert malicious code into their enterprise networks.

The number of security flaws in Web applications continues to grow and will likely dominate the security agenda for years to come, according to a report by security specialist Cenzic.

Almost 80 percent of more than 3,000 software security flaws publicly reported so far this year have been in Web technologies such as Web servers, applications, plugins, and Web browsers. That number is about 10 percent higher than the number of flaws reported in the same period last year -- and nine out of 10 of the flaws were found in commercial code

Similar numbers have been reported by others. A mid-year trend and risk report released by IBM showed that Web application threats have become the No. 1 source of security pain for enterprises. Attacks targeting these flaws have also risen sharply, in some cases doubling in less than a year.

The numbers suggest that vendors and Web application owners need to address Web application security issues, said Cenzic's CTO. The kind of "significant muscle" the industry put into dealing with network and perimeter-based software vulnerabilities has been missing when it comes to application security, he said. "This is going to be long-winded process."

Though the security risks posed by such vulnerabilities have been well understood for years, a large and growing number of companies continue to be exposed to them. Part of the growth in vulnerabilities is tied to the rising number of Web applications and  new Web sites. But buggy Web software products and sloppy in-house development processes continue to be huge issues, too.

Roughly 90 percent of the vulnerabilities analyzed by Cenzic for its report existed in commercial, off-the-shelf software from both big and small vendors. Much of it appears to be the result of a continued emphasis on time-to-market at the expense of secure coding practices. IT organizations are being measured on how fast they can respond to market pressures as opposed to how secure a system they can build.

- more info


What are security policies and procedures

Security policies and procedures may appear primarily defensive in nature, but they also enable more reliable business operations. When line managers and executives are confident their operation procedures can and will function under a range of circumstances, these processes will be more adaptive to the changing demands of the market:

  • Would an executive be willing to sign off on a new project to launch a Webbased customer service portal if she was not sure the customer database was secure?
  • Would a CIO allow employees to use their personal mobile devices to access corporate email and databases if those devices were not properly secured?
  • Could an IT administrator support remote networks without proper monitoring and management tools?

Security Information Management and other security measures reduce the likelihood that concerns about security will curtail innovation. As the demands for compliance grow, businesses need tools to monitor and respond to security incidents and to document and report on their ability to respond. Security policies and procedures can help reduce the time and staff resources required to meet immediate compliance requirements as well as facilitate compliance over the long term.

- more info