Janco Mobile Home
May 9th, 2008
Amazon.com is suing the New York State Department
of Taxation and Finance (DTF) over a new state law that requires Internet
retailers to collect sales tax on purchases shipped to state residents.
Amazon has argued that since it does not have a
physical presence in the state that it should not be required to collect taxes
on shipments going to New York. Amazon has no physical presence in New York,
according to the suit. It does not own, lease, or otherwise occupy any physical
property in the state, and none of its employees works or resides in the state.
In addition Amazon says the New York law is
unconstitutional based on a 1992 U.S. Supreme Court ruling that claims states
are prohibited from requiring out of state retailers to collect sales tax unless
the company has a physical presence in the state. In the Quill v. North Dakota case, the Supreme
Court re-established the rule that a state could not impose sales tax collection
on a business unless the company had employees or property in the state.
New York defends the law by arguing that the Amazon
Associates program, which allows Web site publishers to receive commissions by
promoting Amazon items through their sites make Amazon liable to collect taxes
on its behalf for those affiliates who live in New York. One piece of bright news for Amazon and other
online retailers is that the state of New York is not seeking back taxes. A
spokesman for the state said the legislation provides for a limited amnesty for
online sellers who register as sales tax vendors and start collecting taxes by
June 1, 2008. If the seller registers and starts collecting sales
tax by June 1, the seller will not be liable for tax not collected for sales tax
quarters prior to June 1. Conversely, if you don't register and it is later
determined that you should have, you could be subject to tax dept audit for
quarters prior to June 1. Brick and mortar companies are generally supportive
of the Amazon Tax, saying it levels the playing field by forcing online
retailers to collect state sales tax. The down side is that it could potentially
mean fewer sales for online retailers. If the New York law is upheld, you can be sure a
whole host of other states will follow its example and implement similar laws.
The New York law is projected to generate $50 million in revenue this year and
$73 million next year.
May 8th, 2008
Google announced the release of Web Security for
Enterprise that protects organizations of all sizes against web malware attacks
in real time and enables the safe, productive use of the web, without incurring
hardware, up-front capital, or IT management costs. The for purchase product enables organizations to
control how employees use the Internet, and provides easy-to-use tools to
create, enforce, and monitor the right web policy for your organization.
Web virus and spyware
protection
Web filtering and
content control
Protection for roaming
and remote users
May 4th, 2008
In
order to be a successful Chief Information officer (CIO) an individual must have
excellent management skills have proven processes in place in order to lead the
IT function and the enterprise effectively.
The CIO needs:
May 2nd, 2008
The worldwide shift from stationary desktop computers to highly-portable
laptop and tablet PC computers offers enterprises increased productivity,
flexible work schedules and greater work/life balance. Driven by the need for
increased productivity and the ability to present up-to-date information at a
moments notice, secure mobile computing can be an enterprises greatest strength.
However, research indicates that lost or stolen laptop computers cause nearly
50% of public data breaches. With recently expanded state data breach
legislation, even a single lost or stolen computer can expose enterprises to the
negative publicity and increased costs associated with public data
breaches. Today, accepting the loss or theft of one laptop or tablet PC or
Smartphone (PDA) is simply not an option. A missing device can result in
compliance and data protection issues that may be very costly to an
organizations reputation and bottom line. Organizations need to be able to
accurately track their computers, know who is using them, what is installed on
them, and be able to prove the actions taken to secure computers remain deployed
and intact until the computer can be located.
What is the relationship between the issues of compliance,
data protection, business continuity, and theft recovery? Enterprises must take
this into account when defining security policies. It is no longer enough to
attempt to address compliance issues without addressing data protection and
business continuity. Protection of data on mobile and remote computers requires
an understanding of the issues surrounding data loss be it computer theft,
hardware failure or some disastrous event. Having a broader understanding of how
these areas inter-relate allows organizations to build a more robust security
policy that can better address the issues of regulatory compliance, data
protection, business continuity and theft recovery.
May 1st, 2008
The CIO and IT Manager Newsletter has just been
released and the electronic version of the newsletter can be viewed at
http://www.e-janco.com/CIO_IT_Manger_Newsletter_0805.htm. The topics covered in this issue are: The Newsletter also provides direct links to topics
on:
April 25th, 2008
The Security Manual address each of these issues and provides solutions
which can be implemented immediately.
In the current business environment, the security stakes are high.
IT security is not just an IT problem, technical security risks can create
business liabilities.
The market is filled with products that promise to
reduce this risk and enhance IT security. These include:
Users must install and maintain antivirus software. Security policies
must define what applications and configurations are acceptable where, and IT
and business processes must ensure that security policies are monitored, and
exceptions are corrected.
Gaining transparency into risk and security
status with rapid, flexible security assessments can quickly improve risk
management. Assessments should deliver risk-relevant views of IT infrastructure
to track progress towards policy compliance targets and the Security Audit
program does that in compliance with all mandated
requirements.
April 22nd, 2008
Steps that your company (enterprise) should follow to see what the
Internet says about the enterprise and key employees include:
April 21st, 2008
(Symantec)
To calculate the annual loss expectancy (ALE) of an asset, you use the
quantitative risk analysis method. This calculation is determined by first
figuring the annual ra te of occurrence (ARO) and the single loss expectancy
(SLE). Once
those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the
ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and
this attack happens once every month). In this example, US$35,000 x 12 =
US$420,000 per machine. To
protect your financial viability, you need to be able to perform data
restoration and bare metal system recoveries more efficiently and faster than
ever.
April 19th, 2008
It
can be a struggle for a company to adhere to new compliance regulations and
responsibilities. The concerns about where do we start? and can we
leverage existing processes to meet these new requirements? are obvious
questions with not-so-obvious answers. What are the vulnerabilities and how can
we manage compliance with SOX section
404.
As guidance and a framework for SOX compliance, the US
Securities and Exchange Commission (SEC) has mandated that affected
organizations use a recognized internal control framework. The SEC makes
specific reference to the recommendations of the Committee of the Sponsoring
Organizations of the Treadway Commission (COSO). While there are many sections
within the Sarbanes-Oxley Act, the focus here is on section 404, which addresses
internal control over financial reporting. This section requires the management
of public companies to assess the effectiveness of the organizations internal
control over financial reporting and annually report the result of that
assessment.
Meeting the COSO objective means compliance with SOX section 404.
The Sarbanes-Oxley Act has fundamentally changed the business and regulatory environment. The Act aims to enhance corporate governance through measures that will strengthen internal checks and balances and, ultimately, strengthen corporate accountability. However, it is important to emphasize that section 404 does not require senior management and business process owners merely to establish and maintain an adequate internal control structure, but also to assess its effectiveness on an annual basis. This distinction is significant.
April 18th, 2008
We are
seeing a change in the threat landscape, from ones that were noisy and targeting
the perimeter of the network, to becoming much more silent, difficult to detect
and highly targeted. These attacks are mostly targeting Web browsers and the
client applications on the computer itself. And while a small business network
may not be as complicated as an enterprise network, they still have desktop and
mobile clients. Because
small businesses have fewer IT resources at their disposal, they need solutions
that provide comparable protection, at affordable costs and requiring minimal
administration. The
threats are:
From spyware and
phishing to intrusion attempts, the threats attacking todays computer networks
are more dangerous than ever. Many threats are targeting specific industries
with convincing-looking e-mail and phone calls. The hackers hope to direct
employees to counterfeit Web sites, in order to harvest passwords and private
financial information or steal computer and network resources. The revenue from
cybercrime in the United States now exceeds that of illegal drug
activity.
April 14th, 2008
Maine is the only jurisdiction that has not yet met
the security requirements needed to obtain an extension. Implementation of the
bar on accepting Maine licenses will require substantial planning and effort,
which will begin immediately in the absence of an agreement. Maine will have
until close of business tomorrow to agree to certain security changes in order
for Maine IDs to be acceptable for purposes of boarding commercial aircraft and
accessing certain federal facilities after May 11, 2008. DHS recognized earlier this year that states could
not meet the full requirements of the REAL ID Act by May 11, as set by Congress.
The department made extensions available for states that needed additional time
to come into compliance, or to complete ongoing security measures. Initial
extension requests were due by March 31. These extensions are valid until Dec.
31, 2009, when states must upgrade the security of their systems, to include a
check for lawful status of all applicants, for their licenses and ID cards to be
acceptable for official purposes. REAL ID enrollment will be completed for all
individuals 50 years of age and under by Dec. 1, 2014. For all others,
enrollment may be extended three additional years to Dec. 1, 2017. At that time,
all state-issued drivers licenses and identification cards intended for
official purposes must be REAL ID-compliant.
(DHS) - The U.S.
Department of Homeland Security (DHS) has granted extensions to 49 of 50 states,
the District of Columbia and all five U.S. territories, putting more than 99
percent of U.S. drivers licenses and ID cards on the path to secure
identification. Congress mandated in the REAL ID Act of 2005 that state-issued
identification must be REAL ID compliant to be acceptable for official
purposes.
The
need for secure documentation was a core 9/11 Commission finding. REAL ID
addresses their finding by setting specific requirements that states must adopt
for compliance in four key areas: (1) information and security features that
must be incorporated into each card; (2) proof of the identity and U.S.
citizenship or legal status of an applicant; (3) verification of the source
documents provided by an applicant; and (4) security standards for the offices
that issue licenses and ID cards.
April 13th, 2008
Data protection is a critical issue for all
companies. Based on current survey data the top priorities are:
April 13th, 2008
Companies are under constant pressure to
improve the customer experience, reduce customer churn, optimize internal
resources, and grow revenues. Unfortunately, efforts such as personalization of
services and new business development, which can help in all of these areas, are
often stymied by current information management practices. Compliance and regulatory
pressures
What is needed is better information management that cuts
across data silos and encompasses structured and unstructured data.
Removing obstacles to new business
initiatives
April 3rd, 2008
Janco and the IT Productivity Center have
just released its Browser and Operating System Market Share White Paper.
The major findings are that in the last 12 months Microsoft browser market share
has continued to erode; Firefox has maintained its number 2 browser
position and now is used by almost 20% of all users; Google Desktop is gaining
market share; and Netscape is now in a death spiral as users abandon it.
New in this white paper are recommendations on which browsers to use and not
use. A summary of the Janco browser market share
data can be found on the Janco web site (http://www.e-janco.com/browser.php) and the IT Productivity Center web site
(http://www.itproductivity.org/browser.php). In addition the full white paper
with excel spread sheets can be purchased at both sites for
$249.
March 28th, 2008
The Internet has fundamentally changed the way
people connect, communicate, and conduct commerce. But as the Internet becomes
more central to consumers' lives, online fraud continues to evolve -- and
consumer concerns about identity theft are pervasive and powerful.
The future of e-commerce depends on the ability to
instill consumer trust and confidence in the Web. Recent developments in
authentication technology have lead to a new kind of SSL Certificate that can
increase visitor confidence in legitimate sites and greatly reduce the
effectiveness of phishing attacks.
Web sites with Extended Validation
SSL have seen how this new technology enables the address bar in high security
browsers to turn green, thus allowing consumers to feel secure that they are on
a legitimate Web site
March 28th, 2008
Consider that the majority of your data, between 80
to 90 percent, resides on file servers. Now think about how you are controlling
access to those shares. Most organizations find themselves with overly
permissive access
controls. Employees join and
leave the organization frequently, and roles, responsibilities and project teams
change quickly as well. All this leads to more access permission granted than
revoked, since it is nearly impossible to manually keep up with the changes. The
result is that most folders on file shares are oversubscribed in terms of access
by well over 70%. By fixing broken access control to your file servers, you can
significantly reduce the probability of data misuse in your environment.
Any program to reduce the probability of data loss and misuse has to
start with rightful and warranted access controls. Ensuring that only the right
people can get to the right data at all times not only reduces the odds of
misuse, it also makes any subsequent safeguards and loss prevention techniques
more cost effective and pragmatic to deploy. Consider a folder containing
confidential data. If it is open to everyone or to a large number of individuals
then (1) anyone can access and misuse the data, and (2) access by everyone must
be monitored and audited which is not a realistic undertaking. Alternatively,
limiting access to those who actually need the data, and reporting on their
access patterns, is realistic and a practical way to ensure that data access
permissions are not abused.
March 25th, 2008
Everybody is talking about bringing wikis,
blogs, content tagging, and social networking into the enterprise and
capitalizing on Web 2.0s collaboration and team-building
potential. But
Web 2.0 can also bring an unprecedented and unintended level of access to
corporate networks and assets, inviting exploitation, theft, and misuse. Often,
companies are quick to follow the trend without factoring security into the
equation.
Why is Web 2.0 so dangerous? Because it gives older
exploitsalready blocked at the network layera second chance at attacking via
the application layer. And the collaborative nature of Web 2.0 opens the door to
malicious behaviors like:
March 20th, 2008
Employees with mobile devices are
actually facing at least eight security risks:
What seems to be a simple approval for a low-cost item may turn
into a series of big headaches when cell phones and USB storage devices are
lost. According to a study by Nokia at least 10% of them will be lost in an
average year. It is notable that most large cities in the U.S.and Europe now
have 10,000 to 15,000 mobile phones left in taxis every month.
Phone fraud of
various typese.g., employees making unauthorized long-distance personal
calls; this is less of a problem now because many companies accept that
personal calling is going to happen, and corporate rate plans for bulk
long-distance can cut the cost significantly. The co-operation of the mobile
operator is required to control this.
March 18th, 2008
Individual users can be left to handle minor issues
for themselves, and pseudo power users often get themselves into trouble and
require IT staff assistance to resolve problems they have created through their
self-help efforts. It is no longer a viable answer for small and medium sized
businesses to treat desktop management casually.
Most small and medium businesses do not have the IT staff and
tools to treat desktop management issues with the attention they deserve. IT
shops in small and medium sized companies are generally over-taxed and doing the
best they can to keep the IT infrastructure running smoothly. Budgets are much
smaller than those of their large enterprise counterparts, staffing is limited,
and toolsets are few and far between. Too often manual processes and just enough
to get by scripting is the answer to desktop management in the small and medium
sized company.
March 17th, 2008
All
IT functions are under constant pressure to improve the customer
experience, reduce customer churn, optimize internal resources, and grow
revenues. Unfortunately, efforts such as personalization of services and new
business development, which can help in all of these areaa, are often stymied by
current information management practices.
What
is needed is better information management that cuts across data silos and
encompasses structured and unstructured data.
To help navigate through
todays information management challenges, Janco has created series of
templates to maximizing ROI through better information management.
Issues that all enterprises face are:
Compliance and
regulatory pressures
Many
companies need to establish appropriate information management workflow
processes to ensure compliance with regulations.
Removing obstacles
to new business initiatives