Special Offers

 

IT Service Management

CIO Productivity Bundle

IT Hiring Resource Kit

Sarbanes-Oxley Compliance Resource Kit

DRP & Security Bundle

Job Description Bundles

Metrics - Outsourcing - Service Level Agreements (SLA)

Tools to Focus IT

 Prior Special Offers

NEWS -- Internet & IT Job Descriptions HandiGuide 2008 has just been released Over 210 Job Descriptions in a new easy to read and modify format.  Available in PDF, WORD 2003, and WORD 2007 formats.  Styles sheets used to maximize the ease of use.  The CIO, CTO, CSO job descriptions have been updated to comply fully with Sarbanes-Oxley and the new ISO Security Standards.  New job descriptions include Chief Compliance Officer (CCO) and Director of Sarbanes-Oxley Compliance.
Read on.....

News - Latest  Stories Published in XML Feed -

SPAM and Disaster Recovery Planning
 

SPAM is an never ending problem that continues to evolve.  Disaster plans need to take this into account.  Once the recovery starts, one to the common things that are lost are user spam filters.

 

 The first record of e-mail spam dates back as far as 1978 and, although spam began in earnest in 1994, the recent history of the spam "problem" actually began about 2002. In early 2002, spam represented about 16% of all e-mail sent over the Internet; by early 2008, spam represents between 87% and 95% of all e-mail.

 

Clearly, the key to stopping spam will be technology-based solutions, not legislation or legal prosecution of spammers. However, not all anti-spam technologies are created equal. Some are better than others either in spam capture efficiency and/or in generating a minimal number of false positives. While conventional spam-filtering technologies can stop a large proportion of spam, spammers continue to battle against even the cutting edge of these technologies, necessitating newer and better techniques to stop the problem.

- more info  

Drive Support for IT Service Management to Remote Sites
 

Overall service management needs to inclue remote sites.  In order to accomplish that you should:

•   Understand all applications in use. Many remote sites have legacy applications that have not been brought into the office.
• Understand Bandwidth requirement. Before deploying any technology to remote offices that will increase the WAN load, understand each sites traffic profiles.
• Create disaster plans for each site. What will each site do if they lose their primary line or phone connectivity?
• Understand remote sites data silos. Critical information often ends up stored on local servers or, worse, on local machines, because of convenience or ignorance.
• Do not dictate from on high. Bringing remote sites into the mix and listening to feedback and concerns helps to focus priorities and set the foundation for collaborative technologies.
  

- more info  

Breach Protection and Identity Management
 
Organizations are being challenged by growing user populations of employees, customers, contractors, suppliers, and partners each requiring access to increasing numbers of IT applications and processes. This has spurred the need for technology that can manage identities while securing controlled access to resources based on rights and privileges. Additionally, regulatory mandates such as Sarbanes-Oxley, HIPAA and Gramm-Leach-Bliley in the US, EU data privacy regulations and banking industry Basel II in Europe, J-SOX in Japan and Payment Card Industries standards on a global basis has affected the way organizations manage their business processes. Compliance challenges are further complicated by requirements to audit and scrutinize user access to data and applications based on user attributes. What can be done?

Password management is the gateway to managing identities and therefore is often considered to be the initial step in identity and access management related projects. - more info  

Security at What Cost?
 

Electronic Frontier Foundation and Asian Law Caucus, two civil liberties groups in San Francisco, filed a lawsuit to force the government to disclose its policies on border searches, including which rules govern the seizing and copying of the contents of electronic devices. They also want to know the boundaries for asking travelers about their political views, religious practices and other activities potentially protected by the First Amendment. The question of whether border agents have a right to search electronic devices at all without suspicion of a crime is already under review in the federal courts.

The lawsuit was inspired by some two dozen cases, 15 of which involved searches of cellphones, laptops, MP3 players and other electronics. Almost all involved travelers of Muslim, Middle Eastern or South Asian background, many of whomÂ… said they are concerned they were singled out because of racial or religious profiling.

- more info  

Most Data Breaches Caused By IT Administrators and Business Partners
 

Inside security breaches create more security violations than those of outsiders say a security breach analysis study published by a major telephone carries.

• External breaches pose the greatest threat (73%), but achieved the least impact (30,000 compromised records

• Insiders breaches pose the least threat (18%), and achieved the greatest impact (375,000 compromised records - plus 50% of these are as a result of IT Administrators

• Business partner breaches posed a mid-sized threat (39%) but compromised 187,500

While these are rudimentary numbers, the relative risk scores are reasonable and discernable. It is also worth noting that the business partner numbers rose over the duration of the study, making partner crime the leading factor in breaches. This is likely due to the ever increasing number of partner connections businesses are establishing, while doing little to nothing to increase their ability to monitor or control their partner's security posture.

- more info