IT Infrastructure - News

• The mean compensation (which includes bonuses) for all executive IT positions surveyed now is $143,847 in large enterprises and $128,730 in mid-sized enterprises. (Large enterprises have over $500 million in revenue and mid-sized have are $100 to $499 million in revenue).
• Hiring demand has increased for executives (especially in mid-sized enterprises).
• In the last twelve (12) months the greatest increases in compensation were at the executive levels of large enterprises.
• CSOs (Chief Security Officers) executives are in high demand in large as well as line IT executive management in enterprises of all sizes.
• The mean compensation for Chief Information Officers (CIOs) in mid-size enterprises has decreased with a significant increase in demand.  This typically means that enterprises feel their existing CIO are not worth what they are being paid and they are willing to hire new CIOs at significantly higher levels of compensation that will be worth the additional cost.
• The positions in the highest demand are at the executive levels of mid-size enterprises with the focus continuing to be line operations and mandated security requirements such as Sarbanes-Oxley, HIPAA and PCI.
• Mid-sized enterprises are searching for Network Control Analysts, Systems Programmers, Production Control Analysts, Change Control Analysts, and Web Analysts.
• In mid-sized enterprises the mean total compensation has moved risen slightly from $75,076 to $75,362.  At the same time in large enterprises the median compensation has also moved up from $80,078 to $81,631.
• Baby boomersÂ’ are now starting to retire.
• The new target top compensation CIOs now is over $2,000,000 a year (data source SEC filings of public corporations) continues to increase.

Order Now ......

Read On ....

• What regulatory, social and political issues affect reward design and strategy?
• What are the current philosophies of reward and recognition for different levels of the workforce?
• What internal needs and pressures require us to rethink rewards?
• How can we ensure that rewards are aligned with strategic priorities?
• How do rewards help to build core business competencies, capabilities and performance to underpin competitive strength?
• What aspects of reward/compensation help to differentiate us from competitors?
• Where are best sources of total reward good practice?
• What gaps are revealed in our reward approaches compared with leading organizations?
• What issues are we trying to address by improving reward and compensation?
• What is best practice in planning and implementing a total reward strategy?
• What are the key roles and relationships in reward functions?
• What different kinds of reward capabilities, responsibilities and accountabilities are required?
• How are approaches to reward changing and why?
  What will organizations be doing differently in two-to-three yearsÂ’ time?

Asking the right questions is a start. However, you also need answers that help you devise smart solutions.

• Work environment and culture are taking on new significance for the rising generation. Google and others have rethought work for the web era.
• Pensions Â… companies are tackling the death of the final salary pension plan.
• Benefits Â… some companies find ingenious ways of delighting their staff, without breaking the bank, Â… gyms plus health checks, doctors and dentists on site, advice and education on tap can result in up to three times return on investment in lower absenteeism rates.
• Engagement strategies ... define companies that take an inclusive approach to rewards.
• Reward frameworks ... innovative pay, benefits, personal development and working environment solutions.
• Bonuses ... how to structure bonus schemes that improve rather than undermine performance.
• Benchmarking cost and value ... every company wants costeffective solutions.
• Discover how benchmark surveys can help.
• Recognition ... why a little recognition goes a long way for companies.
• Promoting loyalty ... what you can learn from bestemployer league tables.

In order to place what would normally be a long distance call to a person who doesn't have VoIP service you key in the number you want. The analog telephone adapter converts the touch tones into a digital format. The digital phone number is sent by the analog telephone adapter to the VoIP routing system at the service provider's location. The VoIP service provider is located on the internet as well.

The VoIP service provider's routing system identifies the recipient's location and sends the call to the Public Switched Telephone Network (PTSN) at that location. The phone rings at the other end and the conversation can begin. Each time you speak, the analog to digital converter in the analog telephone adapter changes the voice tones into packets of digital information that can be transmitted across the internet. When the VoIP service meshes with the Public Switched Telephone Network at the recipient's end, t

The reverse process, i.e. the transmission of what the other person says to you is a mirror image of the first process. Their voice is transformed from analog to digital when it gets to the PSTN/internet connection. The digital packets are sent to the analog telephone adapter at your location where they are converted back into an audible or analog signal to be able to perceive the voice as that of your caller.

The technology to do the conversion from analog to digital and back again has been around as long as digital electronics. For example, your PC sound card converts digital CD information to analog signal needed by the speakers on your computer. The difficult part of the VoIP technology is the necessity to smoothly transmit the digital data over the internet and reassemble it in a continuous stream. This is know as the protocol.

When listening to voice transmission, there can be no gaps in the stream of digital packets or the voices will not be understandable. This part of the technology has only recently been available, but is actually equal or better in quality than you get with standard telephone networks.

The equipment available today that uses VoIP technology can be an analog telephone adapter for your head set through the computer. There are a few VoIP phones that act like a regular analog telephone but have the ATA incorporated into the phone. It's actually a small dedicated personal computer in your telephone. These VoIP phones can be plugged into the computer with high speed internet connection or into the router.

For an in-depth analysis of this global trend, read the annual McAfee Virtual Criminology Report. We've consulted with more than a dozen security experts at the world's premier institutions-NATO, the FBI, SOCA, The London School of Economics, and the International Institute for Counter-Terrorism-to get their insights on the complexities of the dark side of the Internet.

• The increasing cyber threat to national security
  An estimated 120 countries are leveraging the Internet for political, military, and economic espionage activities. Cyber crime has expanded from isolated attacks initiated by individuals or small rings to well-funded, well-organized operations using sophisticated technology and social engineering. Are we in the midst of a cyber cold war?
• The increasing threat to individuals and industry
  As more of us rely on the web for shopping, banking, socializing, and carrying on everyday business activities, cyber criminals are capitalizing on every opportunity to commit fraud, identity theft, and extortion. Ingenious cyber criminals have evolved “super-strength” threats that are harder and harder to detect and can be modified on the fly. And, emerging technologies like voice over IP and smartphones are fostering new threats like "vishing” and “phreaking.” How will these developments affect consumer trust and purchasing behavior?
• Hi-tech crime: a thriving economy
  Existing in parallel with legitimate ecommerce is a thriving underground black market economy run by cyber criminals. Greedy, malicious online fraudsters don't even need computer skills or a great deal of money to launch an attack. They can buy customized Trojans that steal credit card information, and botnets can be bought, sold, and leased. And the stolen data itself is bought and sold like any other commodity. But zero-day threats that exploit unpatched vulnerabilities are the biggest cause for concern of all. Should these activities eventually be legalized?

More than ever, software applications enable the language of commerce; companies of every size, in every industry, depend on enterprise applications to execute virtually every aspect of their business in today’s global marketplace. With the average Global 2000 corporation operating between 250 and 500 packaged and custom applications genuine risk lurks beneath the façade of a well-oiled software machine.

Companies spend millions of dollars implementing enterprise software, but after their deployment, many applications are minimally managed until they are stricken by downtime. In fact, application problems are the single largest source of IT downtime.  The analyst firm Gartner estimates that 40 percent of unplanned downtime is caused by application issues. The business impact can be devastating – among Global 2000 companies, application downtime costs each organization an average of $40.7 million per year, or 3.6 percent of revenues.

Network performance management solutions typically measure and report on the four factors that most directly affect application performance in a network environment:

• Bandwidth Consumption measures the bandwidth consumed by each application task. If the sum consumption exceeds available bandwidth on a given link, adjustments need to be made to bandwidth or non-essential traffic. Most application performance management tools provide these measurements by five- or fifteen-minute intervals. However, application tasks cannot be equated to these intervals since dozens of tasks could occur during an interval period. This data is nonetheless extremely useful in gauging, for example, whether an application is bandwidth-sensitive by dividing the total bandwidth for an interval by the number of application turns.

• Application Turns are an extremely important application metric. Each request/response pair on a network is called a “turn.” For each turn, the application must wait the full round-trip delay of the network between the client and the server. The greater the number of turns, the slower the application will perform. Excessive turns on overburdened networks further slow down the network and are extremely detrimental to application performance. Therefore, lowering the number of application turns can dramatically improve network performance and, subsequently, end-user application response times.

• Application Sensitivity uses bandwidth and turns information to help network managers determine whether the applicationÂ’s sensitivity is to bandwidth or latency factors. A bandwidth-sensitive application passes large amounts of data between client and server, and can be identified as such if increases or decreases in bandwidth significantly change the application response. Latency-sensitive applications can be measured by the number of round-trip turns (RTT) required to complete an application task.

• Application Efficiency is determined primarily by protocol efficiency factors including a small TCP window and small frame sizes. Other elements that impact an applicationÂ’s effect on the network include low utilization of memory caches on client machines, and unnecessary data transfers.

In fact, research firm IDC expects worldwide shipments of tera­byte storage capacity to grow more than 50% annually through 2010.

Companies are facing several challenges as a result of this explosion:

• As business units launch new applications, they request dedicated storage capacity. The result is underutilized storage resources in some sectors and overtaxed arrays in others.
• Storage systems are deployed as needed, which raises man­agement complexity issues when IT departments are dealing with multiple vendors and multiple sites.
• New technologies, such as storage area networks, are not well understood as yet and can also increase complexity for administrators.
• High-speed disk arrays are expensive, and as data loads grow, business management is pushing for IT departments to control costs by matching data to appropriate storage devices based on its relative value to the company.

In its report, which is dated Nov. 26 (download PDF), ChangeWave said that 24% of the respondents said they plan to increase their IT purchases in next year's first quarter compared with the current one. However, that percentage is much lower than the corresponding figures for the first quarters of the past four years, when the level of respondents planning to increase spending ranged from 34% to 43%.

Fifty-one percent of the respondents to the latest survey said that their spending levels will remain the same in the first quarter, while the remaining 5% said they didn't know what their budgets would look like.

In an order that was sealed but has now become public, U.S. District Judge Stephen Crocker rejected the Justice Department's subpoena for details on Amazon's customers and their purchasing habits. Prosecutors had claimed the details would help them prove their case against a former Madison, Wisc., city official charged with tax evasion related to selling used books through Amazon.

The subpoena is troubling because it permits the government to peek into the reading habits of specific individuals without their prior knowledge or permission, Crocker wrote in June. Amazon filed the lawsuit to quash the grand jury subpoena.

It is not hard to understand why: According to a 2006 study by the Ponemon Institute, data breaches cost an average of $4.7 million per incident and are predicted to cost even more in the future. That's not the sort of outlay any IT pro wants to own.

Data breaches are indicative of an underlying trend: a movement away from hobbyist attacks... to targeted financially motivated attacks, said Amrit Williams, CTO of enterprise security company BigFix and a former IT security analyst for Gartner. When you have a motivation that's driven by financial gain, the goal is to be quiet. You do not want to be seen. What the attackers are after is not to bring systems down. They are after the information itself.

Symantec's number two security trend for 2007 is Windows Vista, which has seen 16 security patches since its introduction. Both Symantec and McAfee foresee more attention being paid to Vista by malware writers as Vista adoption continues.

Third on Symantec's list is spam, which reached record levels in 2007, according to the company. That may seem improbable given the vast sea of spam in which we have been swimming for the past few years, but spammers' fortunes are buoyed by their ever-rising tide of unwanted messages. Thus, we now have to contend with spam in new bulky flavors; image spam, PDF spam, MP3 spam, and greeting card spam -- that strains server resources even further.

A tasty irony: Offline, the mafia has long been involved with garbage collection; online, the cyber mafia is in the business of garbage generation and it's the security industry that makes a killing cleaning up.

A member of the Fujacks cybercrime gang once boasted, This is a better money-making industry than real estate.

To sustain that business and improve margins, cybercriminals are creating professional attack kits. That is the fourth-ranked trend on Symantec's list. Forty-two percent of phishing Web sites observed in the first half of the year were associated with three phishing toolkits, according to Symantec. Kits like WebAttacker and MPack make malicious expertise available globally in an instant, with the only requirements being a download, some IT savvy, and contempt for the law.

Keeping with the professionalization of cybercrime are the fifth, sixth, and seventh ranked security trends of 2007: phishing, exploitation of trusted brands, and bots, respectively. Phishing sites rose 18% in the first half of the year, according to Symantec, and the bots conquered Estonia in May, albeit briefly.

The eighth-ranked trend of 2007, as Symantec sees it, is Web plug-in vulnerabilities.

Number nine gets back to the professionalization of cybercrime: The creation of a market for security vulnerabilities. WabiSabiLabi aspires to be an informational eBay  for legitimate buyers to obtain information about security flaws that is not yet public knowledge. If the market works, and it appears to be doing so, companies may discover that the cost of security is more than they expected.

Finally, the last item on Symantec's list is virtual machine security. Virtualization is all the rage, because of perceived benefits in terms of cost and flexibility of management. Security is in there too, but there's some debate about whether virtualization creates security problems, too. Symantec expects malware writers will give the skeptics some ammunition as they find ways into virtualized systems.

Looking ahead, Symantec sees storm clouds, which proves convenient for a company that sells umbrellas, so to speak. It expects election season social engineering to victimize computer users in 2008. It foresees increasingly sophisticated bots that can host phishing sites on the compromised computers of unwitting consumers, have fun explaining that to the FBI when they seize your PC.

Web-based threats will continue, Symantec expects, particularly as browsers become more uniform in the way they respond to scripting languages like JavaScript. And cross-site scripting exploits work, so malware writers can be counted on to continue making use of them.

As mobile phones, particularly smartphones with complex operating systems, continue to become more popular, Symantec sees hacker interest following. What luck that security companies are already offering mobile security software.

And like McAfee, Symantec expects attacks on virtual worlds to rise. There is already a thriving market for virtual goods and it's probably a safe bet that the FBI won't send agents to recover your stolen gold or Axe of the Gronn Lords.

Such threats will not be fixed by products. Experts expects that the IT security story of 2008 will be the convergence of security and systems management. It is too costly, difficult, and challenging to maintain separate infrastructures.

The petition filed by Vuze, which uses the BitTorrent peer-to-peer protocol to distribute Web content, asks the FCC to set rules for network management by Internet service providers. Vuze's filing late Wednesday follows reports last month that cable broadband provider Comcast Corp. slows some peer-to-peer traffic, including BitTorrent.

Broadband providers often promote their services as being necessary for watching video online, but then they slow access to a service like Vuze's, said Vuze's vice president of marketing. They say that they're engaging in reasonable network management, but what they're doing is slowing down some traffic, he said.

Vuze, which has partnerships with several movie studios, television networks and PC game makers, wants to start a dialogue about what kind of network management is allowed, added the company's CEO. But he said the FCC needs to prohibit large-scale content blocking, or what BianRosa referred to as traffic throttling.

The ISPs cannot decide unilaterally what to do with third-party Internet services such as us.  We need to work with them to design a solution that works and is fair.

By blocking or slowing video and other Web content, Internet service providers are fighting against customer demand for more multimedia services. We think that ISPs are spitting into the wind with that kind of approach. This kind of blocking has to stop.

(Computerworld) Two consumer advocacy groups have asked the Federal Trade Commission to investigate whether new advertising initiatives announced last week by social networking sites MySpace and Facebook adequately protect consumer privacy.

In a letter to FTC Chairman,  the Center for Digital Democracy and the U.S. Public Interest Research Group claimed that the ambitious new targeted advertising schemes launched by MySpace.com and Facebook Inc. make clear the advertising industrys intentions to move full-speed ahead without regard to ensuring consumers are protected.

The founder and executive director of the Center for Digital Democracy, said that by launching the advertising plans, MySpace and Facebook are thumbing their noses at the FTC and consumer privacy rights by allowing marketers to customize advertisements based on data provided by users in their profiles on the social networking sites.

MySpace and Facebook are like the digital data equivalent of Fort Knox for Madison Avenue marketers, he said. It is a kind of one-stop data shop for marketers. They know your interests, your politics and what movies you like. It is a much more rich array of content that marketers simply should not have automatic access to.

Security audits can be done either internally or by outside consultants. A number of companies, such as Janco Associates now offer a security audit program and several companies, such as, the IT Productivity Center, now offer software and checklists that can be customized for an organization is important. Customization is important because every enterprise is different and there is no one-size-fits-all approach to creating or auditing security policies and procedures. There are also books on the subject, such as Janco Associates Security Manual Template."

The IT-Toolkits.com web site also includes a detail security audit program at http://www.it-toolkits.com/Security.htm, as well as a number of other security-related checklists.

The Carnegie Mellon^® Software Engineering Institute (SEI) announced the release of CMMI^® for Acquisition (CMMI-ACQ), Version 1.2, a CMMI model designed for use in managing a supply chain by those who acquire, procure, or otherwise select and purchase products and services for business purposes. This model is a continuation of work to define best practices for organizations that acquire products and services or outsource development and support, which was work begun in a partnership between General Motors and the SEI.

CMMI-ACQ provides guidance to acquisition organizations for initiating and managing the acquisition of products and services that meet the needs of the customer. The model focuses on acquirer processes and integrates bodies of knowledge that are essential for successful acquisitions.

CMMI-ACQ provides an opportunity for acquisition organizations

• To avoid or eliminate barriers and problems in the acquisition process through improved operational efficiencies
• To initiate and manage a process for acquiring products and services, including solicitations, supplier sourcing, supplier agreement development and award, and supplier capability management
• To utilize a common language for both acquirers and suppliers so that quality solutions are delivered more quickly and at a lower cost with the most appropriate technology