XML FeedJanco Associates 

IT Management News   ---  

 

Cloud storage DRP and SOA is a wave of the future

 

The advent of cloud computing and service-oriented data protection is mutating the role of backup administrator. The backup process is becoming a service offering by the IT department as part of the internal cloud's application service level agreement.

The backup administrator's role is transforming from the traditional "tape jockey" into a "data protection policy manager". An example of this is the push by many to make network backup more of a policy engine for backup and disaster recovery – business continuity.

Three recent advancements in technology are beginning to transform data center operations and the role of the IT Administrator:

·         Virtualization (Server and Storage)

·         Disk-based continuous and snapshot data protection

·         Data Deduplication

Virtualization (Server and Storage): The role of server virtualization is to provide an abstraction layer between the server hardware and applications, so they can be moved between servers at will, and the role of storage virtualization is to provide the same abstraction between the servers and the storage.

Job DescriptionsThe ability to abstract applications and storage from the actual hardware makes the hardware a commodity, enables applications to be moved from one server to another at anytime, without downtime, and allows storage to be purchased based on price and reliability, rather than functionality in the firmware.

Storage virtualization also facilitates the movement of data. Application data can be moved anywhere, anytime, based on performance or other requirements via a policy created by the IT admin.

Disk-based continuous and snapshot data protection: A continuous data protection (CDP) and snapshots to the mix eliminates the need to do bulk transfers of data over the network to make actual backup copies. The definition of a backup is a copy of the data, and it has to be a full copy to actually be a backup.

The backup copy must be separate from the production copy, and must be stored on physically separate hardware or storage media. Once the base copy is available, that copy can be used as the source for snapshots so that the primary copy is unaffected.

In order to accomplish real-time non-disruptive snapshots, the copy must be continually updated via CDP technology to capture any new information between snapshots. Instead of the traditional method of backing the data up with a bulk copy operation, data is simply always protected, continually through CDP, and periodically via the snapshots.

Data Deduplication (DD ): So far, we have virtualized everything and have implemented continuous protection for our critical data, and are making periodic snapshots of everything else. Backup is the killer application for DD, but DD also helps make DRP/BCP much more efficient. The reason backup is the killer application is because a full backup copies the same files over and over again. As an example, let's take a legal company with 500 desktops running Excel that are backed up using weekly full copies with a 30 day retention.

How many copies of excel.exe do you need to store? Without DD  the first week there are 500 copies of it on tape, the next week there are 1000, the week after that there are 1500 copies, and the last week there are 2000 copies of that one file before the tapes are over written.

Now extrapolate that out to every file in the organization. You can see how it a DDs up real fast. If you do the math, using typical backup operations and retention requirements, 20TB worth of data with a 2% change rate and 3% growth rate will require over 101TB of media storage if retained over 5 weeks.

With DD The same 20TB with the same growth and change rate at a 7:1 DD ratio could be stored in about 24TB. (101TB - 24TB = a savings of 77TB worth of space!) You can begin to see how much money you can save over time here. But that's not the main benefit of DD.

The main financial benefit of DD (besides less media and storage) is how it saves WAN bandwidth for data replication. WAN bandwidth is typically a re-occurring monthly cost, and although the cost has been going down, it's still a major part of most IT budgets, which is the reason many companies are still shipping backup tapes offsite for disaster recovery. Imagine being able to get data replicated offsite electronically more efficiently and at a lower cost than shipping and storing tapes!

In summary the steps to create an internal corporate cloud.

1.       Virtualize everything so application and data location are irrelevant

2.       Continually protect, rather than use a bulk copy backup for data protection, which will change the physics of backup by removing the need to move large amounts of data at the same time.

3.       DD everything so it can be stored and moved efficiently

4.       Create policies for storage tiers and data life-cycle, and apply those policies on the objects being stored (files, blocks, and tapes) so that the entire data life-cycle is automated, and everything moves to where it belongs based on that policy.

 

more information

 

Pandemic Disaster Recovery Plans At Risk

 

Pandemic disaster recovery planning should consider the impact the H1N1 flu virus could have on the Internet if workers and students are forced to stay home because of the pandemic. Officials at the U.S. Government Accountability Office weighed in on the potential for clogged networks  in a 71 page preport.

Although the issue has been raised before by various ISPs and network carriers, recent worries have focused on securities firms that depend on third parties to clear trades and process payments over the Internet, according to the GAO.

"Internet congestion during a severe pandemic that hampers teleworkers is anticipated, but responsible government agencies have not developed plans to to address such congestion and may lack clear authority to act," the GAO warned.

Internet backbone congestion from a pandemic is not a major concern. The larger problem may be with the network "edge" or "last mile" in the residential portion of the Internet. Janco says that work-at-home strategies for organization may not work as advertized as residential Internet access may not be sufficient.  This is true both from a capacity and bandwidth at work at home sites.

Often many residential DSL users could share a single DSLAM connection at the carrier's switching office to reach the backbone, contributing to congestion problems. Last-mile DSL and cable modem networks are where remote access falls apart.

While the network edge impact would vary by neighborhood, the Centers for Disease Control planning guideline that assumes 40 percent of the workforce might not be in the workplace for an extended period of time during a pandemic.

more information

 

Pandemic Disaster Recovery and Business Continuity Planning First Steps

 

It is not possible to estimate the number of cases of the swine flu - (H1N1) England alone has over 100,000 infections and over 100 deaths. A worldwide pandemic is occurring. Young, obese, and pregnant individuals are primarily affected. The virus is easily destroyed; most cleansers will work, and it appears to be viable about 7 hours on a hard surface and one hour on porous fabric. Patients are most infectious when first coming down with flu, but remain infectious throughout the illness.

Disaster Planning documentation needs to be updated. In addition, businesses should take common-sense precautions before the pandemic, such as frequently having disinfecting wipes available, having  employees and visitors wash hands with soap, use disposable  towels in toilet areas,  and having employees stay at home if they are feeling ill.

Organizations should start preparing now to operate in a quarantine scenario. A key word is cluster, when there are a number of related infections in a department or facility, you can expect to see it close for ten to twenty days and people either voluntarily not going there, or being directed not to go to that location.

Two of the most important issues are how to keep Information Technology and Computer Operations up. CIO and IT managers need to start asking hard questions right now, about how operations will continue if a significant number of people get sick. Technical people do not tend to look at all of the parts of the system and you do not want to wait till you are in a flu situation before you start asking questions and finding out that everything except backups and fund transfers can be done remotely.

Janco has just issued a pandemic press release on how to upate your disaster recovery plan

more information

 

Audit Fatigue is Setting In for Some

 

(Internet Research Group) - Regulation is a part of business, regardless of company size, industry, or geography. In addition, for the most part, the larger the enterprise, the larger the potential for non-compliance risk. Non-compliance can mean a number of things – sanctions, fines, legal action, market value impact, and the cost of remediation may exceed the perceived cost of prevention.

Security Audit Program

The results are supportive of the term audit fatigue, that unmanaged IT Audit efforts within regulated organizations have a negative business impact on IT resources and reduce IT efficiency. However, respondents are largely aware of and interested in tools to automate audit processes and controls as a means of overcoming audit fatigue and freeing up IT budget and resources for innovation rather than compliance. This results in the following:

  • Compliance impact is increasing, resulting in high audit frequency and number: As can be expected, larger organizations must satisfy a number of IT audits. Small to mid-sized enterprises (SMBÂ’s) are also subject to an increased level of compliance requirements – resulting in higher than expected IT audit engagements. Given the lack of consistent IT standards across industries and geographies for audit criteria and reporting, compliance efforts – i.e., IT audit and remediation – are largely manual.


    Security Audit Program

  • Audit costs are unmanaged, resulting in increased cost: Many respondents conduct audits on an ad-hoc basis rather than as a scheduled effort of an enterprise risk-management program. Given the inability to forecast audit and remediation, spending, budgetary control is lost – exacerbating the perceived impact of compliance efforts.
  • Lack of controls automation, limited process maturity: Audit fatigue can be attributed to lack of controls automation and unmanaged IT Audit processes. Limited controls maturity – i.e., repeatable and sustainable controls enforcement and audit processes – constrains IT innovation due to uncontrolled costs associated with IT Audit and issue remediation.
more information

 

Poor access contols encourage internal data breaches

 

DRP/BCP Security Templates

Poor access controls cause most security and data breaches. A solution is to have access controls implemented which enforces specific tasks different administrators can perform, without disclosing the root password. This would help prevent the majority of data breaches that have occurred. Insider attacks are dependent upon access, and the following are effects, which are common and are inherently insecure and expose the enterprise to significant risk:

  • Full access to the network and user accounts. Even junior-level administrators have access to the network and to user accounts, so they can reset passwords, restart servers, and perform other administrative tasks. Of course, this may mean they can use the passwords of other users, if so inclined. This practice is even riskier in the Unix/Linux environment where it is a common occurrence for an entire IT department to share the root password for convenience at the expense of security.
  • Record Management PolicyFull access to the operating system of servers through a senior administrative account. Senior network and system administrators must have superuser (root) access to do their jobs. These privileged accounts are usually required for system functionality and are created when the system is installed. They can bypass system controls to access or destroy sensitive information. Superuser accounts make a variety of attack techniques possible, including the planting of logic bombs during system upgrades.
  • Unauthorized access to a privileged account. An example of this is seen when an unauthorized user may retrieve privileged account information for a database from an application server's configuration file, and subsequently use the credentials in a Structured Query Language (SQL) session over the network to retrieve or modify sensitive data.
  • Compromised encryption keys. This is commonly seen from any employees that have access to the operating system. System administrators know where to find these encryption keys, and they are frequently stored without security or encryption of any kind. Once encryption keys are stolen, all the vulnerable encrypted data is compromised.
  • Unauthorized uses of administrative access. Administrative accounts have been called the "keys to the kingdom" because they have unrestrained access. In native environments, someone with administrative access can destroy audit data to cover his tracks as he/she commits fraud by changing databases whose data is used to create financial records and statements. Worse yet, entire applications or databases are at risk to be destroyed.
more information

 

Air Force activates new cyberspace defense unit

 

Security Policies ProceduresThe Air Force has activated a new communications organization that will support the Air Force's Space Command, a new command that combines space and cyber-space operations under one organization. The new 689th Combat Communications Wing, headquartered at Robins Air Force Base in Georgia, specializes in deployed communications.

The wing will play a support role in combat theaters where resources are sparse, such as Afghanistan, and in humanitarian aid operations, according to the Air Force. The dedicated cyber command, the 24th Air Force, reports to the Air Force Space Command. The Air Force created the cyber command this year, and it became operational Aug. 18.

As the Air Force activates the Combat Communications Wing it fills in a critical security niche.  The 24th Air Force's integration under Space Command represents a landmark in Air Force operations, combining space and cyberspace under a single organization. Like traditional Air Force units, the 24th is set to provide forces for combat -- but unlike traditional units, these forces can also conduct cyber warfare.

The CCW is the newest of three sub-organizations supporting the 24th Air Force; the other two are the 688th Information Operations Wing and the 67th Network Warfare Wing.

The CCW nationwide will comprise roughly 6,000 active duty, reserve and National Guard airmen, as well as civilian and contractor support from the 3rd and 5th Combat Communications Groups, ten Air National Guard Combat Communications units and four Air Force Reserve Combat Communications squadrons.

more information

 

Harm threshold a concern to Congress

 

Security Policies and Procedures and Audit ProgramThe so-called "harm threshold" provision was included in an interim final rule published late last month by the U.S. Department of Health and Human Services (HHS) in a bill requiring breach notification for unsecured health information. Under the provision, health-care entities would have to publicly disclose data compromises only if they think the breach would cause financial harm to those whose data was compromised or hurt their reputation.

In a letter dated Oct. 1, members of the House committee asked HHS Secretary Kathleen Sebelius to revise or repeal the new provision at the "soonest appropriate opportunity."

The letter noted that the new harm threshold provision runs counter to Congress' intent in passing the breach notification bill. The bill's statutory language does not imply a harm standard, Waxman wrote. In fact, in drafting the bill, Congress had explicitly rejected the idea of including such a provision because of the "breadth of discretion" it would have given a breached entity, the letter said.

The health-care breach notification law is part of the $20 billion Health Information Technology for Economic and Clinical Health Act (HITECH) that was passed by Congress earlier this year as part of President Obama's economic stimulus plan. The law, which went into effect last week, requires any organization covered under the Health Insurance Portability and Accountability Act (HIPAA) to notify patients of a data breach involving their personal health information. Companies that use encryption and data destruction methodologies to render sensitive health information unusable and unreadable to unauthorized individuals are exempt.

more information

 

Mobile Device Security Options

 

Security Policies and Procedures and Audit Program

Because mobile devices reside outside the company firewall and beyond the reach of corporate security policies, they are often where unauthorized activity can occur. Users can inadvertently pass viruses, spyware, and other malware to the company network through the VPN. It still matters that a network has a formidable configuration of layered security, but when a notebook or smartphone is lost or stolen, the data stored on the notebookÂ’s is exposed. Enterprises have to have ways to protect that data regardless of its location or place of breach. Options available to the enterprise include:

  • VPN - Many enterprises use Internet Protocol Security (IPSec) VPNs, but the fact that IPSec works at the network layer can add exposure of the entire network to malware found on remote machines. Secure Sockets Layer (SSL) VPN technology works at the transport layer of the Transport Control Protocol/Internet Protocol (TCP/IP) stack and is session-oriented, offering more precision in granting access -  even down to a specific application, file or window of time. Some vendors are offering all-in-one appliances that package not only VPN working on both layers, but also firewall, intrusion prevention and network antivirus.
  • Network Access Control (NAC) - NAC gives the network the ability to grant access to a device based on preset criteria, and then monitor it throughout its connection cycle. If the device behaves in a way that is out of line with policies, it is quarantined, given an opportunity to remediate and then disconnected if it remains noncompliant.
  • Encryption - A data-level form of protection, encryption is centrally managed and updated. It works by jumbling data according to a complex algorithm that machines are able to unlock once they have been authenticated. Everything from a single file to the entire hard disk can be encrypted.
  • Intrusion detection and prevention - Intrusion detection and prevention systems focus on identifying incidents, logging information about them, taking action to stop intrusions and reporting incidents to administrators for further review. These systems work well to stop unusual IPs and to block worms, botnets and other malware. They add an additional layer of security between the firewall and antivirus software.
  • Remote Lock Down and Data Destrition - Credentials and devices that are tagged as inactive can have "self desruct" or "remote lock down" code downloaded and activated in such a way that all of the "sensitive data" on the remote device is "erased" and the device put in such a state that it is not usable with intervention by the enterprise.. Extreme care should be used if this option is used and the help desk should have procedures in place so that devices remotely locked down in such a manner can be re-activated.
  • Data leakage protection - You can secure data, regardless of where it is in relation to the network, with data leakage prevention (DLP) technology. DLP solutions tag data based on a set of criteria such as location of data, application type, file type, keywords and common data strings. These tags alert IT when the data is being used in a certain manner. DLP can prevent the data from being copied, e-mailed, sent via IM, printed, saved to a different device, changed to a different file type or otherwise altered.

Order Policy

more information

 

Poor IT Infrastructure Impacts CIOs and CEOs

 

The primary concerns of CIOs and CEOs is reducing costs , reducing business and IT complexity , and improving ITÂ’s business ability to adapt to the changing business environment. Factors which contribute to the cost and complexity of maintaining and managing IT infrastructure include: security issues, staffing issues, legacy applications / systems,  and lack of standards / standardization.

IT Infrastructure, Strategy, & Charter Template  IT Service Management SOA Change Control

  • Strategic IT decision makers are more likely than their functional IT counterparts to cite improving IT's ability to respond quickly to changing business requirements (i.e. agility) as a frequent challenge.
  • Most CIOs  and CEOs feel that IT infrastructure today has grown too complex and costly. in addition many feel that the cost of maintaining and managing IT infrastructure is  limiting their companies' ability to deploy IT resources to more strategic aims and goals.
  • Many top executivies believe that the complexity of maintaining and managing IT infrastructure is hindering innovation at their companies.  
more information

 

Steps to create a functional business continuity disaster recovery plan

 

Disaster Business ContinuityEvery good disaster recovery plan starts by addressing the needs of the business - not the IT department. That rule of thumb can turn a potentially complex task into a surprisingly simple exercise. The following can help you keep the business perspective in focus.

  • Assess the relationship between IT and the business - Identify critical business functions - sales order processing, billing, production, and customer service. Determine which systems, applications and data must be available to keep each function running smoothly. Customer service processes, for example, typically require the availability of customer information, a call routing system and workstations equipped with working telephones and computers.
  • Prioritize  importance of each application and business function - Develop a hierarchy of business functions and processes based on their importance to operations. You will most likely find that, although some systems need to be up and running as soon as possible after a disaster, other systems can wait. Define the companyÂ’s requirements in terms of ideal RTOs and RPOs. That is, how long can the business wait to become operational again, and how much data can it afford to lose? Choose your technology based on these objectives.
  • Create the Disaster Recovery Business Security Audit ProgramContinuity Plan with business and IT involvement - Gather DRP BCP Auditrepresentatives from across the business, DRP Security Templatefrom IT to human resources and facilities management. Each member should contribute to both the development of the disaster recovery plan and its execution. Define their responsibilities and the reporting hierarchy when a disaster occurs and to equip them with mobile technology, so they can make decisions when required.
  • Create a detail budget for when the plan is activated - Understand that a disaster recovery plan is only as effective as the resources that are committed to it. Once you have determined what it will require to support your business recovery objectives, you need to identify the tools and procedures needed to meet them. Be specific about the cost of these mechanisms, as well as the financial risk of disaster. Build a realistic business case.
  • Create a plan that is as detailed as possible - When you develop a plan, spell out tasks, responsibilities and roles - not only to revive systems, but also to provide access to users and enable operations to continue even under compromised circumstances. Identify the technology you need to meet the companyÂ’s recovery expectations.
  • Test and Maintain the Plan - Business goals, workforce, processes, and technology form a universe of change around your disaster recovery plan. To keep it up to date, you must test it, reexamine it and update it regularly - once a year, twice a year or even quarterly. Also, remember that there are continuing advancements in Information Technology and applications. Keep revisiting your options  - keep the plan current, complete, and accurate.
more information

 

Record managment -- issue for all

 

Records: when you need them, there arenÂ’t enough. When you DONÂ’T need them, there are too many.

CIO Productivity    Browser Market Share

This tension between “keeping versus destroying” (also called “retention and disposition”) can drive a fatal wedge between your business operations managers and your legal advisors. It’s happening every day in organizations big and small.

What can YOU do to manage the careful balance of records management and records trouble? One thing: The Janco Record Management Policy

more information

 

Data breaches continine to be CIO's concern

 

Security Policies and Procedures and Audit ProgramThe FBI received a record number of complaints in 2008, and the associated direct cost of the frauds carried out with stolen data was $265 million versus $235million in 2007.  Adding to this is the challenge of securing personal information and intellectual property data.  Companies are granting access to more systems and information - bank customers access to account balances; workers maintain their own 401k and investment accounts; web shoppers place orders and make purchases with a single click; and business partners work on projects in a collaborative manner online.

To reduce the risk of a data breach or theft, organizations must adopt new tactics.  In addition, companies must address e-mail and Web security along with employing a functional data loss and prevention strategy.  The application of multiple security techniques is required to reduce risk. For example, there must be a way to control spam and block the downloading of malicious software from poisoned Web sites.  In today's open Web 2.0 and social networking environments, companies need a way to defend against attacks and protect secret or sensitive data.  At the same time, they must maintain a flexible and responsive infrastructure to support today's business working habits.

The Janco Security Manual Template has helped over 2,000 enterprises world-wide to  meet these requirements.

more information

 

IT Salaries Fall According to Janco

 

Janco released its 2009 Mid Year IT Salary Survey which shows that overall pay has declined for IT Professionals in the past 18 months. Janco also found that demand is down for IT Professionals.  The CEO of Janco, Victor Janulaitis stated, "The current economic climate with its cost cutting mindsets, business closures, and extensive outsourcing has put such great pressure on the IT job market that overall pay has been impacted.  Added to that many 'baby-boomers' who had planned on retiring in the next few years are not leaving the job market and you have more potential employees than positions available."

IT Salaries

Janco has captured IT compensation statistics since 1996 and publishes its IT Salary Survey semiannually. The IT Salary Survey is based on Janco Associates, Inc. IT Professionals compensation database.  Compensation benchmark hiring and salary ranges are established for each position surveyed. In analyzing the study data, the upper and lower quartiles are eliminated to determine benchmark ranges. The benchmark ranges are then used to assess the alignment of a company's actual compensation to the marketplace for each job function. A summary of the most recent salary survey can be downloaded by visiting Janco IT Salary Survey at http://www.e-janco.com/Salary.htm.

more information

 

CIO and CTO Changing Role

 

In a recent study of over 2,000 CIOs a major firm defined high-growth and low-growth CIOs  who work in organizations with high Profit Before TaxProfit Before Tax growth as "High-growth CIOs" and to those working in organizations with low Profit Before Tax as "Low-growth CIOs."   The characteristics of the role played in each type of firm are different.


High Growth Companies

Low Growth Companies

Are members of most-senior management team

62%

46%

Integrate business and technology to innovate

64%

33%

Focus  time on enabling the business and corporate vision

28%

15%

Focus your time on providing core technology services

23%

40%

IT team uses collaborative tools 

53%

33%

IT team provide collaborative tools across the enterprise

41%

22%

Aggressively turn data into actionable information

58%

36%

Give customers excellent data integrity and transparency

68%

44%

Seek active input from your customers

87%

70%

Co-create business strategy with fellow execs

74%

61%

Co-present business strategy to senior management

66%

53%

Part of the team setting the organization's strategy

62%

46%

Business models unique and hard to imitate 

63%

49%

Business models include partnering alternative sourcing

60%

52%

Create IT centers of excellence

44%

26%

Data readily available for relevant users

67%

51%

Data reliable and secure

81%

66%

Manage change successfully

61%

43%

more information

 

Cost control focus of CEO and CIO

 

The economic forecasts for the remainder of 2009 may be brighter -- but we are still in a recession. Many economists are calling for the economic downturn to last well into 2009 and some even say mid 2010. Because of these tough economic times, enterprises continue to focus on cost reduction and other forms of productivity improvement. To support the efforts Janco has identified several areas IT department can place their efforts.

They are:

  • Security Policies ProceduresIT Service Management - Change Control - Help Desk - Service Desks Over the past several years, there have been significant improvements in the tools available to IT support organizations. These tools can help in the automation of support and the remediation of problems. By deploying these tools, enterprise can optimize the size and the responsibilities of help desk personnel. This is the area where there are opportunities for significant cost savings and service level improvements.
  • Job DescriptionsEnterprise Architecture Optimizing the enterprise architecture to focus on operation's  support can provide enterprises with immediate cost savings. By rationalizing the operation's portfolio, enterprises can reduce the costs associated with having redundant support contracts, over supporting, or under supporting IT systems.  Enterprise Architecture has become a common practice for large IT organizations. For the first time there is a methodology to encompass all of the various IT aspects and processes into a single practice. However, realizing the full potential of enterprise architecture can be challenging.
  • Disaster Business ContinuityIT Infrastructure Management Infrastructure Management can provide enterprises with immediate cost avoidance as it can improve the utilization of the IT infrastructure. However, enterprises should not think that infrastructure management is limited only to computer hardware and software. Rather, infrastructure management also can provide benefits to the network and storage environment. To capitalize on the cost savings offered by infrastructure management, enterprises should investigate using an external IT services provider for developing the architecture, integration, and support for the IT operational environment.
more information

 

Microsoft continues to lose browser market share

 Last month, Microsoft Corp.'s Internet Explorer posted a market share loss.  Strangely, there are still users who depend on Netscape which is not longer supported

Browser Market Share

In the last 12 months, IE has lost 1.63 points of browser share.

more information

 

White House contol of Internet could lead to censorship of the public

 

This spring a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.  As time as passed it has not gotten any better as it still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to "declare a cybersecurity emergency" relating to "non-governmental" computer networks and do what's necessary to respond to the threat. Other sections of the proposal include a federal certification program for "cybersecurity professionals," and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

Probably the most controversial language begins in Section 201, which permits the president to "direct the national response to the cyber threat" if necessary for "the national defense and security." The White House is supposed to engage in "periodic mapping" of private networks deemed to be critical, and those companies "shall share" requested information with the federal government. ("Cyber" is defined as anything having to do with the Internet, telecommunications, computers, or computer networks.)

If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network.

more information

 

Most CIOs fired for missing budgets or timelines

 

In a brief survey that Janco completed they found that:

  • 34 percent of CIOs are fired for major application failure or mismanaging change - missing budgets and or initiative time lines
  • 29 percent are fired for ignoring not being focused on how the operates
  • 28 percent get fired for ignoring customers
  • 27 percent get fired for key project never gets finished or goes too far over budget

Janco suggests that CIOs focus on the following areas to ensure that their tenure on the job is a long one:

  • Being aligned with business executives – the CIO must be able in fit it with other executives and other influential leaders within the organization. IT is more than a service department which ensures that the network and computers work and stay online. Companies count on IT for new technologies that will give the business an edge against competitors.
  • Becoming strategic direction setters - The core mission of IT is less about implementing technology and more about implementing business strategy in the form of new technologies.
  • Developing  and displaying management and leadership skills - CIOs have to manage multiple groups (staff operating within the IT department, as well as extended across other departments, outside vendors, projects, and, of course nowadays, the performance of outsourced contract workers, as well).
more information

 

Banks hinder fraud contol

 

Security Manual - Sarbanes-Oxley
Too often though banks whose customers are victimized by fraud do not divulge any information on how an account was compromised, where the money was transferred and how it was then "walked out" of the country.   Despite the large scale nature of such thefts, it is often very difficult to track down the perpetrators of such fraud because of the limited availability of information.  To identify those behind such crimes, more information needs to be made available on the techniques being employed by the criminals, the servers and botnets being used to launch attacks and the accounts and the destinations to which stolen money is transferred.

An anti-spam company filed a lawsuit is aimed at forcing banks to divulge any information they might have about hacking activities affecting their customer accounts.  The lawsuit, filed in U.S. Federal District Court, invokes the CAN-SPAM Act in seeking compensatory and punitive damages against unnamed "John Does" responsible for "stealing money from U.S. businesses [using malware.]"

The complaint alleges that cyber-thieves are stealing millions of dollars from U.S. bank accounts every month via virus infected e-mail spam.  It says users who opened such spam messages are getting infected with keystroke logging programs that allow remote attackers to obtain that userÂ’s banking credentials, break into their accounts and transfer money out of the country via illegal Automated Clearing House (ACH) transactions the complaint alleged.

more information

 

IE continues to lose market share

 

IT-Toolkits, Janco, and the IT Productivity Center have just released its August 2009 Browser and Operating System Market Share White Paper. The major findings are that MicrosoftÂ’s IE browser market share has fallen to 67.98% versus 69.95% versus in May 2009.  This has continued the trend, which includes of fall of 12.06% since August of 2006. Firefox continues to maintain its number 2 browser position with a market share of 19.22%; Google, with its Desktop and Chrome offerings, has just over 3.73% of the market; and acceptance of Vista has stalled completely with as users await the release of its replacement Windows 7.

Browser Market Share

Victor Janulaitis, the CEO of Janco said, “The major browser findings of the study are: Microsoft's Internet Explorer’s market share seems to have stabilized with the release of IE 8.” He added, "... IE 8’s acceptance is high with a market share of 11.2% after only five months." The White Paper has a detailed historical analysis of browser market share since 1997. The findings are supported by data that is provided both graphically and in spreadsheet format.

more information

 

 

Disaster Recovery Template Sarbanes Oxley

Metrics

© 2009 Janco Associates, Inc. - ALL RIGHTS RESERVED