Business Continuity &
Disaster Recovery Template

A disaster recovery is a response to a declared disaster or a regional disaster. It is the restoration or recovery of an entire Agent computer. A disaster recovery plan describes how an organization is to deal with potential disasters.

The DRP template includes everything needed to customize the Disaster Recovery Plan to fit your specific requirement. More...

Security Manual Template

Most companies have initiated the necessary steps to safeguard their company assets. Information security has moved from a business cost to a business enabler. However, new threats and technologies are constantly and rapidly changing the network landscape. System administrators must scan the network continually for known security weaknesses, keep their skills current and, most important, reexamine corporate security policies periodically.

The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step.. More...

Job Descriptions

The Internet and IT Position Descriptions HandiGuide® was completed in 2010 and is over 650 pages; which includes sample organization charts, a job progression matrix, and 231 Internet and IT job descriptions.  The book also addresses Fair Labor Standards, the ADA, and is in a new easier to read format. More...

Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

 

 

IT Service Management ITSM ITILMetrics IT and Internet

 ITIL - Implementation

Using the
IT Service Management for
Service-Oriented Architecture
Template to implement ITIL

      

Order ITIL ImplementationSample ITIL Implementation

The IT Service Management for SOA architecture is compliant with the latest defined ITIL and ISO 20000 standards. 

Information Technology Infrastructure Library (ITIL) is a consistent and comprehensive documentation of best practice for IT Service Management. Used by hundreds of organizations internationally, a whole ITIL philosophy has grown up around the guidance contained within the ITIL books and the supporting professional qualification scheme.

ITIL Implementation

ITIL Version 3 was released in the spring of 2007 and ITIL 3.0 is structured around a core of Service. 

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement

The processes that are addressed in that standard are:

  • Access Management
  • Availability Management
  • Capacity Management
  • Evaluation
  • Event Management
  • Financial Management (aka Service Economics)
  • Information Security Management
  • Knowledge Management
  • Problem Management
  • Release and Deployment Management
  • Request Fulfillment
  • Service Asset and Configuration Management
  • Service Catalog Management
  • Service Continuity Management
  • Service Level Management
  • Service Portfolio Management
  • Service Validation and Testing
  • Supplier Management
  • Transition Planning and Support

These process in turn are supported by six (6) functional areas.  Each of these areas have policies and procedures that are contained in the IT Service Management Template.

Order ITIL Implementation       Sample ITIL Implementation

ITIL Standards

Service Desk - (Help Desk Policy, Help Desk Standards, Help Desk Procedures, and Help Desk Service Level Agreement)

An effective "service desk" (Help Desk) can be a great asset to any enterprise. Getting accurate feedback on issues your users are having can only benefit your development efforts and ultimately, the users themselves. The key here is to make sure that the help desk is well-prepared to accept responsibility for support calls on your applications.

Janco recommends that you start working with the help desk at least six weeks before your first application release. If the help desk is mature, they will have aids for capturing application support requests. These will provide the initial information needed for the knowledge base. The help desk personnel will augment that knowledge base over time with solutions and user work-around(s) as they come up with. Be sure to weed out the "false solutions."

There should be a complete distribution list for ticket reports from the help desk to all of the key managers and users in the enterprise. These will disclose what issues users are encountering. Commonly recurring or high-impact issues should become the focus of everyone involved. This then feeds the priority setting process in the Problem Management process.

Incident Management (Help Desk Procedures, Service Request Policy and Service Request Standard)

ITIL defines an "incident" as any disruption to the normal operation of a system or application.  This includes bugs, outages, and even user interface problems.  The Incident Management process begins with notification of an incident.  This can be logged by the  help desk in response to a user call.  It can even be automatically created by a monitoring system.  It marked as completed when normal functioning of the system is restored.

Note that this does not include root cause analysis or correction!  Incident Management is all about restoring service.

Ideally, the  help desk handles the entire Incident Management process.  In less ideal cases, development may be called on to help resolve "novel" incidents--ones that do not have a solution in the  help desk's knowledge base.

When incidents come into the development room, you have some negatives that need to be dealt with. The incident needs to be resolved expeditiously, making it both interrupt driven and urgent. Therefore, every incident will automatically take somebody off their current assignment. This is damaging to flow.

In worse cases, the entire team may get derailed and start huddling around the incident. Fire-fighting is exciting and many help desk professionals like to work them. If the entire team is chasing the incident, nobody is making forward progress on scheduled tasks. If you have a large user community or a lot of incidents, you can lose an entire day or weeks before you realize it.

This can be exacerbated if your help desk never resolves application support incidents. In such cases, Janco recommends the "Center-Post" position. Assign one member of the team to be the primary point of contact for incident resolution.

Problem Management (Help Desk Procedures, Service Request Policy and Service Request Standard)

Recurring incidents can be identified as Problems that require correction. This is the job of the Problem Management process.

Identifying a problem is often done by the  help desk, but it can also come from others. The decision about which problems require correction and which ones have top priority often becomes very slow and bureaucratic. Janco has seen teams get chewed out for fixing problems that weren't scheduled to be addressed for a couple of iterations!

Problem managers should be encouraged to communicate via status reports. There also is a need to communicate back to the user community when the status of a problem changes. Good Problem Management classifies problem states such as "known problem", "known workaround", and "known solution". A help desk team will typically move through these states pretty quickly.

Bear in mind that the ITIL definition of Problem Management is all about oversight, not the actual changes needed to fix the problem.  The actual changes are deployed as part of Release Management.

Change Management (Change Control Standard, Change Control Quality Assurance Standard, Change Control Management Workbook, Version Control Policy, and Version Control Policy)

Change Management is the most complex part of the ITIL standard.  This is the process that so easily slips into heavyweight bureaucracy or, worse, meaningless meetings.

Change Management as defined simply means tracking changes, their impact to configuration items, and ensuring that changes are applied in an orderly way.  It doesn't have to hurt.

In reality, however, help desk will spend a lot of time preparing for change management committee (CMC) meetings.

Janco recommends standardizing your change and deployment process (per the standards defined in the template). Get into a regular rhythm of releases and deployments so the CMC comes to expect that every third Tuesday (or whenever), your team will have a new release. Standardize the release mechanics and system impact statement so you can standardize and re-use your change requests. Familiarity will create confidence with the CMC.

Configuration Management (Documentation Standard, Version Control Policy, and Version Control Policy)

Configuration Management (CM) is not the act of changing configuration items. It's the process for tracking planned, executed, and retired configurations. As you plan each release, you should identify the places that will be affected by the release.

In a well-executed ITIL rollout, CM is vital for change management, incident management, the help desk, and release management. In a poorly-executed ITIL rollout, configuration management does not exist, or it only addresses servers or network devices.

CM should cover servers, network topology, applications, business processes, documentation, and the dependencies among all of them. That way, proposed changes to one area (e.g., upgrade to front-end firewalls) can be analyzed for its impact.

Release Management (Documentation Standard, Version Control Policy, and Version Control Policy)

Release Management dove tails with Information Technology's release planning cycle. Engage early.

Order ITIL Implementation       Sample ITIL Implementation

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ITIL News



Google stops supporting older browsers

Google has announced that Google Docs will drop support for Microsoft's nearly nine-year-old Internet Explorer 6 (IE6) browser starting on March 1.

Ironically, if Google had taken its anti-IE6 advice to heart before hackers broke into its corporate network last year, it might not now be mulling whether to abandon the Chinese search market.

"We're going to begin phasing out our support, starting with Google Docs and Google Sites," said the senior product manager for Google Apps, in a Friday entry on the company's enterprise blog . "As a result, you may find that from March 1 key functionality within these products -- as well as new Docs and Sites features -- won't work properly in older browsers." Google Sites is the search engine's free Web hosting service.

Google's new list of supported browsers omits IE6, as well as other older programs, including Mozilla's Firefox 2.0, Apple's Safari 2.0 and Google's own Chrome 3.0. IE6 is by far the oldest browser of the bunch, with an August 2001 debut. In comparison, Firefox 2.0 dates to October 2006, Safari 2.0 to April 2005 and Chrome 3.0 to September 2009.

People running older browsers should upgrade to a newer version, said the Google represenative, who posted links to downloads of IE8, Firefox 3.6, Safari 4.0 and Chrome 4.0. The latter is available in final form only for Windows ; Chrome 4.0 for the Mac is still in beta .

Google's move is only the latest in a year-long string of major Web properties dropping support for IE6 or urging users to ditch it for something newer. The campaign began in February 2009, when Facebook prompted IE6 users to upgrade. It then accelerated last summer when Google's YouTube did the same, as Digg announced it would curtail IE6 support and as a California site builder led nearly 40 Web start-ups to urge their users to dump the browser . An "IE Must Die" petition on Twitter, meanwhile, has accumulated more than 14,000 signatures.

- more info


Productivity improvements are possible

Similar to the explosion in regulations such as Sarbanes-Oxley after Enron, many pundits expect new regulations in light of the financial industry meltdown. And industry experts expect that IT organizations in many government agencies will have to take on the heavy burden of the new regulations that are expected to emerge. Microsoft Windows Server 2008 R2 can help IT departments in public sector organizations meet today's demands for lower TCO, improved security, and delivery of IT services. Companies that want to cut costs, lower complexity, and increase agility need to embrace virtualization in their production environments, and Windows Server 2008 R2 supports high-availability virtual environments.

Productivity

CIO - Productivity Bundle

Over 220 IT and Internet Job Descriptions, Disaster Recovery Template 
IT Service Management Template - Sensitive Information Policy - Salary Survey - Security Template

The CIO productivity kit standard edition contains:

  • Over 220 job descriptions in MS WORD format
  • Current IT Salary Survey for US and Canada (by city)
  • Disaster Recovery Template which is Sarbanes Oxley compliant
  • Security Template which is Sarbanes Oxley and ISO 27000 compliant
  • IT Service Management Template (Change Management, Help Desk, and Service Requests)
  • Sensitive Information Policy (Protect  Credit Card Card and Personal Information)
- more info


NASA to redo IT Infrastructure

CIO Productivity KitIT Infrastructure, Strategy, and Charter TemplateNASA has issued a final request for proposal for a menu of information technology services such as e-mail, security management, instant messaging and mobile communications. Estimates have pegged the work as worth $2.5 billion.
The project, Agency Consolidated End User Services (ACES), is designed to consolidate services across NASA into one agencywide solution. The requirements are currently met through the Outsourcing Desktop Initiative for NASA, the ODIN contract.

The ACES contract is expected to be biggest of five contracts that NASA plans to issue as part of its Information Technology Infrastructure Integration Program (I3P) acquisition to consolidate the agency's IT and data services.

Order Now   Table of Contents

Market research firm Input puts the total value for the five contracts, based on NASA’s draft RFPs, at $4.3 billion. Input said ACES’ value is $2.5 billion based on information in the draft RFPs.

According to the final RFP, the winning contractor will be responsible for a range of services including:

  • E-mail and collaborative calendaring services:
  • Active Directory services.
  • Security management including IT security, emergency management and preparedness, and data at rest services.
  • Software license management: The contractor shall provide a fully managed and supported shared license infrastructure.
  • Instant messaging services.
  • Mobile communications device services such as cell and smart phones.
- more info


Service-Oriented Architecture and IT Service Management Are Keys To Success in the Recovery

SOA and ITSM drive success and productivity

One bad customer experience can cost you that customer for life. Hospitality, travel, retail, healthcare, and financial services are especially prone to losing customers who have a negative experience. It does not take much for a customer to decide that you and your company are not worth his time, effort, or money.

  

Customers like to feel loved, and they are turned off very quickly when they sense that you do not care about the pain they are feeling. Even if you cannot help them because the situation is beyond your control, acknowledge that you understand both the situation and their frustration.

 No customer wants the person serving her to be distracted or preoccupied. Ever go to the local mall and try to get help from a teenager focused more on texting her friends than helping you find what you’re looking for? On the other hand, being too focused can be a bad thing. Have you ever asked an innocent question out of curiosity and then found yourself stuck for an eternity while a customer support person hunts endlessly for an answer? This person is likely so focused on getting the answer that he does not realize that you really do not care that much about it and would rather not wait for an answer to an inessential question. Be sure your people understand the degree of focus required for the job.

Even if the employee has the right skill set and experience, his odds of being successful and remaining on the job are low if his core behaviors and tendencies do not line up with those needed for success in that particular role. This is especially true for customer-facing roles in which your frontline employees act as extensions of your brand and heavily influence the customer experience.  

- more info


Attackon Google mail accounts in China

Security ProceduresIt was reported in Computerworld  that a "highly sophisticated and targeted" attack against Google's network last month originated in China, and tried to access the Gmail accounts of Chinese human rights activists.

In a blog post Tuesday, David Drummond, Google's chief legal officer, said that attacks have forced the company to "review the feasibility of our business operations in China." Google, continued Drummond, is "no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all."

The end result of those discussions, said Drummond, may be that Google shuts down its search engine and close its offices in the People's Republic of China.

  

"This is a bold and a very difficult move on [Google's] part," said Leslie Harris, the president and CEO of the Center for Democracy & Technology (CDT), a Washington, D.C.-based civil liberties group. "But with the revelations that there have been major cyber attacks aimed at human rights activists, both in China and in the West, it's hard to see how Google could have remained silent."

According to Drummond, Google was one of at least 20 large companies that were targeted by massive attacks in December. In Google's case, the attacks resulted in the theft of some company intellectual property.

- more info


H-1B Reaches quota - More Audits to Take Place

Salaries for ITU.S. employers again hit the cap of 65,000 for the controversial visas that allow foreign workers in specialty fields such as computer science and programming to work in the United States for three to six years.

Despite an early slump in U.S. employer demand for H-1B visas, the U.S. Citizenship and Immigration Services announced Dec. 22 it had reached the 65,000 cap for the controversial guest worker visas favored by technology companies. H-1B visas allow companies to hire foreign workers with special skills to work in the United States for three to six years.

USCIS officials intend to up the ante of verifying and investigating the validity of H-1B visa usage by companies. Immigration officials will ramp up law enforcement to help thwart fraud and quell political pressure that wants to severely limit H-1B visa usage.

The United States Customs and Immigrations Services plans to up its enforcement of the law on H-1B visas and the U.S. companies that take advantage of them by conducting 25,000 on-site inspections in 2010. IBM, Microsoft, Oracle, Google and many technology giants and smaller IT shops employ temporary H-1B visa holders to fill U.S.-based jobs from foreign countries. After a Congressional report showed a range of fraud within the H-1B visa program, the pressure to enforce the law on the books has increased.

In 2009, the USCIS conducted 5,191 on-site inspections, according to a report in Computerworld, with many of the inspections being unannounced visits. The 25,000 inspection effort in 2010 could be a serious boost to quelling fraud, but it may not be enough for those in the U.S. government who advocate for stronger limits on H-1B visas.

- more info


Can Tape Backups Work In a Disaster Recovery Process

Tape backup can provide for the long-term archival needs of the virtual servers; however tape cannot provide the level of recoverability required for critical business applications. Disaster Recovery Planning requires more.

Rebuilding one application from tape can be a difficult and lengthy process. Recovering four or more applications at the same time from tape to rebuild one physical server will result in an excessive period of downtime, likely more than the business can afford.

Organizations may not understand how vulnerable their data and business remain to disaster - even after they've made a huge up-front and ongoing investment in tape-based disaster recovery. An article in SearchSecurity reports that in a survey of 500 IT departments, as many as 20% of routine nightly backups fail to capture all data. Among participants of another survey cited in this article, 40% of IT managers were unable to recover data from a tape when they needed it. This is a significant concern for corporations that are regulated as they can face the risk of being out of compliance if they cannot produce required data when they need it.

Tape backup also places limits on your recovery point objective (RPO), the point in time to which you can recover your systems should disaster strike. Periodic tape backup guarantees hours of lost data in the event of a disaster. Suppose, for example, that a critical system fails anytime today; the best you can do is recover to yesterday's data, which will be at least twelve hours old. The later in the day disaster strikes, the older the data from which you'll recover. In addition, recovering from a disaster, any data not backed up is lost for good - unless you recreate it.

- more info


Job market prospects remain poor at best

The yearly cap for H-1B visas is 65,000.  In 2008, the H-1B quota was met in one day.  According to the most recent numbers issued by U.S. Citizenship and Immigration Services, the late rush has pushed the number of H-1B visa petitions to 58,900.

IT Job Market

In additions, according to some forecasts the first quarter of 2010 will see only minor IT hiring increases, but also a small additional IT job losses. In a survey of  1,400 CIOs, 7 percent said they expect an increase in hiring, while 4 percent expect to reduce staff for a net gain of 3 percent in favor of hiring.

That does not bode well for IT professionals and college graduates.  The question is when will the market turn around.

- more info


U.K.Inacts Big Brother Laws

Security ProceduresUnder the guise of the Digital Economy Bill, the UK proves without a doubt that truth is stranger than fiction and that 1984 mindsets rule in government.

  • If illegal file sharing is suspected (not necessarily proven) within a home, all Internet access to that residence could be terminated and fines of up to £50,000 could be imposed on the household.
  • ISPs could be compelled to spy on their own users or face stiff fines and other penalties.
  • The UK Business Secretary (similiar to the US Secretary of Commerce)  would be granted the power to modify any aspect of the law without debate, including the definition of new violations and penalties at a whim, essentially turning his position into that of a dictator for all digital communications within the United Kingdom.

Needless to say, these are bad ideas at best, even coming from a country with an Official Secrets Act. The language in this bill would place corporations in complete control over the Internet in the United Kingdom, answering to nobody but themselves. It's practically a step-by-step guide on how to force your best and brightest to move to another country.

- more info


CIOs address security threats

Business processes today rely on vastly different methods of data storage and data exchange than even a few years ago. The objective is to provide full 360-degree security that protects against the widest range of attacks.The changes in the computing landscape make it essential that companies adopt a new approach to security. According to published research 90% of all CIOs say that data security is "important" or "very important" and would get high priority in 2009.

CIOs need to worry about three possible threat can affect the business operations, data integrity and overall security of organizations.

  • Theft or loss of a mobile device - SmartPhone or laptop
  • Theft or loss of removable media containing confidential data - USB storage
  • Disgrunteled employee or contrator

The security manual template addresses each of these issues with specific policies and procedures that can be implemented quickly.

- more info


Protecting intellectual property - CIO role

The problem is, many companies devote resources to IT security assuming that the thieves and threats are on the outside, attempting to gain access to the network via malware and hack attempts. They ensure anti-malware and intrusion detection/prevention systems are in place, and restrict network access. What happens when the internal worker becomes the threat? What is needed is a set of securtiy policies and procedures support by an audit program that validates that they are followed by everyone.

Data is the lifeblood of every company, and often, it's the only thing that differentiates one organization from another. Who has the most loyal customers, the best service, and the most innovative strategies all boils down to information residing on the company's IT systems.

For companies that deal with product designs and prototypes, it's easy to understand how closely their information must be guarded. Strategic plans, corporate roadmaps, and notes from a brainstorming session could also be valuable to competitors. Personal information - of employees and customers - can be used for identity theft and other types of fraud, if it falls into the wrong hands.

- more info


Firefox is primary security risk faced by users

According to a security vulnerability report by Cenzic, Of all Web vulnerabilities, 90 percent pertained to code in commercial Web applications, while Web browsers comprised about 8 percent and Web servers about 2 percent. Of the browser vulnerabilities, Firefox had 44 percent of the total, but perhaps the biggest surprise was Safari, which formed 35 percent of the browser vulnerabilities. Internet Explorer was third, with 15 percent, and Opera was at 6 percent.

Of the published vulnerabilities in Commercial Off The Shelf (COTS) applications, SQL Injection, and XSS were once again the most common vulnerabilities, which is why, it is no coincidence that most of the attacks in first half exploited these two vulnerabilities. Based on thousands of assessments performed by Cenzic's managed service, nine out 10 applications continue to be vulnerable with Information Leaks, Cross Site Scripting, Authentication Flaws, and Session Management as the most common categories.

The top 10 vulnerabilities for the first half of 2009, included familiar names such as Sun, IBM, SAP, PHP, and Apache.

- more info


Unused Servers Waste Engery and Critical IT Resources

Metrics Internet and ITMillions of servers around the world are doing little more than wasting energy, according to a new study.

At least 15 percent of servers are not doing anything useful, said a majority (72 percent) of server managers polled by Kelton Research. In addition, 83 percent said they don't have an adequate grasp of server utilization, and 72 percent rely on CPU utilization as their measure of server efficiency.

The cost of unused servers is estimated at $24.7 billion a year, including the value of hardware, maintenance, management, energy and cooling for unused servers.

Specifically, the study concludes that an estimated 4.75 million servers worldwide are being run 24/7, managed and upgraded without being actively used on a daily basis. Assuming about $4,400 per server per year in operational costs (an IDC estimate), those unused servers cost $20.9 billion to run, plus consume another $3.8 billion in energy costs.

- more info


Reasons to block instant messaging

In the workplace, instant messaging (IM)often replaces  Security Audit ProgramSecurity Manual Template - Sarbanes-Oxley

e-mail and phone calls for user-to-user or group conversations. This includes frequent exchanges of files, records and other data, plus regular back-and-forth texting between coworkers or collaborators busy getting their jobs done. Though much IM traffic involves pairs of users, it's neither difficult nor unusual for multiparty IM sessions to replace conference calls. Many IM security problems can expose organizations directly to serious security risks and potentially devastating legal liabilities or financial losses. Because most consumer-grade IM technology is not encrypted, that makes a good place to start exploring how and why this claim holds water. Many IM packages also lack strong proofs of user identity, perform neither file nor content screening on transmissions and directly expose users to malicious software and behavior.

 - more info


Employment down for IT professionals according to IEEE-USA

IT Salary Survey The number of unemployed IT professionals, including  systems analysts, has reached 59,000 in the third quarter, up from 49,000 in the previous quarter.

In 2001, there were 745,000 software engineers. In 2002, that number had fallen to 715,000 but then started to increase until the third quarter of 2008, when it reached 1.078 million; software engineer employment now stands at 970,000.

In 2001, there were 734,000 computer scientists and systems analysts, compared to 745,000 in the most recent quarter -- the same number reported in 2005. The peak employment year in this category was 837,000 in 2008.

While the overall third-quarter unemployment rate for computer professionals rose from to 6% from 5.4% in the second quarter, the jobless rate declined for electrical engineers and software engineers, according to a new analysis of government labor data compiled by the IEEE-USA.

The organization of technical professionals said that the unemployment rate for electrical engineers fell in the third quarter from 8.6% to 7.3%, possibly with the help of increasing investments in smart grid technologies. Unemployment among software engineers in the third quarter also fell, to 4.7% from 5%.

The most recent employment data for software engineers is mixed, improving in some areas but declining overall.

While the overall third-quarter unemployment rate for computer professionals rose from to 6% from 5.4% in the second quarter, the jobless rate declined for electrical engineers and software engineers, according to a new analysis of government labor data compiled by the IEEE-USA.

The organization of technical professionals said that the unemployment rate for electrical engineers fell in the third quarter from 8.6% to 7.3%, possibly with the help of increasing investments in smart grid technologies. Unemployment among software engineers in the third quarter also fell, to 4.7% from 5%.

- more info


CIO and companies look towards virtualization solutions

Virtualization management is increasingly more important as CIOs and companies look for every way possible to extract as much value as they can from their IT investments. For many, the answer is next generation tools that deliver proactive monitoring and predictive capacity analysis to enhance the most popular virtualization solutions and improve the odds of a fast return on investment (ROI).

IT Infrastructure, Strategy, & Charter TemplateIT Service Management SOA Change Control

CIOs are looking for virtualization management solutions that will immediately demonstrate its value by predicting your resource utilization trends and alerting you in advance of potential issues. In this process CIOs hope to:

  • Discover the benefits and features of a self-contained virtualization analyzer that instantly deploys and begins solving your capacity planning and monitoring needs.
  • Learn how better capacity planning enables users to increase virtual machine (VM) densities on existing hardware while maximizing performance of the virtual data center
  • Find out how an effective virtualization analyzer can quickly identify capacity bottlenecks, find available capacity for new virtual machines (VMs), and increase VM densities with your existing hardware
- more info


Cost cutting continuing in many IT organizations

Cost control metricsNo matter what the media says about the recession bottoming out, times are still tough for may IT organization -  hiring is down and budget cuts continue. Over 200 CIOs interviewed by Janco associates say, many IT projects are delayed or stopped, layoffs continue and next year's budget will be lower.

Most CIO's continue to look for ways to reduce costs.  Many no longer are willing to pay a premium for vendors to fix any problems in key software and hardware within four hours instead of a 24-hours. Sometimes things stay broken until IT staffers can figure out the fixes themselves.

Steps that CIOs are taking include:

  • Reducing systems maintained on a 7/24 level - Instead of eliminating maintenance contracts, reduce the frequency of turnaround time -- from, say, four hours to 24 hours or even longer.
  • Reducing weekend and late-night service levels.
  • Reducing contracted fees paid to vendors -- many are more willing than in the past to wheel and deal, rather than lose a contract completely.
  • Communicating with users that they can expect decreased maintenance, particularly with regard to timing and service levels.

However it is critical  to not impact core infrastructure systems or those that are customer centric.

- more info


What does Web 2.0 Promise

Web 2.0  IT Infrastructure, Strategy, and Charter Templateis the next step in the evolution of the computer industry caused by the move to the Internet as platform. While most focus on the implications of software development technologies used to create Web 2.0 applications, it is important to understand the attitude of empowerment of Web 2.0 software developers place a high priority on accomplishing the following objectives with Web 2.0 in order to attain the larger business goals:

  • Graphical user interface (GUI) functionality, such as "drag and drop" enable applications with functionality on par and superior with applications built for traditional GUI-based operating systems such as Microsoft Windows.
  • Richer content. Web 2.0 developers are fond of creating applications known as "Mashups." Mashups increase the usefulness of an application by combining content from multiple sources, but may include sources with questionable pedigrees.
  • Performance. Improve the speed of applications, often by leveraging the client computing resources and reducing the frequency with which a Web application performs GET and POST calls to the Web server. This is accomplished by transferring application and business logic from a tightly controlled host environment to a client system, which can be more readily manipulated.
  • Interactivity. Making the application more attractive, engaging, user friendly, and ultimately more productive for the user.
- more info


PCI-DSS is not working as designed

Security Audit ProgramPCI is not working as designed according to the survey of more than 500 U.S. and multinational IT security practitioners at companies with an average of $5.6 billion in annual revenue:

  • 71% of respondents do not treat PCI as a strategic initiative, yet 79 percent have experienced a data breach involving the loss or theft of credit card information.
  • 55% of respondents focus only on credit card data protection and do not attempt to secure sensitive information such as Social Security numbers, driver’s license numbers, bank account details and other data about people and families.
  • 60% of respondents do not think they have sufficient resources to comply with PCI and bring about a necessary level of cardholder security.
- more info


Scam shows creativity of Internet thieves

A security vendor has identified an online service offering to help anyone to hack into any Facebook account for $100. However, those who sign up for the service could find themselves becoming the victims instead.

Security Manual Template - Sarbanes-Oxley

Users of the service are required to first register with the site and then provide an ID of the Facebook account they want hacked. Users who enter the ID and click on a "Hack it" button are then presented with the username of the owner of the Facebook account. They then have the option to "Start Facebook hacking."

Those who follow the instructions are eventually told that the hack was successful and a password for the account was retrieved. In order to get the password, the user is then required to send $100 via Western Union to an individual in the Ukraine.

- more info


Threats CIOs and CSOs need to address

CIOs and CSOs need to be aware of the threats that their enterprise networks and users face.  As threats change and attacks increase, it is necessary to develop and adapt new security measures.  Areas of threat and security exposure are:

Security Manual Template - Sarbanes-OxleyIT Hiring Resource KitSecurity Audit Program
Metrics Internet and ITPolicy Sensitive InformationBlog Policy

  • Operating systems vulnerabilities that can lead to massive Internet worms
  • Client-side vulnerabilities, including vulnerabilities in browsers, in office software, in media players and in other desktop applications.  
  • Users who are allowed by their employers to browse the Internet have become a source of major security risk for their organizations.
  • Web application vulnerabilities in open-source as well as custom-built applications.
  • Default configurations for many operating systems and services leave security gaps.
  • Attackers are finding more creative ways to obtain sensitive data from organizations.
- more info


Big Brother gets bigger and bolder - Security at Risk

Policy Sensitive InformationTravelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched, copied and even held by customs agents -- all without need to show suspicion for cause.

Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicion less searches of electronic devices at U.S. borders.

The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so.  It states on the cover page:

Security Manual Template - Sarbanes-Oxley"With changes in technology over the last several decades, the ability to easily and economically carry vast amounts of information in electronic form has risen dramatically. The advent of compact, large capacity, and inexpensive electronic devices, such as laptop computers, thumb drives, compact disks (CD), digital versatile disks (DVD), cell phones, subscriber identity module (SIM) cards, digital cameras, and other devices capable of storing electronic information (hereinafter "electronic devices") has enabled the transportation of large volumes of information, some of which is highly personal in nature. When these devices are carried by a traveler crossing the U.S. border, these and all other belongings are subject to search by the U.S. Department of Homeland Security (DHS) to ensure the enforcement at the border of immigration, customs, and other federal laws. In particular, U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE) may conduct border searches of such electronic devices as part of CBP's mission to interdict and ICE's mission to investigate violations of federal law at and related to the Nation’s borders. CBP Officers and ICE Special Agents conduct border searches of electronic devices to determine whether a violation of U.S. law has occurred."

Also, while in many cases searches would be done with the knowledge of the traveler in some situations, the report says, "it is not practicable for law enforcement reasons to inform the traveler that his electronic device has been searched."

In arriving at the assessment, the Privacy Office argued that such searches of electronic devices were no different from searches of briefcases and backpacks. They are needed to interdict and investigate violations of federal law at U.S. borders and have been supported by courts in the past, the assessment said.

 

- more info


Health related information technology - growth area

The federal government's emphatic push into health-related information technologies is likely to generate a wave of new work for IT contractors.

  CIO Productivity Kit IT Infrastructure, Strategy, and Charter Template

The deployment of health IT systems - most notably electronic medical records that can be exchanged among patients, doctors, specialists and other health care providers - is high on President Barack Obama's priority list. He has contended that digitizing all health care records within five years will help the effort to revive the economy.

Indeed, the American Recovery and Reinvestment Act of 2009 allotted $19 billion in health IT investments. And any major health reform legislation that Congress passes this year is expected to add more funding for electronic medical records exchange, sources say.

The stimulus package contains funding for regional health IT extension centers, which assist health providers across the country to adopt or enhance EHRs.

- more info


Productivity metrics defined in HandiGuide

Metrics are the key to managing productivity.  Today revenues are down and budgets have fallen along with them. Companies have frozen capital expenditures and the push is on to cut the costs of operations. In such an environment, companies look hard to create efficiencies wherever possible. For IT, this means intense pressure to do far more with existing resources.

Metrics Internet and IT

So where’s the upside? For many companies, it comes in the form of an opportunity to consolidate IT operations. For years, companies have known that this can help eliminate duplication of effort, lower service costs, increase efficiency, and improve business agility by reducing complexity. But obstacles born of internal politics and IT domain turf battles have often stood in the way.

The stark reality of today’s economic conditions is helping many organizations break through this resistance and make the business case for consolidated IT operations. The fact is, consolidating IT operations should be seen as one of the best options available for organizations that need to quickly optimize costs and increase efficiency. What’s more, IT consolidation enables you to redeploy valuable IT resources to focus on strategic activities that help improve business performance. And because these initiatives leverage what you already have, projects to consolidate operations typically lack the uncertainty and risk of other IT projects. In the end, the business case is solid, the investment is minimal, and the ROI is rapid. You’ll be able to conserve resources to survive the recession today while setting yourself up to capitalize on new business opportunities as the economy recovers.

- more info


Netbook offerings expanding - 12 hour battary life

Nokia has unveiled the Booklet 3G, a netbook with high-speed mobile broadband and Wi-Fi connectivity, and a GPS receiver, the company said on Monday.The Booklet 3G should run for up to 12 hours on one battery charge, Nokia said. It weighs 1.25 kilograms, has an aluminum chassis and is slightly more than 2 centimeters thin.

Detail specifications:

  • 10 inch HD ready screen (1366 x 768 pixels), more than other 10 inch netbook models
  • Atom CPU
  • 12 hours battery life (manufacturer claim)
  • 1.25 kilograms (2.75 lbs)
  • 20 mm thickness
  • 3G/HSDPA/WiFi, Bluetooth connectivity
  • HDMI video out port
  • SD card reader
  • A-GPS - Comes with Ovi Maps preinstalled
  • Windows operating system (maybe Windows 7 Starter as in the video above, but nothing sure)

The mobile broadband connection will be based on HSPA (High-Speed Packet Access), but Nokia doesn't want to elaborate on what speeds it will support.

- more info