Disaster Recovery Template Sarbanes Oxley
Sarbanes Oxley Compliance Tool Kit
Information Technology Service Management ITSM - Change Control, Help Desk, and Service Request
Security Template Sarbanes Oxley
Sensitive Information Policy Personal Data Security

RSS News Feeds

Janco

IT Productivity Center

ejobdescription -

  psrinc

  IT-Toolkits

  Disaster Recovery Planning

 

 

 

IT Infrastructure - News

 


November 10th, 2007

Wireless opens new vulnerabilities

 

WiFi SecurityWireless networking lets employees roam around the office with their mobile devices, moving seamlessly from conference room to office to common area without ever losing access to network data, email and the Internet.

 

The problem with this is wireless signals can be picked up by outside parties. Internal devices that exchange data with the wireless hardware are already behind the gateway firewall, so intrusions that exploit a wireless signal can have devastating results in terms of data theft.

 

Wireless encryption standards include Wired Equivalent Privacy (WEP) and WiFi Protected Access (WPA), the former is an old protocol that is fairly easy to crack with readily available tools; the latter is a more flexible and powerful technology.

 

The latest wireless networking products support both and include firewall and other security features, too.

- more info 


November 10th, 2007

IE 7 Offers News Security Enhancements

 

Browser Market ShareIE 7 has a focus on security

Windows Vista built-in web browser, Internet Explorer 7 (IE7), includes security enhancements designed to protect users from phishing and spoofing attacks. In protected mode it helps prevent data and configuration settings from being deleted or changed by malicious websites or malware.

 

 

Integrity level Description

Integrity Level

Description

Low

Not trusted

Medium

Default for most standard user processes

System

Unrestricted access to the system

High

Administrative process can install files

 

Internet Explorer 7s Four levels of Mandatory Integrity Control

 

- more info 


October 23rd, 2007

Metrics Drive Productivity

Metrics are Key to Performance

Performance management is the strategy and methodologies that an organization uses to direct its employees, partners, suppliers, and customers to achieve a common set of goals and objectives. Companies manage performance through various mechanisms, including planning, budgeting, scorecarding, querying and reporting results and variances. Each of these activities involves making data collected by transaction systems available in a context and format that transforms the data into actionable business information.

Janco believes all performance management initiatives must address an interrelated set of people, process, information and technology issues. This HandiGuide focuses on both.

- more info 


October 13th, 2007

Centralized Password Reset is a Must for Smart Phones

Security ManualThe Janco Security Manual address issues like centralized password control for smart phones.  The central establishment and enforcement of password policies provides the greatest authentication security to the enterprise. When controlling password policies from a centralized function or location with wireless capability, administrators can quickly and easily control policies for a broad array of users, without ever having to handle the end users device.

 

Ideally, policies could establish and enforce a variety of password parameters, including minimum length and alphabetical/numeric characters. Additionally, policies should:Security Audit

  • Require a new password after a designated length of time.
  • Require a password distinct from passwords recently chosen by the user.
  • Require password entry after a designated amount of idle time or device shut-off.
  • Establish a maximum limit of failed password attempts before the handheld clears all application data or requires unlock only by an IT administrator.

On the administrative side, an administrator should easily and wirelessly be able to reset the device for users who have lost their passwords or whose smart phones are lost.

- more info 


October 3rd, 2007

How Do You Audit the Mobile Work Force

Secrity Audit ProbramHow do you audit your Security Standards given the notebook computers which are available todayu are enabling businesses to further blur the distinction between an in‑office worker and a mobile worker. For instance, the latest model notebooks incorporate dual‑core processors that deliver the computational power to run business productivity applications as well as complex financial analysis and computer‑aided design applications.

The processing power in these notebooks gives users the flexibility to work from a client site, on the road, in a hotel room or at home. At the same time, the availability of residential broadband services and wireless hotspots lets these users share their work with colleagues and allows them to connect to company networks. But thereÂ’s the catch. The combination of increased connectivity and mobility could expose computers to todayÂ’s growing security threats.

Mobile systems, like their desktop counterparts, need protection from viruses, worms, Trojans and spyware. And the users of these systems must also be protected from system vulnerabilities and other hacker exploits. However, protection is getting more complicated as hackers are turning to special wireless snooping tools and blended threats that use a combination of different attacks to steal information or corrupt mobile systems.

- more info 


September 25th, 2007

Internet Growth Rate Slowing Down

Internet Traffic(University of Minnesota) Despite more demand for video and other bandwidth saturating content, Internet traffic growth rates are slowing down, according to a new Web site at the University of Minnesota. The Minnesota Internet Traffic Studies site shows that Internet traffic growth rates have settled in at about 50% to 60% in the United States and worldwide as the Internet matures. That's a far cry from the doubling rates every year or even every 100 days that some claimed in the mid-to-late 1990s.

- more info 


September 19th, 2007

IT Service Management is key to Success

IT Service Management is not for the faint of heart. Support professionals, help desk staff, and even network administrators, already consumed with a barrage of break-fix requests, must also manage a constant stream of challenging user administration tasks. Add to the mix the responsibility for deploying or upgrading new user accounts, software, and equipment, and you have the conditions for every harried IT professionals perfect storm.

IT Service ManagementStandardizing your organizations approach to creating, maintaining, and removing end user accounts and managing assets is an excellent method of streamlining such responsibilities. Best of all, the time you save administering accounts and tracking equipment can be dedicated to addressing migrations, upgrades, outages, failures, and other crises. But where should you start?

Fortunately, much of the work has already been completed. Janco Associates IT Service Management Template for a Service Oriented Architecture defines what small and medium businesses and even large enterprises require to efficiently manage day-to-day IT Service Management tasks.

The template includes:

  • Service Requests Policy

  • Service Request Standard

  • Help Desk Policy

  • Help Desk Standards

  • Help Desk Procedures

  • Help Desk Service Level Agreement

  • Change Control Standard

  • Change Control Quality Assurance Standard

  • Change Control Management Workbook

  • Documentation Standard

  • Application Version Control Standard

  • Version Control Standard

  • Internet Policy

  • e-Mail Policy

  • Electronic Communication Policy

  • Blog & Personal Web Site Policy

  • Travel and Off-Site Meeting

  • Sensitive Information Policy

- more info 


September 13th, 2007

Vista Not Selling as Well as XP When It Was Released

IT InfrastructureSales of boxed copies of Windows Vista continue to significantly trail those of Windows XP during its early days, according to a soon-to-be-released report.

(c/net news.com) Standalone unit sales of Vista at U.S. retail stores were down 59.7 percent compared with Windows XP, during each product's first six months on store shelves, according to NPD Group. In terms of revenue, sales are also down, but the drop has been less steep, at 41.5 percent. The findings largely mirror the sales pattern NPD saw for Vista during its first week on the market in January.

- more info 


August 28th, 2007

Security Took a Major Hit with a Microsoft System Meltdown

Security(Computerworld) Security took a major hit with a 19-hour blackout of the Microsoft Corp. servers that identify copies of Windows XP and Vista as legitimate or counterfeit shows that serious flaws exist in the process and raises questions about the reliability of Microsoft's services.

The system that validates Windows XP and Vista erroneously fingered users as pirates, preventing them from downloading most software from the Microsoft Web site, and in the case of Vista, disabling several features, including the operating system's Aero graphical user interface. Windows users lit up Microsoft support forums with more than 450 messages, some of which were collected in threads have been viewed by as many as 45,000 people.

Microsoft had not explained the problem with the Windows Genuine Advantage (WGA) servers, although on Saturday the program manager promised that after the team had generated a fix, he would get you all what you are looking for, an explanation and cause.

- more info 


August 17th, 2007

ISO 17799 is not fully compliant with SOX

ISO 17799 SOXISO 17799 is not 100% fully compliant to the list of all SOX requirements, as SOX was conceived in the USA and targeted especially if not only for USA-based companies and not mandatory for European ones, while ISO standards are thought as international standards to be applied by all corporations from all countries.

 

Question arises which standards should you comply with and will it be enough?

- more info 


August 1st, 2007

Simpson Movie Drives New Spam Blast

Spam Attacks(Network World) -- Spammers are jumping on the success of The Simpsons Movie to trick e-mail users into validating their addresses, so they can then send them more spam.

Since the launch of the movie spammers have been sending messages with an embedded picture of Homer Simpson in his underwear. The text asks if the recipient plans to see the new movie and to fill out a related survey by following an embedded link. If the recipient clicks on the link, the Web site records the e-mail address -- now knowing that there is a valid user -- and sends the address more spam.

The spam message also promises to award a prize to those who fill out the survey, according to antispam vendor SpamFighter, which caught a The Simpsons Movie spam in its filters.

While this new spam blast uses a hot pop culture topic to entice recipients, the purpose of the spam is a throwback to the early days of e-mail abuse. Unlike phishing scams of late that try to extract personal or financial information from users or e-mails with hidden malware that installs bot nets on unsuspecting PCs, the Simpsons scam does nothing more than validate the legitimacy of the address, and then spam some more.

Another recent abuse that used the release of a Harry Potter novel and film to entice recipients was also comparatively benign; the W32/Hairy-A worm infected PCs and displayed a file that said Harry Potter is dead, among other messages, but did not download malware or attempt to extract information from the user. - more info 


July 27th, 2007

Disaster Plan - Business Continuity Template Meets Sarbanes-Oxley Mandated Requirements

Disaster PlanningThe Disaster Recovery / Business Continuity Template version 4.3 has just been released.  Janco contiues to update its templates to meet the ever changing requirements of the business environment.

With this new version a fully indexed PDF copy of the template is now provided in addition to the two versions of WORD (2003 and 2007). 

The updates to the template included:

1.      Defined generic metrics for DR/BC success

2.      Business & IT Impact Analysis Questionnaire Updated

3.      Updated references to DRP card

4.      Updated formatting to meet WORD 2007 requirements

 

The version history for updates to template can be seen at http://www.e-janco.com/drpversion.htm and the full Table of Contents with sample pages can be downloaded at http://www.e-janco.com/Register_drp.asp .

- more info 


July 18th, 2007

Senators renew quest for Net neutrality rules

Patriot Act(CNet)  - The Net neutrality skirmish that swallowed up so much of Congress' technopolitical agenda last year may be gearing up for a comeback. A pair of senators who led the divisive push for the new regulations want everyone to know they haven't forgotten the cause.

Sens. Byron Dorgan (D-N.D.) and Olympia Snowe (R-Maine) aired their views in a joint letter (PDF) filed with the Federal Communications Commission just before the Monday deadline for remarks on an open inquiry into "broadband industry practices."

The senators said they were pleased that the FCC was showing interest in the issue but "would have preferred the commission take the more concrete step of proposing rules to guarantee Internet freedom."

Internet freedom, in the senators' view, is the idea that a broadband operator like Comcast or AT&T should be legally prohibited from charging, say, YouTube extra fees to have its services prioritized over other online video sites. In recent years, cable and telephone companies have said it may be necessary to pursue such a business model to recover investments in new infrastructure, and they don't want regulators dictating how they manage their pipes.

Back in January, Dorgan and Snowe reintroduced their Internet Freedom Preservation Act, which would bar such arrangements. (A Republican-controlled Congress repeatedly defeated similar efforts last year.) The senators said they would still push for passage of that bill but called on the FCC to take "affirmative action" to reinstate "nondiscrimination rules that applied to Internet providers for years."

The FCC, for its part, has already adopted four "broadband connectivity principles" in summer 2005, which dictate consumers should generally be allowed to access the Web applications of their choosing and hook up the devices they please. But Chairman Kevin Martin agreed in March to open an official inquiry into whether stronger language should be added--drawing complaints from the FCC's two Democratic commissioners, who wanted a bolder commitment on the spot.

Martin has made it clear he believes no new regulations are needed and that his agency already has ample authority to police any complaints about discrimination that arise. The Federal Trade Commission recently reached similar conclusions after finishing its own inquiry. That report, however, doesn't appear to be derailing plans by Rep. Edward Markey (D-Mass.) to reintroduce his own Net neutrality bill sometime after Labor Day.

The senators' letter was one of more than 27,000 comments that have poured into the FCC since it opened its inquiry into the issue this spring. According to a statement Tuesday from the advocacy group Free Press, which also supports strict nondiscrimination regulations, more than 95 percent of those filings came from individuals on its side.

- more info 


July 3rd, 2007

The Big Advantages and Big Challenges of VoIP

VoIP, because of its complexity and relative immaturity, is unpredictable and a bit less stable than traditional voice networks. And nobody wants to take chances with their corporate voice service. In limiting the disadvantages, perhaps the most important single step is to perform a baseline network study before designing and implementing systems. Even the best VoIP network will be undermined if the infrastructure on which it rests is flawed or inadequate. Other suggestions are to make sure switches and routers are configured correctly and to use Ethernet switches that offer quality of service features. In cases in which the telecommunications network will be part of the mix — for instance, the use of VoIP in scenarios in which branch offices and headquarters are linked — make sure VPNs based on service level agreements are in place. - more info 


June 20th, 2007

HIPAA audit at hospital riles health care IT

HIPAA(Computerworld) -- An audit of Atlanta Piedmont Hospital that was initiated by the U.S. Department of Health and Human Services in March is raising concerns in the health care industry about the prospect of more enforcement actions related to the data security requirements of the federal HIPAA legislation.

The audit was the first of its kind since the Health Insurance Portability and Accountability Acts security rules went into effect in April 2005, joining data privacy mandates that were already in place. The security rules require organizations that handle electronic health data to implement measures for controlling access to confidential medical information and protecting it against compromise and misuse.

Neither Piedmont nor the HHS has confirmed that the audit was launched, and few details about it have been disclosed publicly. But an HHS document obtained by Computerworld shows that Piedmont officials were presented with a list of 42 items that the agency wanted information on.

Among them were the hospitals policies and procedures on 24 security-related issues, including physical and logical access to systems and data, Internet usage, violations of security rules by employees, and logging and recording of system activities. The document also requested items such as IT and data security organizational charts and lists of the hospital's systems, software and employees, including new hires and terminated workers.

- more info 


June 4th, 2007

Keeping compliant in a Web 2.0 world

Sarbanes Oxley(Computerworld) -- As instant messaging, blogging and wikis move into the corporate mainstream, vendors are responding with a slew of new technologies to arm companies intent on tracking and controlling these new forms of communication.

These include software that can warn employees if they are about commit an infraction, such as using profanity or sending out confidential company documents in e-mail. Such software can be set to warn or block some employees but not others, depending, on for example, their rank.

Other software can decide in real time whether to allow or block employees -- again based on their position, title, or similar parameter -- from sending files via e-mail, or printing them or saving them to a portable device such as an USB thumbdrive.

Still other companies plan to offer services that can monitor and censor offensive pictures or videos sent as e-mail or IM attachments by using pools of overseas workers who would open and view all attachments.

- more info 


May 31st, 2007

Getting Rid of Old Computers

(Computerworld) -- Residents in Wylie, Texas, had no problems getting rid of their old computers: They just threw them in the trash.

But that approach was costing the city more and more in landfill and hauling fees, particularly during the citys semiannual Cleanup-Greenup campaigns, when residents would toss their junk into Dumpsters bound for landfills.

As the city tried to cut costs, they discovered that companies that recycle computers and other electronic waste charge less than those hauling junk away to landfills. The city recycled 15,000 pounds of computers, printers and other such e-waste the first time it offered the service, at its April 2006 Cleanup-Greenup day. It collected another 7,000 pounds of e-waste last fall and 10,500 pounds this past April.

- more info 


May 29th, 2007

Preliminary Salary Survey Results Show IT Is A Good Place to be

 2007 Salary SurveyJanco in its preliminary analysis is finding that IT professionals are doing better now than any time since the dot com bust. Victor Janulaitis, the CEO of Janco said, For the first time since the dot com bust there has been a significant increase in demand for IT Professionals. Hiring is up across the nation as companies begin to focus on business expansion and addressing the needs caused by the expansion of technology into every facet of the business environment.

The full 2007 Mid Year IT Salary Survey will be released on June 18th. The preliminary findings of Janco are:

  • Salary increases in the range of 2.5 to 4.5% are now the norm for high performers.
  • Enterprises of all sizes are now increasing their training budgets.
  • Hiring for all levels of IT professionals in all sizes of enterprises has increased significantly.
  • A little over 76% of top (executive level) IT professionals have received bonuses in excess of $5,000 in the last 12 months.
  • Enterprises are starting to open the hiring gates as application and project backlogs build up and enterprises see continued growth.
  • Demand is high in the internet and network areas of e-commerce, voice/wireless communication, object programming, data security and data warehousing as enterprises try to prepare for Web 2.0 and of the new wireless technology.
  • In Janco's prior reports, they found a number of baby boomers who had planned on retiring in 2003 and 2004 but did not are now starting to retire.

Janco has been conducting salary surveys since 1997 and continues to use the same methodology in order to provide consistent information to its clients. The survey is produced twice each year - once in January and once in July. Janco also has full job descriptions that are available for purchase. More information can be obtained on Janco's web site http://www.janco.com/salary.htm.

- more info 


March 6th, 2007

SIM Targets Shrinking IT Workforce in U.S.

(Computerworld) -- With a national IT labor shortage likely to emerge over the next decade, the Society for Information Management is extending its IT career programs to high school students.

Several demographic studies indicate that labor shortages are possible. For example, AMR Research Inc. found that 76 million Americans will reach retirement age during the next 10 years. And SIM predicts that enrollment in college IT courses is dropping by 40% annually.

Meanwhile, the U.S. Department of Commerce Office of Technology estimates that about 2.5 million IT jobs will have been created in the U.S. between 2000 and 2010. The AEA estimates that the number of IT workers stood at 5.6 million at the end of 2005.

To help address the anticipated IT labor shortfall, SIM plans this year to expand its college IT career programs to high school students.

The organization intends to reach out to high school students and guidance counselors by drawing upon a program created by its Dallas chapter, said Leo Collins, SIMs vice president of advocacy and communities of interest.
- more info 


January 27th, 2007

ISO 17799 Compliant DRP / Business Continuity Template Released

 

Disaster Planning The ISO 17799 compliant Disaster Recovery Planning (Business Continuity) Template is Version 4.2.  The template has increased in size from 140 pages in version 3.1 to 189 pages in the current version. 

 New with this version of the Disaster Recovery Planning Template are:

  • Added Section defining the ISO 17799 compliance requirements
  • Reviewed and modified entire DRP/BCP template to ensure compliance with ISO 17799
  • Business & IT Impact Questionnaire updated to meet ISO 17799 compliance requirements
  • Added Best Data Retention and Destruction Practices section
- more info 

 

 




Other News Links

CTO Toolkits.com
e-janco.com
IT Productivity.org
IT-Toolkits.com
ejobdescription.com
psrinc.com
psrorders.com
newsgroupworld.com
ntcity.com
disaster-planning-template.com
disaster-recovey-planning.org
disaster-recovery-planning.com
disaster-recovey-planning-template.com
 

 

 IT Salary SurveyIT Hiring IT Job Descriptions IT Salary SurveyMetrics Internet ITJob Descriptions IT Salary DataIT Business Strategic Alignment

© 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 01/10/08.