Amazon has argued that since it does not have a physical presence in the state that it should not be required to collect taxes on shipments going to New York. Amazon has no physical presence in New York, according to the suit. It does not own, lease, or otherwise occupy any physical property in the state, and none of its employees works or resides in the state.

In addition Amazon says the New York law is unconstitutional based on a 1992 U.S. Supreme Court ruling that claims states are prohibited from requiring out of state retailers to collect sales tax unless the company has a physical presence in the state.

In the Quill v. North Dakota case, the Supreme Court re-established the rule that a state could not impose sales tax collection on a business unless the company had employees or property in the state.

New York defends the law by arguing that the Amazon Associates program, which allows Web site publishers to receive commissions by promoting Amazon items through their sites make Amazon liable to collect taxes on its behalf for those affiliates who live in New York.

One piece of bright news for Amazon and other online retailers is that the state of New York is not seeking back taxes. A spokesman for the state said the legislation provides for a limited amnesty for online sellers who register as sales tax vendors and start collecting taxes by June 1, 2008.

If the seller registers and starts collecting sales tax by June 1, the seller will not be liable for tax not collected for sales tax quarters prior to June 1. Conversely, if you don't register and it is later determined that you should have, you could be subject to tax dept audit for quarters prior to June 1.

Brick and mortar companies are generally supportive of the Amazon Tax, saying it levels the playing field by forcing online retailers to collect state sales tax. The down side is that it could potentially mean fewer sales for online retailers.

If the New York law is upheld, you can be sure a whole host of other states will follow its example and implement similar laws. The New York law is projected to generate $50 million in revenue this year and $73 million next year.

The for purchase product enables organizations to control how employees use the Internet, and provides easy-to-use tools to create, enforce, and monitor the right web policy for your organization.

Web virus and spyware protection

• Proactive blocking of web malware before it reaches your network
• Protection from zero-hour threats
• Eliminate spyware back-channel communications
• Reduce patching and updates

Web filtering and content control

• Protects your network and your staff from undesirable web content, file types and MIME types
• Quota support by surfing time, bytes transferred and number of connections
• Optimizes network resources by reducing bandwidth congestion
• Monitors online activity with comprehensive reporting

Protection for roaming and remote users

• Extends to all roaming employees wherever they are working – at home, in a hotel room, café, client premises, or Wi-Fi spot
• Applies acceptable use policies to all roaming employees
• Enhances privacy by automatically encrypting all web traffic when the user connects to a public network
• Eliminates the need to backhaul traffic over the corporate VPN
• Simplifies management with no endpoint client and updating

In order to be a successful Chief Information officer (CIO) an individual must have excellent management skills have proven processes in place in order to lead the IT function and the enterprise effectively.  

The CIO needs:

• Open communication channel to all levels of the enterprise from CEO to shipping clerk
• Information that gives the CIO the real, unadulterated truth about how the Information Technology group is performing.
• Strategic information which is focused on managing the business performance of their function.
• Information from various sources that are outside of the CIOs area of control
• Time to digest all of the information and data

The worldwide shift from stationary desktop computers to highly-portable laptop and tablet PC computers offers enterprises increased productivity, flexible work schedules and greater work/life balance. Driven by the need for increased productivity and the ability to present up-to-date information at a moments notice, secure mobile computing can be an enterprises greatest strength. However, research indicates that lost or stolen laptop computers cause nearly 50% of public data breaches. With recently expanded state data breach legislation, even a single lost or stolen computer can expose enterprises to the negative publicity and increased costs associated with public data breaches.

 
DRP Security Bundle

Today, accepting the loss or theft of one laptop or tablet PC or Smartphone (PDA) is simply not an option. A missing device can result in compliance and data protection issues that may be very costly to an organization’s reputation and bottom line. Organizations need to be able to accurately track their computers, know who is using them, what is installed on them, and be able to prove the actions taken to secure computers remain deployed and intact until the computer can be located.

The topics covered in this issue are:

• Real ID Implementation status
• SOX Compliance Requirements
• Security Audit Program

The Newsletter also provides direct links to topics on:

• Disaster Recovery and Business Continuity
• Job Descriptions
• 2008 Salary Survey

• Network and perimeter security (including firewalls)
• Endpoint security and threat mitigation (including anti-virus and patch management)
• Data security
• Identity and access management
• Wireless security 

The Security Manual address each of these issues and provides solutions which can be implemented immediately.

Users must install and maintain antivirus software. Security policies must define what applications and configurations are acceptable where, and IT and business processes must ensure that security policies are monitored, and exceptions are corrected.

Gaining transparency into risk and security status with rapid, flexible security assessments can quickly improve risk management. Assessments should deliver risk-relevant views of IT infrastructure to track progress towards policy compliance targets and the Security Audit program does that in compliance with all mandated requirements.

• Conduct weekly searches to monitor your company name and company reputation
• Review content of company and employee blogs for accuracy and compliance to company policies
• Validate that all public information has a real identity – this includes blogs and press releases
• Apologize and admit your errors
• Redirect blogs to positive product, employee and company information when anything negative is posted
• Minimize negative comments and never say anything negative about your competition or its products.

Once those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and this attack happens once every month). In this example, US$35,000 x 12 = US$420,000 per machine.

To protect your financial viability, you need to be able to perform data restoration and bare metal system recoveries more efficiently and faster than ever.   

As guidance and a framework for SOX compliance, the US Securities and Exchange Commission (SEC) has mandated that affected organizations use a recognized internal control framework. The SEC makes specific reference to the recommendations of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). While there are many sections within the Sarbanes-Oxley Act, the focus here is on section 404, which addresses internal control over financial reporting. This section requires the management of public companies to assess the effectiveness of the organization’s internal control over financial reporting and annually report the result of that assessment.

We are seeing a change in the threat landscape, from ones that were noisy and targeting the perimeter of the network, to becoming much more silent, difficult to detect and highly targeted. These attacks are mostly targeting Web browsers and the client applications on the computer itself. And while a small business network may not be as complicated as an enterprise network, they still have desktop and mobile clients.

Because small businesses have fewer IT resources at their disposal, they need solutions that provide comparable protection, at affordable costs and requiring minimal administration.

The threats are:

• Spyware
• Attacks inside the firewall  -  USB devices
• WiFi and other rogue access points
• Worms and viruses
• Information theft via authorized paths
• Phishing
• Key stroke logging
• Instant Messaging
• Blended attacks

Maine is the only jurisdiction that has not yet met the security requirements needed to obtain an extension. Implementation of the bar on accepting Maine licenses will require substantial planning and effort, which will begin immediately in the absence of an agreement. Maine will have until close of business tomorrow to agree to certain security changes in order for Maine IDs to be acceptable for purposes of boarding commercial aircraft and accessing certain federal facilities after May 11, 2008.

DHS recognized earlier this year that states could not meet the full requirements of the REAL ID Act by May 11, as set by Congress. The department made extensions available for states that needed additional time to come into compliance, or to complete ongoing security measures. Initial extension requests were due by March 31. These extensions are valid until Dec. 31, 2009, when states must upgrade the security of their systems, to include a check for lawful status of all applicants, for their licenses and ID cards to be acceptable for official purposes.

The need for secure documentation was a core 9/11 Commission finding. REAL ID addresses their finding by setting specific requirements that states must adopt for compliance in four key areas: (1) information and security features that must be incorporated into each card; (2) proof of the identity and U.S. citizenship or legal status of an applicant; (3) verification of the source documents provided by an applicant; and (4) security standards for the offices that issue licenses and ID cards.

REAL ID enrollment will be completed for all individuals 50 years of age and under by Dec. 1, 2014. For all others, enrollment may be extended three additional years to Dec. 1, 2017. At that time, all state-issued driver’s licenses and identification cards intended for official purposes must be REAL ID-compliant.

• Data Mobility / Disaster Recovery
• Improve recovery time
• Reduce backup window
• Reduce data protection costs
• Scale backup capacity
• Strategy for VM backup
• Implementing storage security

Compliance and regulatory pressures

•  Many companies need to establish appropriate information management workflow processes to ensure compliance with regulations.
• Many want an easier way to find, retrieve, and compile information for audits and to monitor the company’s level of compliance with regard to specific regulations.

Removing obstacles to new business initiatives

• Companies want to be able to leverage structured and unstructured data to derive more value from it.
• Many new business initiatives must provide aggregated information on-demand to employees in branch offices, call center staffers, and customers checking their accounts using the telephone or the Web.
• Organizations need aggregated information that spans the silo's in order to more effectively cross-sell offerings and target customers selectively.

A summary of the Janco browser market share data can be found on the Janco web site (http://www.e-janco.com/browser.php) and the IT Productivity Center web site (http://www.itproductivity.org/browser.php).  In addition the full white paper with excel spread sheets can be purchased at both sites for $249.

The future of e-commerce depends on the ability to instill consumer trust and confidence in the Web. Recent developments in authentication technology have lead to a new kind of SSL Certificate that can increase visitor confidence in legitimate sites and greatly reduce the effectiveness of phishing attacks.

Web sites with Extended Validation SSL have seen how this new technology enables the address bar in high security browsers to turn green, thus allowing consumers to feel secure that they are on a legitimate Web site

• Drive-by malware downloads
• RSS and Atom feed exploits
• Cross-site scripting (XSS)
• Cross-site request forgeries (CSRF)

Employees with mobile devices are actually facing at least eight security risks:

• Loss of general company data and files from these increasingly memory-laden devices.
• Key sales contacts could go to a competitor—or be lost altogether.
• Physical loss of the device.
• The employees time to recover from the loss—which can be a few hours or a few days—is usually worth far more than the replacement costs of the device and software.
• The time the network administration team needs to replace the device and handle the loss.
• Introduction of viruses and malware into the company's installed computer base, usually when synchronising PC and handset in the office and on a home PC.
• Phone fraud of various types—e.g., employees making unauthorized long-distance personal calls; this is less of a problem now because many companies accept that personal calling is going to happen, and corporate rate plans for bulk long-distance can cut the cost significantly. The co-operation of the mobile operator is required to control this.
• The use of such devices as means of stealing company information. The "inside job" on data theft can be pulled off using a wide variety of mobile devices, from PDAs to lowly MP3 players.

Individual users can be left to handle minor issues for themselves, and pseudo power users often get themselves into trouble and require IT staff assistance to resolve problems they have created through their self-help efforts. It is no longer a viable answer for small and medium sized businesses to treat desktop management casually.

•  Many companies need to establish appropriate information management workflow processes to ensure compliance with regulations.
• Many want an easier way to find, retrieve, and compile information for audits and to monitor the company’s level of compliance with regard to specific regulations.
  
  Removing obstacles to new business initiatives
• Companies want to be able to leverage structured and unstructured data to derive more value from it.
• Many new business initiatives must provide aggregated information on-demand to employees in branch offices, call center staffers, and customers checking their accounts using the telephone or the Web.
• Organizations need aggregated information that spans the silo's in order to more effectively cross-sell offerings and target customers selectively.