• Higher operating expenses and reduced productivity
• Exposure to security problems such as malware
• Exposure to legal risks due to inappropriate material  
• Wasted bandwidth to support the misuse
• Unlicensed software when users download and install software from the internet
• Reputation risk from social networking which can create opportunities for employees to leak confidential information or spread damaging rumors online

According to an annual survey of top CIOs from multinational Fortune 1000 companies conducted by Goldman Sachs & Co., networking equipment emerged as one of the greatest potential areas for cost reductions in 2009. The CIOs surveyed also indicated an intensified focus on projects involving total cost of ownership (TCO) reductions, such as server virtualization and server consolidation. Faced with severe budget constraints, many CIOs also are delaying product upgrades and technology refreshes, despite the fact that OEMs continue to release next-generation products in increasingly rapid-fire succession.

As a result, increasing numbers of corporations are embracing asset recovery strategies as part of their recession survival tactics. Corporate network budgets, in particular, can be willing recipients of a welcome boost from asset recovery since high-end routers and switches retain more value than many other types of hardware. The keys to maximizing the value of surplus technology in a down economy are determined by how, when and where to offload unwanted gear as well as identifying the partner that can offer top dollar for extraneous equipment along with unparalleled responsiveness and superior customer attention.

Metrics should form the core of an IT performance scorecard and should center around:

• Alignment of IT initiatives, investments, and operational support to the strategy of the enterprise
• Value added that IT brings to the enterprise
• Cost of new initiatives versus the cost of maintenance of existing processes
• System availability and ease of use
• Health of systems and IT function

... employers announcing job cuts have initiated more cost-cutting measures than employers that have not cut payrolls. Companies that made permanent job cuts averaged an additional six cost-cutting measures. Meanwhile, companies that have avoided layoffs averaged less than three cost-cutting measures.

"There is a perception out there that some companies have not made sufficient efforts to avoid layoffs by making cutbacks in other areas. This perception is fueled, in part, by a handful of examples of companies announcing job cuts while, at the same time, rewarding top executives with large salaries, bonuses and extravagant perks. However, these examples represent the exception," said Challenger chief executive officer.

"It would also be a mistake to assume that companies avoiding layoffs are doing so out of kindness. While forging good will is certainly part of the decision for some companies, many have simply cut to the bone already or never fully ramped up after the last downturn. Other companies may have more workers than they need for current business levels but are reluctant to enact widespread layoffs, knowing that a recovery will mean recruiting and training all new workers.

"This may be why we have seen an increase in the number of companies cutting salaries and other perks. It is a lot easier to restore compensation and benefits than it is to re-hire and re-train workers when the economy improves."

PCI as a robust security standard has potential benefits beyond its immediate requirements. A generic application of its principles can fulfill other regulatory requirements for information security and privacy.  PCI compliance is mostly information security best practices. However, there is quite a bit of devil in the details of the PCI requirements. There are over 250 detailed testing procedures.

Penalties for noncompliance include higher transaction processing fees, fines, and, in extreme cases, denial of credit card processing capabilities. Violators also face legal fees, civil lawsuits, customer rejection and related revenue loss, and other costs and losses.  Understanding the PCI authority structure is important in maintaining control over PCI strategy and audits.

The PCI DSS security requirements apply to all "system components." A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Server types include, but are not limited to the following: web, database, authentication, mail, proxy, network time protocol (NTP), and domain name server (DNS). Applications include all purchased and custom applications, including internal and external (internet) applications.

The U.S. Marshals confirmed it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem.

In addition to their external networks, most federal law enforcement agencies have an internal-only network to prevent cyber-snoopers from sensitive data. Government regulations require agencies to report any security issues to US-Computer Emergency Readiness Team (US-CERT).

To protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances. 

At the same time, the company also reminded users that it's dumping the Office Update site at the end of July, part of an effort to streamline update options.

Office 2000 falls off the support list on July 14 -- which is also Microsoft's "Patch Tuesday" for that month -- as it leaves what the company calls "extended" support. From that point on, Microsoft will no issue fixes, not even ones for critical vulnerabilities; instead, it expects users to move on to a newer suite.

By policy, Microsoft supports business software such as Office for a total of 10 years, half in "mainstream" support and the second half in the more limited support. Security updates are delivered for the entire 10-year stretch.

Microsoft launched Office 2000 in June 1999.

Most executive managements and IT professionals believe the risk of having lost or stolen laptops will most likely increase or stay the same (i.e., not improve) over the next 12 to 24 months.

However, search engines are optimized to search web pages and documents and they still fall short inside the enterprise when you consider the additional IT assets stored in applications and other real-time sources of information like databases and ERP Systems. These systems remain "unsearchable" by many current search solutions and largely remain the domain of operational reporting and business intelligence software.

• Application maintenance and support
• QA and testing
• Application development and migration
• Technical and database support
• Helpdesk support

The remaining time is spent primarily on desktop, network and security support.
Moreover, the average IT operational budget for application software is about 14.5%. 70% of the average application software budget is spent on application maintenance and support, while about 30% of the application budget is spent on new development.

• Develop relationships - Learn the culture - On the first few days on the job you should spend over 50 percent of your time outside of your office listening to the people who are there.  Go to lunch with your peers, direct reports, superiors, and key players in your user community.
• Get away from the IT Department  - You have replaced someone who either was a star or a "loser" understand why your predecessor succeeded or failed and why.  Your user community will tell you and at the same time you will an insight in their mind set are as well as how easy or difficult it will be to deal with them.
• Get an independent assessment of the IT function  - Everyone has their own opinion of how good (or bad) the function is, your job is to quickly gain an understanding of it.  By using a third party you can insulate yourself from calls that there are disagreements.  You in essence become a tie breaker and can show that you are in charge.
• Learn the infrastructure  - Understand how things are done, review job description, review the chage control process, and understand the prioritization process.
• Develop a plan which will let you create some wins quickly  - This will be one of the only times that you can set the agenda and at the same time you can get yourself some breathing room.  Be careful to not over commit.

Because e-mail and IM applications are operated by individual users who can make bad calls on which files are safe to open, network defenses can be circumvented. Viruses sent via e-mail spread very quickly, overcoming workersÂ’ computers and creating unplanned Disaster Recovery activity for IT departments.

As quickly as e-mail viruses spread, IM worms spread even faster. Although an e-mail virus can send itself to entire address books, they require some action by the user before the malware is activated. IM applications, however, are open channels, and a link or file pops right into someoneÂ’s desktop from a friend or colleague.

The business world is dependent on e-mail. More businesses are starting to rely on IM in their internal and external communication strategies. These platforms are not going away anytime soon. So, to take advantage of them and stay connected, spam filters and antiviral measures that scan incoming and outgoing e-mails address part of the security risk. Add IM management software and integration with firewall, secure remote connectivity, intrusion detection and prevention, and youÂ’re well on your way to a productive, safe network for your business.

Computers or machines are easier to measure since there are little to no subjective factors. But with organizations, and especially with people, the subjective factor becomes more and more important and frequently, even if the best methodology is used, the results obtained from metrics are, to put in mildly, questionable.

Who Needs IT Service Management Metrics

Metrics are used in management because they are useful. Metrics are not applied just out of curiosity but because investors, managers and clients need the data.

There is no doubt that metrics are useful only when they are true. I guess you have heard Mark Twain's quote about "lies, damned lies, and statistics" (or in this case - metrics). True metrics are achieved via using reliable methodologies. It is useless just to accumulate data and show it in a pretty graph or in animated slideshow. This might be visually attractive but the practical value of such data is null.

However, even when the best IT Service Management metrics methodology is used, deviations are inevitable. Therefore, one should know how to read the data obtained from metrics. It is also true that metrics, including IT Service Management metrics, can be used in a manipulative way, so one should be really cautious when he or she reads metrics and above all - when making decisions based on these metrics.

There is substantial pressure and scrutiny on all IT expenditures. However, despite this increased attention, organizations must still comply with ever more strict privacy and audit demands. One of the areas that need the most attention is the unsecure notebook PCs population that is at high risk of theft or loss. The amount of data and the ability to access corporate systems places old notebook computers among the greatest risks that an organization faces.

With the cost of hardware plummeting, and the cost of compliance issues and breaches skyrocketing, "saving money" by running a risky end-user computing environment may not make sense. CIOs can and should make the  case for the twin benefits of meeting compliance and audit demands, while reducing operating costs by deploying new laptops for your mobile workforce.

Today, accepting the loss or theft of one laptop, PDA, SmartPhone, USB storage device, or tablet computer is simply not an option. A missing device can result in compliance and sensitive data protection issues that may be very costly to an enterprise's reputation and bottom line. Enterprises need to be able to accurately track their computers, know who is using them, what is installed on them, and be able to prove the actions taken to secure computers remain deployed and intact until the computer can be located.

The FAA announced the theft of personal information on employees and retirees. Two of the 48 files on the breached computer server contained personal information about more than 45,000 FAA employees and retirees who were on the FAAÂ’s rolls as of the first week of February 2006.

The server that was accessed was not connected to the operation of the air traffic control system or any other FAA operational system, and the FAA has no indication those systems have been compromised in any way.

CIOs are now challenged more than any time in the past with the economic earthquake around the globe CIOs have to be smarter, creative and innovative. The only way for CIOs to survive the world economic reset in a knowledge age is to capitalize on our human capital, put their staffÂ’s creativity to work, stoke our innovative furnace. There are many ways to fuel the creative fires - from management techniques, to team building, and effectively leveraging existing and emerging technological investments.  However, the key is infrastructure.  CIOs that have a one that address metrics, change management, version control, system development methodology, service management, and human resources have a better chance to make it through these tough times.

Privacy violation statistics indicate that the number of incidences and costs associated with data breaches are increasing steadily, proving that organizations across industries need to take a more pragmatic approach for protecting information, especially in highly vulnerable non-production (development, testing and training) environments. Data in non-production can be more susceptible to a breach when it is used in development and testing activities, accessed by mobile employees or outsourced.

There are a number of best practices action steps that should be followed:

• Define responsibilities as to who is the “center post” in security for data.
• Define privacy and security requirements for your enterprise
• Inventory data, both electronic and physical
• Implement policies, procedures, and process to secure data
• Test robustness of policies, procedures, and processes
• Review at least annually

At the heart of an improved productivity is an effective Service Level Agreement (SLA) and performance metrics process that:

• Measures the right performance characteristics to ensure that the client is receiving its required level of service and the service provider is achieving an acceptable level of profitability
• Can be easily collected with an appropriate level of detail but without costly overhead
• Ties all commitments to reasonable, attainable performance levels so that "good" service can be easily differentiated from "bad" service, and giving the service provider a fair opportunity to satisfy its client.

The Metrics for the Internet, Information Technology and Service Management HandiGuide® is over 300 pages, defines 540 objective metrics, and contains 83 metric reports that show over 240 objective metrics.  Order Now