IT Job Descriptions and Salary Data Latest News

Adobe said that it is committed to open architecture and by passing the copyright to ISO they now have a product that competes with MicrosoftÂ’s Office Open XML, a proprietary XML-based document format it built for its Office 2007 productivity suite, to the ISO. The ISO approved OOXML on April 1 in a controversial vote that is still being contested by some of the standards bodies that took part in it.

A group calling itself "NetDevilz" claimed responsibility for the hack, which Thursday morning temporarily redirected visitors to the sites for IANA and ICANN (Internet Corporation for Assigned Names and Numbers).

Users who tried to reach iana.com, iana-servers.com, icann.com and icann.net were shunted to an illegitimate site. According to a screen capture of the defacement snapped by zone-h.org, the bogus site simply displayed a taunting message claiming ownerhship of the assignment processes.

• Install a robust firewall and SPAM filter at the front end of the corporate mail server
• Improve SPAM filters on both desktops and smart phones
• Provide company owned laptops and smart phones that have robust SPAM filtering software and
• Limit the accessibility to POP and non-company mail servers

Without systems in place to keep applications and data flowing after a natural disaster or other interruption, a business risks losses that extend far beyond a manufacturing plant or data center. Many businesses incur ongoing financial loses, damage to a businesses' reputation, and possible regulatory and legal sanctions. In a worst-case scenario like 35% of the companies that FEMA estimated, a company can find its existence threatened.

How can an organization tackle disaster recovery and business continuity issues effectively? How can it develop a strategy that reduces risk and increases the likelihood of success? And how can it devise a roadmap for coping with constant change? There are no easy answers, but the Disaster Recovery Planning Template with the Security Manual  Template are a step in the right direction.

Park City, UT -  The prospect for IT professionals is not good. Janco has found that IT compensation growth remains flat, hiring is limited to key replacements, and discretionary spending has been cut back and in many cases eliminated. The CEO of Janco said, "As we collected compensation data for our mid-year 2008 IT Salary Survey we found that at the end of the first quarter businesses turned off the faucet for IT spending. Many businesses, in response to economic projections, slowed down and halted discretionary spending for software and hardware as well as placed hiring requisitions on a slow track."

  The summary findings in Janco 2008 Mid-Year IT Salary Survey are:

• Hiring demand is now the lowest it has been since 2004. Many enterprises have stopped hiring except for key replacements and those positions are being replaced at lower salary levels.
• Enterprises have slowed down and in many cases eliminated discretionary spending by IT. This has resulted in fewer projects being initiated, consultants use being reduced (if not eliminated), and a slow-down of initiatives that had already been approved.
• In the last twelve (12) months the increases in compensation for most IT Professionals were lower than increases in the cost of living.
• The mean increase in compensation for CIO's was less that 1.5%. The mean compensation for CIOs in large enterprises now is $179,823 and $171,755 for CIOs in  mid-sized enterprises. (Large enterprises have over $500 million in revenue and mid-sized have are $100 to $499 million in revenue).
• The mean compensation (which includes bonuses) for all Executive IT positions surveyed now is $144,645 in large enterprises and $131,763 in mid-sized enterprises.
• Positions that were in high demand in the 4th quarter of 2007 such as CSOs and others to develop new Web 2.0 applications are now back to normal hiring patterns.         
• Administrative positions in some IT functions are now being looked at as those that are expendable

They said that Without competition, the free enterprise system suffers. It is true across all segments of industry, and that includes the business of agriculture.

The American Corn Growers Association represents part of a thriving industry knows it has to adapt and change to survive market conditions through the years.

An AGCA spokesperson said it is no different for the family farmers out there, who have come to use search advertising as a way to mitigate risks associated with supplying customers and their businesses. Fewer providers, they fear, means higher prices.

Responding to the bank's delay in reporting one incident, which was not disclosed for over three (3) months, the Connecticut Governor said: "The disastrous effects of identity theft are virtually instantaneous in today's computerized world, and the lag time between the theft and the notification only aggravates what is an already outrageous situation."

BNY Mellon's chief risk officer said the bank now plans to improve security related to backup tapes. From Computerworld - "To bolster its security controls, the bank said it will now require that any confidential data written on tapes or CDs for transport must be encrypted or transported with undisclosed additional data protections. Further, when "technically feasible," the bank will demand that encrypted confidential data be delivered to off-site facilities electronically".

After exposing 4.5 million people to identity theft, it seems the notion of tape encryption suddenly popped into their heads. 

One in four workers said they plan to stay connected with work while they are on vacation this summer, a percentage that has nearly doubled in the last two years, according to a survey released by CareerBuilder.  The bulk of these hyper-connected workers were in the IT industry. Beat out only by sales workers, 37 percent of IT workers said they planned to check in while away.

Yet while IT workers also led the way in the requirement to be connected in the off-hours - 19 percent said working, checking voice mail and/or e-mail while on vacation was mandated by their employers - the reverse of this is that four in five IT workers are checking in with their jobs while on vacation on their own volition.

The Solutions Research Group study found that 68 percent of Americans feel anxious when they are not connected in one way or another. This disconnect anxiety (feelings of disorientation and nervousness when a person is deprived of Internet or wireless access for a period of time) affects all age groups, describing their feelings when offline as dazed, tense, inadequate and even panicked.  The study also found that 63 percent of BlackBerry users admitted to having sent a message from the bathroom.

In fact, this concept of "technology addiction" has gone so far that U.S. psychiatrists are considering adding this "compulsive-impulsive" disorder to the next release of the DSM-V (Diagnostic and Statistical Manual of Mental Disorders) in 2011.

Firefox version 3.0 has a cleaner look and is significantlty faster than prior versions.  One issue over the long terrn will be the exposure to security breaches with the Master Password feature.

IE 8.0 will default to a standards-compliant rendering of Web content -- an approach that had been pushed by site developers in lieu of a mode that stresses compatibility with IE7. A new tag, which can be applied on a per-page basis or site wide, instructs IE8 to display the content as would IE7. Browsing with this default setting in IE8 may cause content written for previous versions of Internet Explorer to display differently than intended

The first beta of IE8 is not exactly in widespread use. According to the latest data from Janco Browser and Operating System Market Share Study IE8 Beta 1 accounted for just .03% of all browsers used in May 2008. IE7, by comparison, held the top spot with a market share of 30.07% and IE 6 at 34.22%.

What many vendors do not realize is there are a large number of users who just do not like to change. These people are not technophiles, they are just users who comfortable with what they are using and they do not want to deal with the risk that something they depend on does not work.

Many feel that just because a product is old it does not mean it do not meet their requirements. Eventually as their computers get replaced they will move to a new version of an OS and Browser because that is what the computer comes with.

A great example of this reluctance to change is Vista. After 18 months, many have not moved to it because they do not to risk what they have that works with something new.

Another example is seen in a a survey by Opinion Research Corp. which found that non-iPhone and non-BlackBerry smart phones were the single most-returned gift during the most recent holiday season; more than one-fifth of those purchased were brought back to stores. Why? The top reason was the inability to understand the setup process.

Returned gadgets are bad enough for the companies that make them, but the survey also found that almost 16% of those polled said that trouble with phone setup 'significantly worsened their perception of the company that manufactured the product."

The summary findings in Janco's June 2008 Browser and OS Market Share White Paper are:

• Firefox's market share now is 15.05% versus 19.06% in January 2008

• IE's market share is 65.50% versus 66.72% in May 2007 and 61.06% in January 2008

• Netscape's market share has remained at the same level (10.64%) as before the announcement that it would no longer be supported.

• Google Desktop is gaining in popularity and now commands 3.27% of the market

• Microsoft's Vista continues to have a slow acceptance and is on approximately 14.55% of internet connected desktops.

A summary of Janco's browser market share data can be found on the IT Productivity Center's (ITPC) web site (http://www.itproductivity.org/browser.php) .  In addition the full white paper with excel spreadsheets can be purchased for $249.

The attack in China and Taiwan is ongoing. In addition with the impact of the earthquake and the associated relief efforts, the attack is having a huge impact. Even if they cannot successfully insert malware, they are killing lots of Web sites right now, because they are just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.

In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a log-in. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.

Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft Corp.'s SQL Server.

Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware on Friday. Most of the affected servers are in China, while some are located in Taiwan. The attackers appear to be using automated queries to the Google search engine to identify Web sites vulnerable to the attack, he said.

The attackers in the more recent outbreak are not targeting a specific vulnerability. Instead, they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites.

The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plug-ins that are popular in Asia.

The 27-count indictment, returned in Central Islip, N.Y., charges a Ukrainian , and an Estonian with wire fraud conspiracy, wire fraud, conspiracy to possess unauthorized access devices, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, computer fraud and counts of interception of electronic communications.  In addition a one-count complaint charges a Miami resident with wire fraud conspiracy related to the scheme.

According to the indictment and complaint, they engaged in a scheme in which they hacked into cash register terminals for restaurants at various locations around the United States in order to acquire credit and debit card information. The defendants then sold the stolen data to others who used it to make fraudulent purchases or re-sold it to make such purchases, causing losses to financial institutions that issued the credit and debit cards.

The data included the customer account number and expiration date, but not the cardholderÂ’s name or other personally identifiable information.  The indictment alleges that in or about May 2007, gained unauthorized access to the cash register terminals and installed at each restaurant a packet sniffer, a malicious piece of computer code designed to capture communications between two or more computer systems on a single network. The packet sniffer was configured to capture the credit card data as it moved from the restaurant point-of-sale server through the computer system at the companys corporate headquarters to the data processors computer system. At one restaurant location the packet sniffer captured data for approximately 5,000 credit and debit cards, eventually causing losses of at least $600,000 to the financial institutions that issued the credit and debit cards.

    The 25 percent figure is 3 points higher than a study conducted in January and 11 points higher than one completed in October, indicating a deepening trend.  The study also found that  55 percent of the respondents said software spending will not change in the next 90 days, and just 12 percent indicated it will rise.

Cuts to capital budgets appear to be a factor, according to the survey. Twenty-six percent of people who took it said their capital budgets had been cut over the past three months, a 4 point rise from January. In contrast, only 8 percent reported an increase in their capital budgets.  However, 27 percent reported they simply did not need to buy any new software, down two points from the January survey.

A number of major software categories, such as ERP (enterprise resource planning) and CRM (customer relationship management) applications, showed weakness moving forward.  But spending on two, virtualization and security, will see a modest jump in the next 90 days, according to the study.

But in a May 2 filing with the FCC, Google contends Verizon has no such intentions. Instead, Google claims, Verizon plans to institute a two-door policy: one door for open access devices and applications and another door for closed devices that only support Verizon's proprietary applications.

In the filing, Google urged the FCC to deny Verizon a license to use the spectrum until it fully commits to an open network.

Verizon has taken the public position that it may exclude its handsets from the open access condition, Google states in the filing. Verizon believes it may force customers who want to access the open platform using a device not purchased from Verizon to go through Door No. 1, while allowing customers who obtain their device from Verizon access through Door No. 2.

It is door No. 2 that troubles Google, which is heavily invested in promoting its own Android open-source mobile platform. As the search giant sees it, Verizon plans to deny Verizon customers full open access to competing devices and applications.

Accourding to Google, the FCCmandates opening the C Block network for the use of any device, and for the use of any application on any device, regardless of whether an end user obtains the device from the licensee, another service provider, a manufacturer or other third party.

Verizon promptly dismissed the Google concerns.

The Google  filing has no legal basis.  It is really no surprise that despite not winning spectrum, they continue to try to change the rules and further their own business interests through the regulatory process, Verizon spokesman said in a statement, adding that Verizon plans an FCC filing in next several days to counter the Google claims.  

Last summer, Google lobbied the FCC into adopting open access standards for the prime C Block of spectrum, a notion Verizon initially opposed in a lawsuit, contending that the spectrum should go the highest bidder with no restrictions. Verizon eventually dropped the legal challenge.

Verizon Wireless Â… understood the FCC rules for using that spectrum in advance of the auction, a Verizon spokesman said. Of course Verizon will abide by those rules.  As Verizon works to put the spectrum we won to good use, if Google or anybody else has evidence that we aren't playing by the rules, there are legitimate and expedited ways to address that.

Such a discount could cause a surge in demand. At last count, Apple had sold some 5.4 million units, the vast majority of them for AT&Ts network, even with price tags of $400 to $600—essentially unheard of in the U.S. cellular market. Impressively, AT&T says 40% of its iPhone users are new customers. Yet with rival smartphones like Research In Motion's (RIMM) BlackBerry and a new Palm (PALM) Treo selling for as little at $99 at some carriers, competitive pressures are building.

But a price cut might be about more than nabbing new customers. AT&Ts goal may also be to boost monthly revenues from existing subscribers who switch to the iPhone, as the big colorful screen and robust Web browser on the Apple device tends to make iPhone owners heavier users of AT&Ts wireless data services. AT&T brings in about $90 a month from each iPhone user, reckons an analyst with UBS Investment Research (UBS). When Apple cut the price on the iPhone by 33% earlier this year, it stimulated demand, he says. If this new price turns out to be true, it would do it again. It's like déjà vu all over again.

For AT&T, eager to generate returns on its multibillion-dollar investments in a next-generation data network, a $200 subsidy on a device with a proven success record may be a no-brainer. This is not unexpected at all. The $200 is a small fraction of the revenue that AT&T makes over a two-year contract.

The topics covered in this issue are:

• IT Service Management (ITSM) is impacted by the recession
• Technology Investments Approaching the Point of Diminishing Returns
• Productivity Tools

In addition the newletter has links to:

• Metrics HandiGuide
• ITSM Template
• CIO Productivity Toolkit
• IT Job Descriptions
• 2008 Salary Survey

There are a number of steps that your company can follow to minimize the exposure to the security breaches.  These include:

• Monitor financial databases directly
• Test access to databases and fix all weakness found
• Audit user access
• Limit downloading of more than 5% of the data to a single source and validate the destruction of that data within a reasonable period of time
• Validate if the way users use the data to see that it complies with company policies
• Validate transactions are authentic
• Conduct an audit with independent auditors
• Automate the system of internal controls with a clear audit trail that is reviewed in real time
• Encrypt data

The need for continued focus and investment is clear, especially when you consider that data-at-rest in enterprises is growing at a compounded rate of 55 percent a year.

Moving all that data is a mounting challenge, and business simply cannot wait.

To meet these growing demands at a reasonable cost, organizations are moving to IP-based networks; 70 percent of North American and 79 percent of European organizations use some combination of the Internet, MPLS or Ethernet to connect to their primary backup datacenter. Bandwidth prices may be in decline, but that doesnÂ’t mean it comes cheap. Bandwidth, on average, is 29 percent of the total cost of replication, backup and recovery solutions, and is often constrained by the effects of latency.

End-to-end plans for turning disaster recovery into full business continuity are very complex, but from an IP-network perspective it can be reduced to three main challenges.

The first is to accomplish backups in a timely yet accurate manner. Given organic data growth, and that each logical data object has between four and eight copies somewhere in the network, even differential backups can be tough to fit into assigned windows. Synchronous or live-to-live data models are even more bandwidth intensive and latency intolerant.

The second challenge is minimizing downtime. In the event of a failure or disaster, how quickly can backed-up data be restored? Considering a differential backup can take 8 hours or more to complete, and only represents 10-20 percent of the total data set, a full restore can be daunting. According to Ziff Davis Research, the average organization has 94TB of managed storage, and getting that data across the network only begins after the systems have been physically restored.

Finally, because of how long full data recovery can take, most organizations are moving from disaster recovery to disaster tolerance, where some level of service can be quickly restored in the name of business continuity. To do this effectively requires both warm – or even hot – standby servers and the ability to quickly re-route users, customers and partners to the secondary location. Beyond the clear routing and networking challenges, there are additional application performance concerns. Users may have to cross physically or logically longer networks with higher latency to reach the redundant datacenter, and do so over links whose bandwidth is typically provisioned as sparingly as possible.