Sensitive Information Policy
Includes HIPAA Audit Program Guide and a PCI Audit Program
This
policy is easily modified and defines how to treat Credit Card,
Social Security, Employee, and Customer Data. The template is 29
pages in length and complies with Sarbanes Oxley Section 404,
ISO 27000 (17799), and HIPAA. The PCI Audit Program that is
included is an additional 50 plus pages in length.
This policy applies to the entire enterprise, its vendors, its
suppliers (including outsourcers) and co-location providers and
facilities regardless of the methods used to store and retrieve
sensitive information (e.g. online processing, outsourced to a third
party, Internet, Intranet or swipe terminals).
The HIPAA Audit Program Guide provides you with a checklist of
the must be implemented items which HIPAA mandates.
You can
download the Table of Contents and some sample pages by clicking on
the link below.
Internet,
e-Mail,
Mobile Device,
Electronic Communications, and
Record Retention
Policy
This policy is
is compliant with all recent legislation (SOX, HIPAA, Patriot Act,
and Sensitive information), and
covers:
- Appropriate Use of Equipment
- Mobile Devices
- Internet Access
- Electronic Mail
- Retention of Email on Personal Systems
- E-mail and Business Records Retention
- Copyrighted Materials
- Banned Activities
- Ownership of Information
- Security
- Sarbanes-Oxley
- Abuse
Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement
- E-Mail - Employee Acknowledgement
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
Travel and Off-Site Meeting Policy
Travel and Off-Site Meeting Policy -
Protection of data and software is often is complicated by the fact
that it can be accessed from remote locations. As individuals travel
and attend off-site meetings with other employees,
contractors, suppliers and customers data and software can be
compromised. This policy is four page in length and covers:
- Data and application security
- Minimize attention
- Shared public resources
- Off-site meeting special
considerations
Outsourcing Policy
Outsourcing Policy - This
policy is eighteen page in length and defines everything that is
need for function to be outsourced. The policy comes as a
Microsoft Word document that can be modified as needed. The
template has been updated to include a HIPAA audit program
definition in length and covers:
- Outsourcing Management Standard
- Service Level Agreement
- Responsibility
- Outsourcing Policy
- Approval Standard
- Base Case
- Responsibilities
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for
outsourcing
Current Information Technology News
Managing Productivity and Costs in a Turbulent Economy
There have been unprecedented events in
the global markets that will have a profound impact on enterprises of all types.
Enterprises need to take proactive measures to mitigate the risk of coming under
severe financial pressure themselves.
 Is traditional "cost
cutting"really the answer? Cost reduction is a promising solution to sustain
profitability for nearly all organizations. However, the key to success is
finding creative ways to prevent costs.
Metrics are the way we see
it. Metrics based solutions allow enterprises to improve their
understanding of the key drivers of profitability and enable them to develop a
cost redistribution program that will ensure long-term financial viability. It
is critical to identify the areas where cost can be eliminated or reduced
and to create and implement a formal cost review process.
Enterprises of all types are feeling the pressure
as customers' disposable income decreases while trying to keep up with higher
costs of living. Over the last several years, cost management strategies have
become the focus of executive management due to global economic challenges.
These external drivers of cost management include:
- Marketplace Competition -
competitors providing similar products at lower prices
- Recession Fears - less
cash flow in the marketplace
- Rising Production Costs -
increasing cost of energy and material
- Inflation - declining value of
currency and/or rising prices of goods and services
Increased
- Investors and Boards of Directors
Pressures - missed revenue targets, mergers and
acquisitions
- more info
ITSM Metrics
IT Service Management Metrics are defined in the ITSM Template.

IT Service Management is possible only with client
and IT agreement that service is being delivered. The ITSM SOA
Template is the perfect
solution. - more info
Setting Priorities With Tight Budgets
Meet with each user groups executives and ask them
if they could get only one project done, what it would be. The rule for the
discussion: They describe their projects in terms of business change, not in
terms of software requirements ("We need to improve productivity in the
warehouse by picking items more efficiently," not "We need an inventory picking
system enhancement.")
Next,
call a meeting with your business analysts. Walk them through the full list,
then parcel out the requests based on each analyst's expertise and ability to
get along with the various execs. In this discussion, let them know you're
looking for quick solutions that are good enough, not elegant solutions that
will withstand the test of time. Their job is to figure out how to get each exec
most of the improvement they're looking for and quickly, not all of the
improvements they'd like done the "right way."
This means that if a twice-a-day batch extract
into Excel file works, there is no need to create a real-time
SOA-driven interface. It means that a once-a-night dump-and-load into Excel
might be a better answer than enhancing the data warehouse and its business
intelligence interface.
It might mean nothing more than teaching their
staff how to assign tasks to each other using plain-vanilla existing software,
instead of deploying a full-blown, enterprise-scale integrated project
management solution. - more info
CIO Need to Hire and Develop IT Staff
Successful CIOs are utilizing
sophisticated, aggressive hiring
tactics to acquire the most desirable personnel wherever they may be, while
at the same time putting extensive emphasis on retaining and developing internal
talent.
This
is not easy given the current economic situation. Developing an adequate in-house talent
pool demands more than a simple training program for employees' development.
Establishing a strong, predictable internal talent pipeline requires:
-
Clarity of role and expected performance
-
Management of employees at every level
-
Guided training, education, and career planning
-
Assignment of eligible staff to the most exciting projects to
motivate them and ensure a satisfying work
experience - more info
IT Metrics Key to Success in Troubled Times
You cannot
manage what you do not measure. In addition, once
you measure you modify behavior. Yet many organizations do a very poor job (or
no job at all) of measuring the business value of their IT investments; but
maximizing the business value of IT investments is the primary objective of good
IT governance. A number of formal measurement methodologies exist for measuring
the business value of IT. Simple ROI or other financial metrics are not good
enough. By employing a consistent, repeatable, credible methodology, that both
the business users and IT are held accountable for and that measures projected
business value as well as the actual value delivered, organizations can
significantly improve their IT investment returns.
Many IT
organizations are under increasing pressure from the board of directors,
executive management, and business unit managers to demonstrate and improve the business value
of their IT investments. However, IT organizations still struggle to measure
business value. Many of the attempts to do so have been focused on ROI measures
at the front end as part of developing a business case for the IT portfolios
proposed investments - but these are only estimates of expected business value.
Actual delivered business value can only be measured by taking a life-cycle
approach, working with the business to measure actual benefits after the project
is complete.
Firms that
strive for best practice in IT portfolio management need to apply a credible
standard methodology across the enterprise to measure the business value of
investments, both when proposed and when delivered. The good news is that a
number of IT value methodologies have emerged that can be employed in the
portfolio management process. The key is to adopt one and begin using
it. - more info
IT Strategy is Based on a Grounded Infrastructure
If
companies are going to grow into entities that are truly greater than the sum of
their parts, they need to respond faster and smarter to market challenges with
better decision-making capabilities. One vital concern, which is often
overlooked in discussions of information visibility, is the need for stringent
alignment of departmental objectives with corporate strategy.
Business
activity alignment is the ability to take your theories and put them into
practice - in essence, taking the strategic plan and translating it into
tactical steps. This results in more clearly defined executive roles, as well as
an enhanced ability to leverage technology towards growth.
Additional
business benefits include achieving a balance of cost and investment towards
organizational goals; a balance between internal limits and external growth;
enhanced collaboration for better decisions and departmental alignment; and a
360-degree view of customers for better customer experiences as well as
marketing and sales efforts.
To ensure
alignment, management should focus on the development of a common set of metrics
within the organization, which naturally requires a common set of definitions.
Typically, different parts of the organization develop metrics specific to
themselves and their purposes - resulting in a lack of consistency in reporting
and an inability to aggregate information to senior management. According to a
2007 report 57 percent of companies do not have a common set of metrics to work
with.
The
challenges become apparent when management tries to aggregate departmental
information to make enterprise decisions. A lack of consistent definitions and
metrics makes it particularly difficult for management to determine which way
alignment needs to tilt, if at all. One caveat: small and midsize companies must
strike a balance between letting groups identify and define the best metrics for
themselves versus defining metrics in the best interests of the organization as
a whole.
The result
of strict alignment of activities with corporate strategy is that individual
departments are no longer paying lip service to the business plan; instead, it
serves as a coherent action plan, with all cogs working toward the same
objective instead of grinding the machine to a halt. - more info
Secuitiy Audit Starting Points
When
conducting a security audit there are some common areas that should be
reviewed. Included are:
-
Computer and network passwords. Is there a log
of all people with passwords (and what type). How secure is this ACL list, and
how strong are the passwords currently in use?
-
Emails. Are spam filters in place? Do employees
need to be educated on how to spot potential spam and phishing emails? Is
there a company policy that outgoing emails to clients not have certain types
of hyperlinks in them?
-
Physical
assets. Can computers or laptops be picked up and removed from the
premises by visitors or even employees?
-
Records of physical assets. Do they exist? Are
they backed up?
-
Data backups. What backups of virtual assets
exist, how are they backed up, where are the backups kept, and who conducts
the backups?
-
Logging of data access. Each time someone
accesses some data, is this logged, along with who, what, when, where,
etc.?
-
Access to sensitive customer data, e.g., credit
card info. Who has access? How can access be controlled? Can this information
be accessed from outside the company premises?
-
Access to client lists. Does the website allow
backdoor access into the client database? Can it be hacked?
-
Long-distance calling. Are long-distance calls
restricted, or is it a free-for-all? Should it be
restricted? - more info
Government Computers Hit by Virus Attack
WASHINGTON (AP) - Law enforcement computers were
struck by a Mystery computer
virus, forcing the FBI and the U.S. Marshals to shut down part of their
networks as a precaution.
The U.S. Marshals confirmed it disconnected from the Justice
Department's computers as a protective measure after being hit by the virus; an
FBI official said only that that agency was experiencing similar issues and was
working on the problem.
"We too are evaluating a network issue on our
external, unclassified network that's affecting several government agencies,"
said FBI spokesman Mike Kortan. He did not elaborate or identify the other
agencies.
Marshals spokeswoman Nikki Credic said the agency's
computer problem began Thursday morning. The FBI began experiencing similar
problems earlier.
"At no time was data compromised," said Credic. The
type of virus and its origin were not determined.
In addition to their external networks, most
federal law enforcement agencies have an internal-only network to prevent
cyber-snoopers from sensitive data.
In this incident, the Marshals Service shut down
its Internet access and some e-mail while staff worked on the
problem. - more info
Productivty Improvements Will Drive IT's Future Growth
Microsoft
CEO Steve Ballmer told developers in India that growth
will come from higher productivity and innovation when the economy begins to
recover. It is not clear when that recovery will take place but he added that
the IT industry will have a starring role to play in that recovery as customers
focus on improving productivity and innovation.
According
to Ballmer, the global economy is being "reset" in a "once in a lifetime" type
of economic change. IT accounts for 50% of capital expenditure in the
U.S. - more info
CIOs Change Focus of Staffing Requirments
With the recent changes in the economy, many CIO are
focusing staffing requirements on factors
like:
-
.NET, Java, PHP - It is not enough to know the core
languages. As projects encompass disparate functionality, IT professionals
need to know the big 3 of Web 2.0.
-
Rich Graphical Internet Applications
- Flash is suddenly being
used for more than just animations of politicians singing goofy songs. Flash
has also sprouted additional functionality in the form or Flex and AIR.
Flash's competitors, such as JavaFx and Silverlight, are also upping the ante
on features and performance. To make things even more complicated, HTML 5 is
incorporating all sorts of functionality, including database
connectivity.
-
-
Web services
- IT groups who cannot work with
Web services will find themselves relegated to legacy and maintenance
roles.
-
People skills
- Developers are being brought
into more and more non-development meetings and processes to provide feedback.
For example: the CFO cannot change the accounting rules without working with
IT to update the systems; an operations manager cannot change a call center
process without IT updating the CRM workflow. IT groups that can meet these
challenges will be much more valuable to their employers - and highly
sought after in the job market.
-
New programming languages
- Languages like Ruby, Python, F#,
and Groovy are not mainstream but the ideas in them are. For example,
the LINQ system in Microsoft's .NET is a direct descendent of functional
programming techniques. Both Ruby and Python are becoming hot in some sectors,
thanks to the Rails framework and Silverlight, respectively.
-
Flexible Methodologies
- Many CIO are either adopting
flexible SDM or running proof-of-concept experiments. IT groups with a proven
track record of understanding and succeeding in a flexible SDM environment is
a critical success factor.
-
Enterprise Operational
knowledge -
Hand-in-hand with flexible SDM methodologies, development teams are
increasingly being viewed as collaborators in the definition of projects. This
means that IT groups who understand the enterprise problem are able to
contribute to the project in a highly visible, valuable way.
-
Change Control and IT Service
Management - Thanks to the development of new,
integrated stacks, like the Microsoft Visual Studio Team System, and the
explosion in availability of high quality, open source environments,
organizations without these tools are becoming much less common.
-
Mobile development
- In 2008, mobile development left
the launch pad, and over the next five years, it will become increasingly
important. There are, of course, different approaches to mobile development:
Web applications designed to work on mobile devices, RIAs aimed at that
market, and applications that run directly on the devices. Regardless of which
of these paths you choose, adding mobile development to your skill set will
ensure that you are in demand for the
future. - more info
Rules of Engagement for Implementation of Social Networks
Rules
of Engagement for Corporate Implementation of Social Networks
- Try out the
applications - A
first step is to see the features and functions the existing social
networks. This includes:
- Blogger
- Facebook
- Linkedln
- Twitter
- UTube
- Wikipedia
This is like the
PC explosion of the 70s and 80s. If
the technology group does not set rules and standards, the user community will
take it upon themselves to integrate consumer apps into their work lives.
You may find it useful to try
out social networking with a low-cost pilot. Many open source tools are widely available to experiment
with. Another option is hosted applications, which are easy to get up and run, and
usually offer a small number of corporate licenses at a very low
price.
- Set Modest
Expectations - Do not promise management
that and enterprise social network
will unleash, ignite, or change the way things are done. Sell a project as a pilot, with the
option to walk away after a quarter or two if it does not work out. Set reasonable goals for user adoption, and
focus your initial deployment on a few groups that are eager for social
networking tools. Establish
pragmatic metrics and measure business value. This will be the basis for an
ROI analysis for senior
management's approval prior to rollout.
- Do not Let Fear Strangle Growth - Many enterprises are wary of open social networks because
they do not know what the networks will
evolve to. Some executive management worries that employees will overdo
the "social" aspects of these applications.
CIOs are tempted to police employee-generated
content, either through monitoring
or pre-approving posts. Resist that temptation; it will have a chilling effect
on participation. Employees need
time to grow comfortable with speaking up, sharing ideas, and participating in company-wide
conversations. A social networking project will likely wither before it has a
chance to grow if people fear the thought police.
- Develop
Open Social Networks - CIO and CFO have a tendency to control and
push to build gated networks,
but that approach defeats the
purpose of a social network.
- Build a Search Capability From Day
One - a poor index
and search engine makes the social applications less useful. A primary requirement is to have
strong "Google type" search capabilities and road maps. Allow for user-generated feedback such as tags
and content-rating systems,
because the point of social networking in business is to let people provide
input into the relevancy of content and people.
- http://www.it-toolkits.com/Security.htm - Have the ability to integrate existing data but balance
that with security and sensitive information policies and
procedures.
- more info
Disaster Recovery / Business Continuity is Not the Place to Cut Costs
In today's
business environment, many enterprises are looking for way to reduce their expenses by cutting
overhead. Often this takes the form of reducing headcount, particularly in areas
that are regarded as ancillary or non-core components of the
enterprise.
Disaster Recovery and
Business Continuity often are placed in that category and, as a result, can
be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and
Business Continuity team losing
staff members, or a part-time Disaster Recovery and
Business Continuity manager with less time to spare from the day job,
Disaster Recovery and Business Continuity programs can be neglected and will
quickly become out of date and ineffective, particularly in a rapidly changing
organization. As anyone who has ever had to manage a Disaster Recovery and
Business Continuity event knows, there are few things more useless than an out
of date Disaster
Recovery and Business Continuity plan.
Of course,
it is hard to make a case for Disaster Recovery and
Business Continuity at a time when core functions are under pressure, but
maybe that is just when it should be on the radar even more than usual. With
share prices shaky and credit hard to find, the last thing any organization
needs right now is the damage to its reputation and credibility that could arise
from failing to effectively manage a high profile disruptive
incident.
Arguably,
during a recession companies are at their most vulnerable, which makes it the
worst time to neglect anything, which contributes to resilience or reduces risk.
However, if an organization is under financial pressure, how can it square the
circle and achieve those reductions in overhead costs while still maintaining
the effectiveness of its Disaster Recovery and
Business Continuity program. - more info
Controlling Costs Driven by IT Infrastructure
There
have been significant improvements in the tools available to support IT systems
and improve the efficiency of IT
help desks. In the area of enterprise wide applications or datacenter
support services, vendors are increasingly looking to proactive and preventive
support tools and utilities to provide the high-value support services required
to avoid costly downtime situations. This technology, if deployed correctly, can
accelerate a shift away from reactive maintenance to proactive and preventive
support services, which can improve the efficiency of the current internal IT
support staff, thus reducing the amount of time and resources that need to be
dedicated to supporting the current environment.
-
Virtualization Virtualization can provide enterprises
with immediate cost avoidance as it can improve the utilization of the IT
infrastructure.
-
Help desk Automated tools can
help in the support and the remediation of problems. By deploying these tools,
enterprise can optimize the size and the responsibilities of help desk
personnel.
-
Support
Portfolio Optimizing what is supported can provide enterprises
with immediate cost savings. - more info
Best Practices for Data Protection May Not be Enough
A best practice solution for
data protection is to use encryption to prevent the unauthorized from having
access to information. However, encryption has a major weakness when it comes to
information protection. When information has only been encrypted, once it is
decrypted the authorized user
cannot be prevented from doing whatever they like with the information. In
fact, it is impossible for the sender of encrypted information to prevent its
misuse by the authorized recipient. Therefore, while encryption controls are
extremely valuable in some situations, they are not the answer to all the
questions.
In
addition, CIOs use access controls to try to protect information for which
the IT group is the custodian. Access controls only really work inside the
enterprise. Once you get outside the enterprise's network, it is almost
impossible to maintain that control. Access controls were invented back in the
mainframe era, they are simple, all or nothing limitations - read, write,
append, delete, execute. They do not have the granularity control of a Digital
Right Management (DRM) system. If you have access, then it is total and
unmanaged. - more info
Security policies for workstations become more complex
Many IT security policies require
a multi-pronged approach to data security. For example, when setting up a new
computer for a user, the IT department will require a BIOS (Basic Input/Output
System) password for the system before the computer will start. BIOS password
security varies in functionality. Some are computer system specific, meaning
that the computer will not start without the proper password. Other BIOS
passwords are hard disk drive specific, meaning that the hard drive will not be
accessible without the proper password. Some computer BIOS employ one password
for access control to the system and the hard disk drive. To add a second level
of protection, new IT security policies require full hard disk drive encryption.
The most common of full hard disk encryption software operates as a memory
resident program. When the computer starts up, the encryption software is loaded
before the operating system starts and a pass-phrase or password prompt is
required. After a successful login from the user, the software decrypts the hard
disk drive sectors in memory, as they are needed. The process is reversed when
writing to the hard disk drive. This leaves the hard disk drive in a constant
state of encryption. The operating system and program applications function
normally, without having to be aware of any encryption
software. - more info
Audit and security requirements of business partners
Electronic data that is transferred
between an enterprise and its business partners are considered business
records and have specific audit and security requirement. Included are:
-
Ability to recover files from the
archive log to ensure non-repudiation by partner
-
Ability to access audit trails to
prove compliance
-
Ability to access weekly compliance
reports for each partner
-
Facility to encrypt sensitive files
in transit
-
Ability to support all security
protocols used by all trading partners
-
Ability to control access by
certifying partners for file transfer - more info
Security is Driven by Shifting Trends
The Information Technology environment has changed
significantl, as several trends have dictated the need for a more robust
approach to corporate security
policies, including:
-
A trend towards mobility of information,
-
Theft of IT assets arising from a proliferation of mobile
devices,
-
Increasing data privacy and data security concerns,
and
-
Regulatory compliance mandated by recent
legislation.
These factors have made it necessary for network
administrators to design and implement comprehensive security policies to keep
pace with the changing IT landscape. Effective solutions for these multifaceted
problems require a layered approach comprised of products, policies and
procedures that can work in concert to provide organizations with the broadest security blanket
available.
A missing computer can result in compliance and privacy
issues that can be very costly for organizations that store confidential data,
including enterprise, government, healthcare and educational institutions. There
is a relationship between computer theft, regulatory compliance and data
security. CIO and CSO must can combine policy, encryption,
IT asset management and remote data deletion capabilities.
- more info
CIOs Do More With Less
Getting the
most out of overworked and understaffed IT departments is a challenge. Now that
we live in a period of economic turmoil, it is easily seen that most IT
departments have to rise to the challenges of IT management with the existing
number of people they have, or, more likely, even fewer.
IT organizations can ill afford to waste precious IT staff
resources on relatively mundane tasks. What is required is a structured approach
and infrastructure to automating as many IT processes as possible, with an eye
towards creating a set of processes for managing core technology assets that
frees members of the IT staff to concentrate on activities that add more value
to the business.
Many IT
organizations are caught up in a cycle of IT service and support that is
anything but efficient. In fact, an ad hoc approach to IT support that meets SOA
guidelines and ITSM requirements more often than not leads to a demoralized IT
staff that begins to resent having to repeatedly perform the same routing
tasks.
With
everything that is happening today, it is clear that any help in the form of
additional IT personnel is not likely to come. That means that existing IT
personnel have to find a different approach to supporting the needs of the
business without compromising the quality of the services they
provide.
With those
goals in mind, it is critical for IT organizations to plan their approach for
delivering IT services by utilizing tools that proactively solve problems and
resolve issues before they first generate a trouble ticket, and inhibit end-user
productivity. - more info
Security Best Practices For Dealing with Terminated Employees
Janco
recommends taking these steps to ensure that systems will be secure and data
will be protected when employees exit:
-
Clearly and completely document each worker's access to the
network, applications, servers and the physical
building.
-
Shut down remote connections, including pcAnywhere systems and
VPNs.
-
Invalidate usernames and
passwords.
-
If the employee worked in IT, change root access and network
access.
-
Shut down external access to the telephone
system.
-
Make sure handhelds, smartphones and cell phones are turned in
along with PCs and laptops.
-
Collect ID cards.
-
Use monitoring software to keep an eye on network
traffic. - more info
States Implement Data Security Regulations
Massachusetts,
Nevada, and New Jersey are in the process of imposing security regulations on
businesses. In the case of Nevada, personal data must be encrypted if it is
transmitted outside of a enterprises network. New Jersey is phasing in a set of
data security mandates over a two-year period.
The most stringent is Massachusetts was written to apply to
all organizations that handle the data of Massachusetts residents, whether the
businesses are based in the state or not. The Massachusetts Office of Consumer
Affairs and Business Regulation (OCABR) has specified a long list of steps for
protecting personal data and require companies to create wide-ranging internal
security programs and policies. In addition, the OCABR defines personal data: as
an individual's name along with his Social Security or driver's license number,
or with a financial account number. In Nevada, bank and credit card numbers must
also be accompanied by a PIN or password to meet the state's definition of
personal data.
 
These regulations in these three states are expected to
spawn a host of me-too measures in other states. - more info
How to outsource successfully
Before going down the outsourcing path and selecting a vendor,
you should:
-
Improve your internal operations
before you consider outsourcing. There is no reason to leave easy savings for
the outsourcer.
-
Implement a performance metrics and
evaluation process. Establish metrics, evaluation processes and frequency for
monitoring service-level performance.
-
Implement service level agreements
(SLA). Establish base line obligations for achieving specified targets for
key-performance metrics and penalties for missing
SLAs.
-
Identify outsourcers that have
experience in your industry and enterprise size.
-
Create a model contract that has
everything that you need including termination penalties the outsourcer must
pay if they do not meet you SLA metrics.
-
Identify incentives that could be
available to the outsourcer if they perform at or above established service
levels.
  - more info
Security Threats Addressed by Janco
With the ever-increasing complexity of systems and
multiple modes of access to business information, your enterprise security
measures require ongoing attention, review and support. One of the greatest
security challenges until now has been identifying all assets across the network
to ensure coverage. Most automated tools on the market provide incomplete data
and lack prioritized recommendations for remediation. In fact, typically:
- 75%
of network devices are out of compliance with corporate policy
- 30%
of network devices are End-of-Sale (EOS) and 20% are End-of-Life (EOL)
- 25%
of all devices are undocumented and unprotected by maintenance contracts

There are many
threats, which all network users are exposed. Many of these are masquerading as
valid application traffic and past traditional firewalls, which focus on network
layer access. Today attacks are
more dynamic, which necessitates deeper packet inspection and prevention
strategies across multiple network layers.
Combining expertise in security software, security appliances, and
multi-core processors is necessary to address these
issues. - more info
1984 is just a few years too late
Google Inc. unveiled Google Latitude, an upgrade to Google Maps
that allows people to track the exact location of friends or family through
their mobile devices. Google Latitude not only shows the location of friends,
but it can also be used to contact them via SMS, Google Talk or Gmail. Add to that the proactive advertizing
which is being tested and everything that George Orwell wrote about is about to
come true.
Pro-active advertizing is an approach for large
screen billboards to be aligned with cameras that with face recognition software
adjust what they are advertizing.
Many people will see pro-active advertizing and
Latitude as great solutions, but the reality is that companies have yet again
failed to deliver strong privacy and security. As it stands right now, Latitude
could be a gift to stalkers, prying employers, jealous partners and obsessive
friends. The dangers to a user's privacy and security are as limitless as the
imagination of those who would abuse these two
technologies. - more info
Telecommunting Losses Some of its Luster
Telecommuting has lost some of its luster as companies have
begun to cut back and both employees and contractors see the importance of being
visible to both management and key user groups. However, there still are benefits
to both the enterprise and the staff member from telecommuting. They are:
-
Reduced
infrastructure costs as enterprises increase head count for savings associated
with less office space, equipment, furniture, and related support
expenses.
-
Increased
staff productivity with are reduction in travel time plus the benefit of staff
availability during non-work hours.
In addition, it has been found that workers who work from home put in
more time than those who just come into the office.
-
Increased
ability to hire individuals outside of an enterprise's traditional labor pool
markets.
- more info
Job Picture Not Good - How Long Will Recession Last?
The
unemployment rate jumped to 7.2 percent in December, the highest in 16 years,
and will keep climbing as more corporations announce major job cuts.
|
Company ©
2009 Janco Associates |
Job Cuts last week |
|
Microsoft |
5,000 |
|
Intel |
6,000 |
|
United Airlines |
1,000 |
|
Caterpillar |
5,000 |
|
Home Depot |
7,000 |
|
Sprint Nextel |
8,000 |

-
Microsoft Corp. said it planned to
cut thousands of jobs because of the recession, adding conditions were so
uncertain that it could not accurately forecast its earnings and revenue for
the coming six months. (MSNBC.com is a Microsoft-NBC Universal joint venture.)
-
Intel Corp. said it plans to cut up
to 6,000 manufacturing jobs.
-
United Airlines parent UAL Corp.
said it would get rid of 1,000 jobs, on top of 1,500 axed late last
year.
-
Caterpillar said it was slashing up
to 5,000 jobs on top of several earlier actions. They added that earnings slid as
mining companies and other customers scaled back purchases amid slumping
commodity prices, the credit freeze and tough market conditions. The results
reflect the troubled state of the global economy as Caterpillar's products are
used worldwide in a range of industries.
-
Home Depot Inc. said it is cutting
7,000 jobs and closing its smaller Expo chain as the recession continues to
batter the nation's housing market. The cuts will affect about 2 percent of
its work force.
-
Sprint Nextel Corp., the No. 3 U.S.
mobile service provider, said it would eliminate up to 8,000 jobs, or about 14
percent of its workforce, under a plan to cut labor
costs. - more info
|