News

CTO Toolkits

Janco

IT Productivity

IT Toolkits

eJobDescription

PSR

CIO and CTO

newsgroupworld

disaster planning
template

ntcity

disaster planning
template

DR Knowledge Base

disaster recovery planning
org

disaster recovery
planning template


IT Hiring IT Job Descriptions IT Salary Survey

Metrics Internet IT

Disaster Business Continuity

Security Policies Procedures

Job Descriptions

IT Salary Survey

 

Janco

RSS Standard XML
RSS Latest 25 items
RSS Latest 10 items
RSS Latest 5 items
RSS Historical Feed

Other Feeds

RSS IT Productivity Center
RSS eJobDescription
RSS psrinc
RSS IT-Toolkits
RSS Disaster Planning

 

IT Managers - CIOs - and CFO Information Technology Tool Kits

Disaster Recovery Planning, Job Descriptions, Salary Survey, Business Continuity, ITSM, SOA, Compliance, SOX, and HIPAA

The IT Tool Kits feed is an XML news feed that you can subscribe to and re-publish on your web site or blog. The only requirement that you need to meet is that the feed is included with no modifications and that the links within the feed are retained as is.

If you wish to subscribe to this news feed the options that you have are:



Government employees continue to breach privacy of individuals

According to Gazette.net, a Maryland Department of Human Resources employee has been fired for posting about 3,000 names, Social Security numbers and other personal information on his personal website.

The information, which belonged to department clients who use food stamps, housing programs and other social services provided by the state, had been posted on the employee's website since April 27. The site has since been removed and there is no indication that the information has been misused.

The Baltimore Sun reports that a DHR spokeswoman, says it is unclear why he used the data in an unauthorized way.

The incident is still under investigation and no decision has been made yet about whether criminal charges will be filed.

- more info


Record Management Needs to Include Email

As the importance of IT, the Internet, SmartPhones, and email has grown, its legal status has changed with far-reaching consequences. A variety of laws and regulations have been extended to cover all business records, including email and all communications in both public and private sectors. Sarbanes-Oxley (SOX) and other mandates requirements touch almost every facet of paper and electronic data.

Among other provisions, SOX requires companies to maintain “all audit or review work papers” for at least five years. For registered public accounting firms, the period is at least seven years. Penalties for noncompliance include severe fines and even imprisonment, and intentionally altering or destroying records can bring even more serious consequences.

Consider that most work papers and records are created as emails and may never exist in physical form. An email can be deleted in violation of SOX at the click of a mouse. Key considerations for ensuring your company meets SOX record-keeping requirements include:

  • Can employees reliably distinguish ordinary emails from protected business records?
  • Are you be certain that employees are  storing the protected emails for the required time period?
  • Is there a process in place for storing physical copies of every protected business records and emails?
  • Are  you certain that no one is hacking into your email system and maliciously changing records?
- more info


Wi-Fi needs to be secure

Security Manual - Sarbanes-OxleyYou can secure your wireless network in little time with these 5 simple rules:

  • Secure your access point administration interface: The default passwords of most standard devices are already known to most hackers. So, when you set up your router through the web interface, change the default password and write it down somewhere safe.
  • Stop broadcasting your SSID: Your wireless router continuously transmits your SSID (Service Set Identifier). While this is useful in an office where many people are going to connect to your network, at home this is certainly not needed. Turn SSID transmission off as soon as you can. Wireless LAN "sniffers" will still be able to detect your network, but other than that, your network will mostly be shrouded from outsiders.
  • Use MAC address filtering: Turn on MAC address filtering on your wireless router configuration utility. By doing so, you can add the MAC addresses of all of your networking devices to the address pool of the router. This way, no one outside your home network will be able to access your network.
  • Reduce the power of transmission: Reduce the power of your wireless transmitter to such a degree that the signal does not reach outside your faciltiy or home. This will keep most outsiders at bay.
  • Disable remote administration tool: Your remote administration utility is seldom used. So, keeping it on exposes your network to outsiders. Turn it off for enhance your network security.
- more info


Feds to spend billion on cybersecurity research

As the Obama administration and Congress propose various measures to improve the nation’s cybersecurity, the Office of the Director of National Intelligence is planning to spend "multiple billions of dollars" on cybersecurity research.

The deputy director of national intelligence for acquisition and technology, said at a recent cybersecurity summit sponsored by Defense Daily that her office, together with the White House Office of Science and Technology, will be sponsoring "innovative" research addressing three areas, the Washington Post reported:

  • Multiple security levels for government and non-government organizations.
  • Security systems that change constantly to create moving targets for hackers.
  • Methods to motivate individuals to improve their cybersecurity practices.
- more info


Disaster Recovery / Business Continuity is Not the Place to Cut Costs

In today's business environment, many enterprises are looking for way  to reduce their expenses by cutting overhead. Often this takes the form of reducing headcount, particularly in areas that are regarded as ancillary or non-core components of the enterprise.

Disaster Recovery and Business Continuity often are placed in that category and, as a result, can be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and Business Continuity  team losing staff members, or a part-time Disaster Recovery and Business Continuity manager with less time to spare from the day job, Disaster Recovery and Business Continuity programs can be neglected and will quickly become out of date and ineffective, particularly in a rapidly changing organization. As anyone who has ever had to manage a Disaster Recovery and Business Continuity event knows, there are few things more useless than an out of date Disaster Recovery and Business Continuity plan.

Of course, it is hard to make a case for Disaster Recovery and Business Continuity at a time when core functions are under pressure, but maybe that is just when it should be on the radar even more than usual. With share prices shaky and credit hard to find, the last thing any organization needs right now is the damage to its reputation and credibility that could arise from failing to effectively manage a high profile disruptive incident.

Arguably, during a recession companies are at their most vulnerable, which makes it the worst time to neglect anything, which contributes to resilience or reduces risk. However, if an organization is under financial pressure, how can it square the circle and achieve those reductions in overhead costs while still maintaining the effectiveness of its Disaster Recovery and Business Continuity program.

- more info


Disaster Planning and Server Consolidation

The cutting edge of virtualization technology may have set its sights on virtual PCs, unified network fabrics and other esoteric applications, but server consolidation remains Disaster Planningthe primary driver for most data centers. In fact, only a handful of enterprises have begun the process of virtualizing their server farms, according to most recent surveys, although the pace is likely to pick up as energy costs and competitive pressures drive organizations to increase performance even while paring down their hardware infrastructures. But as those who have already taken the virtual plunge have no doubt realized, consolidating servers is not just a matter of powering up the virtualization layer and then pulling equipment out of racks. There is a long list of factors to consider with any centralization project and a wide range of land mines that need to be avoided to prevent service failures. One of the main concerns is the resiliency of remaining hardware. - more info


NAS a good backup solution

Remote offices present IT managers with a number of technical challenges. Traditionally, companies have relied on tape backup solutions to backup data both at corporate headquarters as well as at remote offices. At one point in time, tape backup was the only viable option for backing up data. That's no longer the case. There are benefits of network-attached storage (NAS) hardware, a completely self-contained appliance that has a built-in power supply, an operating system, an easy-to-use management console, and network-accessible storage. - more info


Federal cloud web site hacked

A Department of Treasury Web site hosted by a third party was hacked for a short while redirecting visitors to a malicious site in Ukraine and later tracking IP addresses before the Department of Treasury took the site offline.

The Department of Treasury did not identify the provider that hosted the Bureau of Engraving and Printing Web site, but did acknowledge in a statement that it "entered the cloud computing arena last year."

The attack is bound to raise concerns about federal agencies' abilities to secure data hosted by third-party service providers. Security remains one of the biggest concerns in government circles as the Obama administration makes an aggressive push for federal agencies to begin adopting cloud computing services. The attack may also be used as a tool by legislators and policy makers to demand tighter security requirements.

The main web site of the Treasury division that prints U.S. paper currency, the Bureau of Engraving and Printing presented would-be visitors with a 404 "not found" error at each of the four URLs that point to the page, bep.gov, bep.treas.gov, moneyfactory.gov, and moneyfactory.com.

Cisco's ScanSafe tracked the attack to a Web site that attempts to exploit numerous vulnerabilities in Adobe Reader, Adobe Acrobat, Internet Explorer, Microsoft Office, Symantec AppStream, and other applications, and said that the malicious site has targeted sites hosted by Network Solutions and GoDaddy.

- more info


New York City Failed Bomb Highlights Disaster Planning Requirements

The failed Times Square Car bomb shows that there is now a new class of disaster that CIOs need to plan for.The infrastructure may be damaged, communications may be lost, and the building may not be intact. That highlights some things that a disaster plan needs to consider:

  • Have a communications plan that doesn’t require the use of cell phones or smartphones.
  • Have an alternate form of communications if necessary to save lives or call for help. Your emergency coordinator should have at least one ham radio operator on staff, with a radio available - ham radio is often the only reliable means of emergency communications in a real crisis.
  • Define a central assembly point that’s located somewhere besides your office. Pick a place inland, within 50 miles or so, where you can set up a place for employees to check in.
  • Assume that some of your employees will not be able to make it to the assembly point and have a plan to have their jobs filled until their status is determined.
  • Validate your insurance carrier has you covered for such contingencies.
- more info


Intel can not meet chip demand

As companies upgrade to Windows 7 and replace older laptops there is a shortage of the latest Intel laptop PC Core i3 and Core i5 microprocessors.

The shortfall is in Intel's new laptop microprocessors codenamed Arrandale, including some Core i3 and Core i5 chips. The shortage has caused chip buyers to bid the price of the microprocessors up to a 20 percent premium over contract prices on the open market, according to U.S. chip distributor Converge. The shortage hit in March and will last throughout April, the company added in a monthly research report.

- more info


Utah may extend the reach of e-verify

The Utah state legislature has pass SB 251 to its governor, which would require businesses with 15 or more employees to use E-Verify to check whether new hires are legal workers, passed the legislature this month and is waiting for action by Governor Gary Herbert. However, some activists report the bill may be in trouble because business lobbies are working hard to get the governor to veto the bill.

- more info


Database security a management issue

Traditional IT security focuses on protecting the corporate network perimeter with firewalls, VPNs, and antivirus software. While important, these first-line defenses aren't enough. New technology and business practices spread sensitive data across multiple channels, creating new vulnerabilities. The solution is safeguarding data where it lives - in the database and on the file servers. - more info


Security Policies Should be Part of Normal Business Practices According to Federal Judge

Security Policies ProceduresA federal judge has rejected a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit. That marks the second time in recent months that a court has weighed in on what it considers basic security standards for protecting data. The case stems from a 2007 breach that exposed more than 6 million customer records.

The federal judge did not find the proposed settlement to be "fair, reasonable, or adequate." Rather than benefiting those directly affected by the breach, Ameritrade's proposed settlement was designed largely to benefit the company. The judge described the additional security measures that Ameritrade proposed in the settlement as "routine practices" that any reputable company should be taking anyway and should be defined in their normal security policies and procedures.

In September 2007, Ameritrade said that the names, addresses, phone numbers, and trading information of potentially all of its more than 6 million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later used to spam those customers.

As part of an effort to settle claims arising from that incident, Ameritrade this May said it would retain an independent security expert to conduct penetration tests of its networks to look for vulnerabilities.

The company also offered to retain the services of an analytics firm to find out whether any of the data that had been compromised in the breach had been used for identity theft purposes. The company also said it would give affected customers a one-year subscription for antivirus and anti-spam software.

- more info


SOA Best Practicdes

SOA Design Patterns & Best Practices

Some of the most important tools in the evaluation, purchase, and ongoing use of Service-Oriented Architecture (SOA) are the best practices that vendors, consultants, and customers have compiled. What factors vary most are the time, cost, and ease of SOA implementation. This template gives you the tools for SOA success by fcousing on the processes and providing a definition of the standard best practices for large-scale technology implementations.

- more info


IT security - Often a Myth

IT Security polices for notebooks and desktops are typically managed by restricting the choices that users have by reducing the number options that are supported. This standards-based process ensures control by reducing flexibility. But try maintaining that system when users can buy a relatively cheap smartphone with as much power as a desktop had in the early 1990s.

Furthermore, attempts by IT organizations to prevent the use of handheld devices has largely failed because of the number of tools available to work around IT policies. For example, users who are restricted from using wireless e-mail often find ways to redirect e-mail to outside ISP services, where they synchronize e-mail to their personally owned devices. This raises the security threat for enterprises because it means that control of e-mail routing has been losts.

- more info


Microsoft gives Google Chrome an edge in the EU

Microsoft's new browser ballot screen, which is supposed to randomly scramble the positions of the top five browsers, instead gives Google's Chrome the best chance of landing in the preferred first spot, an IBM software architect said today.

"This was a rookie mistake," said a professor, who works for IBM and has a degree in astrophysics from Harvard University. "I was definitely surprised to see an error of this type in the ballot."

- more info


Windows 7 Crushes Vista In terms of adoption

Microsoft has already said that Windows 7 is the fastest selling operating system in history, but, judging by the adoption rate, the platform is simply leaving Vista in the dust. Janco found that Windows 7’s market share had skyrocketed to no less than 12.5% since the OS was released. In this regard, the market share of Windows 7 is dwarfing that of Vista, comparing the first seven months after release. - more info


IE Loses 6.21% Market Share in 12 Months

Janco has just released its Browser and Operating System Market Share White Paper. The major findings are that in the last 12 months Microsoft’s browser market share has continued to erode – Microsoft lost over 6% in the last 12 months; Firefox’s market share is unchanged for the last 12 months; Google Desktop and Chrome now have just under 6%; and Netscape is no more. On the operating systems side, Windows 7 is being accepted at a pace is parallel to the way Window XP was in the 90’s. The CEO of Janco Associates, Victor Janulaitis said, "The last six months have been a mixed bag for Microsoft. Their browser market share has fallen to level that they back in 1998 with no end in sight. At the same time Windows 7 now has 12% of the OS market in less than 7 months since its release."

The top five browser market share rankings are: 1 - Microsoft’s IE – 64.78%; 2 - Firefox – 17.38%; 3 – Google (Desktop & Chrome) – 5.78%; 4 – Mozilla – 1.73%; 5 – Safari– 1.39%. The CEO of Janco Associates, Inc and the ITPC, M. Victor Janulaitis said: "The positive glow on Google’s Chrome was dulled in with the identification of some defects in the way it handles XML pages. But the real story is the continued erosion of Microsoft’s" market.

 - more info


IT service management issues that CIOs face

The key service management business questions facing CIOs and senior IT managers today are:

  • What are the service management impacts with the ever-increasing technical complexity on margins and customer satisfaction?
  • Where are the areas where margin-improvement opportunities exist?
  • How can IT minimize the maintenance-contract price pressure to drive new service-revenue opportunities to the bottom line?
  • How does improved service management translate into a competitive advantage?
    What is the future as the IT function moves from fixing problems to driving product value?
  • What are the challenges of off shoring support and how should the enterprise address them?
- more info


IT Infrastructure a CIO Challenge

The CIO struggles to manage Infrastructure as they prepare for change

While the business faces changes that require more agility, IT is seen as lagging behind - even when CIOs carefully manage business and IT alignment:

  • IT objectives still include only cost reduction and quality. IT objectives rarely reflect enterprise agility objectives. CEOs want greater agility but do not talk about it as a measurable objective. Instead, many firms still measure IT on its contribution to cost reductions inside and beyond the walls of IT, along with its reliability and its availability to run today's business.
  • Business agility improvement projects do not easily gain funding. There are a number of current trends that, in theory, should improve agility - such as service-oriented architecture (SOA), on-demand services, pervasive technologies, outsourcing, Dynamic Business Applications, agile development, and offshoring. However, IT still needs to plan for and rightsize these options to reach the agility required while balancing the costs and risks. In addition, these technologies require cross-department investment in enterprises where each business unit manages budgets separately.
- more info