Feed Description

IT Productivity, ITSM, IT Job Descriptions, Sarbanes Oxley, IT Salary Survey, and Disaster Planning News Portal

One of the taunted features of the new Google browser is the “Most Visited” Screen.  While that may be a great feature for many it does raise some security concerns in that it leaves a very large trail of where someone has been. 

The security concerns are multiple:

• The "Big Brother" aspect that a machine now has gone beyond the text log file to one that is a visual log which could invade the privacy of someone who is looking up some medical records or financial records
• The prospect that someone who wants to "steal your identity" can now know what sites that you have visited so they can get information from you easier.
• The prospect that Google will have a way to capture the information on places that you go so they could sell directed "spam-class" advertizing.

Today's enterprises must support employees and computer resources that are distributed throughout the world to meet demands of the global marketplace. When critical data is no longer hosted at just one physical location, the challenge of backing up and securing data is magnified. Traditional approaches involve deploying tape backup equipment and processes to each location hosting data, and hiring or contracting local resources to manage these resources. This can be a tenuous proposi¬tion at best, while for some enterprises it is a completely unrealistic option.
Network-based backup is the general solution that now is becoming feasable, in many cases through use of existing WAN links without any bandwidth upgrades. Network-based backup allows for consolidation of data into the data center, where it can be placed onto tape or other secondary storage media. Backup data is then more secure, and easily accessible in the event of a restoration event. The backup method should optimize the regular transfer of backup data over the WAN into the data center, and accelerate commercial backup software packages by eliminating the transfer of redundant data and minimizing the effects of latency on data transfer. The approach should eliminate data redundancy across applications or servers as well, going well beyond other data reduction mechanisms found in other storage replication products.

Studies done at the Wharton School in 2008 indicated that about 15% of firms in the US engage in some offshoring outsourcing activity, and that about 30% of these firms oursource offshore IT workers, making it by far the most frequently outsourced offshore class of services work. In 2008 about 8% of IT workers reported having ever been displaced due to outsourcing, more than twice the percentage of any other type of employee studied.  This rate implies an annual displacement rate of about 1-2% per year, only a small fraction of the roughly 40% annual worker turnover rate in the US economy.

Wharton also supported the proposition that the skill composition of IT work is at least partly responsible for both the higher rates of IT-related oursourcing as well as a greater likelihood that IT offshore outsourcing leads to the displacement of domestic workers than offshoring of work in other professions.  IT jobs tend to have less need for physical presence and are therefore more often moved overseas for cost savings. This not only makes IT jobs more likely to be offshored, but also substantially increases the likelihood that the offshoring of location independent IT services is accompanied by a displacement of domestic IT workers. However, even within IT occupations there is substantial heterogeneity – programmers and software developers are more likely to be displaced, while systems analysts who more frequently interact with other functional areas and are more reliant on interpersonal skills are more likely to be retained.

Rumor has it that Microsoft's IE 8 will be released in November.  To support that it looks like IE 8 Beta 2 will be released by the end of August.

When it ships, IE 8 will work on Windows Vista, Windows XP, Windows Server 2003 and Windows Server 2008 systems only. According to Microsoft, IE 8 is supposed tp be Microsoft's most standards-compliant release of its browser to date. Microsoft is undoing much of the non-standards-based coding it had included in previous IE releases,.  As of yet, it is not known yet how many existing sites and applications that are IE specific will not render correctly with IE 8. But Microsoft has been trying to get the word out to developers to check for compatibility before the final IE 8 release goes live.

The ability to identify and monitor resource usage and network traffic helps to eliminate many problems before they become critical.  System downtime is often reduced when these tools are in place. JANCO has found that even before that application performance suffers, tools which help to identify resources use (when acted upon) significantly improve service levels.  In addition Janco has found that administrative overhead increases as staff scramble find, deploy, and reallocate resources. Meanwhile the organizationÂ’s work is being disrupted.

IT Compliance Management Software Suite
Sarbanes-Oxley, HIPAA and ISO 27000 Series Compliance
Auditing and Monitoring Tools
Works with Vista / Window XP / Server

Janco has found that fewer than 40% of all organizations practice capacity management and planning as an ongoing management discipline. This is often due to the labor-intensive nature of the capacity management discipline and the lack of automated tools.
Although often associated with storage, capacity management addresses the entire end-to-end IT infrastructure of servers, switches, various appliances, network bandwidth, and applications. Effective capacity management must keep pace with the growth of all the elements of the IT infrastructure, not just storage. It also must take into account business and market factors that can impact infrastructure performance and availability.

Janco Browser and Operating System Market Share White Paper shows that Microsoft has lost almost 25% of the browser market in a little over 3 years.  At the same time in almost 2 years Microsoft's Vista OS has less than 15% of the Market.  At to that the abandonment of Netscape by Time-Warner while they still have over 10% of the market brings into question the ability of large multi-billion dollar corporations to manage technological innovation.  Victor Janulaitis, the CEO of Janco said, "With the abandonment  of Netscape by AOL and the release by Microsoft of Vista Service Pack 1 have shown that large corporations can not drive users.  Rather users will go in the direction that they feel will make them more productive."

Many companies do not know that their corporate assets may be exposed even with firewalls and IDs. This exposure results when web applications are not developed with security in mind. You need to consider security, not only from an operations perspective, but as an integral part of the entire development lifecycle, starting when you develop your web applications. You should also use structured development processes. Strong, repeatable development processes produce better quality code in less time than unstructured processes. They also result in efficiency and effectiveness for your organization.

Many development organizations view security as a one-time activity during the development process. In these cases, security becomes the responsibility of one group within the organization, such as the QA team or internal audit department. Once the group signs off on an application, the organization considers it secure. However, web applications are not static systems. Changes to web applications create risk, and what was once secure can now be vulnerable. If security is a onetime activity, a vulnerability that enters the system after the audit can go undetected. Instead, you need to view application security as a process, included throughout the development lifecycle in order to create secure web applications. Add security into the practices of every team member associated with developing and running your web applications.

State-level data breach notification legislation has fueled a shift in the way organizations view the security of sensitive information such as customer social security numbers, electronically protected health data, and other personally identifying information. No corporate department is more closely tied to the protection of this data than IT. For example, the theft of laptop computers managed by IT is responsible for nearly 50% of all data breaches.

A study by Reserarch Concepts has found:

• Data breach prevention is a top priority: More than 80% of those surveyed rated protecting corporate data as an important initiative. By comparison, only 38% of those surveyed ranked complying with governmental regulations as very important.
• Data breach is common and costly: Fully 25% of those surveyed indicated that their organization had experienced a data breach in the past and more than 60% of IT managers felt that a data breach would cost their organization in excess of $10,000. Nearly 65% were very concerned that a data breach would result in public embarrassment and media scrutiny for their organization.
• Preventative measures are consistently undermined by employees: According to IT professionals surveyed, less than one in 100 employees consistently follow company data and computer security policy. More worrying is the fact that 72% of respondents felt that employees were responsible for the majority of data breaches.

The PCI standard—which merges requirements from the Visa Cardholder Information Security Program (CISP), the MasterCard Site Data Protection (SDP) program, and other payment vendors—targets merchants and service providers that store, process, or transmit cardholder data. Besides stipulations related to network security, access control, third-party assessment, and vulnerability management, the PCI Standard requires companies to protect cardholder data and other sensitive information that they store or transmit across public networks. If your company accepts a high volume of credit cards, chances are that you have already felt the sting of PCI requirements.

Janco had a detail PCI Audit program included in its templates.

Although you can't entirely avoid card-related risk and compliance issues, you can lessen their impact by limiting storage of credit card numbers and reducing the overall scope of the PCI Standard on your organization. By eliminating all card numbers or only holding limited card data in a very small subset of your entire network, you can greatly narrow risk exposure and potentially reduce the impact of the PCI Standard on your organization.

The development of applications that are not designed to run efficiently over the WAN is a major cause of poor application performance. Additional complication factors include:

• Server Consolidation - Server consolidation typically results in protocols such as CIFS (Common Internet File System) running over the WAN. CIFS, which was designed to run over a LAN, is a chatty protocol. In particular, the way that CIFS works is that it decomposes all files into smaller blocks prior to transmitting them. The server sends each of these data blocks to the client where it is verified and an acknowledgement is sent back to the server. The server must wait for an acknowledgement prior to sending the next data block. As a result opening a file that would take a fraction of a second before consolidating servers would take tens of seconds after the servers have been consolidated.
• Decentralized Work Force - Branch office workers need access to the same applications as do workers in a headquarters facility. However, the combination of consolidating servers into centralized data centers while simultaneously decentralizing the work force means that the vast majority of workers now access applications over a WAN instead of a LAN. The fact that there is a movement both to consolidate data centers and to move to a single-hosting model for applications has the effect of increasing the distance between remote users and the applications they need to access. This increased distance translates into additional WAN latency, jitter and packet loss. The impact of increasing the distance between the user and the application is often not well understood.
• Globalization - Combining globalization with server consolidation and a decentralized work force results in an even longer WAN link, and hence more WAN latency, between the remote users and the applications they need to access.
• Voice over IP (VoIP) - Users have come to expect 100% voice availability, fast call set-up and excellent quality. However, VoIP is very sensitive to network parameters such as delay, jitter and packet loss. As a result, when run over a packet network, voice does not always perform as well as it does when run on a circuit-switched network.
• Service-Oriented Architecture (SOA) - In a Web services based application, the Web services that comprise the application typically run on servers that are housed within multiple data centers. As a result of housing the Web services in multiple data centers, the WAN impacts multiple traffic flows and hence has a greater overall impact on the performance of a Web services-based application than it does on the performance of traditional n-tier applications.

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO27001 and ISO27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

• Corporate Security Management

• Systems Development and Maintenance

• Information Access Control Management

• Compliance Management

• Human Resource Security Management

• Information Security Incident Management

• Communications and Operations Management

• Organizational Asset Management

• Physical and Environmental Security Management

• Security Policy Management

• Disaster Recovery Plan and Business Continuity

In good times and bad there are number of assumptions that many IT professional make that are just wrong. The four worst assumptions to make are:

• Assumption: A job search will take no time at all or I have nothing to worry about.
  
  Reality: There is no guarantee how long it will take to find a new position many have found that an easy job search can take between 3 to 6 months... Finding the right opportunity is easy. You might find the right position but there is no way to ensure that you are even offered the job. Many hiring managers may take several weeks to respond to your application. After all, they have full-time jobs with demands of their own, and hundreds, if not thousands, of resumes to review.
  
• Assumption: I am so skilled and in so in demand that I need to send out only a few resumes.
  
  Reality: Finding a job is a numbers game and the more resumes you send out and the more peers that know that you are looking the greater the chances are that you will find and be offer the right job. A hiring manager may receive countless resumes for an open position. That is why it not smart to hold out for the "perfect" job, which you might not find - which might not even exist – or which you are not offered.  At the same time as you send out resumes, networking with members of your professional network is one way to maximize your time and effort. Many hiring managers give preference to personal recommendations and may move your resume to the top of the pile if someone you know puts in a good word for you.
  
• Assumption: The resume and cover letter sent out are perfect and need no changes
  
  Reality: Each cover letter should be customized for the enterprise, the hiring manager, and the position desired.  Enterprises look for results and view them as the reason that they most often hire IT Professionals.  At the same time the results should be directed towards the position that you are looking for. 
  
  A resume is employment and education chronology and should be no longer than 1 page and the cover letter so be directed to the enterprise and should stand out in a positive way to the hiring manger.  After reading both the hiring manger needs to be left with the thought that "I need to know more about this candidate.
  
• Assumption: My skills are in high demand and are needed by almost every company.
  
  Reality: You are one of many – supply and demand are driven by factors outside of your control.  A common mistake may IT professionals make is overestimating their marketability. Although they may think their skill set is solid but they may not be the best of the best.  Value and results performance are what drive success in IT and the hiring manager needs to see that you provide the best value for the salary in any given position.

The Portable Document Format (PDF) is now an ISO International Standard - ISO 32000-1. This move follows a decision by Adobe Systems Incorporated, original developer and copyright owner of the format, to relinquish control to ISO, who is now in charge of publishing the specifications for the current version (1.7) and for updating and developing future versions.

Adobe said that it is committed to open architecture and by passing the copyright to ISO they now have a product that competes with MicrosoftÂ’s Office Open XML, a proprietary XML-based document format it built for its Office 2007 productivity suite, to the ISO. The ISO approved OOXML on April 1 in a controversial vote that is still being contested by some of the standards bodies that took part in it.

Muslim hackers yesterday defaced the Internet Assigned Numbers Authority (IANA) site. IANA is the organization responsible for managing the DNS root zone and assigning the DNS operators for the Internet's top-level domains, such as .com and .org. DNS, which translates the domains and URLs - such as e-janco.com - into IP addresses.

A group calling itself "NetDevilz" claimed responsibility for the hack, which Thursday morning temporarily redirected visitors to the sites for IANA and ICANN (Internet Corporation for Assigned Names and Numbers).

Users who tried to reach iana.com, iana-servers.com, icann.com and icann.net were shunted to an illegitimate site. According to a screen capture of the defacement snapped by zone-h.org, the bogus site simply displayed a taunting message claiming ownerhship of the assignment processes.

Based on a study published in the New York Times, a typical worker in information based job wastes 28% of their day with unimportant and personal e-mails, text messages, voice mails.  According to the ITProductivity.org – an Information Technology think tank – most organizations would be able to help their bottom line by doing the following:

• Install a robust firewall and SPAM filter at the front end of the corporate mail server
• Improve SPAM filters on both desktops and smart phones
• Provide company owned laptops and smart phones that have robust SPAM filtering software and
• Limit the accessibility to POP and non-company mail servers

It is impossible to deny how important disaster recovery and business continuity are in today's digital economy.  In a survey conducted by FEMA fully 35% of all businesses that are impacted by a disaster never re-open their doors.

Without systems in place to keep applications and data flowing after a natural disaster or other interruption, a business risks losses that extend far beyond a manufacturing plant or data center. Many businesses incur ongoing financial loses, damage to a businesses' reputation, and possible regulatory and legal sanctions. In a worst-case scenario like 35% of the companies that FEMA estimated, a company can find its existence threatened.

How can an organization tackle disaster recovery and business continuity issues effectively? How can it develop a strategy that reduces risk and increases the likelihood of success? And how can it devise a roadmap for coping with constant change? There are no easy answers, but the Disaster Recovery Planning Template with the Security Manual  Template are a step in the right direction.

Hiring and spending has slowed down in IT as businesses try to control costs in tough economic times

Park City, UT -  The prospect for IT professionals is not good. Janco has found that IT compensation growth remains flat, hiring is limited to key replacements, and discretionary spending has been cut back and in many cases eliminated. The CEO of Janco said, "As we collected compensation data for our mid-year 2008 IT Salary Survey we found that at the end of the first quarter businesses turned off the faucet for IT spending. Many businesses, in response to economic projections, slowed down and halted discretionary spending for software and hardware as well as placed hiring requisitions on a slow track."

  The summary findings in Janco 2008 Mid-Year IT Salary Survey are:

• Hiring demand is now the lowest it has been since 2004. Many enterprises have stopped hiring except for key replacements and those positions are being replaced at lower salary levels.
• Enterprises have slowed down and in many cases eliminated discretionary spending by IT. This has resulted in fewer projects being initiated, consultants use being reduced (if not eliminated), and a slow-down of initiatives that had already been approved.
• In the last twelve (12) months the increases in compensation for most IT Professionals were lower than increases in the cost of living.
• The mean increase in compensation for CIO's was less that 1.5%. The mean compensation for CIOs in large enterprises now is $179,823 and $171,755 for CIOs in  mid-sized enterprises. (Large enterprises have over $500 million in revenue and mid-sized have are $100 to $499 million in revenue).
• The mean compensation (which includes bonuses) for all Executive IT positions surveyed now is $144,645 in large enterprises and $131,763 in mid-sized enterprises.
• Positions that were in high demand in the 4th quarter of 2007 such as CSOs and others to develop new Web 2.0 applications are now back to normal hiring patterns.         
• Administrative positions in some IT functions are now being looked at as those that are expendable

The American Corn Growers Association asked Congress, via letters to John Conyers and Patrick Leahy, to look closely at any potential search advertising tie-in with the top two search providers Google and Yahoo.

They said that Without competition, the free enterprise system suffers. It is true across all segments of industry, and that includes the business of agriculture.

The American Corn Growers Association represents part of a thriving industry knows it has to adapt and change to survive market conditions through the years.

An AGCA spokesperson said it is no different for the family farmers out there, who have come to use search advertising as a way to mitigate risks associated with supplying customers and their businesses. Fewer providers, they fear, means higher prices.

The Bank of New York (BNY) Mellon lost multiple sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes "included shareowner and plan participant account information, such as name, mailing address, Social Security number, and transaction activity."

Responding to the bank's delay in reporting one incident, which was not disclosed for over three (3) months, the Connecticut Governor said: "The disastrous effects of identity theft are virtually instantaneous in today's computerized world, and the lag time between the theft and the notification only aggravates what is an already outrageous situation."

BNY Mellon's chief risk officer said the bank now plans to improve security related to backup tapes. From Computerworld - "To bolster its security controls, the bank said it will now require that any confidential data written on tapes or CDs for transport must be encrypted or transported with undisclosed additional data protections. Further, when "technically feasible," the bank will demand that encrypted confidential data be delivered to off-site facilities electronically".

After exposing 4.5 million people to identity theft, it seems the notion of tape encryption suddenly popped into their heads. 

With the advent of wide-scale connectivity around the globe people now do have the ability to get away from it all.  In two recent trips the CEO of Janco was able to connect while in the Amazon via a Internet Café  that was driven by a satellite dish and a diesel generator and in Belarus via a public WiFi connection.

One in four workers said they plan to stay connected with work while they are on vacation this summer, a percentage that has nearly doubled in the last two years, according to a survey released by CareerBuilder.  The bulk of these hyper-connected workers were in the IT industry. Beat out only by sales workers, 37 percent of IT workers said they planned to check in while away.

Yet while IT workers also led the way in the requirement to be connected in the off-hours - 19 percent said working, checking voice mail and/or e-mail while on vacation was mandated by their employers - the reverse of this is that four in five IT workers are checking in with their jobs while on vacation on their own volition.

The Solutions Research Group study found that 68 percent of Americans feel anxious when they are not connected in one way or another. This disconnect anxiety (feelings of disorientation and nervousness when a person is deprived of Internet or wireless access for a period of time) affects all age groups, describing their feelings when offline as dazed, tense, inadequate and even panicked.  The study also found that 63 percent of BlackBerry users admitted to having sent a message from the bathroom.

In fact, this concept of "technology addiction" has gone so far that U.S. psychiatrists are considering adding this "compulsive-impulsive" disorder to the next release of the DSM-V (Diagnostic and Statistical Manual of Mental Disorders) in 2011.

RSS News Feeds

- IT Productivity Center

- Janco

- ejobdescription

- psrinc

- IT-Toolkits

Other News Links

CTO Toolkits.com
e-janco.com
IT Productivity.org
IT-Toolkits.com
ejobdescription.com
psrinc.com
psrorders.com
newsgroupworld.com
ntcity.com
disaster-planning-template.com
disaster-recovey-planning.org
disaster-recovery-planning.com
disaster-recovey-planning-template.com

©  2001 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED --  Revised: 06/10/08.