The proliferation of laptops has put more organizations at risk: Janco predicts that laptops will account for more than 50 percent of the PC market in 2009 and expects that overall notebook sales in the U.S. will surpass desktop sales in that same year. Every year hundreds of thousands of laptops are either stolen or left behind in taxicabs or at hotel rooms. Last year alone, 300,000 laptops were reported lost or stolen in the U.S., with less than 2 percent ever recovered. A laptop theft is not just a loss of a thousand dollars of hardware - it is the missing data that can really set one back by days, in addition to potential security issues. An organization that automatically backs up data from all PCs ensures that an organization/person can quickly recover from a stolen or lost laptop and be up and running in no time.

Included in the standard audit program are two policies (one paragraph long) which need to be implemented to meet PCI DSS security requirements.  The policies are for "Sensitive Data" and "Record Management (Retention and Disposition)" -- the ones provided in the standard package  are shorthand versions of the full polices contained in other Janco products which are available individually or in the premium and gold versions of the PCI Audit program.

Both the Premium Version and the Gold Version include copies of Cornerbowl Software's award winning product Network Event Viewer.

Read on...

Order Now $149 - $1,099

Lehman Brothers' Information and Communications Technology (ITC) costs rose 18% in 2007 from 2006 to reach $1.145 billion, reflecting increased costs from the continued expansion of its investment management systems, according to filings by the bank. In the quarter ended Aug. 31, the New York-based company spent $309 million on technology and communications, up from $282 million in the same period last year.

Sorting out the future of Lehman Brothers' IT financials could prove easier than winding down its ITC investments. Meanwhile, Lehman Brothers' bankruptcy is likely to have a profound spillover effect to the IT industry.

The security concerns are multiple:

• The "Big Brother" aspect that a machine now has gone beyond the text log file to one that is a visual log which could invade the privacy of someone who is looking up some medical records or financial records
• The prospect that someone who wants to "steal your identity" can now know what sites that you have visited so they can get information from you easier.
• The prospect that Google will have a way to capture the information on places that you go so they could sell directed "spam-class" advertizing.

Wharton also supported the proposition that the skill composition of IT work is at least partly responsible for both the higher rates of IT-related oursourcing as well as a greater likelihood that IT offshore outsourcing leads to the displacement of domestic workers than offshoring of work in other professions.  IT jobs tend to have less need for physical presence and are therefore more often moved overseas for cost savings. This not only makes IT jobs more likely to be offshored, but also substantially increases the likelihood that the offshoring of location independent IT services is accompanied by a displacement of domestic IT workers. However, even within IT occupations there is substantial heterogeneity – programmers and software developers are more likely to be displaced, while systems analysts who more frequently interact with other functional areas and are more reliant on interpersonal skills are more likely to be retained.

When it ships, IE 8 will work on Windows Vista, Windows XP, Windows Server 2003 and Windows Server 2008 systems only. According to Microsoft, IE 8 is supposed tp be Microsoft's most standards-compliant release of its browser to date. Microsoft is undoing much of the non-standards-based coding it had included in previous IE releases,.  As of yet, it is not known yet how many existing sites and applications that are IE specific will not render correctly with IE 8. But Microsoft has been trying to get the word out to developers to check for compatibility before the final IE 8 release goes live.

IT Compliance Management Software Suite
Sarbanes-Oxley, HIPAA and ISO 27000 Series Compliance
Auditing and Monitoring Tools
Works with Vista / Window XP / Server

Janco has found that fewer than 40% of all organizations practice capacity management and planning as an ongoing management discipline. This is often due to the labor-intensive nature of the capacity management discipline and the lack of automated tools.
Although often associated with storage, capacity management addresses the entire end-to-end IT infrastructure of servers, switches, various appliances, network bandwidth, and applications. Effective capacity management must keep pace with the growth of all the elements of the IT infrastructure, not just storage. It also must take into account business and market factors that can impact infrastructure performance and availability.

Many development organizations view security as a one-time activity during the development process. In these cases, security becomes the responsibility of one group within the organization, such as the QA team or internal audit department. Once the group signs off on an application, the organization considers it secure. However, web applications are not static systems. Changes to web applications create risk, and what was once secure can now be vulnerable. If security is a onetime activity, a vulnerability that enters the system after the audit can go undetected. Instead, you need to view application security as a process, included throughout the development lifecycle in order to create secure web applications. Add security into the practices of every team member associated with developing and running your web applications.

A study by Reserarch Concepts has found:

• Data breach prevention is a top priority: More than 80% of those surveyed rated protecting corporate data as an important initiative. By comparison, only 38% of those surveyed ranked complying with governmental regulations as very important.
• Data breach is common and costly: Fully 25% of those surveyed indicated that their organization had experienced a data breach in the past and more than 60% of IT managers felt that a data breach would cost their organization in excess of $10,000. Nearly 65% were very concerned that a data breach would result in public embarrassment and media scrutiny for their organization.
• Preventative measures are consistently undermined by employees: According to IT professionals surveyed, less than one in 100 employees consistently follow company data and computer security policy. More worrying is the fact that 72% of respondents felt that employees were responsible for the majority of data breaches.

Janco had a detail PCI Audit program included in its templates.

Although you can't entirely avoid card-related risk and compliance issues, you can lessen their impact by limiting storage of credit card numbers and reducing the overall scope of the PCI Standard on your organization. By eliminating all card numbers or only holding limited card data in a very small subset of your entire network, you can greatly narrow risk exposure and potentially reduce the impact of the PCI Standard on your organization.

• Server Consolidation - Server consolidation typically results in protocols such as CIFS (Common Internet File System) running over the WAN. CIFS, which was designed to run over a LAN, is a chatty protocol. In particular, the way that CIFS works is that it decomposes all files into smaller blocks prior to transmitting them. The server sends each of these data blocks to the client where it is verified and an acknowledgement is sent back to the server. The server must wait for an acknowledgement prior to sending the next data block. As a result opening a file that would take a fraction of a second before consolidating servers would take tens of seconds after the servers have been consolidated.
• Decentralized Work Force - Branch office workers need access to the same applications as do workers in a headquarters facility. However, the combination of consolidating servers into centralized data centers while simultaneously decentralizing the work force means that the vast majority of workers now access applications over a WAN instead of a LAN. The fact that there is a movement both to consolidate data centers and to move to a single-hosting model for applications has the effect of increasing the distance between remote users and the applications they need to access. This increased distance translates into additional WAN latency, jitter and packet loss. The impact of increasing the distance between the user and the application is often not well understood.
• Globalization - Combining globalization with server consolidation and a decentralized work force results in an even longer WAN link, and hence more WAN latency, between the remote users and the applications they need to access.
• Voice over IP (VoIP) - Users have come to expect 100% voice availability, fast call set-up and excellent quality. However, VoIP is very sensitive to network parameters such as delay, jitter and packet loss. As a result, when run over a packet network, voice does not always perform as well as it does when run on a circuit-switched network.
• Service-Oriented Architecture (SOA) - In a Web services based application, the Web services that comprise the application typically run on servers that are housed within multiple data centers. As a result of housing the Web services in multiple data centers, the WAN impacts multiple traffic flows and hence has a greater overall impact on the performance of a Web services-based application than it does on the performance of traditional n-tier applications.

The 11 areas of audit focus objectives are:

• Corporate Security Management

• Systems Development and Maintenance

• Information Access Control Management

• Compliance Management

• Human Resource Security Management

• Information Security Incident Management

• Communications and Operations Management

• Organizational Asset Management

• Physical and Environmental Security Management

• Security Policy Management

• Disaster Recovery Plan and Business Continuity

• Assumption: A job search will take no time at all or I have nothing to worry about.
  
  Reality: There is no guarantee how long it will take to find a new position many have found that an easy job search can take between 3 to 6 months... Finding the right opportunity is easy. You might find the right position but there is no way to ensure that you are even offered the job. Many hiring managers may take several weeks to respond to your application. After all, they have full-time jobs with demands of their own, and hundreds, if not thousands, of resumes to review.
  
• Assumption: I am so skilled and in so in demand that I need to send out only a few resumes.
  
  Reality: Finding a job is a numbers game and the more resumes you send out and the more peers that know that you are looking the greater the chances are that you will find and be offer the right job. A hiring manager may receive countless resumes for an open position. That is why it not smart to hold out for the "perfect" job, which you might not find - which might not even exist – or which you are not offered.  At the same time as you send out resumes, networking with members of your professional network is one way to maximize your time and effort. Many hiring managers give preference to personal recommendations and may move your resume to the top of the pile if someone you know puts in a good word for you.
  
• Assumption: The resume and cover letter sent out are perfect and need no changes
  
  Reality: Each cover letter should be customized for the enterprise, the hiring manager, and the position desired.  Enterprises look for results and view them as the reason that they most often hire IT Professionals.  At the same time the results should be directed towards the position that you are looking for. 
  
  A resume is employment and education chronology and should be no longer than 1 page and the cover letter so be directed to the enterprise and should stand out in a positive way to the hiring manger.  After reading both the hiring manger needs to be left with the thought that "I need to know more about this candidate.
  
• Assumption: My skills are in high demand and are needed by almost every company.
  
  Reality: You are one of many – supply and demand are driven by factors outside of your control.  A common mistake may IT professionals make is overestimating their marketability. Although they may think their skill set is solid but they may not be the best of the best.  Value and results performance are what drive success in IT and the hiring manager needs to see that you provide the best value for the salary in any given position.

Adobe said that it is committed to open architecture and by passing the copyright to ISO they now have a product that competes with MicrosoftÂ’s Office Open XML, a proprietary XML-based document format it built for its Office 2007 productivity suite, to the ISO. The ISO approved OOXML on April 1 in a controversial vote that is still being contested by some of the standards bodies that took part in it.

A group calling itself "NetDevilz" claimed responsibility for the hack, which Thursday morning temporarily redirected visitors to the sites for IANA and ICANN (Internet Corporation for Assigned Names and Numbers).

Users who tried to reach iana.com, iana-servers.com, icann.com and icann.net were shunted to an illegitimate site. According to a screen capture of the defacement snapped by zone-h.org, the bogus site simply displayed a taunting message claiming ownerhship of the assignment processes.

• Install a robust firewall and SPAM filter at the front end of the corporate mail server
• Improve SPAM filters on both desktops and smart phones
• Provide company owned laptops and smart phones that have robust SPAM filtering software and
• Limit the accessibility to POP and non-company mail servers

Without systems in place to keep applications and data flowing after a natural disaster or other interruption, a business risks losses that extend far beyond a manufacturing plant or data center. Many businesses incur ongoing financial loses, damage to a businesses' reputation, and possible regulatory and legal sanctions. In a worst-case scenario like 35% of the companies that FEMA estimated, a company can find its existence threatened.

How can an organization tackle disaster recovery and business continuity issues effectively? How can it develop a strategy that reduces risk and increases the likelihood of success? And how can it devise a roadmap for coping with constant change? There are no easy answers, but the Disaster Recovery Planning Template with the Security Manual  Template are a step in the right direction.