Janco News Feed
Disaster Planning Knowledge Base
Disaster Recovery Planning and Business Continuity Planning
It is essential to have a proper backup strategy in place in case something goes wrong. Below are articles and links to tools that can help you in the Disaster Recovery and Business Continuity Planning and execution process. This knowledge base has been developed by Janco Associate, Inc.
FBI wants to be 1984's big brother
January 28th, 2012
The FBI is in the early stages of designing a complex system for monitoring tweets, Facebook status updates, Google+ posts, and the like in real time, all in the name of identifying and heading off potential security threats. The FBI is in the process of soliciting information from companies as to the feasibility and cost of building an open source geospatial social media alert, mapping, and analysis Web application portal built on mash-up technology.
The application would have the ability to rapidly assemble critical open source information and intelligence that would allow the FBI to quickly vet, identify, and geolocate breaking events, incidents, and emerging threats according to the FBI's RFI (request for information).
The FBI is looking to harvest feeds from Twitter, Facebook, and the like because "social media has become a primary source of intelligence because it has become the premier first response to key events and the primal alert to possible developing situations," according to the RFI. "It has emerged to be the first instance of communication about a crisis, trumping traditional first responders that included police, firefighters, EMT, and journalists."
- more info
Security breaches that can be easily prevented
January 11th, 2012
Many IT security department invest countless hours and dollars into defending its company's data from infiltration by malicious outsiders, only to hand over a laptop containing highly sensitive information to third-party data recovery outfit that ends up selling the laptop drive's contents for cash.
In a recent study 87 percent who said their organization suffered a data breach in the past two years, 21 percent said the breach occurred when a drive was in the possession of a third-party data recovery service provider.
The IT Security Manual Template provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in a 230 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements.
- more info
2012 Salary Survey shows pay is flat
January 7th, 2012
Overall IT compensation has remained flat for the last 12 months. The total mean compensation for all IT Professionals has increased modestly by 0.81% to $78,229 from $77,604 at the beginning of 2011. This puts overall compensation back at the levels they were at in January 2008.
- more info
Unlimited Internet Access With Social Networks Puts Companies at Risk
November 11th, 2011
Twitter, Facebook, and UTube Cause Many CIOs Concern... Look at Domiono Pizza where Two Domino's Pizza employees in North Carolina faced felony charges after a video showed them passing gas on salami, stuffing cheese up their nostrils - then using the foul fixins' in the fast food.
When enterprises allow their employees to have uncontrolled free access to the web they run a serious risk that there will be misuse of the web. Web misuse has serious implications for your enterprise and its employees. The implications are:
- Reputation risk - Social networking can create opportunities for employees to leak confidential information or spread damaging rumors online. Bad behavior by a single employee can reflect on the reputation of the whole organization.
- Reduced productivity - If employees spend their time on social networking sites such as Tweeter they are not spending it doing their job.
- Data Leakage - Confidential and sensitive information could be transmitted to unauthorized individuals and competitors. In addition, data that is covered by mandated privacy and security requirements (HIPAA and PCI-DSS) could be exposed.
- Security problems - Malware hides on websites and can install itself as users browse infected pages. One company reports that the number of new, malicious websites blocked each day by it nearly doubled (91 percent) in just one month.
- Legal risks - When users download inappropriate material to their computers, other employees may take serious
- Wasted bandwidth - Internet connections cost money. If half of an enterprise's bandwidth is taken up with non-work related traffic, the enterprise could be paying than they need to and the enterprise-critical communications could be running at half their speed capacity.
- Unlicensed software - When users download and install software from the internet, they create a legal risk. If an organization uses unlicensed copies of software, it may face a civil suit and company directors risk criminal penalties.
- more info
Mobile device strategy and policy
November 5th, 2011
Nearly 60% of all corporate employees share, access and manage content outside the office with their iPhone, iPad, Blackberry, Android and more. Indications are that numbers only going to increase.
This makes sense: mobile content management increases user productivity, ramps up customer engagement, enhances customer service, maximizes collaboration and drives more effective business decision-making. What does all this user mobility mean for IT? Simply this - A modern mobile strategy is no longer a "nice-to-have" it's an absolute business necessity.
- more info
Social media poses risks for most businesses
October 27th, 2011
Social media poses significant risks businesses of all sizes, according to a survey by the Federation of Risk Management Associations in cooperation with the Institute of Risk Management (IRM).
Risk professionals from both organizations were asked which three cyber risks they thought were the greatest threats to business in general and to their own organizations. A total of 186 replied to the online survey.
For business in general, reputation risk from social media was cited as a material risk by nearly 50 percent of respondents and loss of confidential information through social media by 20 percent. These concerns ranked social media along with non-malicious operational IT risks, theft of customer information and malicious interference with IT systems as the greatest cyber threats to business in the eyes of the risk professionals.
The emphasis shifted somewhat when it came to respondents own organizations. More than half put operational, non-malicious IT risks among the top three, followed by 43 percent who mentioned theft of customer information. However social media risks were next with 42 percent who included them among the biggest exposures to their own organization with 21 percent concerned about loss of confidential information through social media.
In response to additional questions to FERMA members, one-third of 36 responses said they had already been concerned by a denigration attack. One-quarter of the 98 responses said their company had suffered an attack on confidential information.
- more info
Disaster Plan & Business Continuity Infrastructure
October 16th, 2011
The key technology elements of a Disaster Recovery Plan and Business Continuity Plan (DRP/BCP) infrastructure are the primary data center, a remote site that duplicates the resources in that primary location and the method used to get files (master and transaction) between the two sites - such as high-bandwidth network connections. The best DRP/BCP strategies follow a "redundant every-thing" philosophy throughout the data center. Multiple mainframes and servers should run in the production and backup data facilities. Then, if a component in the production system encounters problems, it immediately fails over to the local backup as a first line of defense.
Power supplies and communication links are one of the most critical components in a DRP/BCP strategy.
- more info
Being prepared for e-discovery
October 10th, 2011
Being prepared to respond responsibly and efficiently to an e-discovery request goes beyond just preserving evidence; it begins with good information management. To borrow a mantra from a popular Wall Street investor: "Know what you own." Just as investors should know their portfolios in detail, organizations need to know what information they own, including all electronic data. They need to know where data is stored, who has access and control of it, its value, and, if there is no value, why it is being kept. They also need to determine its retention schedule. A data map and management policy that defines clearly all of these attributes and establishes a foundation for ongoing governance is paramount to being prepared for an e-discovery request.
Companies with no information management programs - or programs that do not sufficiently address the full life-cycle of electronic data - end up creating mountains of legacy data and media. Most of this data has no real business value, is free from any statutory or regulatory retention requirements, and is not subject to any legal preservation obligations.
- more info
Data loss is an every day occurance
October 1st, 2011
A recent survey has found that almost 90 percent of businesses experienced data loss in the last year.
As a result of this threat, investment in data protection and recovery continues to rise, with 94 percent of businesses maintaining expenditure on it and 35 percent increasing budgets for it from 2010 to 2011.
The independent survey 'Insights: Data Protection and the Cloud 2011,'also reveals that 41 percent of organizations expect cloud computing to play an increasingly important role in their business continuity plans over the next year.
Of the businesses surveyed, 39 percent have data that resides in the private cloud and 21 percent in the public cloud. Encouragingly, these companies displayed high levels of confidence in the safety of this data. A significant 68 percent of those using private cloud trust that their data and applications are properly protected in the event of a disaster whilst 78 percent of those using public cloud are confident in the data protection SLAs agreed with their provider.
88 percent of respondents suffered application and data loss incidents in the last year. These were due to a wide variety of causes. Nearly two thirds (63 percent) of companies had experienced an IT systems failure (e.g. network, storage, software failure) the most common cause of data loss. Other recurrent causes included employee or human error (40 percent of companies) and external attacks on IT (36 percent).
Although there was a high frequency of data loss across the UK, few businesses have adequate disaster recovery systems in place. Just over a third (34 percent) reported having full and comprehensive disaster recovery plans to protect their data in the event of such an incident. The primary reason given for this lack of DR planning was inadequate training of IT personnel in risk and DR planning (42 percent). Lack of budget was also a significant factor (40 percent).
- more info
Recovering from disaster
September 16th, 2011
Much of the discussion of business continuity has been focused on "silver bullets" in an effort to prevent disasters from occurring in the first place. Truth be told, this is only one of the two goals of continuity planning: to prevent avoidable interruptions. To be successful, planners must also confront the second, and much greater, challenge of what to do about the interruption events that cannot be prevented -the familiar realm of traditional disaster recovery planning.
In disaster recovery, three jobs need to be accomplished quickly:
- more info
- The data associated with critical applications needs to be recovered and placed into a usable form: no small feat given the massive amounts of data involved (though much of it non-essential to recovery).
- The applications serving critical business functions must be re-hosted on platforms that are adequate to support comparable (though not always identical) workload to what is experienced in normal production environments.
- Users, suppliers and customers need to be re-connected to the newly-instantiated application platform so that work can continue.
Sharing data with partners, vendors and customers is risky
September 12th, 2011
Just how risky is it to share data with you partners. One hospital recently found out. They discovered last month that a contractor had posted a database containing medical records of 20,000 patients to a public homework assistance Website in search of help on how to create bar graphs.
Unfortunately, this kind of breach is becoming altogether common as information is shared between partners, customers and contractors to reduce costs and improve services. The idea of protected information staying within the network perimeter is effectively dead.
A data privacy breach at the hospital has resulted in medical records for 20,000 emergency room patients being posted on a public Website for nearly a year. The records included names, diagnosis codes, account numbers, dates of admission and discharge, and billing charges. Social Security numbers, birth dates, credit card accounts or other information that could potentially result in identity theft was not exposed. Even so, the hospital is offering free identity-protection services to all affected patients.
The spreadsheet originated at one of the hospital's vendors, a billing contractor called Multi-Specialty Collection Services. The spreadsheet appeared on a Website called Student of Fortune, where students pay for assistance with schoolwork. The spreadsheet was part of a question on how to convert the data into a bar graph. Student of Fortune removed the post with the spreadsheet immediately after being contacted by the hospital last month.
- more info
Simple Disaster Planning Activities
September 5th, 2011
Creating a disaster recovery plan is a complex task; however there are a number of basic steps that you can follow to start thre process
- more info
- Prepare your systems, processes, and people for an organized response to disaster when it strikes.
- Identify critical IT systems and develop a long-range strategy.
- Select and train your disaster recovery team.
- Conduct a Business Impact Analysis.
- Determine risks to your business from natural or human-made causes.
- Get management support.
- Create appropriate plan documents.
- Test your plan.
Denial of Service Attacks Defined
August 30th, 2011
Disaster Recovery Business Continuity for Remote Offices
August 14th, 2011
Data residing outside the data center at remote and branch offices (ROBOs) accounts for a significant portion of an enterprise's information store, yet it often either is protected with inefficient backup processes or is not protected at all -- leaving companies at risk on many fronts.
In a recent research report, high priority projects for ROBOs included improving information security measures; ensuring compliance with government, industry or corporate governance mandates; and improving Disaster Recovery Business Continuity processes.
- more info
How Reliable is Your Disaster Recovery Plan?
August 8th, 2011
Minimize downtime, lower costs and reduce risk: Those are the three goals your disaster recovery plan must meet. But, as the need for "always on" capability and business continuity has increased, so has the complexity and labor intensity of maintaining a reliable disaster recovery plan. The Disaster Recovery Business Continuity Template provides the roadmap you need to address these challenges and help your enterprise meet the key goals of a viable disaster recovery plan.
Disaster recovery and business continuity planning are processes that help organizations prepare for disruptive eventswhether those event might include a hurricane or simply a power outage caused by a backhoe in the parking lot.
- more info
Future IT staffing requirements
July 28th, 2011
Technology, economic and cultural issues are coming together and are forcing IT organizational change. Rather than being seen as simply letting that just happen to the IT department, CIOs and IT Managers would be well advised to be the ones seen as driving those actual changes.
A writer Jason Hiner at TechRepublic states that because most workers have used technology for at least a decade and often want to select and set up their own technology, most companies don't need that much in the way of IT staff. His forecast is that three jobs will be in high demand in the future:
- more info
- Consultants: Companies increasingly are farming out traditional IT administration and support functions to outsourcers and third-party consultants. Predictions are that more IT staff will be working instead for the service providers.
- Project managers: It staff to be working in the business units rather than a centralized IT department.
- Developers: Someone has to program.
Roles in Developing a Disaster Recovery Plan
July 12th, 2011
The disaster recovery policy must be reviewed at least annually to assure its relevance. Just as in the development of such a policy, a planning team that consists of upper management, and personnel from information security, information technology, human resources, or other operations should be assembled to review the disaster policy. Roles and responsibilities of the planning team should be as follows:
The Disaster Recovery Plan Template has tools that can be used immediately and defined in detail all of these responsiblities and provides a work plan that can be use as is.
- more info
Many users use common un-lock codes for iPhones
July 9th, 2011
The 10 most common passcodes used by iPhone users accounted for 15 percent of all the passwords analyzed. The most common values were: 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212 and 1998.
"1234" was the most commonly used and the second most common code was "0000". People choosing "1234," "0000" and "1111" as their passcode are doing the equivalent of locking up their cars with a piece of thin string. "0852" and "2580" aren't that much better, as the code is just going up and down the keypad.
- more info
Malware attacks on the rise
June 30th, 2011
Recent headlines concerning attacks on Sony, Citibank and Amazon highlight the growth of criminal malware worldwide. No longer the work of individual hackers out to make mischief, these botnet malware attacks are launched by crime syndicates intent on financial gain. And while studies from numerous experts paint a bleak picture - most say you will be infected - there are critical steps you can take to protect your organization.
Security policies and procedures are a must to help set up the first line of defense.
- more info
Disaster Recovery Planning International Standard Set by Janco
June 18th, 2011
Disaster Recovery Business Continuity Template Now Accepted as the International Standard
Update to the Disaster Recovery Business Continuity Template has just been released by Janco Associates..
Park City, UT - The Disaster Recovery Business Continuity Planning template has been sold to enterprise in over 65 countries around the globe. With the release the latest verison of the template it is in complete compliance with Sarbanes-Oxley, HIPAA, ITIL (Ver 3), ISO 27031, and PCI DSS.
M V Janulaitis the CEO of Janco said, "Our DRP /BCP Template has been accepted by enterprise around the globe as the standard for disaster recovery plan and business continuity plan creation." In response to that need Janco has updated its "Disaster Recovery / Business Continuity Template" by increasing the content of the template as well as updating the entire document to be compliant with Sarbanes-Oxley, HIPAA, ITIL (Ver. 3), ISO 17799, and PCI DSS.The Disaster Recovery Business Continuity Plan has been purchased for use in over 65 countries around the globe including:
- Angola
- Australia
- Austria
- Bahamas
- Barbados
- Belgium
- Belize
- Bermuda
- Brazil
- Bulgaria
- Canada
- Cayman Islands
- Columbia
- Croatia
- Czech Republic
- Denmark
- Egypt
- Finland
- France
- Germany
- Greece
- Honduras
- Hungary
- Iceland
- India
- Indonesia
- Israel
- Italy
- Jamaica
- Japan
- Jordan
- Kenya
- Lebanon
- Lithuania
- Macao
- Malta
- Mexico
- Mozambique
- Namibia
- Netherlands
- New Zealand
- Nigeria
- Norway
- Panama
- Philippines
- Poland
- Portugal
- Puerto Rico
- Qatar
- Republic of Ireland
- Romania
- Russia
- Saudi Arabia
- Singapore
- South Africa
- South Korea
- Spain
- Sri Lanka
- Swaziland
- Switzerland
- Taiwan
- Thailand
- Trinidad & Tobago
- Uganda
- United Kingdom
- United States
- Venezuela
- Zambia
The Disaster Recovery Business Continuity Plan has been purchased for use in government, public, and private enterprises in almost all industries including:
- more info
- Federal Government
- State Governments
- Local Governments
- Law Firms
- Think Tanks
- Chemical
- Telecommunication
- Real Estate
- Manufacturing
- Universities
- School Districts
- Consulting Firms
- Banks
- Financial Service
- Investment Banks
- Credit Unions
- Outsourcers
- Property Mgt
- Heavy Industry
- Light Industry
- Distribution
- Retail
- Hospitality
- Energy
- Insurance
- Medical
- ISPs
- Application Development
- Construction
- Graphics
- Entertainment
- Paper Products
- Defense
- Aerospace
- Media
Security best practices
June 4th, 2011
- more info
- Have a plan in place for what data to save - Define "personal information" as it applies to your organization, taking into account all the types of personal information that fall under your applicable legal requirements for information protection. Establish an inventory, and make sure to maintain it.
- Have policies in procedures in place for your employees data retention and access - Especially for mobile technology, social media and emerging technologies, identify who collects, processes, stores or accesses personal information. Determine who is, or should be, responsible for these activities.
- Document where valuable data is kept -Identify storage locations, including mobile endpoints. Also include third parties you trust to store information.
- Know what to collect, and what to keep and not to keep -Create policies to limit what you and your marketing teams collect for data. Are you really using what you have? If not, do not collect it. Follow data retention requirements. Incorporate this into your inventory information, or use a completely separate system to manage. Be sure to dispose of data securely and irreversibly.
- Limit access -Restrict access to only those who have a business need to access the information for business purposes. Don't give access beyond the purposes for which you collected the information.
- Put in place appropriate safeguards -Do a risk assessment, and then implement effective safeguards to appropriately mitigate the risks, following your policies and procedures. Be sure you communicate information about how to do this through regular training and ongoing awareness communications.
Can SmartPhones cause cancer
May 31st, 2011
For years, consumer advocates and scientists have questioned the safety of cell phones. Scientists know that humans absorb radiation from cell phones, but whether that radiation causes health risks, such as cancer, is unclear.
Why is it still unclear? There's plenty of research and it is often contradictory, sometimes based on outdated data, sometimes driven by industry groups soft-pedaling concerns, sometimes driven by health advocates who appear too alarmist and unreasonable. About the only thing researchers agree on is that they need to do more research.
What's more, a close look at the research used to set federal safety standards indicates that the standards themselves may be outdated at best and could be meaningless at worst. Some countries, like Finland and France, are concerned enough to issue public warnings, especially when it comes to allowing children to use cell phones. And some local and state governments in the U.S., such as San Francisco and the state of Maine, have tried to create their own warning labels for cell phone use despite the lack of consensus.
- more info
Tablets and mobile devices take hold
May 29th, 2011
CIOs who figured (or hoped) that this whole tablet "fad" wouldn't gain traction in the corporate world is in for a surprise: 41 percent of today's mobile workforce is equipped with a tablet, and by year's end, that figure could reach 75 percent, according to survey results released today by iPass. And no, employees aren't just using their slick portable machines to play Angry Birds; 87 percent of workers with tablets said they use the machines for actual job purposes.
This leaves IT departments with two choices: They can stick their heads in the sand and ignore tablets, thus risking security breaches, employee ire, and lost opportunities, or they can accept this next wave of mobile computing and adapt policies and practices accordingly.
- more info
Internet is a risky place to put your trust
May 19th, 2011
- more info
- One source estimates that a large organization of 40,000 computer users will view 48 million Web pages on a typical day and 0.17%, or 83,000, of those pages will be infected with malware3, an average of more than two infected Web pages per user each day.
- An Osterman Research survey conducted in 2009 found that 55% of mid-sized and large organizations had been infiltrated by a Web exploit during the previous 12 months; a year earlier, that figure was only 39%.
- Smaller organizations are particularly vulnerable to Web exploits because they often lack the IT staff and technical expertise necessary to detect and remediate these threats before they can do real damage. Examples of organizations that have been impacted include an auto arts supplier in Georgia that lost $75,000 to a banking Trojan and a county government in Kentucky that lost more than $400,000 to a similar exploit.
- Webroot4 has found that 85% of malware is distributed through the Web; Blue Coat has pegged the figure at 65%5.
- The Anti Phishing Working Group (APWG) received a record 40,621 phishing reports and 56,362 unique phishing sites detected in August 2009. The third quarter of 2009 saw more than 340 brands attacked the previous high was 310 brands.
Cloud security an issue for CIOs
May 14th, 2011
Cloud-hosted application delivery models have many compelling advantages when compared with hosting applications in house. These include faster time to value, lower total cost of ownership and the ability to efficiently and cost-effectively address fluctuating levels of application demand. Still, the pace of enterprise adoption for both software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS) solutions has been slowed by the challenges of having to create, use and manage yet another set of identities for each new service-based offering.
editable Microsoft WORD and PDF formats:
- Practical Guide for Cloud Outsourcing includes a job descriptions for Manager Cloud applications, Cloud Computing Architect, sample contract, service level agreement, ISO 27001 - 27002 - 27031 security audit checklist, Business and IT Impact Questionnaire and much more.
- Disaster Recovery Plan (DRP) can be used in whole or in part to establish defined responsibilities, actions and procedures to recover the computer, communication and network environment in the event of an unexpected and unscheduled interruption. The template is IS0 27000 (27031) Series, COBIT, Sarbanes Oxley, PCI-DSS, and HIPAA compliant.
Implementing a cost effective Cloud Infrastructure that aligns with your organizations business strategy is essential to ensuring the success of the Information Technology function. For many IT professionals, the amount of time it takes to develop and implement such a infrastructure, and the unknown process required to complete it, makes infrastructure design and implementation a daunting task. The Cloud Outsourcing Template draws on the experiences of some of the best IT and business operations executives in the industry to provide you with the right shortcuts.
- more info
Discrimination in IT
May 4th, 2011
In order to avoid age discrimination, older IT workers have confessed to dying their gray hair (it's not just women who do this) and leaving the dates they graduated from college off of their resumes, along with work experiences that date back to the 80s. When they speak about the effect of their age on their IT careers, an air of powerlessness overcomes these otherwise assertive IT professionals. They don't think there's any way to fight age discrimination.
In fact, IT workers who believe they're being or have been discriminated against - whether on the basis of their age, sex, race, national origin, religion or disability - can file a discrimination charge with the U.S. Equal Employment Opportunity Commission (EEOC), the federal agency responsible for enforcing anti-discrimination laws.
In 2010, the EEOC processed nearly 100,000 discrimination and retaliation charges, filed 271 lawsuits on behalf of victims, resolved 315 suits from previous years in federal district courts, and won $85.1 million in benefits for victims of discrimination, according to EEOC data.
- more info
Cloud skill set for IT Pros
April 28th, 2011
As companies move more of their software to the cloud, there are some indispensible skills IT pros need to hone or acquire, and theyre not technical skills.
They'll need to be better business problem solvers, like Salesforce.com specialists who sit with marketing teams and cook up new ways to use that software to help them. They'll need to be big picture thinkers, like someone who anticipates how executives might make better use of an iPhone, rather than someone who just knows how to get corporate email onto the device. And they'll need to be first-rate program managers, people who can drive projects to the finish, not just take orders and knock out the technical piece of it.
- more info
Security threats abound
April 6th, 2011
A network engineer fired by fashion house Gucci has been charged with going on an IT rampage against his former employer in which he deleted data, shut down servers and left the company nursing an estimated $200,000 cleanup bill.
Data breaches are a fact of life with the advance of Wi-Fi, 3G, and remote computing as it is done in todays flexible business environment.
Data breaches and network intrusions occur because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches do not expose such sensitive information; however, they still expose individuals to identity theft and business to a compromise of their electronic assets and that must be disclosed under Sarbanes-Oxley and various state laws.
- more info
Infrastructure lacking in many SMBs
March 25th, 2011
Small and mid-sized businesses (SMBs) (often defined as businesses with up to a thousand employees) are now seeking to achieve many of the disaster recovery and business continuity planning advantages of server virtualization as large enterprises. But there are significant challenges in planning, implementing, and managing a virtualized IT infrastructure with a smaller and less specialized IT staff.
SMB IT staff members tend to be generalists who are able to perform multiple roles in the IT structure. This is driven by the small numbers of IT staff members at the SMB; it is simply not possible for smaller organizations to employ the same number of IT staff as large enterprises. Even in organizations with a few hundred employees, there are only a handful of IT staff members who must handle everything from the help desk to network and server implementation and operations.
Therefore, SMBs tend to have a reactive approach to IT operations, which leads to challenges when implementing and maintaining virtualized servers:
- Lack of planning - IT staff at SMBs tend to be highly competent identifying and resolving technical issues, but lack the resources to plan extensively for them; they often implement new technologies without extensive planning and worst-case scenarios.
- Inability to implement specialized solutions - In addition, they may lack the specialized training and expertise needed to implement sophisticated solutions in any particular area of virtualization. For example, backup and recovery are significantly different in a virtualized application environment. Most generalist IT staff members would have to spend a significant amount of time to learn the best practices and available technologies - time they simply do not have.
- Lack of standardized, documented processes - IT staff at SMBs also frequently lack the resources and expertise to define and document their IT processes; instead, they often have a just keep the lights on philosophy that precludes taking the time to employ standardized IT processes, collect data on the effectiveness of those processes, and so on.
- Focus on Windows environments - Many SMBs employ primarily a Windows environment, especially their internal applications and virtual machines. Experience with Windows Server and other Windows-oriented technologies is valuable and easily transferrable, but is based on a specific type of systems management approach that does not apply to all virtual operations.
- more info
Cybersecurity Spending Up
February 15th, 2011
The White House is proposing a big increase in cybersecurity research and development in next year's budget to improve, in part, its ability to reduce the risk of insider threats, and ensure the safety of control systems such as those used at power plants.
Overall, the budget seeks $66.1 billion for basic and applied research across all areas, a 11.6% increase. "The aim of that is to develop the solutions - the innovative solutions to the many challenges we face," John Holdren, Obama's top science advisor, said at the budget briefing.
Other cybersecurity initiatives that are funded in this spending plan include new research programs at the National Science Foundation (NSF), as well as research on a trusted identity system. Day-to-day spending on cybersecurity by federal agencies is not part of this research budget.The cybersecurity research spending is part of an overall research and development budget proposal for next year that includes across-the-board increases for a range of research efforts, including robotics, climate change, and funding to expand the supply and capabilities of science, technology, engineering, and math teachers.
- more info
Cloud Is Not The End All Solution For Backup
February 12th, 2011
An enterprise cloud storage provider has published the results of a cloud storage and data protection survey of more than 230 IT professionals. The survey covered various industries, with the top five being government, education, software and technology, financial services, and manufacturing.
The most cited benefits of the cloud were lower costs and dynamic growth, at 49 percent each. Applications most often planned for the cloud included backup (44 percent of respondents) and online archive (38 percent).
As expected, security and privacy were mentioned as a barrier to cloud storage adoption by 60 percent of the IT pros, up from the 47 percent that the survey revealed. The most cited data protection issue was recovery time, with 58 percent of the respondents claiming this problem. 65 percent of the respondents were not able to consistently achieve their own recovery time objective.
- more info
EU to define CIO best practices
January 29th, 2011
Questionnaires will be sent out to CIOs around Europe as research funded by the European Commission seeks to set out guidelines for IT best practice.
The Innovation Value Institute (IVI) at Maynooth University in Ireland was awarded 300,000 last month to conduct the project, which aims to strengthen and professionalize the role of CIOs (chief information officers) and IT professionals in European business, public sector and academic organizations.
The European Union is expected to spend more than 600 billion on IT in 2011, but according to some reports, there will be a 13% shortage of people with the appropriate skills in the workforce by 2015. As part of its research, IVI will seek to establish a European training program for IT managers.
- more info
CAN-SPAM goes international
January 24th, 2011
Laws in many jurisdictions regulate unsubscribe behavior, including the U.S. CAN-SPAM Act and the brand-new Canadian Fighting Internet and Wireless Spam Act (C-28). Huge fines are possible, so it's important for IT people to keep a close eye on what their marketing friends are up to, and ensure that any systems you're providing them work correctly. - more info
Continuous Data Protection can be used as a backup strategy for DRP amd BCP
January 7th, 2011
Continuous Data Protection (CDP) is an increasingly popular disk-based backup strategy. It is replication with an Undo button. Every time a block of data changes on the system being backed up, it is transferred to the CDP system. However, unlike replication, CDP stores changes in a log, so you can undo those changes at a very granular level. In fact, you can recover the system to literally any point in time at which data was stored within the CDP system.
A near-CDP system works in similar fashion except that it has discrete points in time to which it can recover. To put it another way, near-CDP combines snapshots with replication. Typically, a snapshot is taken on the system being backed up, whereupon that snapshot is replicated to another system that holds the backup.
Why take the snapshot on the source before replication? Because only at the source can you typically quiesce the application writing to the storage so that the snapshot will be a meaningful one.
- more info
Guidelines for Disaster Recovery and Business Continuity Planning
December 22nd, 2010
Disaster recovery and business continuity are important business issues that require awareness and planning. Guidelines that can be used in this process are:
- more info
Look at the big picture - your business processes, systems, networks, data, and people all need to be considered when planning and implementing these processes
Understand your levels of tolerance for lost work, missing data, and unproductive time.
Document and test your plans, and update them when business needs change.- Configure your environment to minimize the likelihood of a failure escalating into a disaster.
- When evaluating technology solutions, take into account meeting your recovery objectives, kinds of disasters you're likely to face, and levels of cost, complexity, and disruption involved.
- Know the advantages and limitations of each technology, and adjust your expectations accordingly.
- Remember that backing up your data is the most reliable form of protection, without which your business is vulnerable.
Disaster Recovery Communication Requirements Defined
December 1st, 2010
Disaster Recovery Planning requires a communication network in place that meets at least the following requirements:
- more info
Department of Homeland Security acts like Big Brother in 1984
November 29th, 2010
The domains of torrent sites, which the government said linked to illegal copies of music, movies, and sites that sold counterfeit goods, were seized by the Immigration and Customs Enforcement (ICE) division of the Department of Homeland Security.
The owner of Torrent-Finder domain said his domain has been seized without any previous complaint or notice from any court. The owner felt that "due process" was not followed and he was presumed to be guilty without being able to offer a defense. His site was one of among more than 70 domains which were part of the massive seizure.
Torrent-Finder did not host Torrent file or even BitTorrent file trackers. It is just a search engine dedicated to file torrents such as movies, TV shows, or software programs. You can find the same file torrents with Google if you know what you are doing. Torrent-Finder, and sites like it, just makes specific kinds of file searches easier.
The US government launched a major crackdown on online copyright infringement, seizing dozens of website domains linked to illegal file sharing and counterfeit goods. Since they did this without any preliminary "court action", what is to stop them from doing this to other sites for "political" reasons?
Visitors to such sites as Torrent-finder.com, 2009jerseys.com, and Dvdcollects.com found that their usual sites had been replaced by a message that said: "This domain name has been seized by ICE - Homeland Security Investigations, pursuant to a seizure warrant issued by a United States District Court."
- more info
Managing difficult employees is a challenge
November 10th, 2010
How is a manager supposed to deal with a difficult employee? Asking an employee to change job assignments is a lot easier than asking him to stop bossing people around. Managing difficult individuals can be challenging, but there are some steps managers can take to help address these distracting employees.
- more info
- A manager must make sure the employee is aware of the problems he is causing in the workplace. It is easy for an employee to be completely blind to his or her distracting behavior. Management should arrange to meet with the employee to explain how the behavior is affecting his coworkers and the office environment. Awareness is the first and most important step in dealing with an employee who has a difficult personality.
- The employee needs to show a willingness to change his demeanor and personality. If an employee complains all the time, he must admit to excessive complaining and make an effort to complain less in the future. The manager will need to provide additional support in order to motivate the employee to change. Although this will take more time and focus special attention on one employee, the other employees will be more productive after the distracting behavior has been eliminated.
- The manager can enlist trustworthy employees to provide feedback on the progress of the difficult employee. If the employee still chooses to engage in negative behavior and shows no willingness to change, then management may need to look at more drastic steps for dealing with him. Managing challenging employees is made easier through the assistance of coworkers and employees.
Windows 7 saving Microsoft
October 27th, 2010
With declining market share in browsers and a paltry presence in slates and phones, Microsoft can still look to its flagship Windows operating system as proof it remains one of the IT industry's dominant players.
The company announced Thursday that it has sold more than 240 million Windows 7 licenses since it launched the OS in October of last year.
Microsoft also cited IDC data that shows almost 90% of businesses are moving their Office PCs to Windows 7a shift that's almost inevitable as Windows XP approaches the end of its shelf life.
In the past month alone, Microsoft noted that users of the OS have opened the Start menu more than 14 billion times, used Aero Snap more than 150 million times, used Aero Shake more than 20 million times, employed jumplists over 339 million times, and pinned 12,643 unique apps to the taskbar and menu.
Windows' overall share of the computer OS market is 91.08%, according to the latest numbers from Net Applications. Windows 7 in particular holds a 17.1% stake, while Windows XP, still the most popular Windows variant, leads the pack with a share of 60.03%. Windows Vista, though widely maligned, remains the industry's third most popular OS, with a share of 13.35%.
And despite all the buzz surrounding the iPad and the new, iPad-like MacBook Air, Apple's share of the OS market is a lowly 5.03%.
- more info
Over 270,000 PCs had Zeus removed by Microsoft tool
October 18th, 2010
Microsoft said its free malware cleaning tool had scrubbed the money-stealing Zeus bot from nearly 275,000 Windows computers in under a week.
Zeus, also called Zbot, is a crimeware kit that lets criminals create customized malware that they can use to infect PCs. Hackers deploy Zeus to steal usernames, passwords and other information necessary to log in to online bank accounts. So-called "money mules" then withdraw money from the compromised accounts and wire the funds to the gang's organizers.
Friday, Fortinet reported that one Zeus gang had targeted Charles Schwab investment accounts, and was injecting a fake form into a legitimate session at the firm's site to collect personal information they could later use to confirm their illegal transactions.
Last Tuesday, Microsoft added Zeus/Zbot detection to its Malicious Software Removal Tool (MSRT), a free malware-removal program that the company updates each month and distributes alongside its Patch Tuesday security fixes. MSRT does not prevent attack code from getting on a Windows machines. Instead, it detects infected machines and then deletes the malware.
Since Tuesday, MSRT has removed 281,491 copies of Zeus from 274,873 PCs, Microsoft announced in a post to a company blog Sunday. Those numbers put the Zeus bot into the top spot on MSRT's hit list.
- more info
