The for purchase product enables organizations to control how employees use the Internet, and provides easy-to-use tools to create, enforce, and monitor the right web policy for your organization.

Web virus and spyware protection

• Proactive blocking of web malware before it reaches your network
• Protection from zero-hour threats
• Eliminate spyware back-channel communications
• Reduce patching and updates

Web filtering and content control

• Protects your network and your staff from undesirable web content, file types and MIME types
• Quota support by surfing time, bytes transferred and number of connections
• Optimizes network resources by reducing bandwidth congestion
• Monitors online activity with comprehensive reporting

Protection for roaming and remote users

• Extends to all roaming employees wherever they are working – at home, in a hotel room, café, client premises, or Wi-Fi spot
• Applies acceptable use policies to all roaming employees
• Enhances privacy by automatically encrypting all web traffic when the user connects to a public network
• Eliminates the need to backhaul traffic over the corporate VPN
• Simplifies management with no endpoint client and updating

In order to be a successful Chief Information officer (CIO) an individual must have excellent management skills have proven processes in place in order to lead the IT function and the enterprise effectively.  

The CIO needs:

• Open communication channel to all levels of the enterprise from CEO to shipping clerk
• Information that gives the CIO the real, unadulterated truth about how the Information Technology group is performing.
• Strategic information which is focused on managing the business performance of their function.
• Information from various sources that are outside of the CIOs area of control
• Time to digest all of the information and data

The worldwide shift from stationary desktop computers to highly-portable laptop and tablet PC computers offers enterprises increased productivity, flexible work schedules and greater work/life balance. Driven by the need for increased productivity and the ability to present up-to-date information at a moments notice, secure mobile computing can be an enterprises greatest strength. However, research indicates that lost or stolen laptop computers cause nearly 50% of public data breaches. With recently expanded state data breach legislation, even a single lost or stolen computer can expose enterprises to the negative publicity and increased costs associated with public data breaches.

 
DRP Security Bundle

Today, accepting the loss or theft of one laptop or tablet PC or Smartphone (PDA) is simply not an option. A missing device can result in compliance and data protection issues that may be very costly to an organizationÂ’s reputation and bottom line. Organizations need to be able to accurately track their computers, know who is using them, what is installed on them, and be able to prove the actions taken to secure computers remain deployed and intact until the computer can be located.

The topics covered in this issue are:

• Real ID Implementation status
• SOX Compliance Requirements
• Security Audit Program

The Newsletter also provides direct links to topics on:

• Disaster Recovery and Business Continuity
• Job Descriptions
• 2008 Salary Survey

• Network and perimeter security (including firewalls)
• Endpoint security and threat mitigation (including anti-virus and patch management)
• Data security
• Identity and access management
• Wireless security 

The Security Manual address each of these issues and provides solutions which can be implemented immediately.

Users must install and maintain antivirus software. Security policies must define what applications and configurations are acceptable where, and IT and business processes must ensure that security policies are monitored, and exceptions are corrected.

Gaining transparency into risk and security status with rapid, flexible security assessments can quickly improve risk management. Assessments should deliver risk-relevant views of IT infrastructure to track progress towards policy compliance targets and the Security Audit program does that in compliance with all mandated requirements.

• Conduct weekly searches to monitor your company name and company reputation
• Review content of company and employee blogs for accuracy and compliance to company policies
• Validate that all public information has a real identity – this includes blogs and press releases
• Apologize and admit your errors
• Redirect blogs to positive product, employee and company information when anything negative is posted
• Minimize negative comments and never say anything negative about your competition or its products.

Once those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and this attack happens once every month). In this example, US$35,000 x 12 = US$420,000 per machine.

To protect your financial viability, you need to be able to perform data restoration and bare metal system recoveries more efficiently and faster than ever.   

As guidance and a framework for SOX compliance, the US Securities and Exchange Commission (SEC) has mandated that affected organizations use a recognized internal control framework. The SEC makes specific reference to the recommendations of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). While there are many sections within the Sarbanes-Oxley Act, the focus here is on section 404, which addresses internal control over financial reporting. This section requires the management of public companies to assess the effectiveness of the organizationÂ’s internal control over financial reporting and annually report the result of that assessment.

We are seeing a change in the threat landscape, from ones that were noisy and targeting the perimeter of the network, to becoming much more silent, difficult to detect and highly targeted. These attacks are mostly targeting Web browsers and the client applications on the computer itself. And while a small business network may not be as complicated as an enterprise network, they still have desktop and mobile clients.

Because small businesses have fewer IT resources at their disposal, they need solutions that provide comparable protection, at affordable costs and requiring minimal administration.

The threats are:

• Spyware
• Attacks inside the firewall  -  USB devices
• WiFi and other rogue access points
• Worms and viruses
• Information theft via authorized paths
• Phishing
• Key stroke logging
• Instant Messaging
• Blended attacks

Maine is the only jurisdiction that has not yet met the security requirements needed to obtain an extension. Implementation of the bar on accepting Maine licenses will require substantial planning and effort, which will begin immediately in the absence of an agreement. Maine will have until close of business tomorrow to agree to certain security changes in order for Maine IDs to be acceptable for purposes of boarding commercial aircraft and accessing certain federal facilities after May 11, 2008.

DHS recognized earlier this year that states could not meet the full requirements of the REAL ID Act by May 11, as set by Congress. The department made extensions available for states that needed additional time to come into compliance, or to complete ongoing security measures. Initial extension requests were due by March 31. These extensions are valid until Dec. 31, 2009, when states must upgrade the security of their systems, to include a check for lawful status of all applicants, for their licenses and ID cards to be acceptable for official purposes.

The need for secure documentation was a core 9/11 Commission finding. REAL ID addresses their finding by setting specific requirements that states must adopt for compliance in four key areas: (1) information and security features that must be incorporated into each card; (2) proof of the identity and U.S. citizenship or legal status of an applicant; (3) verification of the source documents provided by an applicant; and (4) security standards for the offices that issue licenses and ID cards.

REAL ID enrollment will be completed for all individuals 50 years of age and under by Dec. 1, 2014. For all others, enrollment may be extended three additional years to Dec. 1, 2017. At that time, all state-issued driverÂ’s licenses and identification cards intended for official purposes must be REAL ID-compliant.

• Data Mobility / Disaster Recovery
• Improve recovery time
• Reduce backup window
• Reduce data protection costs
• Scale backup capacity
• Strategy for VM backup
• Implementing storage security

Compliance and regulatory pressures

•  Many companies need to establish appropriate information management workflow processes to ensure compliance with regulations.
• Many want an easier way to find, retrieve, and compile information for audits and to monitor the companyÂ’s level of compliance with regard to specific regulations.

Removing obstacles to new business initiatives

• Companies want to be able to leverage structured and unstructured data to derive more value from it.
• Many new business initiatives must provide aggregated information on-demand to employees in branch offices, call center staffers, and customers checking their accounts using the telephone or the Web.
• Organizations need aggregated information that spans the silo's in order to more effectively cross-sell offerings and target customers selectively.

A summary of the Janco browser market share data can be found on the Janco web site (http://www.e-janco.com/browser.php) and the IT Productivity Center web site (http://www.itproductivity.org/browser.php).  In addition the full white paper with excel spread sheets can be purchased at both sites for $249.

The future of e-commerce depends on the ability to instill consumer trust and confidence in the Web. Recent developments in authentication technology have lead to a new kind of SSL Certificate that can increase visitor confidence in legitimate sites and greatly reduce the effectiveness of phishing attacks.

Web sites with Extended Validation SSL have seen how this new technology enables the address bar in high security browsers to turn green, thus allowing consumers to feel secure that they are on a legitimate Web site

• Drive-by malware downloads
• RSS and Atom feed exploits
• Cross-site scripting (XSS)
• Cross-site request forgeries (CSRF)

Employees with mobile devices are actually facing at least eight security risks:

• Loss of general company data and files from these increasingly memory-laden devices.
• Key sales contacts could go to a competitor—or be lost altogether.
• Physical loss of the device.
• The employees time to recover from the loss—which can be a few hours or a few days—is usually worth far more than the replacement costs of the device and software.
• The time the network administration team needs to replace the device and handle the loss.
• Introduction of viruses and malware into the company's installed computer base, usually when synchronising PC and handset in the office and on a home PC.
• Phone fraud of various types—e.g., employees making unauthorized long-distance personal calls; this is less of a problem now because many companies accept that personal calling is going to happen, and corporate rate plans for bulk long-distance can cut the cost significantly. The co-operation of the mobile operator is required to control this.
• The use of such devices as means of stealing company information. The "inside job" on data theft can be pulled off using a wide variety of mobile devices, from PDAs to lowly MP3 players.

Individual users can be left to handle minor issues for themselves, and pseudo power users often get themselves into trouble and require IT staff assistance to resolve problems they have created through their self-help efforts. It is no longer a viable answer for small and medium sized businesses to treat desktop management casually.

•  Many companies need to establish appropriate information management workflow processes to ensure compliance with regulations.
• Many want an easier way to find, retrieve, and compile information for audits and to monitor the companyÂ’s level of compliance with regard to specific regulations.
  
  Removing obstacles to new business initiatives
• Companies want to be able to leverage structured and unstructured data to derive more value from it.
• Many new business initiatives must provide aggregated information on-demand to employees in branch offices, call center staffers, and customers checking their accounts using the telephone or the Web.
• Organizations need aggregated information that spans the silo's in order to more effectively cross-sell offerings and target customers selectively.
  
  

Thinking about IE8s behavior with these principles in mind, interpreting Web content in the most standards-compliant way possible is a better thing to do, an unnamed Microsoft employee wrote on Microsoft's IEBlog.

The move, on the eve of Microsofts MIX developer conference in Las Vegas that runs tomorrow through Friday, won plaudits from those who have long complained that Microsoft has used its market dominance to avoid making IE compatible with other Web browsers in an attempt to force time-pressed developers to choose to support only the most popular Web browser - IE.

Microsoft is working on turning USB-based flash drives into a Windows companions a new product known as StartKey that will allow users to carry their Windows and Windows Live settings with them.

According to Microsoft; tomorrows mobile computing environment might see a proliferation of public-use (kiosk) machines where users can simply and easily call up their desktop environments. This vision offers an alternative to portable computing that does not require users to carry bulky, fragile, and theft-prone laptops. Microsoft proposes that kiosk machines would be capable of hosting usersÂ’ desktops as virtual machines and propose a virtual disk design. The virtual disk design would allow for an efficient access to per-user state held in the network. StartKey would use flash-based disks to capture virtual machine memory state and to act as a cache for the virtual disk. StartKey would also allow static portions of the virtual disk, e.g., binaries for Windows and Office, to be served from the kiosk disk.

StartKey is not just for USB sticks; it also will work on other flash-storage devices, like SD memory cards. Microsoft is looking to turn these intelligent storage devices portable computing companions for users in both developed and emerging markets, with availability (at least in beta form) likely before the end of this year.

Microsofts goal is to build an end-to-end StartKey environment comprised of everything from system software on the flash devices, a software development kit to enable third-party developers to create products that can leverage StartKey, and accompany Microsoft applications and services.

• Education 18.3%
• Home / Personal Use 10.5%
• Government 2.9%
• Small businesses (less than 100 employees) 1.9%
• Midsize businesses (between 100 and 500 employees) 1.4%
• Large businesses (over 500 employees) 0.9%

The survey also determined that 24 percent of companies are considering plans to introduce IT governance practices, compared to 22 percent in 2005 and 18 percent in 2003. In addition, only 20 percent said their organisations were not considering implementing such practices, compared to 36 percent in 2005 and 42 percent in 2003.

By region, North America and Europe have the highest adoption of IT governance initiatives globally, with 50 percent of respondents from each of these two regions indicating that they have already implemented, or are in the process of implementing, such processes and practices. Forty-four percent of executives from Asia and 27 percent of South American respondents reported similar plans.

The bottom line is that many organizations around the world are needlessly sacrificing money, productivity, and competitive advantage by not implementing effective IT governance. Well-governed enterprises have been shown to provide better returns to stakeholders, and the same goes for governance over information technology.

The survey also found that the IT Infrastructure Library (ITIL), with the ISO 20000 standard, is used by 24 percent of organizations polled and is the preferred framework associated with IT governance. The ISO 20000 covers the IT service management aspects under Itil.

The ITGI-developed Control objectives for information and related technology framework, on the other hand, has doubled its user base. In addition, over 50 percent of respondents indicated they were aware of the framework, compared to 27 percent two years ago.

With regards to leading IT governance projects, the chief information officer was identified as the ideal champion by the majority of respondents (40 percent). Some 25 percent said the chief executive should be in charge, while the next-most-frequently cited roles for heading IT governance were the chief financial officer and IT manager.

Compared to the 2005 survey, more respondents were able to identify organizations which can help their companies implement IT governance. Large IT services providers or consultancy companies were the most frequently cited, followed by audit firms and smaller, niche IT players.

• 55% of CIOs say that security issues have increased due to wireless access.
• 58% of all enterprises offer no security training related to the use of SmartPhones and handheld PCs.
• 73% say that there a no metrics provided to senior management on training as related to SmartPhones and handheld PCs.

• Easier password management. An information bar at the top of the browser window now appears to allow you to save passwords after a successful login.
• Simplified add-on installation. You can now install extensions from third-party download sites in fewer clicks, thanks to the removal of the add-on download site whitelist.
• New Download Manager. The download manager makes it easier to locate your downloaded files.
• Resumable downloads. You can now resume downloads after restarting the browser or resetting your network connection.
• Full page zoom. From the View menu and using keyboard shortcuts, you can now zoom in and out on the content of entire pages -- this scales not just the text but the layout and images as well.
• Tab scrolling and quickmenu. Tabs are easier to locate with the new tab scrolling and tab quickmenu features.
• Save what you were doing. Firefox 3 prompts you to see if you'd like to save your current tabs when you exit Firefox.
• Optimized Open in Tabs behavior. Opening a folder of bookmarks in tabs now appends the new tabs instead of replacing the existing ones.
• Easier to resize location and search bars. You can now easily resize the location and search bars using a simple resize handle between them.
• Text selection improvements. You can now select multiple ranges of text using the Control (Command on Macintosh) key. Double-clicking and dragging now selects in "word-by-word" mode. Triple-clicking selects an entire paragraph.
• Find toolbar. The Find toolbar now opens with the current selection.
• Plugin management. Users can now disable individual plugins in the Add-on Manager.
• Integration with Windows Vista. Firefox's menus now display using Vista's native theme.
• Integration with Mac OS X. Firefox now uses the Mac OS X spell checker and supports Growl for notifications of completed downloads and available updates.
• Star button. The new star button in the location bar lets you quickly add a new bookmark with a single click. A second click lets you file and tag your new bookmark.
• Tags. You can now associate keywords with your bookmarks to easily sort them by topic.
• Location bar and auto-complete. Type the title or tag of a page in the location bar to quickly find the site you were looking for in your history and bookmarks. Favicons, bookmark, and tag indicators help you see where the results are coming from.
• Smart Bookmarks folder. Firefox's new Smart Bookmarks folder offers quick access to your recently bookmarked and tagged places, as well as pages you visit frequently.
• Bookmarks and History Organizer. The new unified bookmarks and history organizer lets you easily search your history and bookmarks with multiple views and smart folders for saving your frequent searches.
• Web-based protocol handlers. Web applications, such as your favorite web mail provider, can now be used instead of desktop applications for handling mailto: links from other sites. Similar support is provided for other protocols as well. (Note that web applications do have to register themselves with Firefox before this will work.)
• Easy to use Download Actions. A new Applications preferences pane provides an improved user interface for configuring handlers for various file types and protocol schemes.
• Improved look and feel. Graphics and font handling have been improved to make web sites look better on your screen, including sharper text rendering and better support for fonts with ligatures and complex scripts. In addition, Mac and Linux (Gnome) users will find that Firefox feels more like a native application for their platform than ever, with a new, native, look and feel.
• Color management support. By setting the gfx.color_management.enabled preference in [about:config], you can ask Firefox to use the color profiles embedded in images to adjust the colors to match your computer's display.
• Offline support. Web applications can take advantage of new features to support being used even when you don't have an Internet connection.

IE Market Share

Security and privacy

• One-click site information. Want to know more about the site you're visiting? Click the site's icon in the location bar to see who owns it. Identify information is prominently displayed and easier than ever to understand.
• Malware protection. Firefox 3 warns you if you arrive at a web site that is known to install viruses, spyware, trojans, or other dangerous software (known as malware). You can see what the warning looks like by clicking here.
• Web forgery protection enhanced. Now when you visit a page that's suspected of being a forgery, you're shown a special page instead of the contents of the page with a warning. Click here to see what it looks like.
• Easier to understand SSL errors. The errors presented when an invalid SSL certificate is encountered have been clarified to make it easier to understand what the problem is.
• Out-of-date add-on protection. Firefox 3 now automatically checks add-on and plugin versions and disables older, insecure versions.
• Secure add-on updates. Add-on update security has been improved by disallowing add-ons that use an insecure update mechanism.
• Anti-virus integration. Firefox 3 now informs anti-virus software when executable files are downloaded.
• Windows Vista parental controls support. Firefox 3 supports the Vista system-wide parental control setting for disabling file downloads.

Performance

• Reliability. Firefox 3 now stores bookmarks, history, cookies, and preferences in a transactionally secure database format. This means your data is protected against loss even if your system crashes.
• Speed. Firefox 3 has gotten a performance boost by completely replacing the part of the software that handles drawing to your screen, as well as to how page layout work is handled.
• Memory use reduced. Firefox 3 is more memory efficient than ever, with over 300 memory "leak" bugs fixed and new features to help automatically locate and dispose of leaked memory blocks.

2008 Global IT Spending By Sector

• Software investment will do better than average. Forrester projects that global purchases of software products will grow by eight percent in 2008, down slightly from 11 percent last year, but still strong.
• Communications equipment investment will grow below the average. This sector will see 3 percent growth in 2008, down from much stronger growth of 12 percent in 2007.
• Computer equipment investment will see a similar slowdown in growth. Forrester foresees the growth in purchases of personal computers, servers, storage devices, and peripheral markets shifting down from 12 percent growth in 2007 to 4 percent this year.
• IT consulting and outsourcing services will expand. While demand for IT consulting and integration services will weaken, demand for IT outsourcing will increase by 9 percent this year.

2008 Global IT Spending By Region

• Europe grows slowly but steadily. In Western and Central Europe, growth will be 5 percent in 2008, following 15 percent growth the previous year, which was due largely to the dollar's drop against the Euro. Measured in Euros, 2008 growth will be 3 percent.
• Eastern Europe, Middle East, and Africa will see much stronger growth. The total market in this region is about one-sixth the size of the Western and Central European market with just $74 billion in IT purchases of goods and services in 2008. However, in oil and gas producing countries where the economy is stronger — such as Russia, Saudi Arabia, the Gulf states, and Nigeria — IT purchases will grow at 12 percent in 2008, slightly lower than in 2007.
• Asia Pacific grows strongly in 2008, but not as well as 2007. Overall IT purchases in the Asia Pacific market will grow at 9 percent in 2008 (measured in dollars). That impressive growth rate is actually a slowdown from the 15 percent growth rate in 2007.

•  Designing SOA-based services to improve service quality and reduce costs
• Incorporating security, compliance and audit controls
• Addressing monitoring of the end-to-end SOA deployment, including this new set of composite applications with service-to-service dependencies
• Addressing reporting on services in a business context or in terms of SLAs
• Ensuring that the right virtualization infrastructure is in place to support SOA
• Ensuring that the environment has the flexibility to adapt and track changes in case trending shows itÂ’s in trouble
  

A separate report showing a modest revival in manufacturing at the beginning of 2008 took some sting out of the jobs loss but financial market participants were betting the Federal Reserve will have to keep cutting interest rates.

A series of contrasting reports whipsawed financial markets, leaving stock prices basically unchanged in early afternoon trading and bond prices mixed. The dollar recovered earlier losses to show modest gains against the euro.

Uncertainty about U.S. economic prospects was widespread.

The economy is very weak. It's on the edge of recession but the data are mixed enough so that you can't say a recession has begun, said the chief economist for PNC Financial Services in Pittsburgh. It is hanging by a thread but it has not been cut yet.

President George W. Bush acknowledged to a Kansas City, Missouri, audience there were troubling signs, serious signs that the economy is weakening and said Congress should speed up work on fiscal measures to get tax rebates to consumers.

Some 17,000 jobs were cut last month, sharply contrary to Wall Street analysts forecasts that 80,000 would be created. Decembers new-job total was revised up to 82,000 from 18,000 but October and November gains were revised lower.

At midmorning, the Institute for Supply Management said its index of national factory activity rose to 50.7 in January from 48.4 in December, a sign of expansion. Consumer sentiment also rose, according to a Reuters/University of Michigan Survey, though not as much as had been forecast.