|
|
|
May 10th, 2008
How To Forecast the Cost of Asset Loss Defined
(Symantec)
To calculate the annual loss expectancy (ALE) of an asset, you use the
quantitative risk analysis method. This calculation is determined by first
figuring the annual ra te of occurrence (ARO) and the single loss expectancy
(SLE). Once
those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the
ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and
this attack happens once every month). In this example, US$35,000 x 12 =
US$420,000 per machine. To
protect your financial viability, you need to be able to perform data
restoration and bare metal system recoveries more efficiently and faster than
ever.
May 10th, 2008
Steps to protect your Internet reputation
Steps that your company (enterprise) should follow to see what the
Internet says about the enterprise and key employees include:
May 9th, 2008
New York Attacks Internet Retailers - Tax on Internet Sales is Law
Amazon.com is suing the New York State Department
of Taxation and Finance (DTF) over a new state law that requires Internet
retailers to collect sales tax on purchases shipped to state residents.
Amazon has argued that since it does not have a
physical presence in the state that it should not be required to collect taxes
on shipments going to New York. Amazon has no physical presence in New York,
according to the suit. It does not own, lease, or otherwise occupy any physical
property in the state, and none of its employees works or resides in the state.
In addition Amazon says the New York law is
unconstitutional based on a 1992 U.S. Supreme Court ruling that claims states
are prohibited from requiring out of state retailers to collect sales tax unless
the company has a physical presence in the state. In the Quill v. North Dakota case, the Supreme
Court re-established the rule that a state could not impose sales tax collection
on a business unless the company had employees or property in the state.
New York defends the law by arguing that the Amazon
Associates program, which allows Web site publishers to receive commissions by
promoting Amazon items through their sites make Amazon liable to collect taxes
on its behalf for those affiliates who live in New York. One piece of bright news for Amazon and other
online retailers is that the state of New York is not seeking back taxes. A
spokesman for the state said the legislation provides for a limited amnesty for
online sellers who register as sales tax vendors and start collecting taxes by
June 1, 2008. If the seller registers and starts collecting sales
tax by June 1, the seller will not be liable for tax not collected for sales tax
quarters prior to June 1. Conversely, if you don't register and it is later
determined that you should have, you could be subject to tax dept audit for
quarters prior to June 1. Brick and mortar companies are generally supportive
of the Amazon Tax, saying it levels the playing field by forcing online
retailers to collect state sales tax. The down side is that it could potentially
mean fewer sales for online retailers. If the New York law is upheld, you can be sure a
whole host of other states will follow its example and implement similar laws.
The New York law is projected to generate $50 million in revenue this year and
$73 million next year.
May 8th, 2008
Google Addresses Enterprise Security Issues
Google announced the release of Web Security for
Enterprise that protects organizations of all sizes against web malware attacks
in real time and enables the safe, productive use of the web, without incurring
hardware, up-front capital, or IT management costs. The for purchase product enables organizations to
control how employees use the Internet, and provides easy-to-use tools to
create, enforce, and monitor the right web policy for your organization.
Web virus and spyware
protection
May 4th, 2008
The five requirements to be a successful CIO
In
order to be a successful Chief Information officer (CIO) an individual must have
excellent management skills have proven processes in place in order to lead the
IT function and the enterprise effectively.
The CIO needs:
May 2nd, 2008
Relationship between compliance, data protection, business continuity, and theft recovery not understood
The worldwide shift from stationary desktop computers to highly-portable
laptop and tablet PC computers offers enterprises increased productivity,
flexible work schedules and greater work/life balance. Driven by the need for
increased productivity and the ability to present up-to-date information at a
moments notice, secure mobile computing can be an enterprises greatest strength.
However, research indicates that lost or stolen laptop computers cause nearly
50% of public data breaches. With recently expanded state data breach
legislation, even a single lost or stolen computer can expose enterprises to the
negative publicity and increased costs associated with public data
breaches. Today, accepting the loss or theft of one laptop or tablet PC or
Smartphone (PDA) is simply not an option. A missing device can result in
compliance and data protection issues that may be very costly to an
organizationÂ’s reputation and bottom line. Organizations need to be able to
accurately track their computers, know who is using them, what is installed on
them, and be able to prove the actions taken to secure computers remain deployed
and intact until the computer can be located.
May 1st, 2008
CIO and IT Manager Newsletter for May 2008 Released by Janco
The CIO and IT Manager Newsletter has just been
released and the electronic version of the newsletter can be viewed at
http://www.e-janco.com/CIO_IT_Manger_Newsletter_0805.htm. The topics covered in this issue are: The Newsletter also provides direct links to topics
on:
April 25th, 2008
Security Stakes are High
The Security Manual address each of these issues and provides solutions
which can be implemented immediately.
April 19th, 2008
How to comply with SOX - Tools for the Enterprise
It
can be a struggle for a company to adhere to new compliance regulations and
responsibilities. The concerns about where do we start? and can we
leverage existing processes to meet these new requirements? are obvious
questions with not-so-obvious answers. What are the vulnerabilities and how can
we manage compliance with SOX section
404. As guidance and a framework for SOX compliance, the US
Securities and Exchange Commission (SEC) has mandated that affected
organizations use a recognized internal control framework. The SEC makes
specific reference to the recommendations of the Committee of the Sponsoring
Organizations of the Treadway Commission (COSO). While there are many sections
within the Sarbanes-Oxley Act, the focus here is on section 404, which addresses
internal control over financial reporting. This section requires the management
of public companies to assess the effectiveness of the organizationÂ’s internal
control over financial reporting and annually report the result of that
assessment.
Meeting the COSO objective means compliance with SOX section 404.
The Sarbanes-Oxley Act has fundamentally changed the business and regulatory environment. The Act aims to enhance corporate governance through measures that will strengthen internal checks and balances and, ultimately, strengthen corporate accountability. However, it is important to emphasize that section 404 does not require senior management and business process owners merely to establish and maintain an adequate internal control structure, but also to assess its effectiveness on an annual basis. This distinction is significant.
April 18th, 2008
Security Threat is Increasing
We are
seeing a change in the threat landscape, from ones that were noisy and targeting
the perimeter of the network, to becoming much more silent, difficult to detect
and highly targeted. These attacks are mostly targeting Web browsers and the
client applications on the computer itself. And while a small business network
may not be as complicated as an enterprise network, they still have desktop and
mobile clients. Because
small businesses have fewer IT resources at their disposal, they need solutions
that provide comparable protection, at affordable costs and requiring minimal
administration. The
threats are:
April 14th, 2008
REAL ID will not be completely implemented until 12/1/2014
Maine is the only jurisdiction that has not yet met
the security requirements needed to obtain an extension. Implementation of the
bar on accepting Maine licenses will require substantial planning and effort,
which will begin immediately in the absence of an agreement. Maine will have
until close of business tomorrow to agree to certain security changes in order
for Maine IDs to be acceptable for purposes of boarding commercial aircraft and
accessing certain federal facilities after May 11, 2008. DHS recognized earlier this year that states could
not meet the full requirements of the REAL ID Act by May 11, as set by Congress.
The department made extensions available for states that needed additional time
to come into compliance, or to complete ongoing security measures. Initial
extension requests were due by March 31. These extensions are valid until Dec.
31, 2009, when states must upgrade the security of their systems, to include a
check for lawful status of all applicants, for their licenses and ID cards to be
acceptable for official purposes. REAL ID enrollment will be completed for all
individuals 50 years of age and under by Dec. 1, 2014. For all others,
enrollment may be extended three additional years to Dec. 1, 2017. At that time,
all state-issued driverÂ’s licenses and identification cards intended for
official purposes must be REAL ID-compliant.
April 13th, 2008
Data Protection Priorities
Data protection is a critical issue for all
companies. Based on current survey data the top priorities are:
April 13th, 2008
Maximze ROI in the Recession
Companies are under constant pressure to
improve the customer experience, reduce customer churn, optimize internal
resources, and grow revenues. Unfortunately, efforts such as personalization of
services and new business development, which can help in all of these areas, are
often stymied by current information management practices. Compliance and regulatory
pressures Removing obstacles to new business
initiatives
April 3rd, 2008
Microsoft Flops and Loses Almost 9% of it Browser Market Share in 12 Months
Janco and the IT Productivity Center have
just released its Browser and Operating System Market Share White Paper.
The major findings are that in the last 12 months Microsoft browser market share
has continued to erode; Firefox has maintained its number 2 browser
position and now is used by almost 20% of all users; Google Desktop is gaining
market share; and Netscape is now in a death spiral as users abandon it.
New in this white paper are recommendations on which browsers to use and not
use. A summary of the Janco browser market share
data can be found on the Janco web site (http://www.e-janco.com/browser.php) and the IT Productivity Center web site
(http://www.itproductivity.org/browser.php). In addition the full white paper
with excel spread sheets can be purchased at both sites for
$249.
March 28th, 2008
Extended Validation SSL
The Internet has fundamentally changed the way
people connect, communicate, and conduct commerce. But as the Internet becomes
more central to consumers' lives, online fraud continues to evolve -- and
consumer concerns about identity theft are pervasive and powerful.
The future of e-commerce depends on the ability to
instill consumer trust and confidence in the Web. Recent developments in
authentication technology have lead to a new kind of SSL Certificate that can
increase visitor confidence in legitimate sites and greatly reduce the
effectiveness of phishing attacks.
March 28th, 2008
How Safe is Your Confidential Information
Consider that the majority of your data, between 80
to 90 percent, resides on file servers. Now think about how you are controlling
access to those shares. Most organizations find themselves with overly
permissive access
March 25th, 2008
Web 2.0 Raises Security Concerns
Everybody is talking about bringing wikis,
blogs, content tagging, and social networking into the enterprise and
capitalizing on Web 2.0s collaboration and team-building
|
CTO Toolkits.com
|
| ||||||||||||||||
|
