Technology Management  -  IT Management - News Portal

Once those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and this attack happens once every month). In this example, US$35,000 x 12 = US$420,000 per machine.

To protect your financial viability, you need to be able to perform data restoration and bare metal system recoveries more efficiently and faster than ever.   

• Conduct weekly searches to monitor your company name and company reputation
• Review content of company and employee blogs for accuracy and compliance to company policies
• Validate that all public information has a real identity – this includes blogs and press releases
• Apologize and admit your errors
• Redirect blogs to positive product, employee and company information when anything negative is posted
• Minimize negative comments and never say anything negative about your competition or its products.

Amazon has argued that since it does not have a physical presence in the state that it should not be required to collect taxes on shipments going to New York. Amazon has no physical presence in New York, according to the suit. It does not own, lease, or otherwise occupy any physical property in the state, and none of its employees works or resides in the state.

In addition Amazon says the New York law is unconstitutional based on a 1992 U.S. Supreme Court ruling that claims states are prohibited from requiring out of state retailers to collect sales tax unless the company has a physical presence in the state.

In the Quill v. North Dakota case, the Supreme Court re-established the rule that a state could not impose sales tax collection on a business unless the company had employees or property in the state.

New York defends the law by arguing that the Amazon Associates program, which allows Web site publishers to receive commissions by promoting Amazon items through their sites make Amazon liable to collect taxes on its behalf for those affiliates who live in New York.

One piece of bright news for Amazon and other online retailers is that the state of New York is not seeking back taxes. A spokesman for the state said the legislation provides for a limited amnesty for online sellers who register as sales tax vendors and start collecting taxes by June 1, 2008.

If the seller registers and starts collecting sales tax by June 1, the seller will not be liable for tax not collected for sales tax quarters prior to June 1. Conversely, if you don't register and it is later determined that you should have, you could be subject to tax dept audit for quarters prior to June 1.

Brick and mortar companies are generally supportive of the Amazon Tax, saying it levels the playing field by forcing online retailers to collect state sales tax. The down side is that it could potentially mean fewer sales for online retailers.

If the New York law is upheld, you can be sure a whole host of other states will follow its example and implement similar laws. The New York law is projected to generate $50 million in revenue this year and $73 million next year.

The for purchase product enables organizations to control how employees use the Internet, and provides easy-to-use tools to create, enforce, and monitor the right web policy for your organization.

Web virus and spyware protection

• Proactive blocking of web malware before it reaches your network
• Protection from zero-hour threats
• Eliminate spyware back-channel communications
• Reduce patching and updates

Web filtering and content control

• Protects your network and your staff from undesirable web content, file types and MIME types
• Quota support by surfing time, bytes transferred and number of connections
• Optimizes network resources by reducing bandwidth congestion
• Monitors online activity with comprehensive reporting

Protection for roaming and remote users

• Extends to all roaming employees wherever they are working – at home, in a hotel room, café, client premises, or Wi-Fi spot
• Applies acceptable use policies to all roaming employees
• Enhances privacy by automatically encrypting all web traffic when the user connects to a public network
• Eliminates the need to backhaul traffic over the corporate VPN
• Simplifies management with no endpoint client and updating

In order to be a successful Chief Information officer (CIO) an individual must have excellent management skills have proven processes in place in order to lead the IT function and the enterprise effectively.  

The CIO needs:

• Open communication channel to all levels of the enterprise from CEO to shipping clerk
• Information that gives the CIO the real, unadulterated truth about how the Information Technology group is performing.
• Strategic information which is focused on managing the business performance of their function.
• Information from various sources that are outside of the CIOs area of control
• Time to digest all of the information and data

The worldwide shift from stationary desktop computers to highly-portable laptop and tablet PC computers offers enterprises increased productivity, flexible work schedules and greater work/life balance. Driven by the need for increased productivity and the ability to present up-to-date information at a moments notice, secure mobile computing can be an enterprises greatest strength. However, research indicates that lost or stolen laptop computers cause nearly 50% of public data breaches. With recently expanded state data breach legislation, even a single lost or stolen computer can expose enterprises to the negative publicity and increased costs associated with public data breaches.

 
DRP Security Bundle

Today, accepting the loss or theft of one laptop or tablet PC or Smartphone (PDA) is simply not an option. A missing device can result in compliance and data protection issues that may be very costly to an organizationÂ’s reputation and bottom line. Organizations need to be able to accurately track their computers, know who is using them, what is installed on them, and be able to prove the actions taken to secure computers remain deployed and intact until the computer can be located.

The topics covered in this issue are:

• Real ID Implementation status
• SOX Compliance Requirements
• Security Audit Program

The Newsletter also provides direct links to topics on:

• Disaster Recovery and Business Continuity
• Job Descriptions
• 2008 Salary Survey

• Network and perimeter security (including firewalls)
• Endpoint security and threat mitigation (including anti-virus and patch management)
• Data security
• Identity and access management
• Wireless security 

The Security Manual address each of these issues and provides solutions which can be implemented immediately.

Users must install and maintain antivirus software. Security policies must define what applications and configurations are acceptable where, and IT and business processes must ensure that security policies are monitored, and exceptions are corrected.

Gaining transparency into risk and security status with rapid, flexible security assessments can quickly improve risk management. Assessments should deliver risk-relevant views of IT infrastructure to track progress towards policy compliance targets and the Security Audit program does that in compliance with all mandated requirements.

As guidance and a framework for SOX compliance, the US Securities and Exchange Commission (SEC) has mandated that affected organizations use a recognized internal control framework. The SEC makes specific reference to the recommendations of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). While there are many sections within the Sarbanes-Oxley Act, the focus here is on section 404, which addresses internal control over financial reporting. This section requires the management of public companies to assess the effectiveness of the organizationÂ’s internal control over financial reporting and annually report the result of that assessment.

We are seeing a change in the threat landscape, from ones that were noisy and targeting the perimeter of the network, to becoming much more silent, difficult to detect and highly targeted. These attacks are mostly targeting Web browsers and the client applications on the computer itself. And while a small business network may not be as complicated as an enterprise network, they still have desktop and mobile clients.

Because small businesses have fewer IT resources at their disposal, they need solutions that provide comparable protection, at affordable costs and requiring minimal administration.

The threats are:

• Spyware
• Attacks inside the firewall  -  USB devices
• WiFi and other rogue access points
• Worms and viruses
• Information theft via authorized paths
• Phishing
• Key stroke logging
• Instant Messaging
• Blended attacks