Gartner Group Sarbanes-Oxley News   ---  

• CIOs must keep all IT systems and networks managed, optimized, and available to contribute maximum business value at minimal cost.
• CIOs need to protect critical infrastructure against an increasingly hostile threat environment spyware, viruses, attacks, intrusions and human-engineered security lapses.
• CIOs  must prevent exposure to legal and regulatory compliance penalties or breach disclosure laws. If IT fails in any one of these areas, their organizations can go out of business, or face criminal sanctions.

In meeting these responsibilities, CIOs can no longer incrementally buy new tools to meet any new requirement that makes headlines in the technical or business media. Business drivers, security and compliance mandates converging on the enterprise require a converged response. CIOs now demand solutions that enable them to eliminate redundant technologies and processes and integrate disparate elements into a common workflow. While established enterprise software vendors have adopted the language of convergence and consolidation, their product lines remain constrained by legacy architectures and designs. Proposing radical change to their customers' carries the risk of disrupting established revenue flows not to mention technical risks inherent in overhauling or replacing obsolete products.

Business runs at a velocity unimagined a few short years ago. Complex and highly distributed environments have grown to support an intricate web of partners, suppliers, distributors, and customers. Service oriented architectures and web-based applications have progressed from vision to real-world instantiation as enterprises look to leverage technology to innovate and deliver new services. In this new world, IT-delivered services must be available 24x7 to customers, suppliers, employees, regulators, investors and other constituencies.

The highly exposed nature of today's IT infrastructures fundamentally changes how organizations manage IT assets, processes and data. IT organizations can no longer treat resource management and maintenance as back-end functions that can be performed at times and conditions of their choosing. Neither is their work protected from outside scrutiny. Processes whose success or failures were largely internal now make the difference between business success or failure, legal compliance or litigation, prudent stewardship or ineffective execution.

• 123456
• 12345
• 123456789
• Password
• iloveyou
• princess
• rockyou
• 1234567
• 12345678
• abc123

Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second - or 1000 accounts every 17 minutes according to Imperva. 

• The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
• Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".

Data storage managers are making moves toward solid-state storage and solid-state drives (SSDs), with 14% of 360 survey respondents planning to implement them this year and nearly 40% planning to evaluate them this year (in addition to the 7% who already have them in place). Those numbers mean that right now Many CIOs could use help in comparing SSD vs. HDD and determining what value they'd get from implementing SSD to fix performance problems. This is a role that's tailor-made for an operation's manager and represents an excellent value-add opportunity.

When CIO and CEO look to trim costs, care needs to be take so that long term productivity is not impacted.  In addition, if employees feel they are not productive because of "technology', once the economy improves they will find better jobs where the technology is more current..

Questions that you need to have answers to are:

• What is the the impact of e-mail downtime on today's business,
• What are the types of potential failures -- both the common and the not-so-common along with the general probability of occurrence, and
• How do you plan to mitigate the impact of these challenges to ensure adequate levels of protection for your e-mail environment.

For IT departments charged with delivering greater business value in the face of unprecedented data growth, storage virtualization is a very attractive way to control costs, improve performance and maximize resource utilization.

• Increased funding security budgets
• New compliance regulations created and enforced by congress
• New problems with mobile security: new mobile phone worms and Trojans
• A new key area of competition: Cloud computing
• Growth in desktop virtualization

Security Manual Template Policies and Procedures

ISO 27000 (27001 & 27002) - Sarbanes-Oxley - PCI - Patriot Act - HIPAA Compliant

This Security Manual for the Internet and Information Technology is over 240 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley.

         

The PCI DSS security requirements apply to all “system components.” A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances.

Storage is more than a mainframe peripheral and as such has a profound impact on the entire IT industry and IT budgets in particular. Vendors are now poised to make a major impact by illuminating a series of expensive problems within storage environments caused by an endless array of duplicate data sprawl. CIOs and IT professionals now realize they do not have to keep buying more and more storage capacity as there are more efficient ways to store and manage information - especially in secondary storage environments.

The crux of the matter is this: Technical support should no longer be perceived as a pricy "fix-it shop around back"; technical support has grown into a revenue-generating, company-strengthening powerhouse right in the heart of the organization. With the right tactics and technology, your support center can realize its full potential by becoming an essential, strategic component of your organization's success. Just as a surgeon needs the proper tools to perform operations, so, too, must support center representatives have the proper tools to get their jobs done efficiently and cost-effectively.

  The 500 jobs will come between now and 2014. IBM qualified for the rebates after passing environmental and community standards. The company retrofitted 22,000 square feet of space in a 62,000 square-foot space.

Call center job salaries in the area range from $23,000 to $38,000 a year.

The executive director of the Boulder Economic Council, said the expansion shows IBM's stake in staying in Boulder. "What it really indicates to us is that IBM corporate is feeling like Boulder is a key site for their operation," she said. "That says that IBM supports this site in the long run." Draper said the 500 jobs being created "probably aren't going to be the highest-paying jobs in the county by any means," but they will still be good jobs that come with training and stability.

IBM has taken a lot of heat in 2009 from its union and former employees after shedding an estimated 10,000 jobs. The exact figure of layoffs this year is not known, as IBM does not publicly announce its restructuring or job cuts, but former employees have well documented the occurrence of layoffs. Many workers have been forced to train employees in Asia and other countries who replaced many employees in North America.

Cyber Monday refers to the Monday after the U.S. Thanksgiving holiday when retailers, ranging from Wal-Mart Stores Inc to Amazon.com Inc offer deep discounts or limited-time only deals on their websites to lure holiday shoppers.

Overall, Americans plan to spend an average of $1,096 on holiday gifts this season, up $207 from last year -- the largest year-on-year increase since the boom shopping season in 1999, the last time this annual survey hit the $1,000 mark.

Spending plans don't guarantee a strong shopping season; actual consumer spending can depend on the prices and products people see in the stores, the effect of marketing campaigns and economic conditions as they develop. But robust spending plans are surely a good sign.

The National Retail Federation raised its holiday shopping forecast, projecting 6 percent growth in sales over last year, up from its September forecast of a 5 percent increase. NRF said this was its first-ever mid-season adjustment in a holiday sales forecast; it cited strong retail sales in October and falling gasoline prices.

For the first 36 days of the November-December holiday season, online holiday spending reached nearly $16 billion,  up 3 percent from a year ago. For the week ending December 6,  online holiday spending rose 3 percent to $4.6 billion.

The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said the CEO and CTO for the U.K. security company Prevx.

The Security Manual for the Internet and Information Technology is over 220 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority.

Instant messaging exchanges can be used to sneak files or secrets to outsiders. Employees and contractors often retain their "friend lists" as they move from one department (or company for contractors) to another, or from one employer to the next. Colleagues who IM one another every day could be working for competing firms, and a careless response to "what are you working on lately?" can be disastrous.

Many hack attempts use social engineering to infiltrate corporate networks. An e-mail that seems to be from your IT administrator and requests your login info seems harmless enough, until the hacker at the other end gains entry. The issue is one of education and awareness, and unsuspecting employees become, in essence, potential threats.

Many employees do not take safe data handling practices to heart. They will copy work files onto USB drives or portable hard drives, or even e-mail them to their personal accounts for retrieval from home. This sort of routine activity can place sensitive data at risk, especially considering how easy it is for a small USB key, a smart phone, or a laptop to be misplaced or stolen.

Solving problems unique to a machine can be an arduous task for both the end user and the help desk. Windows 7 introduces the Problem Steps Recorder - a screen-capture tool that allows the end user to record the problems theyÂ’re having, step by step. ItÂ’s as simple as hitting "start record" then adding in comments as needed. A HTML-based file converts to a .ZIP folder, which is easily passed on to the help desk. The program is accessible from the Control Panel under "Record steps to reproduce a problem" or run psr.exe from Explorer.

In a report that was recently published it was estimated that breaches cost companies between $90 and $305 per lost record. This includes notifying customers, hiring contractors to fix computer systems, fines and lost business. In addition, over 95 percent of network attacks are entirely financially motivated. This is different than two or three years ago where it may have been a college student who wanted to crash your computer. Threats today burrow deep in computers and hide. They are a lot less visible today.

Indeed, the new threats are much more sophisticated than those security experts had foiled in the past. The easy things - viruses, Trojans and worms - are generally stoppable by most firewalls or certainly inline intrusion prevention. But now, hackers and the organizations that fund them have upped the ante for gateway and network security.

The executive director of Flyersrights.org, alleges Delta obtained sensitive e-mails and files and used the material in an attempt to derail the "Airline Passenger's Bill of Rights of 2009," which is pending before Congress.  If the bills are passed, airlines could lose as much as $40 million in revenue and spend much more to comply, the lawsuit contends. The bills would allow passengers to deplane if they have been delayed on the tarmac more than three hours. They would also be entitled to clean air and access to medical treatment.

• The next generation of chips for notebooks
• Mobile-oriented features in Windows Vista and XP
• Embedding wide-area broadband capabilities
•  "Ultra-light" notebooks, Ultra-Mobile PCs (UMPCs) and other mobile devices
•  "Green" notebook-related initiatives by vendors in manufacturing, use, and post-use stages.

More Processing Power

For notebooks, the continued improvement in CPUs - the "brains" of the system  - means doing more work faster. It also means using less energy (and not costing more than their predecessors). Intel's newest CPU family for notebooks, desktops, and servers has Core 2 Duo processors and the latest 45-nanometer (nm) process technologies. The processors offer nearly twice the density of Intel's older 65nm approach. That translates into more than 400 million transistors for dual-core processors and more than 800 million for quad-core, providing faster processing and less energy use. It also adds to energy efficiency.

Browser Twelve Year Historical Trend

The full study was produced with data through August 2009.  See a full copy of the  press release here.

The Browser Market Share and Operating System Market Share White Paper data is by month starting in September 1997 through the August 2009.  The data sampled is internationally based (Just under 50% of the data points sampled are outside of the United States).

(JAMA) Sixty percent of US medical schools responded (78/130). Of these schools, 60% (47/78) reported incidents of students posting unprofessional online content. Violations of patient confidentiality were reported by 13% (6/46). Student use of profanity (52%; 22/42), frankly discriminatory language (48%; 19/40), depiction of intoxication (39%; 17/44), and sexually suggestive material (38%; 16/42) were commonly reported. Of 45 schools that reported an incident and responded to the question about disciplinary actions, 30 gave informal warning (67%) and 3 reported student dismissal (7%). Policies that cover student-posted online content were reported by 38% (28/73) of deans. Of schools without such policies, 11% (5/46) were actively developing new policies to cover online content. Deans reporting incidents were significantly more likely to report having such a policy (51% vs 18%; P = .006), believing these issues could be effectively addressed (91% vs 63%; P = .003), and having higher levels of concern (P = .02).