IT Job Descriptions

The job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide® are all in a standard format and are PDF, WORD 2003, and WORD 2007 formats.

More...

IT Salary Survey

The IT Salary Survey draws on data collected throughout the year by extensive interviews,  internet-based survey data, and survey forms completed by businesses throughout the United States and Canada. 

More...

IT Hiring IT Job Descriptions Salary Survey

IT Salary Survey

IT Job Descriptions

Chief Security Officer

What is the Chief Security Officer (CSO)?  The title Chief Security Officer (CSO) was first used inside the information technology department and function to identify the person responsible for IT security. At many enterprises, the term CSO is still used in this way.

The CSO title is also used in many enterprises to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets. This individual often holds a title such as Vice President or Director of Corporate Security. Historically, corporate security and information security have been handled by separate departments.

The CSO is the executive responsible for the organization's entire security posture, both physical and digital. CSOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.

At a tactical level, technology is being infused into physical security tools, which are increasingly database-driven and network-delivered. At a strategic level, CEOs and corporate boards, motivated in part by regulations such as the Sarbanes-Oxley Act, HIPAA, and ISO 27000 (formerly ISO 17799) 27001 & 27002 standards, desire an enterprise-wide view of operational risk.

Chief Security Officer - Position Purpose

The Chief Security Officer (CSO) is responsible for overall direction of all security functions associated with Information Technology applications, communications (voice and data), and computing services within the enterprise.  At the same time the CSO must be aware of the implications of legislated requirements that impact security for the enterprise.  This includes but is not limited to Sarbanes Oxley Section 404 requirements.

The CSO has the responsibility for global and enterprise-wide information security; he/she is also responsible for the physical security, protection services and privacy of the corporation and its employees.

The CSO oversees and coordinates security efforts across the enterprise, including information technology, human resources, communications, legal, facilities management and other groups, to identify security initiatives and standards. The CSO works closely with the chief information officer and must have strong working knowledge of information technology.

A full 6 page Chief Security Officer (CSO) job description can be found by clicking here;

Internet and IT
Position Descriptions HandiGuide®

220 Job Descriptions and Organization Charts

Order Job DesccriptionsDownload Job DesccriptionsSample Job Desccriptions
  
Format Print Modify Source Cut & Paste

Features

 Cost**
PDF Yes No No The complete Internet and IT Position Descriptions HandiGuide which includes the 220 Job Descriptions in PDF formats which utilizes the Adobe search and bookmark features. Less than $4.07 each Order Job Desccriptions
Word
Files		 Yes Yes Yes Individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD 2003 and WORD 2007)
Less than
$4.52 each		 Order Job Desccriptions
Word
Book		 Yes Yes Yes Word Search Fully Bookmarked.  All job descriptions are contained in single word book - NOTE this is a complex document and the user needs to know WORD very well to extract and modify the individual job descriptions (WORD 2003 and WORD 2007) Less than $5.88 each  Order Job Desccriptions
PDF
and Word
Files		 Yes Yes Yes The complete Internet and IT Position Descriptions HandiGuide plus individual files for each job description.  Long file names are used so each job description can be modified as a simple document (WORD 2003 and WORD 2007) Less than $6.80 each Order Job Desccriptions

 

 

 

 

CIO - CTO Employment News

Obama administration to ask for more 1984 Big Brother powers

Everyone knows that police can peek inside an email account it if they have a paper search warrant

But cybercrime investigators are frustrated by the speed of traditional methods of faxing, mailing, or e-mailing companies these documents. They're pushing for the creation of a national Web interface linking police computers with those of Internet and e-mail providers so requests can be sent and received electronically.

A federal task force (soon to be released) study says that law enforcement agencies are virtually unanimous in calling for such an interface to be created. Eighty-nine percent of police surveyed, it says, want to be able to "exchange legal process requests and responses to legal process" through an encrypted, police-only "nationwide computer network."

The study also says: "89 percent of investigators agreed that a nationwide computer network should be established for the purpose of linking ISPs with law enforcement agencies so that they may exchange legal process requests and responses to legal process. Authorized users would communicate through encrypted virtual private networks in order to maintain the security of the data."

But the most controversial element is probably the private Web interface, which raises novel security and privacy concerns, especially in the wake of a recent inspector general's report from the Justice Department. The 289-page report detailed how the FBI obtained Americans' telephone records by citing nonexistent emergencies and simply asking for the data or writing phone numbers on a sticky note rather than following procedures required by law.

- more info

Oursouring continues

U.S. defense contractors’ growing use of offshore (outsource) subsidiaries from 2003 to 2008 allowed the Defense Department to save money on contracts but also resulted in the loss of U.S. tax revenue and unemployment benefits for some U.S. workers, according to a new report from the Government Accountability Office.

Practical Guide for IT Outsourcing a HandiGuide

The 29 largest publicly traded defense contractors increased their use of offshore subsidiaries by 26 percent from 2003 to 2008, the report states.

Those subsidiaries helped the contractors reduce taxes, in part by avoiding Social Security and Medicare payroll taxes for U.S. workers hired at the foreign subsidiaries, GAO auditors said.

About a third of the contractors also decreased their effective U.S. corporate tax rates in 2008 in part through the use of foreign affiliates, lower foreign tax rates and indefinite reinvestment of foreign income outside the United States.

- more info

Almost 200,000 jobs lost in IT during this recession

IT Salary Data Job cuts in technology were fierce in 2009, but 2010 is expected to see modest growth in a number of subsectors. The last time layoffs were this bad was in 2005.

Job cuts in technology were fierce in 2009. Last year saw 174,629 jobs lost in the sector, catapulting up 12.3 percent from the 2008 cuts of 155,570 jobs, according to an outplacement company which tracks industry numbers on announced layoffs. Technology - still considered by the Department of Labor to be one of the most promising industries for future job creation - has not seen that many layoffs since 2005.

The worst of the downsizing occurred in the first quarter, which is when the overall economy hit rock bottom. The recession's impact on the tech sector was inescapable.

The technology-focused blog TechCrunch developed its own "layoff tracker" Web application, which has been documenting layoffs in the sector since October 2008. For comparison, as of its last update in November 2009, TechCrunch had reported a total of 350,299 employees laid off - roughly 20,000 more, but certainly in the same ballpark.

The tech sector accounted for about 13.2 percent of the total 1.3 million announced job cuts in the United States in 2009, said Challenger, Gray & Christmas. By subsector, electronics fared the worst with 65,000 jobs cut - up 55 percent from 2008 - while telecommunications lost 9.4 percent fewer jobs in 2009. The computer industry was unchanged.

It's going to be a slow climb out of this recession, but computer and electronics firms should be among the first to see the turnaround, as companies try to postpone hiring by achieving productivity gains through technology. Even with the economy showing some nascent signs of recovery beginning the second half of the year, many companies are holding off on investments in new technology. And, with it still [being] difficult for small businesses and startups to obtain loans, there are few opportunities for tech firms to expand their customer base.

Despite the potential for improved hiring in the new year, there are a lot people competing for every opening and many employers are very particular about what skills and experience they want new workers to have. It is critical that technology workers continually update their skills in order to remain competitive. It is necessary to maintain a balance between having specialized skills and having the flexibility of a generalist. It may also be necessary to expand one's search to more industries or geographically.

We'll see a radically transforming marketplace - driven by surging demand in emerging markets, growing impact from the cloud services model, an explosion of mobile devices and applications, and the continuing rollout of higher-speed networks. These transformational forces will drive key players to redefine themselves and their offerings and will spark lots of M&A activity.

- more info

IT Job Descriptions HandiGuide 2010 Version Released by Janco

Job DescriptionsThe IT job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide® was updated in 2010 and contains over 650 pages; which includes sample organization charts, a job progression matrix, over 231 job descriptions, best practices for resume screening and best practices for phone screening. 

The author of this book has extensive experience in job content definition and analysis. He personally is recognized by the courts as an "expert" and has been used by a number of firms as an expert in age and job discrimination cases. The HandiGuide includes some of the tools that he uses in that process.

Order IT Job DescriptionsSample IT Job DescriptionIT Job Descriptions

The book also addresses Fair Labor Standards and the ADA, and is in a new easier to read format.  Each job description meets ADA standards and the position description is delivered in electronic format - word which is editable and PDF which is printed.  Also included are tools to help you expand, evaluate and define your enterprise's unique additional required. Those tools include:

  • Job Evaluation Questionnaire
  • Position Description Questionnaire
  • Job Progression Matrix (Job Family Classifications)
  • Best Practices for
    • Screening Resumes
    • Phone Screening
    • Hiring employees
    • Motivating employees
  • Mandated Requirements
    • American with Disabilities Act (ADA)
    • Health and Safety Requirements (Federal and State)
    • Fair Labor Standards Act
    • Sexual Harassement
    • Other Labor Laws
- more info

Google personal lead sensitive data in error


It was reported in Computerworld that Google apologized after it mistakenly e-mailed potentially sensitive business data last week to other users of its business listings service.

Security Manual - Sarbanes-OxleyThe company's Local Business Center allows businesses to create a listing for Google's search engine and Maps application, as well as add videos, coupons or photos.

Google then provides data on how customers found the listing, showing search terms people used before clicking the listing and other data such as the geographic location of someone who looked up driving directions to the business.

Google will send reports to those who are signed up. Early last week, Google sent the reports to third parties by mistake. The mistake affected several thousands businesses registered with Local Business Center, of which there are more than a million.

"Shortly after sending the newsletter to a portion of our users last night, we discovered that some e-mails included statistics for the wrong business," Google said in a written statement. "We promptly stopped sending any further e-mails and investigated the cause, which we found to be a human error while pulling together the newsletter content. We'd like to apologize to all the business owners impacted and assure them that we're fixing the process that led to this mistake."

People who received the data then began to publicize the incident, realizing the privacy implications. Chicago-based Internet consultant David Dalka wrote on his blog that he received information regarding the listing for Boscos, a restaurant in Tennessee that brews its own beer.

- more info

Massachusetts information security requirements

As of January 1, 2010, all organizations with operations and/or customers in the state of Massachusetts are required to follow comprehensive information security requirements regarding both paper and electronic records containing personal information. These requirements include enforcing password security, encrypting all personal information stored on laptops and removable devices and ensuring up-to-date firewall protection, operating system patches and the latest versions of security agent software. Read this whitepaper to learn how your organization can meet the necessary requirements and improve its security practices. - more info

Personal and Professioal Bonuses Cut By Most Enterprises

Fringe benefits are cut by most entetprises.  Health insurance is the only benefit that has reamined.

Fringe benefits

Download Salary Survey  Order Salary Survey

Companies have started to cut back on the fringe benefits provided to IT Professionals.  For example in January of 2008 95% of IT professionals had health insurance supplied by their employers while in June 2009 only 88% did.  A full historical comparison of trends in benefits is included with the full version of the Janco IT Salary Survey.

- more info

User Departments Often Drive IT Infrastructure Excesses

Often a departmental business manager submits a request to the IT organization for a new server to host a critical business-intelligence application. The request itself is unremarkable; after all, it is common for a business unit to ask IT to deploy additional hardware infrastructure to support their application requirements.

However the company may have multiple similar requests in queue, and all include a request for storage arrays dedicated to the applications being added. All too often, it's a common reaction to request dedicated servers and storage for new applications. And some CIOs and IT departments accommodated such requests to a fault. However, at times, this addition of processing and storage capacity occurs without adequate understanding of whether there may be unused capacity available. It also fails to recognize that each new addition of servers and storage adds to the complexity of the IT infrastructure.

- more info

Will Google violate your privacy in the future?

Sensitive Information PolicyGoogle Goggles could violate your privacy without your knowing it. Goggles lets you send photos of a business card, book cover or even bar code from your Android-based smartphone to Google for quick identification and data manipulation. Now if that software is extended to include photos your personal privacy could be impacted.

The way it works is that you snap a photo by centering your image in the Goggles screen and pressing a small camera icon at the bottom of the screen. Goggles then scans the image, analyzes it and identifies it. If the image is of a business card, Goggles separates the information into fields and lets you put it into your Google Contacts database. If it's a book, the app offers to let you purchase or research it. If it's a store or a landmark, Goggles fetches Google search info about the location. (Objects such as cars, animals or people aren't, according to the instructions, really identifiable yet.)

Imagine pointing your smartphone at anything, clicking a button and having all the information about that object immediate appear.

- more info

SmartPhones - new security risks

Security Policies ProceduresAs the iPhone, BlackBerry, and other devices have become more popular, harmful software such as viruses and spyware is emerging to exploit their vulnerability. Cheaters beware. In late October, Indonesian developer released mobile-phone software that can help someone eavesdrop on your conversations.

A distrusting partner or spouse can secretly download the free application, called PhoneSnoop, onto your BlackBerry, remotely turn on the microphone, and listen to conversations held in proximity to the device. PhoneSnoop, downloaded more than 2,000 times since its release, is one of a growing number of applications that can be downloaded onto a smartphone without a user's knowledge. FlexiSPY similarly can be downloaded onto Research In Motion's BlackBerry or the Apple  iPhone.

Smartphones and the growing number of people using them are becoming a bigger target for unauthorized and potentially harmful software, including worms, viruses, and spyware that tracks a user's Web activity. The smartphone security threat "is imminent," says a principal analyst at consultant Infonetics Research.

- more info

Computerization does not always save money according to Harvard study

"As currently implemented, hospital computing might modestly improve process measures of quality but does not reduce administrative or overall costs" say a Harvard Medical School study.  The stuyd looked at some of the nation's "most wired" hospital facilities found that computerization of those facilities has not saved them any money or improved administrative efficiency.

IT Infrastructure Strategy Charter ISO
The recently released study evaluated data on 4,000 hospitals in the U.S over a four-year period and found that the immense cost of installing and running hospital IT systems is greater than any expected cost savings. And much of the software being written for use in clinics is aimed at administrators, not doctors, nurses and lab workers.

The problem "is mainly that computer systems are built for the accountants and managers and not built to help doctors, nurses and patients," the report's lead author.  While many health care experts believe that computerization will improve quality of care, reduce costs and increase administrative efficiency, the Harvard Medical School report notes that no earlier studies closely examined computerization's cost or its effect on a diverse sample of hospitals. Even hospitals on the "most wired" list "performed no better than others on quality, costs, or administrative costs," the study found.

- more info

Congress fails security check

The Washington Post reports that a (now) ex-employee of the U.S. House Ethics Committee put a sensitive report detailing 30+ current investigations  on to a public accessible computer. Wired Magazine also reported on this story, saying it was put onto a personal computer, and then placed it into a file folder used for peer to peer file sharing to the Internet.

This lack of compliance with basic security policies and procedures is a major defect in how Congress is protecting sensitive information.

No word on what file sharing application tool was used. If it was setup as anonymous FTP, it may have been from one specific computer or wound up on hundreds if not thousands of computers.

The ethics committee is one of the most secretive panels in Congress, and its members and staff members sign oaths not to disclose any activities related to its past or present investigations. Watchdog groups have accused the committee of not actively pursuing inquiries; the newly disclosed document indicates the panel is conducting far more investigations than it had revealed.

- more info

Risk Management is focus of ISO 31000-2009

ISO has announced that ISO 31000:2009, the new international standard for risk management, has been published.

Entitled 'ISO 31000:2009, Risk management -  Principles and guidelines', the standard provides principles, framework and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.

The standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system.

At the same time, ISO has published 'ISO Guide 73:2009, Risk management vocabulary', which complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.

All organizations, no matter how big or small, face internal and external factors that create uncertainty on whether they will be able to achieve their objectives. The effect of this uncertainty is risk and it is inherent in all activities. It can be argued that the global financial crisis resulted from the failure of boards and executive management to effectively manage risk. ISO 31000 is expected to help industry and commerce, public and private, to confidently emerge from the crisis.

ISO 31000 is a practical document that seeks to assist organizations in developing their own approach to the management of risk. But this is not a standard that organizations can seek certification to. By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management. ISO Guide 73 will further ensure that all organizations are on the same page when talking about risk.

- more info

Programmers can go to jail for their work

IT Job DescriptionsIT professionals now have one more worry on their minds,  they have to be aware of what they design and program is legal. 

Two computer programmers who worked for Bernard L. Madoff  were arrested and charged in connection with the multibillion dollar Ponzi scheme.  They were charged with conspiracy, falsifying books and records of a broker-dealer, and falsifying books and records of an investment dealer according to the U.S. Department of Justice (DOJ).

The two were employed as computer programmers at Madoff's business  beginning in the ealy 1990's and were primarily were responsible for developing and maintaining computer programs that supported the operation of Madoff's investment account business.


IT Salary Data The progammers "... allegedly helped construct Bernie Madoff's house of cards," the U.S. attorney said in a statement. "The computer codes and random algorithms they allegedly designed served to deceive investors and regulators and concealed Madoff's crimes. ... they have been charged for their roles in Madoff's epic fraud."

As a broker-dealer and investment adviser, BLMIS was required, under the federal securities laws and regulations, to keep certain books and records in the ordinary course of its business, including: trade blotters containing an itemized daily record of details about all of BLMIS's purchases and sales of securities; documents reflecting each order underlying the purchases and sales of securities and the times at which the orders were received and executed; and the name and address of the beneficial owner of each account held at BLMIS.

The programmers developed and maintained computer programs that generated numerous false and fraudulent books and records. They created books and records for a small subset of BLMIS investment account clients to help hide the scope and nature of the business; altered details about the number of shares, execution times, and transaction numbers for trades reported on BLMIS trade blotters, by employing random algorithms that produced false and random results;and created false and fraudulent order entry and execution reports that included fictitious times at which orders for equities transactions purportedly were placed.

The programmers allegedly knew that the special programs they developed contained fraudulent information and that they were used in connection with the SEC and European accounting firm reviews. One of the two attempted to delete 218 of 225 special programs from a server and also closed their own BLMIS accounts, withdrawing hundreds of thousands of dollars each.

Handwritten notes found by the FBI in one of the programmer's desk stated,  "I won't lie any longer. Next time, I say 'ask Frank.'"

- more info

Is recovery around the corner?

PC processors are the latest tech segment bouncing back from the recession.

Third-quarter shipments of computer processors, or CPUs, climbed 23 percent over the second quarter of 2009, doubling typical growth and setting a record for sequential growth, according to an IDC report released Monday.

Revenue from processor sales also bounced back to hit $7.4 billion, a 14 percent gain over the second quarter, according to IDC's "Worldwide PC Processor 3Q09 Vendor Shares" report.

Most meaningful about 3Q09 is that, since PC processor shipments overall just slightly exceeded shipments in 3Q08--which was itself a record quarter at the time--we know that the processor market is recovering.

- more info

IT security - Often a Myth

IT Security polices for notebooks and desktops are typically managed by restricting the choices that users have by reducing the number options that are supported. This standards-based process ensures control by reducing flexibility. But try maintaining that system when users can buy a relatively cheap smartphone with as much power as a desktop had in the early 1990s.

Furthermore, attempts by IT organizations to prevent the use of handheld devices has largely failed because of the number of tools available to work around IT policies. For example, users who are restricted from using wireless e-mail often find ways to redirect e-mail to outside ISP services, where they synchronize e-mail to their personally owned devices. This raises the security threat for enterprises because it means that control of e-mail routing has been losts.

- more info

Security Policies Should be Part of Normal Business Practices According to Federal Judge

Security Policies ProceduresA federal judge has rejected a proposed settlement by TD Ameritrade Inc. in a data breach lawsuit. That marks the second time in recent months that a court has weighed in on what it considers basic security standards for protecting data. The case stems from a 2007 breach that exposed more than 6 million customer records.

The federal judge did not find the proposed settlement to be "fair, reasonable, or adequate." Rather than benefiting those directly affected by the breach, Ameritrade's proposed settlement was designed largely to benefit the company. The judge described the additional security measures that Ameritrade proposed in the settlement as "routine practices" that any reputable company should be taking anyway and should be defined in their normal security policies and procedures.

In September 2007, Ameritrade said that the names, addresses, phone numbers, and trading information of potentially all of its more than 6 million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later used to spam those customers.

As part of an effort to settle claims arising from that incident, Ameritrade this May said it would retain an independent security expert to conduct penetration tests of its networks to look for vulnerabilities.

The company also offered to retain the services of an analytics firm to find out whether any of the data that had been compromised in the breach had been used for identity theft purposes. The company also said it would give affected customers a one-year subscription for antivirus and anti-spam software.

- more info

Google Falling Behind in Browser War

Google will not fully integrate its Chrome Web browser with Microsoft's new Windows 7 operating system.

IE Market Share Trend

The news follows an announcement by the Mozilla Foundation that Firefox 3.6, the next version of the open source browser, would integrate with Windows 7 features such as taskbar thumbnail previews and Jump Lists.

        

However, according to reports in The Register, Google's internal issue tracking system indicates that work on the features has been pushed back to version 5 of the browser. Chrome is currently on the 3.0 release, while version 4 is currently in development.

Despite the scaled back ambitions, work seems to be progressing on Google's Chrome OS. An early developer build of the operating system has been leaked onto Google's Web site. Stay tuned for more details.

- more info

Free speech and the Internet challenged

The ongoing case in Cook County Circuit Court also treads into the still developing arena of Internet speech protection, experts say. Stone acknowledges that she hopes it sets a precedent for protecting minors from potentially harmful chatter directed at them online.

A woman was embroiled in a tough campaign for the Village Board when the Daily Herald published an article about the race the day before the April 7 election. She won a seat. A Daily Herald story shortly after the election noted there had been "an unusually nasty tone" in the race as the women and five other candidates vied for three seats.

On April 9, in online comments to the April 6 story on the newspaper's Web site, a person using the name Hipcheck16 wrote something directed toward women's son that women's attorney described in court filings as defamatory.

Since there have been relatively few cases like this in U.S. courts, a University of Notre Dame law professor  said there is a strong probability the court proceeding will become an important part of emerging case law.

Recent court rulings have tended to side with anonymous posters and against those who want their identities revealed. And judges are more likely to set a higher threshold when ruling on identifying anonymous sources in newspaper stories, although in this case the newspaper was merely hosting an online forum, not providing the content.

The trend has not been in the direction the women probably would like it to go.

Sensitive Information Policy

This policy covers the treatment of Credit Card, Social Security, Employee, and Customer Data.  The policy is 15 pages in length. This policy complies with Sarbanes Oxley Section 404.

The policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals). 

 - more info

Password suggestions from Google

Security Manual - Sarbanes-OxleyA Google representative advises using unique passwords for every Web site. They suggest selecting a phrase and using the first letter of every word in the phrase or some variation of that as a password, ideally with special characters added in to make it more secure. In addition:

  • Passwords should be a mixture of letters, numbers, and symbols to minimize the risk of dictionary attacks, by which cybercriminals use programs to try every word in a dictionary database as a potential password.
  • Using personal information as a password should be avoided because that information can often be found on social network profiles and aggregated from other online sources. Stay away from the names of pets or children, birthdays, phone numbers, addresses, or the like. They are too easy to guess.
  • Do not leave passwords on notes next to your computer.
  • make sure that your password recovery information is up-to-date. After choosing a complex password, you may forget it, and you do not want the password reset e-mail going to an abandoned e-mail account or to someone who might exploit the opportunity to hijack your account.
- more info

Why are Disaster Recovery and Business Continuity Not Current and In-Complete

Disaster Recovery Plan TemplateThere are plenty of partial, outdated, or ineffective disaster and business continuity plans out there - why is it so difficult to get it right?

  • Data collection: How do you collect the data for the disaster and business continuity plan in the first place? There is no one single source for everything you need, particularly if you are trying to integrate relevant external information such as support dates, power consumption, etc. Every vendor delivers this information in different formats, different frequencies, and different vehicles - ranging from data sheets to websites to release notes.
  • Data inconsistency: How do you handle the inherent inconsistencies in data? For example, OS version numbers are often conflicting; vendors change their product names or renumber versions over time, etc. Normalizing the data (making it adhere to consistent rules and categories) is a cumbersome task and the accuracy and consistency of the data needs to be reassessed at every step.
  • Categorization: If you want to categorize the information in the disaster and business continuity plan, you have to create the taxonomy (or hierarchical categorization) for the industry data. This alone is a significant task, there are many ways to slice and dice the universe of technology products, and no standards have been defined within the IT industry to define this information in a consistent manner.
  • Manageability:  Any extensive technology disaster and business continuity plan is a large and complex data store. A spreadsheet is insufficient for storing and managing rich structured data for thousands of products and vendors. The disaster and business continuity plan should be able to track and maintain the complex relationships between technologies and categories (parent/child relationships, one-to-many mappings, and so on). Developing an appropriate, extensible data store is a complex undertaking.
  • Maintenance:  As soon as you have finished the disaster and business continuity plan, you have to start updating it. The Information Technology industry is constantly changing, which means that your work is never done. If you go through a massive effort to produce a disaster and business continuity plan for a single business function, the value of that investment is lost if you cannot keep it up to date.
- more info

IT Spending to Fall Even Further

Research from Goldman Sachs expects IT spending to start moving upwards in 2010, but a survey of British small firms finds many still worried about the impact of recession on their businesses.

The survey found a quarter of firms expect to be hit harder during the later stages of the downturn. A quarter reckoned that the first quarter of 2009 was their worst trading period but almost a third - 31 per cent - reported no fall in orders. 19 per cent of SMBs said sales had fallen over 20 per cent.

DRP/BCP Security TemplatesMetrics Internet ITDisaster Planning Audit

In the last six months 45 per cent of firms have made people redundant - a third have cut up to 10 per cent of staff.

But looking forward, 38 per cent of small and medium enterprises believe revenue falls will slow in the next six months and just over a quarter expect the downward trend to end completely by year end.

- more info

Virtual servers ignored in may disaster recovery business continuity plans

Disaster Recovery Plan TemplateAccording to the latest disaster recovery research report from Symantec, based on surveys of 1,000 IT managers in large organizations worldwide, 35 percent of an organization's virtual servers are not included in its disaster recovery plans.   Worse yet, not all virtual servers included in an organization's disaster recovery plan will be backed up. Only 37 percent of respondents to the survey said they back up more than 90 percent of their virtual systems.

Cloud based managed backup and data recovery services do exist, but they tend to be very expensive "enterprise-class" or offer mediocre consumer-oriented services.  Several issues need to be addressed before cloud base backup and recovery services are a reality:

  • Getting data from and to individual desktops needs to be automated and not overhead intense on the desktop or the network
  • Developing a  working security model that can be applied and managed universally
  • Providing verifialble data integrity to guarantee that the data is actually users data if  they  are not in private space or virtual machines
  • Creating services with service level agreements that address the risks associated with data loss
- more info

Terminated employees use alumni groups to find new jobs

With the economic downturn, former employees of high-tech companies are staying in touch by joining alumni groups to find jobs, business opportunities and socialize. There has been such a group for ex-IBM employees since the early 1960's.  The sophistication of these groups varies but not their main mission: it is all about networking.

  IT Salary Data  IT Job Descriptions

Some of the  groups that exist are for:

  • Microsoft
  • PeopleSoft
  • Oracle
  • IBM
  • Sun Microsystems

For example, the Microsoft Alumni Network, with its 10,000 members, charges membership fees and offers a range of benefits. The PeopleSoft Alumni Network makes its money exclusively from job ads on its Web site. It has about 3,800 members on LinkedIn, the social networking site for professionals. They are chiefly people who worked at the company before it was acquired by Oracle Corp. in 2005.

Some of these groups to have close relationships with the parent company, which posts job ads on the group's board and helps validate prospective alumni to ensure they previously worked at the companies.

Members can use their connections to an alumni group to search out former colleagues at companies they are interested in working for, to brainstorm and perhaps learn the name of a hiring manager and most alums are willing to help.

- more info

Top Network Security Weakness Identified by Janco

The most common security mistakes that are made on corporate web sites have been identified by Janco Associates of Park City, UT.  They are:

Top Network Security Weaknesses

  • Corporate web site is encrypted but the login process is not
  • Data validation for forms is contained in client-side JavaScript
  • Using unencrypted or weak encryption for Web site or Web server  management
  • Using weak encryption for back end managementConnect to the network from an unsecure access point
  • Sharing login credentials
  • Using only single level verification for access to sensitive data
  • Having "public" workstations or access point is connected to a secure network 
- more info