 Data Breach and Network Intrusion Detection ToolsBusiness must be proactive in guarding against network intrusion and protecting data from breaches 
|
News
Issuse CIO Face in a Troubled Economic Times
CIOs
face some of its greatest challenges they have ever had. All managers are under
intense pressure to cut costs, and that pressure is significantly increased by
the current grim economic outlook. Everywhere CIOs look there is study after
study indicating that organizations are looking at reducing headcount, as well
as their overall spending in 2009. In addition, many business areas are relying
on IT more than ever before to help them deal with the increased competition and
reduced funding. This budget crunch creates a greater need for improved
efficiency and higher productivity.
Normal logic would cause a CIO to consider hunkering down and
focusing on survival until business conditions improve. However, enterprises
must continue to make strategic investments in Information Technology.
Survival is clearly important, but by making survival your primary focus, you
risk missing opportunities.
CIOs and IT organizations that position themselves for the eventual
upturn will look at IT as an enabler of business efficiency and growth. In this
turbulent economy, it becomes more critical to invest differently in IT. The key
is to invest in areas that really improve IT efficiency and discipline. This
focus will enable IT not only to survive this difficult financial period, but
also to quickly shift its profile toward enabling true business
growth.
Over 70% of Lost Laptops are Never Recovered
Laptops can and do get lost or stolen. In studies conducted by several security firms, it has been found that over 50% of all lost or stolen laptops disappear at airport security checkpoints an departure gates. Unfortunately almost 70% of these laptops are never recovered.
Terminating an Outsource Relationship
Enterprises can and
do suffer because they do not plan for what happens when the end date of the outsourcing contract approaches.
Enterprises usually omit to include a definition of procedures to be followed
and assets allocated when the contract terminates.
The time to set the groundwork for the termination of an outsource contract is when the original contract is negotiated. If it is not done then, the outsourcer has no reason to do more than the contract requires.
Key issues to consider are:
-
Ownership of fixed assests
-
Ownership and return of data
-
Documentation and other intellectual property
-
Staffing turnover from outsourcer to enterprise
- Support outsourcer is to provide in the turnover process
CIO Recovery Planning Tool Kit Released
Park City, UT Park City, UT - With the recovery on the horizon, Janco Associates, Inc. has released its CIO Infrastructure Planning Tool Kit. The kit contains all of the elements that are required for CIOs to hit the ground running as the recovery starts to take hold and demand increases for IT services. The CEO of Janco, Mr. Victor Janulaitis said, "During a downturn, CIOs often had to make some unpopular decisions and that cost them the alliances they need to succeed. Based on our experience the highest attrition rates for CIOs is during a recovery. With a recovery, many enterprises feel they can afford a change at the top to get a new direction and improve the enterprise's IT operations. In order to succeed CIOs need to take proactive steps before it is too late."
Janulaitis said, "CIOs need to act well in advance of the recovery, and the end of a recession is often recognized only months after the fact. The most progressive CIOs and enterprises will turn to recovery mode before competitors by implementing a recovery plan right now."
Janulaitis added, "...Most IT functions are
operating at very high productivity levels and do not have any extra capacity to
use when the recovery starts. Once the recovery occurs there were be huge demand
for initiatives, projects, and staffing. CIOs who react too late will find they
will not be able to meet the demands placed on them."
The CIO Infrastructure Planning Tool Kit directs CIO how to get there organization in order by helping them meet several key objectives. Updating the organization infrastructure with IT Service Management (ITSM) and Metrics in mind; updating the Service-Oriented Architecture (SOA) and how it will be applied with new initiatives; defining all of the responsibilities of the IT staff and support staff members; creating current job descriptions in place; and identifying the resources that will have to be hire (employees) or retain (contractors) once the recovery starts.
The CIO Infrastructure Planning kit comes in three
versions: standard, silver, and gold. The gold version contains the IT
Infrastructure, Strategy, & Charter Template, the latest Janco IT Salary
Survey, the IT Service Management for SOA Template, 220 IT Job Descriptions, the
Internet and IT Job Descriptions HandiGuide , and a Functional Specification
Template. These templates and job descriptions all come in MS WORD and are fully
editable. More information can be found at http://www.e-janco.com/CIOInfrastructurePlanningToolKit.html.
Is your business ready to deal with management of all of its data and business records?
For most midsized
and even small businesses, managing data is a
major challenge. The growth of structured data from databases, e-mail and other
applications, as well as file data such as PDFs, audio, video and graphics has
been exponential. Furthermore, no end is in sight. According to well know
reasearch firm, the need for on-line data storage capacity is increasing at a
rate of nearly 58 per cent per year; by 2011, it is estimated that companies
worldwide will require disk storage of more than 32,000 petabytes of
data.
The increasing flood of data can lead to a host of problems, like added time and system slowdowns due to the sheer volume of data; added cost, in new equipment and especially in management overhead, to provide for all this data accumulation; and the added business risk that comes with larger data stores.
The temptation is to accommodate added data by increasing the number of servers and disk drives. But simply adding servers is not the answer in fact, without planning, the direct attachment of additional drives or servers can create islands of storage, resulting in greater management requirements. Such an unplanned and reactive approach to storage is inefficient, raising costs while limiting flexibility and the capacity to respond to new business opportunities.
- more infoAreas Impacted by Security Policies and Procedures
Security policies and procedures need to consider areas where your systems can be breached and include:
-
Employee access cards
-
Logon codes
-
Computers and laptops
-
Routers and networking equipment
-
Printers
-
Cameras, digital or analog, with company-sensitive photographs
-
Data - sales, customer information, employee information
-
Company Smartphones/ PDAs
-
VoIP phones, IP PBXs (digital version of phone exchange boxes), related servers
-
VoIP or regular phone call recordings and records
-
Email
-
Logs of employees daily schedule and activities
-
Web pages, especially those that ask for customer details and those that are backed by web scripts that query a database
-
Web server computer
-
Security cameras
-
Access points (i.e., any scanners that control room entry)
Legacy Infrastructure Hinders Productivity
When technologist's design and implement a "new way" to do things they often forget about how to transaction from the "legacy" system to the new one. The Washington Post reported that the Copyright Office's "new $52 million electronic process" was responsible for creating an overwhelming logjam of copyright applications.
Turnaround time for copyright applications has slowed from six to 18 months and the Copyright Office is behind some 500,000 applications.
Workers say the
"new" electronic system is slow and prone to crashing. Managers say the
challenge has been retraining the staff to use the system. In addition, 45% of
the copyright applications are still submitted in paper format, which must be
painstakingly entered by hand into the "new" electronic system.
The staff is spending so much time handling the paper applications it does not have enough time to process electronic applications, which has created delays for online claims now. It now takes six months to process electronic claims when it should take one month.
Since the problem appears to be the volume of paper applications, the office plans to raise the fees for paper applications from $45 to $65 in August while keeping the fee for electronic filing at $35.
- more infoVista Dead
The Microsoft urged some companies week to dump Vista deployment plans and shift to Windows 7, the operating system the company has promised to ship in the fourth quarter.
"If you're just starting your testing of Vista, with the [Windows 7] Release Candidate and the quality of that offering, I would switch over and do your testing on the [Windows 7] Release Candidate, and use that going forward," said Bill Veghte, Microsoft's senior vice president for Windows business.
That same day, other Microsoft managers said work on Windows 7 should wrap up in August, which would indicate availability on new PCs and at retail stores as early as mid-October if the company uses the same pace as Windows XP eight years ago.
Microsoft delivered Windows 7 Release Candidate (RC) to the public on May 4, but made it available to developers and IT professionals several days earlier.
- more infoMetric for Troubled Economic Times
Metrics are an issue that continues to be focus as CIOs try to address the stresses placed on IT. Successful CIOs know that "business-centric" metrics (which effectively communicate the value of IT's operating activities and capital projects in terms that relate to business executives) should be the focus rather than "technology-centric" metrics (such as the number of transactions processed or the mean time between system failures). The right metrics for IT spending and its business value can help reinforce IT's position as an informed and trusted business partner.
In the current economic conditions the focus of the CIO's Metrics should be:
-
Increase/preserve/accelerate revenue
-
Decrease/avoid/delay cost
-
Reduce business risk
-
Enhance business capabilities
Metrics CIOs Need to Implement
Few business professionals need to be convinced that information is valuable to their organizations - or that data must be carefully protected. However, as corporations accumulate increasingly greater volumes of information, protecting it efficiently and effectively becomes more complex, expensve, and difficult. At the same time as the consequences and cost of a protection failure increase as data becomes more integrated into the day-to-day operations of the enterprise. No one understands this better than the CIO, who is charged with a seemingly impossible task: hold down storage and protection costs, keep production data instantly accessible 24x7, and make sure than any information asset, no matter how obscure or seldom used, can be quickly recovered on demand. These competing agendas signal a gradual shift in emphasis from the process and technologies of information protection to the strategies and tactics necessary to quickly, easily, and comprehensively respond to and recover from any data event.
- more infoSecurity Threats Abound in Wireless Locations
To protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances. What happens when you have Wireless town like the new 725-acre planned community in eastern Missouri that is being built entirely with wireless systems, helping businesses avoid the costs of laying fiber and other traditional infrastructure.
The community, called New Town at St. Charles, already has 800 homes built with architectural styles of a traditional American small town.
There are 2,000 residents with five businesses serviced by a combination of microwave, WiMax backhaul, Wi-Fi and related technology. The wireless technologies are used to provide Internet services to homes and businesses. It also provides video surveillance to the town's businesses.
- more infoFight continues on H-1B Visa Program
Two U.S. senators plan to reintroduce legislation that would require U.S. employers to make a "good faith" effort to hire U.S. citizens over H-1B visa holders, after failing to win approval for a similar bill two years ago.
The earlier measure died after being folded into a comprehensive immigration reform bill that was killed without coming up for a vote. Lawmakers are aiming to introduce a new bill.
The widespread layoffs being caused by the economic recession may help lawmakers this time around. Earlier this year, for instance, lawmakers succeeded at getting H-1B hiring restrictions on financial services firms that receive federal bailout money into the massive economic stimulus bill signed into law by President Barack Obama.
U.S. Citizenship and Immigration Services will begin accepting visa applications for the federal fiscal year that starts Oct. 1. The weak economy is expected to reduce the number of applications, the prevailing view among immigration attorneys and supporters of efforts to raise the annual visa cap is that more than enough to meet the limit of 65,000 regular visas will again be filed quickly. High demand is expected as well for the 20,000 visas set aside for foreign workers with advanced degrees from U.S. universities.
Among those driving the demand will be foreign graduates who did not win visas in last year's lottery distribution of visas but were able to continue working in the U.S. on extension of their student visas. Foreigners who graduated last spring and are still working on their student visas will also be eligible to apply for H-1B visas.
- more infoPCI Compliance Becomes More Complex
Two payment processors that recently disclosed data breaches have been dropped from Visa Inc.'s list of companies that comply with the PCI data security rules. That means that merchants cannot use those payment processors if they themselves want to remain compliant with the Payment Card Industry Data Security Standard (PCI-DSS) rules.
Visa said that it was dropping Heartland Payment Systems Inc. and RBS WorldPay Inc. from its PCI-compliant list. The company added that it would "consider" restoring Heartland and RBS WorldPay if they are recertified as compliant by third-party assessors.
- more infoReasons why CIOs and CTOs get Fired
Top ten list of things that fired CIOs do
1. Do not have a disaster recovery and business continuity plan integrated with a backup/archiving program.
2. Ignore warning signs
3. Do not document changes
4. Do not use logging processes
5. Do not install updates
6. Save money by not purchasing upgrades
7. Do not manage passwords well
8. Never say no to anyone
9. Never say yes to anyone
10. Do not train a replacement
- more infoPCI-DSS Standards are Best Practices for Security Policies and Procedures
The six areas of data protection prescribed by the PCI-DSS standard drive enterprises to implement a comprehensive approach to overall security. They address security concerns from network protection to security governance policies.
Build and maintain a secure network
-
Create a firewall to secure cardholder data.
-
Go beyond vendor defaults for passwords and other security parameters.
Protect cardholder data
-
Protect stored data.
-
Encrypt data transmission.
Maintain a vulnerability management program
-
Employ and update anti-virus software.
-
Develop and maintain application security.
Implement strong access control measures
-
Restrict access to cardholder data on a need-to-know basis.
-
Assign a unique ID to each authorized user.
-
Restrict physical access to cardholder data.
Regularly monitor and test networks
-
Track and monitor access to network resources and data.
-
Regularly test security systems and processes.
Maintain an information security policy
-
Develop and maintain policy-based security protocols.
Top Reasons Why Outsourcing Relationships Fail
Outsourcing is a strategic decision with long-term impact and
the success of outsourcing depends both on the service provider and the
outsourcer's commitment. Not all outsourcing arrangements work. We have found that the more work that is
done by an enterprise before it outsources, the better the chances are for
success.
In a survey of 50 CIO's Janco found the primary reasons that
outsourcing fails are:
-
Not defining an infrastructure for managing and delivering services
-
Focusing on cost savings versus quality of service provided
-
Lacking metrics and service level agreements
-
Choosing the wrong outsourcing vendor one that does not have the proper experience with enterprises of your size or your industry
-
Activating an outsourcing contract without proper planning for what to be done, by whom, when
-
Outsourcing core competitive advantage functions that that drive sales and or customer service
-
Poor communication channels and chain of command definition between the outsource provider and the enterprise
-
Organizational conflicts due to personalities and or different organizational cultures
The Practical Guide for IT Outsourcing is delivered electronically in WORD and/or PDF format. Included is a 3 page Job Description for the Manager Outsourcing. Sarbanes-Oxley issues addressed directly. Included is an ISO 27001 and ISO 27002 audit program.
- more infoChallenges CIOs face
CIOs are now challenged more than any time in the past with the economic earthquake around the globe CIOs have to be smarter, creative and innovative. The only way for CIOs to survive the world economic reset in a knowledge age is to capitalize on our human capital, put their staffs creativity to work, stoke our innovative furnace. There are many ways to fuel the creative fires - from management techniques, to team building, and effectively leveraging existing and emerging technological investments. However, the key is infrastructure. CIOs that have a one that address metrics, change management, version control, system development methodology, service management, and human resources have a better chance to make it through these tough times.
CIO management of IT project portfolio
CIOs have two targets when they manage the IT project portfolio, money and time. CIOs estimate how much time each IT employee has to work on projects (as opposed to support). The combination of that time is use to determine the total project time for the year.
Typically, if a
CIO does not spend all they planned then can accrue that money for future
use. However, time is
different. Every hour that reserved
for projects is lost forever if it is not used that way.
In this troubled times, there is a huge demand for IT projects, it is critical that staff time is utilized efficiently. Historically CIOs approved projects, and then they waited for those championing the projects to bring them forward. The issue with that approach is that many managers are busy they tend to wait until the last possible moment to get things going. In the mean time, that time set aside for projects is going unused.
CIOs should encourage business manager and other champions to getting things moving sooner and telling them the resources are available now.
- more infoWhat is keeping CIOs and CTOs up at night?
In a recent survey of 127 CIOs Janco Associates has defined a set of questions that CIOs are trying to answer about during this downturn. CIO are concerned that IT is viewed as relevant to the enterprise's success.
The primary questions they are trying
to answer for their management are:
-
What positive impact can technology play in the current economic conditions to improve revenues, reduce expenses, improve product and service delivery?
-
What are the greatest opportunities for IT productivity improvements?
-
Which fixed costs can be reduced without affecting the service level delivered by IT?
-
What are the challenges and opportunities of outsourcing and how do we address them?
CIOs and CTOs feel that if they
can answer these questions they have a chance to be drivers in survival of their
enterprises.
E-Verify Could be the Next Priority for CIOs
E-Verify in the American Recovery and Reinvestment Act passed last week by the House of Representatives. However, that provision has been culled from the Senate version -- prompting frantic lobbying on both sides of the issue to either put it back into the legislation or leave it out permanently.
According to a DHS description of the program, the SSA
database against which the matching is done contains more than 425 million
records, while the DHS's immigration databases hold more than 60 million
records. In most cases, employers get search results in
seconds.
Only about 100,000 employers out of more than 7
million in the U.S. are currently signed up for the
program.
Recent enhancements to the system include a
photo-screening tool for biometric verification and the availability of
naturalization data that can confirm the citizenship status of recently
naturalized U.S. citizens. In May 2009, all federal contractors and
subcontractors will have to start using the program when hiring new
employees.