CIO, CTO, CSO, IT Service Management, IT Job Description, Sarbanes Oxley, and IT Salary News
CIO - CTO - CSO News
Business continuity planning becomes more critical
The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions could come in many forms, from fire and floods to theft or malicious attacks on your systems, such as viruses or hacking.
Business continuity planning improves your business' ability to react to such disruptions. It describes how you will restart your operations in order to meet your business-critical requirements.
The business continuity template can be used for any sized enterprise. The Disaster Recovery template and supporting material have been updated to be ISO 27000, Sarbanes-Oxley, PCI-DSS, and HIPAA compliant. The Template explains the importance of business continuity plans to the success of your business, and how best to develop them.
- more info
Goverment to add new mandates on Internet companies
Senator Richard Durbin, the assistant majority leader, is planning legislation that will require US Internet companies to uphold human rights abroad. "With a few notable exceptions, the tech industry seems unwilling to regulate itself, Durbin said. I will introduce legislation that will require Internet companies to take reasonable steps to protect human rights, or face civil and criminal liability."
- more info
Compliance concers of CIOs
Major security legislation that CIOs should be concernted wtih are based on where they operate and who their customers are.
Enterprises doing business within the United States
- SOX The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
- HIPAA The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
- GLBA The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.
Enterprises doing business with the US Federal Government
- FISMA The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.
Enterprises doing business internationally
- more info
- Basel II The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
- UK Data Protection Act of 1998 The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.
Security demands CIOs to adapt as new threats appear
It is not easy to keep an enterprise successful and secure these days. Businesses all over the world are faced with a host of new challenges: an unsteady economy, growing competition, volatile global markets, shrinking budgets, and consumer uncertainty. Overworked IT departments are not only expected to respond to the demands of anxious business teams, theyre also responsible for securing the organization and its valuable data against a raft of sophisticated new threats they have never seen before; proving their processes are internally and externally compliant; and being fiscally responsible.
The security policies and procedures template by Janco is the perfect solution. It helps CIOs and IT Managers create the proper security environment.
Because of the way security has evolved over the years, it is rarely looked upon or "fulfilled the role" as a strategic business enabler. Some see it as an inescapable and often costly necessity. The approach to security is generally driven by the latest threats; it is reactive rather than proactive, tactical rather than strategic.
- more info
64 bit processors take off
Good news for fans of technological progress: Windows 7 is on track to become the first Microsoft desktop OS that's as popular in its 64-bit (x64) format as it is in the legacy 32-bit (x86) format that has dominated PCs for nearly two decades. The Infrastructure is changing.
A recent survey by the folks behind the Steam online gaming network shows that, at least among gaming enthusiasts, 64-bit is now the more popular way to go, with the majority of gamers running the x64 variants of Vista or Windows 7.
According to records drawn from its 23,000-strong user base, more than half of Windows 7 PCs are running the 64-bit version. This is remarkable in that the exo.performance.network user base consists primarily of enterprise IT users, not hardcore gamers like Steam's users. Moreover, it represents a significant uptick in 64-bit use versus that in Windows 7's immediate predecessor, Windows Vista. Of the thousands of Vista machines monitored by the network, less than one in five are running the x64 edition.
- more info
Security Risks and Compliance Requirement Defined
For businesses today, managing IT security risk and meeting compliance requirements is paramount. The past decade has seen an unprecedented wave of security breaches that have compromised the integrity of company-owned information - resulting in substantial financial and operational loss while devastating the confidence of customers, business partners and stakeholders. This tide of events has led to the establishment of technical standards, IT governance frameworks and laws designed to improve and enforce security - creating further pressure for organizations to define, control and govern their IT infrastructure more effectively.
Numerous laws and regulatory mandates focus on corporate governance and accountability around sensitive information (specifically financial, non-public information and protected healthcare information). This has significantly impacted the underlying IT systems that support the applications and repositories holding this sensitive information. Organizations are continuously looking for help in preventing fraud and protecting sensitive information. The fact that key corporate executives carry personal liability in the event of non-compliance virtually ensures compliance to be a key initiative in any large organizations. Additionally, there are other internal cost-containment requirements that can be effectively met by defining and implementing a sound auditing and compliance methodology. Most corporations agree that compliance leads to better corporate governance and management.
- more info
Goverments sites hacked -- again
Someone defaced the Web pages of nearly 50 members of the U.S. House of Representatives with an explicit insult to President Obama after he gave his State of the Union address on Wednesday night.
The 49 House Web sites, representing both Democrats and Republicans, were managed by a company called GovTrends, The Associated Press reported on Thursday.
Security Manual Template
ISO 27000 / HIPAA / SOX / CobiT Compliant
Includes PCI DSS Audit Program
The hacking occurred while GovTrends was performing an update, Jeff Ventura, spokesman for the House chief administrative officer, told the AP.
Last August, 18 House sites managed by GovTrends were also defaced, according to Ventura, who added that the House is reconsidering the business relationship with the Web site service provider.
- more info
How secure is your sensitive data?
This Security Manual for the Internet and Information Technology is over 240 pages in length and is ISO 27000 Compliant. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).
- more info
Outsourcing issues CIOs need to address
CIOs need to avoid issues associated with their businesses as they operate in a crisis mode. Outsourcing decisions will be made in haste and be too simplistic and sudden to deliver real business advantage.
- more info
- CIO should start their sourcing endeavor by building a solid sourcing strategy that focuses on creating short and long term value. This strategy should be aligned with the organization's sourcing management maturity and include business value scenarios, open options and a road map of value creation with a timeline of expected results.
- CIOs must take a long-term view of the developing global presence of countries that can provide high-quality resources at the right price point. If your geographic presence is diverse, seek providers that are not exclusively focused on single country, so that you can mitigate risks (such as geopolitical instability) and also take advantage of the benefits of alternative countries, which may offer opportunities close to your own growth markets.
- CIOs should actively monitor the market to determine the best combination of software and IT services and service provider options to meet their requirements and specify their appetite for risk.
Security a key issue
Some industries inherently deal with extremely sensitive data financial services, healthcare and law firms are among some of the businesses that cannot risk a data breach due to an employee emailing a file that could be compromised en route. It is imperative that their knowledge workers and staff had a bullet-proof way to move files.
- more info
IT Professionals Not Happy
The recession and its accompanying reorganizations, layoffs and corporate turns to outsourcing have been corrosive to IT employee job satisfaction.
And that job dissatisfaction is increasing concerns among many employment experts that key employees may leave current jobs as soon as they get what they perceive is a better offer.
A mid-2009 job satisfaction survey by the Corporate Executive Board, a Washington-based advisory firm that counts many Fortune 500 firms among its clients, found that the number of dissatisfied workers continues to increase. The firm surveys 150,000 workers each quarter, asking a battery of behavioral questions about their jobs. About 10,000 of the those surveyed work in IT jobs, board officials said.
- more info
Salaries Flat and Demand Low -- Where to Look for a Job
For IT professionals who are either looking to get back into the workforce or mulling moves to greener pastures, here are the skills most in demand . Among companies that plan to hire, the top reason for doing so is to meet demand for new systems and projects. That could be why programming/application development is the skill set that's most in demand, by far, according to Janco.
Building the IT Staff your company needs to succeed requires offering the right jobs at the right salary levels. Only the IT Hiring Resource Kit provides the industry-standard job descriptions and up-to-date salary data you need to recruit top talent as effectively and efficiently as possible.
This indispensable resource provides up-to-date salary data gathered through an extensive survey of businesses throughout the United States and Canada, plus polished job descriptions for the 73 IT positions surveyed. This proprietary information will reduce the time it takes to recruit top talent and ensure that you get the right person for each job.
- more info
Security for laptop computers
The simplest form of laptop computer security involves protecting the computer and its physical environment. More than 31% of organizations surveyed provide laptop users with cable locks to secure their computers when out of the office.
Nearly 94% reported the use of password-based authentication on laptop computers. Interestingly, this same survey group indicated that they believed employees were responsible for most incidents of data breach within their organizations. Clearly, many organizations believe that despite basic precautions such as providing laptop locks and password-protecting computers, employees remain the weakest link in security plans.
- more info
Unretired IT Pros source of talent
(BusinessWeek) As the recession forces more older workers to postpone retirement, a major shift is under way in the makeup of the U.S. labor pool. Calls for "Tennis, anyone?" are going unanswered. Foursomes on the fairways are few and far between.
Retired Americans who thought they would be golfing or shopping with grandchildren are sharpening their tech skills, updating resumes, and scouring job boards instead. America's recent retirees are talented, innovative and energetic - and millions of them have found that retirement just isn't for them. They're joined by millions more who have realized they can no longer afford to stay retired, following last year's stock market and housing crash.
The AARP says that 8 out of 10 baby boomers will work part- or full-time past retirement age. That's 64 million unretiring Americans, the biggest demographic shift in the American workforce since WWII - and 93% of the growth in the American labor market from now until 2016, according to the Pew Research Center. Welcome to "Gen U" - Generation Unretired - America's newest, bona fide workforce segment. To sail through this sea change in the labor pool, managers need to recognize the unique set of opportunities that Gen U presents.
- more info
Securtiy threats aboud for mid-sized companies
Midsized companies need a way to easily and cost-effectively manage threats, whether they originate inside or outside the business. Compromised data or malicious code can threaten profitability or even cripple critical systems. What's more, not being able to audit in-house data access can result in being out of compliance with many industry-specific regulations - which can bring fines.
During times of economic uncertainty as we are in now, security threats can rise. Midsize companies need a way to easily and cost-effectively manage threats, whether they originate inside or outside the business. On top of that hackers are now attacking RFID tags and readers, mobile devices and hardware drivers and using advanced information security threats such as rootkits and self-morphing Trojans to gain control of PCs.
Hackers proved in 2009 that social networks could be used to spread malware and trick users into giving up their data, but in 2010, according to two senior researchers, cybercriminals will turn to more sophisticated methods, including using social network architectures for the backbone of their attacks.
Researchers have seen changes in malware in 2009 with cybercriminals producing multiple variants to trick antivirus software. While 2010 malware will be similar, targeted or specialized malware will aim at embedded devices. Attackers will target ATM vulnerabilities, errors in electronic voting systems and even holes in systems that provide premium pay-per-view content to get access to streaming movies.
- more info
Security software makes new in roads
(PC World) Worried about burglars? Then you probably keep your valuables in a safe, or at least in a safe place. And, if you're really worried, you'll scour the house from time to time, scooping up items that should be protected under lock and key. That's exactly the idea behind identity-theft prevention software Identity Finder Professional Edition 4.0 ($29.95 per year direct). It thoroughly scans your computer for valuable, unprotected personal information and makes it east to protect or delete it. If spyware weasels past your security software, it won't find any juicy tidbits to steal. Even a real-world burglar who carries off the whole computer won't get hold of your personal data.
Identity Finder Professional Edition 4.0 includes several improvements over Identity Finder Professional Edition 3.4. You can now define separate profiles for different users on the same computer or export a profile for use on another computer. The user interface is streamlined, as are the helpful wizards that walk you through the steps of protecting your private information. Identify Finder can now blank out just the sensitive data within many kinds of documents, not only text files. And it can now search for items containing specific combinations of personal data items - for example, a social security number plus either a phone number or a personal address.
- more info
Dell and HP users frustrated by Win 7 delivery delays
Dell and Hewlett-Packard customers are angry that they have not yet received the Windows 7 upgrades promised them when they purchased new PCs earlier this year, according to messages on the companies' support forums.
Add to that that many drivers are not ready from HP. Users of HP and Dell are very frustrating. IT Service Management is not what it should be at both companies
The delays have exhausted the patience of some users. "I got tired of waiting & [and] purchased a copy of Vista Ultimate with the Windows 7 Upgrade Offer," said a user on the Dell thread. "I purchased the software, logged into Microsoft and put the offer key in. Got the Win7 Ultimate Upgrade DVD in the mail within 5 days with no charge."
Dell did not reply to a request for comment about its Windows 7 upgrade delays. An HP spokeswoman, however, acknowledged that the upgrades were behind schedule. "There has been a delay in shipping consumer notebook upgrade kits due to extra efforts made by HP's consumer notebook business to ensure customers will have an easy upgrade experience." She added that HP would begin shipping upgrades this week.
- more info
Access Control Lists - ACL - continue to evolve
As computers and network access to data evolve, the meaning and application of of access control has changed. Access Control Lists (ACLs) came into the market and created a new security model that has proven to be very useful. In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited.
For each object; who can modify the object's ACL and what changes are allowed. ACL models are assigned to individual objects, or to a collection of objects, and correspond to what may or may not be permitted to "access" the object to which they have been assigned. Taking things even further, the access control model progressed into providing authentication, authorization, and audit solutions to oversee any given user during a session. For authentication, digital certificates, security tokens, smart cards, biometrics, and ID/Password functionality are all examples of the tools available.
For authorization, several access control methods can be implemented across a network. However, role-based access control (RBAC) has proven to be the best approach to ensure effective security policies are in place. RBAC enforces access control policies that are determined by the system and not the application or information owner.
- more info
DuPont has another security breach according to lawsuit
DuPont in September filed a lawsuit in Delaware Chancery Court accusing and employee of stealing data on a new, thin-computer display technology called "organic light emitting diode" or OLED. DuPont claimed that the employee planned to use the stolen information to commercialize OLED products in conjunction with Peking University in Beijing, which is developing similar technology.
The employee had extensive access to cutting-edge OLED research information that DuPont considered a trade secret. The OLED research data was stored by DuPont in three separate Lotus Notes databases and could only be accessed by a limited number of employees using two-factor authentication. In June, the employee informed DuPont officials that he was resigning from the company and planned to join DuPont in China.
During a meeting with his supervisor, the employee asked for permission to transfer files from his company laptop to systems in DuPont China. Though he was denied permission to do so, the employee allegedly went ahead and copied over 500 files from his company-issued computer onto an external storage device.
Over 550 of those files were later found on his home computer, which DuPont investigators inspected with the employees permission. A forensic analysis of the home computer also showed that more than 175 of the DuPont files had been opened using the Internet Explorer browser, suggesting that the employee had accessed or sent the documents using a personal e-mail account, according to court documents.
The employee is also alleged to have downloaded a Microsoft Word document with information on a specific procedure invented by DuPont to improve the stability and performance of organic electronic materials, court documents said. According to court papers, DuPont has spent millions of dollars and put more than 17 years of research into developing OLED technology.
DuPont investigators also found evidence on the employees computers that he had accepted a position at the department of advanced materials and nanotechnology at Peking University's College of Engineering.
- more info
Google and Microsoft in seach engine war
Google is as entrenched in the search engine market as Microsoft is in the browser market. It is hard to underestimate just how entrenched Google is as the default Internet search engine. It is not just top of mind for the vast majority of users; it is also built into many of the automated searches that are embedded into other Web sites. After gaining market share every month since its June unveiling, Microsoft's Bing search engine slipped a bit last month for the first time.
While Bing did not show a dramatic fall by any means, this latest report is its first shift in momentum. Web metrics firm Net Applications this week reported that Bing's share of the global search engine market slipped from 3.52% in August to 3.39% in September. The market share of the dominant search engine, Google, also dipped slightly between August and September, going from 83.33% to 83.13%, according to the latest Net Applications report. comScore Inc. said its research found that Bing increased its share of the competitive market by 4.5% between July and August to 9.3%. In addition, The Nielsen Co. last month said its survey found that Bing's share of the search market grew between July and August.
- more info
