XML Feeds

CTO Toolkits.com
e-janco.com
IT Productivity.org
IT-Toolkits.com
ejobdescription.com
psrinc.com
psrorders.com
newsgroupworld.com
ntcity.com
disaster-planning-template.com
disaster-recovey-planning.org
disaster-recovery-planning.com
disaster-recovey-planning-template.com

IT Job Descriptions

Disaster Recovery Business Continuity

Security Manual Template Policies & Procedures

IT Salary Survey

IT Hiring Kit

The IT Salary Survey draws on data collected throughout the year by extensive interviews, internet-based survey data, and survey forms completed by businesses throughout the United States and Canada.

IT Job Descriptions - IT Salary Data XML Feeds

Janco IT Productivity Center ejobdescription IT-Toolkits

CIO - Job Description - Salary - IT - News

Cloud Process Benefits Defined

The benefits that that come from Cloud Processing and the associated infrastructure transformation include:

Improvement in application performance
Hardware reduction
Reduce system administration overhead
Reduce carbon footprint
Power savings
Savings in software licenses
Faster job submissions
Downtime avoidance
Reduce compliance and ISO 9001 validation time
Single path to support
Warranty savings

Janco also points to other less tangible advantages that cloud processing achieves, such as: higher employee productivity, better performance across its infrastructure and avoided costs of outages. Additional savings and efficiencies, such as from virtualization, casn be expected as the cloud process continues to expand.

Firefox releases 4.0 Beta

Mozilla has launched the fourth beta of Firefox 4, adding bookmark and password synchronization, and revamping how people wrestle tabs.

The latest build supports the first attempt at accelerating Firefox 4's page rendering by tapping the graphics processor. The hardware acceleration, available only in Windows Vista and Windows 7, is disabled by default.

Trends in Browser Market Share

Firefox 4 Beta 4's most visible addition is "Panorama," a new name for what Mozilla had been calling "Tab Candy." Largely driven by the work of Aza Raskin, creative lead of Firefox, Panorama lets users collect tabs into sets, graphically displays those sets, and when users open a tab, shows only those tabs within the group.

Mozilla, which calls Panorama a tab manager, has argued that it's the next step in the evolution of tabs.

Windows 7 takes off

Windows 7 is success

A major finding in the report is that Microsoft's new Operating System, Windows 7 has 17.39% of the OS market less than 13 months after its availability. That is a major factor in Microsoft's improved record earnings. Janulaitis said, "The last time that an OS was accepted as quickly the market was XP. Vista's market share has peaked and is in the process of being decommissioned in most enterprises."

New IT Metrics Program and Benchmark Program

Most IT Managers understand the importance of collecting, reporting and acting on performance metrics, but few put this knowledge into action in a meaningful way. Our partners at Janco Associates' recommend that all IT organizations develop and maintain a metrics program by focusing on simple metrics that address specific business issues like spending and staffing justification or performance improvement.

To help you identify and launch a metrics program that is meaningful to your specific business, Info-Tech has assembled the Metrics for the Internet, Information Technology, and Service Management HandiGuide. It is a collection of metric reports and tools designed to get your IT team's metrics program up and running quickly and easily. You will be given simple steps to creating a metrics program including the most important step: How to act on the results and improve IT performance to better serve the business.

Mainframes and server farms are sources of productivity improvements

In the post-recession environment, the demand and supply mismatch between IT departments and the businesses they serve is growing. Business demands on IT are increasing while IT budgets have been cut.

The needs that IT can't address as a supplier, it can address through other means. CIO can be a facilitators connecting the business units to the services they need, whether internally or externally, such as from a cloud or software-as-a-service provider.

IT is becoming more responsive, not because it can do more, but because it can acknowledge and help the business with more of their operationals needs. Productivity levels have improved

The path to value is taking some familiar and some new directions while also running into age-old issues.

Company have saved millions, mostly in cost savings, by putting new applications into a mainframe and on stand-alone servers environmens. The savings came from the smaller physical footprint, reduced cooling and power needs, and reductions in networking and systems administration work.

Social networks hinder productivity

Social networks had already surpassed e-mail use among American Internet users. But according to a Nielsen Co. survey, online gaming is now also more popular that e-mail.

According to the Nielsen survey, Americans today are spending nearly a quarter of their online time posting comments, pictures and video on social networking sites like Facebook and Twitter, making it the most popular online activity among Americans.

Online gaming is the second most popular online activity, accounting for 10% of online use, while e-mail ranks third at 8.3%. In a survey completed in June, 2009, e-mail was the second most popular online activity, accounting for 11.5% of Inernet activity.

Workforce mobility a productivity issue for CIOs

Part of the CIO's job is to support maximum productivity by choosing appropriate infrastructure for laptops and other devices to meet the individualized needs of mobile employees. But IT leaders also must support the mobile infrastructure in a way that is designed to minimize costs, simplify administration efforts, protect against mobile-specific threats, and ensure security. Key enablers of the mobile workforce include the following:

Outstanding security and network accessibility
Simple, intuitive systems and data management tools
A streamlined process for backing up critical data
Smooth transitions when changing hardware or software

Good metrics improve performance

When valid metrics are used, performance improves. Janco has found that these six rules need to be followed.

Select metrics that relate directly to the factor that you want performance improved on
Have at least four but not more than six metrics that are focused on a particular performance factor
Set minimums and maximum values for each metric before you start
Base metrics on at least two months of trend data
Have metrics that are both leading and lagging indicators
Set targets where actions will be taken when those thresholds are crossed

Service-Oriented Architecture and IT Service Management Are Keys To Success in the Recovery

SOA and ITSM drive success and productivity

One bad customer experience can cost you that customer for life. Hospitality, travel, retail, healthcare, and financial services are especially prone to losing customers who have a negative experience. It does not take much for a customer to decide that you and your company are not worth his time, effort, or money.

Customers like to feel loved, and they are turned off very quickly when they sense that you do not care about the pain they are feeling. Even if you cannot help them because the situation is beyond your control, acknowledge that you understand both the situation and their frustration.

No customer wants the person serving her to be distracted or preoccupied. Ever go to the local mall and try to get help from a teenager focused more on texting her friends than helping you find what youre looking for? On the other hand, being too focused can be a bad thing. Have you ever asked an innocent question out of curiosity and then found yourself stuck for an eternity while a customer support person hunts endlessly for an answer? This person is likely so focused on getting the answer that he does not realize that you really do not care that much about it and would rather not wait for an answer to an inessential question. Be sure your people understand the degree of focus required for the job.

Even if the employee has the right skill set and experience, his odds of being successful and remaining on the job are low if his core behaviors and tendencies do not line up with those needed for success in that particular role. This is especially true for customer-facing roles in which your frontline employees act as extensions of your brand and heavily influence the customer experience.

IT Service Management drives customer satisfaction

Industry estimates peg the costs of acquiring new customers as being about five times more than the costs incurred to satisfy existing customers. IT Service Management and change control are keys to this process.

Customer retention and satisfaction also drive profits. According to some experts*, a 2 percent increase in customer retention can have the same effect on profits as cutting costs by 10 percent. And a 5 percent reduction in customer defection rate can increase profits by up to 25 to 125 percent, depending on the industry.

Additionally, existing customers are the ones who are most likely to be future purchasers. Theyve already shown they want and like your products or services and are willing to pay for them. And in many cases, customer profitability tends to increase over the life of a retained customer.

So whats the key to retaining customers? Keeping customers happy has always been a cornerstone of good business practice. But with today's economic conditions, delivering good service to ensure satisfaction has become critical to any companys success.

Security of wireless networks compromised by Google

Security of wireless networks is a concern of Connecticut Attorney General Richard Blumenthal who is heading up a 30-state investigation into Google's Wi-Fi data gathering scandal.

Blumenthal's investigation adds to the legal headaches for Google caused by the revelation that its Street View cars were collecting wireless "payload" data in addition to geolocation data from unsecured wireless hot spots. Ever since Google revealed the extent of its data gathering a month ago in response to inquiries from German regulators, lawyers and politicians have been lining up to express their outrage.

"Consumers have a right and a need to know what personal information--which could include e-mails, Web browsing, and passwords--Google may have collected, how, and why," Blumenthal said in a statement posted on his Web site. "Google must come clean, explaining how and why it intercepted and saved private information broadcast over personal and business wireless networks."

Record mangement key to information goverance

Effective record management and information governance provides a foundation for addressing the various challenges faced with electronic information, including:

Management of information growth. Proactively monitoring and managing what content is being stored based on business value and record keeping obligations;
Mitigation of risk. Reducing risk and ensuring conformance with different regulatory, legal and business policies; and
Management of access to content. Driving competitive advantage and improving business operations through both access control and better re-use of information. Policy is at the heart of each of these challenges and key to an information governance strategy.
Information governance is most effective when policies can be carried forward consistently with enabling technologies. Foundational technologies at the core of a good information governance strategy include classification, security and access control, retention policy management, search, archiving and content management.

Recovery Point and Recovery Time Metrics

Recovery point objective (RPO) refers to the amount of data loss a customer can tolerate, specifically the point in time to which your enterprise must be able to recover the data. Some enterprises require an RPO of ZERO. That means the enterprise cannot lose a single committed transaction in the event of a site failure; they must be able to recover the data back to the zero minute of the time of the disaster. There are implications to setting up an RPO of zero. The replication solution will require synchronous replication (explained in detail later in this section) and may impact performance of the application being replicated.

An RPO of greater than zero, for example 30 minutes, can be handled differently. An RPO of 30 minutes means the customer can tolerate losing the last 30 minutes of transactions in the event of a site failure. If the disaster occurrs at 12:00, the customer must be able to recover the data to at least 11:30 (30 minutes prior to the disaster). This can most likely be accomplished with asynchronous replication with minimal performance impact to the application. In this situation, careful planning and monitoring of the write-history log is essential to support the expected RPO.

A RPO can only be determined by their business rules and other governances of their environment. The customer must weigh the risk of data loss in a higher RPO against the cost and performance impact of a zero RPO.

Recovery time objective (RTO) refers to the amount of time it takes a customer to get their backup site up and running after a complete failure at the primary site. Most customers have an RTO of anywhere from 15 minutes to 8 hours, though the average is about 2 hours. This includes the time to failover the replicated LUNs (logical Unit Number) to the backup EVA (Enterprise Virtural Array) , recover the backup database and bring it online, and redirect any applications to the backup database server. A faster RTO can usually be accomplished by prestaging the backup site to the greatest extent possible.

Most Common Security Weaknesses - Sarbanes-Oxley Compliance

Security Manual Template has a solution for each of these weaknesses.
    1. Improper account provisioning with segregation of duties
    2. Insufficient controls for change management
    3. A general lack of understanding around key system configurations
    4. Audit logs not being reviewed (or that review itself not being logged)
    5. Abnormal transactions not identified in a timely manner be considered abnormal or a violation of a security policy within the network.

go to http://www.itproductivity.org/Security.htm

Risk management starts with risk assessment

There have been lessons learned from the current financial crisis in wasy to address perceived weaknesses in risk identification, assessment and management. The direction that CEOs and CIOs need to taker are:

Risk management must be given greater authority
Senior executives must lead risk management from the top
Management needs to review the level of risk expertise in their organisation, particularly at the
highest levels
Managers should pay more attention to the data that populate risk models, and must combine
this output with human judgment
Stress testing and scenario planning can arm executives with an appropriate response to events
Incentive systems must be constructed so that they reward long-term stability, not short-term
profit
Risk factors should be consolidated across all the business operations
Managers should ensure that they do not rely too heavily on data from external providers
A careful balance must be struck between the centralisation and decentralisation of risk
Risk management systems should be adaptive rather than static

Common threads for security issues

A comprehensive survey compares findings of several security studies and finds that:

Big jumps in incidence of password sniffing, financial fraud, and malware infection.
Organizations often are fraudulently represented as the sender of a phishing message.
Average losses due to security incidents are down again this year (from $289,000 per company to $234,244 per company), though they are still above 2006 figures.
Twenty-five percent of companies felt that over 60 percent of their financial losses were due to non-malicious actions by insiders.
Most companies are satisfied, though not overjoyed, with all security technologies.
Most companies t their investment in end-user security awareness training was inadequate, but most felt their investments in other components of their security program were adequate.
When asked what actions were taken following a security incident, 22 percent stated that they notified individuals whose personal information was breached and 17 percent stated that they provided new security services to users or customers.
When asked what security solutions ranked highest on their wishlists, many named tools that would improve their visibility - better log management, security information and event management, security data visualization, security dashboards and the like.
Companies generally said that regulatory compliance efforts have had a positive effect on their organization's security programs.

Improving knowledge worker productivity a CIO challenge

Many analysts support the notion of an integrated productivity environment for information workers. Many vendor frameworks combine these capabilities to create the next-generation workplace for information workers. The introduction of Microsoft Office 2007, Open Office and Google Documents are solutions with tight design integration, deliver the functionality that would have previously required 6 - 10 products for a full business productivity platform. The next releases of these products will take this integration to the next level by providing more flexibility in delivery and new capabilities to help improve productivity by saving the business time and money. - more info

Chnage control and Quality Assurance Fail at McAfee

Change control and quality control fail at McAfee, as a result they released a product that caused thousands of customer PC to fail. McAfee has responded with the following statements:

How did this DAT file get through McAfees Quality Assurance process?

Process Some specific steps of the existing Quality Assurance processes were not followed: Standard Peer Review of the driver was not done, and the Risk Assessment of the driver in question was inadequate. Had it been adequate it would have triggered additional Quality Assurance steps.
Product Testing there was inadequate coverage of Product and Operating System combinations in the test systems used. Specifically, XP SP3 with VSE 8.7 was not included in the test configuration at the time of release.

What is McAfee going to do to ensure this does not repeat?

Strict enforcement of rules and processes regarding DAT creation and Quality Assurance.
Addition of the missing Operating Systems and Product configurations.
Leveraging of cloud based technologies for false remediation.
A revision of Risk Assessment criteria is underway.

What is McAfee going to do to prevent this from happening again?

Nearly all of McAfee's 7,000 employees have been working around the clock to help customers get back to business as usual and to make sure this never happens again.
McAfee is implementing additional QA protocols for any releases that directly impact critical system files. McAfee is rolling out additional capabilities in Artemis that will provide another level of protection against false positives by leveraging an expansive whitelist of critical system files and their associated cryptographic hashes.

Network Solution Sites Hacked Again

Securi Security Labs said that at least 50 sites hosted by Networks Solutions had been hacked and that malicious JavaScript injected into those sites was redirecting unsuspecting users to a Ukrainian attack server. The same server was involved in the earlier attacks against Network Solutions-hosted blogs.

Acccording to Computerworld a spokesman for Network Solutions said they have received reports that some Network Solutions customers are seeing malicious code added to their websites.

Many compliance isses faced by CIOs

Compliance with regulatory mandates and internal security policies is critical to the success of any enterprise. To protect the integrity of enterprise-owned information, prevent corporate scandals, and ensure customer privacy, new laws and regulations have emerged governing a variety of enterprises. Some of today's more prominent security mandates include:

SOX - The Sarbanes-Oxley Act of 2002 requires strict internal controls and independent auditing of financial information as a proactive defense against fraud.
HIPAA - The Health Information Portability and Accountability Act of 1996 requires tight controls over handling of and access to medical information to protect patient privacy.
GLBA - The Gramm-Leach-Bliley Act of 1999 requires financial institutions to create, document and continuously audit security procedures to protect the nonpublic personal information of their clients, including precautions to prevent unauthorized electronic access.
FISMA - The Federal Information Security Management Act of 2002 is meant to bolster computer and network security within the federal government and affiliated parties (such as government contractors) by mandating yearly audits.
Basel II - The Capital Requirements Directive/Basel II Accord established an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face.
UK Data Protection Act of 1998 - The eight principles of the Data Protection Act state that all data must be processed fairly and lawfully; obtained and used only for specified and lawful purposes; adequate, relevant and not excessive; accurate, and where necessary, kept up to date; kept for no longer than necessary; processed in accordance with individuals rights as defined in the Act; kept secure; and transferred only to countries that offer adequate data protection.