Disaster Recovery, IT Service Management, IT Job Description, Sarbanes Oxley, and IT Salary
Full news feed

This is a break from the pricing model that is used in the United States and a move towards the model use in other countries.  When Verizon was asked if they were going to follow and offer a similar plan they said that they had no plans at this time to move in that direction but would study the approach.

The CEO of Janco said, "When compared to the current IE offering, we have found that Firefox 3.0 is much more stable.  In addition, the password vault is a great ease of use tools that helps to control the rapid expansion of user ids and passwords that are required as more sites begin to implement Web 2.0 applications that require use ids and passwords."

As you make those decisions you must know what your true requirements are.  Janco has determined that most desktop and laptop users fall into three classes:

• Those who use one or more custom or delivered applications. They may need a browser to access applications, but they are not usually given e-mail access or productivity tools.
• Those who need a browser, e-mail access and productivity tools.
• Those who need a browser, e-mail access and productivity tools, and who also use various custom delivered applications. It is important that they connect to and interoperate with other people and systems in their company.

Almost all enterprises have users in each class, and some large enterprises and government agencies have thousands of desktop users in each class. Most people in the first two classes do not require expensive Windows XP or Windows Vista with the full Office Suite to do their jobs.  So why spend the money?

Without systems in place to keep applications and data flowing after a natural disaster or other interruption, a business risks losses that extend far beyond a manufacturing plant or data center. Many businesses incur ongoing financial loses, damage to a businesses' reputation, and possible regulatory and legal sanctions. In a worst-case scenario like 35% of the companies that FEMA estimated, a company can find its existence threatened.

How can an organization tackle disaster recovery and business continuity issues effectively? How can it develop a strategy that reduces risk and increases the likelihood of success? And how can it devise a roadmap for coping with constant change? There are no easy answers, but the Disaster Recovery Planning Template with the Security Manual  Template are a step in the right direction.

• Encryption Software - Implement this type of software on all mobile devices to protect stored data from theft.
• Password Protection - Use strong passwords (upper and lower caser with special characters).
• Strong Authentication - Biometrics and USB keys.
• VPN Appliance - They typically do not supply enough security on their own. It's best to use them with an accompanying firewall and intrusion prevention system (IPS).
• Client Antivirus and Firewall Software - Current versions with automatic updates.
• Monitoring and Reporting Solutions - Use to track and audit employees Internet activity - Network Event Viewer
• Security Policies - Develop and enforce a strict security policy for all remote devices.
  

• Disaster Recovery / Business Continuity
• Security
• IT Salary

These forums are open to all and will be monitored by Janco.

Park City, UT -  The prospect for IT professionals is not good. Janco has found that IT compensation growth remains flat, hiring is limited to key replacements, and discretionary spending has been cut back and in many cases eliminated. Victor Janulaitis, the CEO of Janco said, "As we collected compensation data for our mid-year 2008 IT Salary Survey we found that at the end of the first quarter businesses turned off the faucet for IT spending. Many businesses, in response to economic projections, slowed down and halted discretionary spending for software and hardware as well as placed hiring requisitions on a slow track."

The summary findings in Janco 2008 Mid-Year IT Salary Survey are:

• Hiring demand is now the lowest it has been since 2004. Many enterprises have stopped hiring except for key replacements and those positions are being replaced at lower salary levels.
• Enterprises have slowed down and in many cases eliminated discretionary spending by IT. This has resulted in fewer projects being initiated, consultants use being reduced (if not eliminated), and a slow-down of initiatives that had already been approved.
• In the last twelve (12) months the increases in compensation for most IT Professionals were lower than increases in the cost of living.
  The mean increase in compensation for CIO's was less that 1.5%. The mean compensation for CIOs in large enterprises now is $179,823 and $171,755 for CIOs in mid-sized enterprises. (Large enterprises have over $500 million in revenue and mid-sized have are $100 to $499 million in revenue).
• The mean compensation (which includes bonuses) for all Executive IT positions surveyed now is $144,645 in large enterprises and $131,763 in mid-sized enterprises.
• Positions that were in high demand in the 4th quarter of 2007 such as CSOs and others to develop new Web 2.0 applications are now back to normal hiring patterns.
• Administrative positions in some IT functions are now being looked at as those that are expendable

IT Median Salaries June 2007 vs June 2008

Metered billing is an attempt to deal fairly with Internet usage, which is very uneven among Time Warner Cable's subscribers, said Time Warner Cable's executive vice president of advanced technology.

Just 5 percent of the company's subscribers take up half of the capacity on local cable lines, Leddy said. Other cable Internet service providers report a similar distribution.

Metered usage is common overseas, and other U.S. cable providers are looking at ways to rein in heavy users. Most have download caps, but some keep the caps secret so as not to alarm the majority of users, who come nowhere close to the limits. Time Warner Cable appears to be the first major ISP to charge for going over the limit: Other companies warn, then suspend, those who go over.

Phone companies are less concerned about congestion and are unlikely to impose metered usage on DSL customers, because their networks are structured differently.

Time Warner Cable had said in January that it was planning to conduct the trial in Beaumont, but did not give any details. A Time-Warner spokesman said its tiers will range from $29.95 a month for relatively slow service at 768 kilobits per second and a 5-gigabyte monthly cap to $54.90 per month for fast downloads at 15 megabits per second and a 40-gigabyte cap. Those prices cover the Internet portion of subscription bundles that include video or phone services. Both downloads and uploads will count toward the monthly cap.

A possible stumbling block for Time Warner Cable is that customers have had little reason so far to pay attention to how much they download from the Internet, or know much traffic makes up a gigabyte. That uncertainty could scare off new subscribers.

Those who mainly do Web surfing or e-mail have little reason to pay attention to the traffic caps: a gigabyte is about 3,000 Web pages, or 15,000 e-mails without attachments. But those who download movies or TV shows will want to pay attention. A standard-definition movie can take up 1.5 gigabytes, and a high-definition movie can be 6 to 8 gigabytes.

Time Warner Cable subscribers will be able to check out their data consumption on a "gas gauge" on the company's Web page.

The company won't apply the gigabyte surcharges for the first two months. It has 90,000 customers in the trial area, but only new subscribers will be part of the trial.

Billing by the hour was common for dial-up service in the U.S. until AOL introduced an unlimited-usage plan in 1996. Flat-rate, unlimited-usage plans have been credited with encouraging consumer Internet use by making billing easy to understand.

"The metered Internet has been tried and tested and rejected by the consumers overwhelmingly since the days of AOL," information-technology consultant told the Federal Communications Commission at a hearing on ISP practices in April.

Metered billing could also put a crimp in the plans of services like Apple Inc.'s iTunes that use the Internet to deliver video. DVD-by-mail pioneer Netflix Inc. just launched a TV set-top box that receives an unlimited stream of Internet video for as little as $8.99 per month.

Comcast Corp., the country's largest cable company, has suggested that it may cap usage at 250 gigabytes per month. Bend Cable Communications in Bend, Ore., used to have multitier bandwidth allowances, like the ones Time Warner Cable will test, but it abandoned them in favor of an across-the-board 100-gigabyte cap. Bend charges $1.50 per extra gigabyte consumed in a month.

• Validate that police and other first responders can contact the right people in your business - Research the Reverse 911 program for your area and register your business cell phones, voice over IP numbers or pagers. In an emergency situation, Reverse 911 enables emergency officials to send out an automated call to everyone registered in a specific area with important information.
• Program emergency numbers into business cell phones - Save emergency phone numbers for local police and fire departments into your cell phones.
• Create a business phone tree - Each office should have a plan for contacting employees during emergencies through a designated phone tree. Designated staff should have copies of the phone tree and be trained on who they should call.  Management should review and update the phone tree quarterly and conduct regular training sessions. Management should also have back-up copies of employee phone numbers and their emergency contacts. This information should be regularly updated.
• Register your employee's business cell phone number - Individual employees should make sure family; friends and co-workers have their business mobile or BlackBerry numbers. Each person should register their business cell phone on http://www.WhitePages.com/. This will give colleagues and family members the ability to quickly find the information should they not have it on hand.
• Enable texting  - Sometimes cell phone signals can become congested during emergencies, and it can be difficult to make or receive calls. Short text messages might be easier to get through. Plus, texting helps to conserve battery power.
• Have emergency kits accessible - Companies should organize and maintain emergency kits in several places. There should be designated staff responsible for grabbing these in the event of an emergency. Make sure it contains a minimum of provisions for at least three days. Include fresh water, non-perishable food, a manual can opener, blankets, extra clothing, a first-aid kit, matches, a flashlight, a battery-operated radio and extra batteries. Test or replace the batteries at least once a year, especially for smoke alarms.
• Create back-up copies of documents, data files, and software - At work, keep back-up copies of your important personal and financial statements, and health and property records. Be sure to store important original paperwork  in a safe and secure location. This way, you can grab it all quickly in the event of an emergency.
• Have cash available - Set aside an emergency fund of cash or traveler's checks or both. Keep them in a safe, accessible spot in case of the need for evacuation. Banks and ATMs are often inaccessible during catastrophes.
• After the disaster have employees register with the American Red Cross - Register with the Red Cross's Safe and Well Web site. If you have been affected by a disaster, this Web site provides a way for you to register yourself as "safe and well."

• Encrypt data on the hard drives
• Encrypt USB devices that contain data
• Do not allow both business and personal use on PC with company data
• Validate that all users know and follow business security policies
• Physically secure all laptops
• Train users to keep laptops in site
• Have both an internal and external label on laptops
• Implement biometric security
• Implement a computer tracking program – lo-jack systems
• Automatically update all computers with the latest security updates
• Implement a data breach and network intrusion program like the one offer by Janco

In order to be a successful Chief Information officer (CIO) an individual must have excellent management skills have proven processes in place in order to lead the IT function and the enterprise effectively.  

The CIO needs:

• Open communication channel to all levels of the enterprise from CEO to shipping clerk
• Information that gives the CIO the real, unadulterated truth about how the Information Technology group is performing.
• Strategic information which is focused on managing the business performance of their function.
• Information from various sources that are outside of the CIOs area of control
• Time to digest all of the information and data

Windows Advisor is an easy-to-use self-help tool that notifies users about problems on their PCs and helps fix them. Windows Advisor scans users' PCs continuously, notifies them about important issues, and, when possible, suggests easy fix solutions. The program also provides users with self-help solutions, including a 1-click checkup function that enables them to check their PCs whenever they like; tips and tutorials that teach users how to perform certain actions on their PCs; and a toolbox that concentrates the important tools that are found in the operating system into one easy-to-find location

There were significant driver issues along with performance and usability concerns according to those who Janco interviewed. "Many users were frustrated with the new User Access Control (UAC) which was not very user friendly", said Janulaitis. He added, "Â…there is a perception that Vista is no more secure than XP. Plus with the added hardware requirements many companies do not feel that Vista provides the necessary ROI." Based on its initial data, Janco feels that Vista is an Operating System that will take at least one more major Service Pack with may new drivers added before it is widely accepted by the user community.

Janco will be releasing it Browser and OS Market Share White paper by the end of this month. At that time it will publish the market share numbers for all of the Windows Operating Systems and the Browser Market Share for IE and Firefox. Janco has been collecting this data since 1996 and is viewed by many to be the gold standard for these metrics.

A summary of Janco's browser market share data will be found on the Janco web site (<http://www.e-janco.com/browser.php>) and the IT Productivity web site (<http://www.itproductivity.org/browser.htm>).

Ensure that all web-facing applications are protected against known attacks by applying either of the following methods:

• Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security
• Installing an application layer firewall in front of web-facing application

It has been reported by several research firms that as many as 40% of merchants will not be in compliance.

Under 6.6, companies that choose to implement application firewalls need to ensure that the technology is deployed in full blocking mode. Doing that effectively requires merchants to invest a substantial amount of time tweaking their firewalls to ensure that only malicious content is blocked, while letting legitimate traffic in. There is a learning process involved in doing this that can take anywhere from three to six months – which many companies may not be aware of or budgeting for during the current downturn in the economy.

Once those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and this attack happens once every month). In this example, US$35,000 x 12 = US$420,000 per machine.

To protect your financial viability, you need to be able to perform data restoration and bare metal system recoveries more efficiently and faster than ever.   

• Conduct weekly searches to monitor your company name and company reputation
• Review content of company and employee blogs for accuracy and compliance to company policies
• Validate that all public information has a real identity – this includes blogs and press releases
• Apologize and admit your errors
• Redirect blogs to positive product, employee and company information when anything negative is posted
• Minimize negative comments and never say anything negative about your competition or its products.