Furthermore, attempts by IT organizations to prevent the use of handheld devices has largely failed because of the number of tools available to work around IT policies. For example, users who are restricted from using wireless e-mail often find ways to redirect e-mail to outside ISP services, where they synchronize e-mail to their personally owned devices. This raises the security threat for enterprises because it means that control of e-mail routing has been losts.

The federal judge did not find the proposed settlement to be "fair, reasonable, or adequate." Rather than benefiting those directly affected by the breach, Ameritrade's proposed settlement was designed largely to benefit the company. The judge described the additional security measures that Ameritrade proposed in the settlement as "routine practices" that any reputable company should be taking anyway and should be defined in their normal security policies and procedures.

In September 2007, Ameritrade said that the names, addresses, phone numbers, and trading information of potentially all of its more than 6 million retail and institutional customers at that time had been compromised by an intrusion into one of its databases. The stolen information was later used to spam those customers.

As part of an effort to settle claims arising from that incident, Ameritrade this May said it would retain an independent security expert to conduct penetration tests of its networks to look for vulnerabilities.

The company also offered to retain the services of an analytics firm to find out whether any of the data that had been compromised in the breach had been used for identity theft purposes. The company also said it would give affected customers a one-year subscription for antivirus and anti-spam software.

The news follows an announcement by the Mozilla Foundation that Firefox 3.6, the next version of the open source browser, would integrate with Windows 7 features such as taskbar thumbnail previews and Jump Lists.

However, according to reports in The Register, Google's internal issue tracking system indicates that work on the features has been pushed back to version 5 of the browser. Chrome is currently on the 3.0 release, while version 4 is currently in development.

Despite the scaled back ambitions, work seems to be progressing on Google's Chrome OS. An early developer build of the operating system has been leaked onto Google's Web site. Stay tuned for more details.

A woman was embroiled in a tough campaign for the Village Board when the Daily Herald published an article about the race the day before the April 7 election. She won a seat. A Daily Herald story shortly after the election noted there had been "an unusually nasty tone" in the race as the women and five other candidates vied for three seats.

On April 9, in online comments to the April 6 story on the newspaper's Web site, a person using the name Hipcheck16 wrote something directed toward women's son that women's attorney described in court filings as defamatory.

Since there have been relatively few cases like this in U.S. courts, a University of Notre Dame law professor  said there is a strong probability the court proceeding will become an important part of emerging case law.

Recent court rulings have tended to side with anonymous posters and against those who want their identities revealed. And judges are more likely to set a higher threshold when ruling on identifying anonymous sources in newspaper stories, although in this case the newspaper was merely hosting an online forum, not providing the content.

The trend has not been in the direction the women probably would like it to go.

• Passwords should be a mixture of letters, numbers, and symbols to minimize the risk of dictionary attacks, by which cybercriminals use programs to try every word in a dictionary database as a potential password.
• Using personal information as a password should be avoided because that information can often be found on social network profiles and aggregated from other online sources. Stay away from the names of pets or children, birthdays, phone numbers, addresses, or the like. They are too easy to guess.
• Do not leave passwords on notes next to your computer.
• make sure that your password recovery information is up-to-date. After choosing a complex password, you may forget it, and you do not want the password reset e-mail going to an abandoned e-mail account or to someone who might exploit the opportunity to hijack your account.

• Data collection: How do you collect the data for the disaster and business continuity plan in the first place? There is no one single source for everything you need, particularly if you are trying to integrate relevant external information such as support dates, power consumption, etc. Every vendor delivers this information in different formats, different frequencies, and different vehicles - ranging from data sheets to websites to release notes.
• Data inconsistency: How do you handle the inherent inconsistencies in data? For example, OS version numbers are often conflicting; vendors change their product names or renumber versions over time, etc. Normalizing the data (making it adhere to consistent rules and categories) is a cumbersome task and the accuracy and consistency of the data needs to be reassessed at every step.
• Categorization: If you want to categorize the information in the disaster and business continuity plan, you have to create the taxonomy (or hierarchical categorization) for the industry data. This alone is a significant task, there are many ways to slice and dice the universe of technology products, and no standards have been defined within the IT industry to define this information in a consistent manner.
• Manageability:  Any extensive technology disaster and business continuity plan is a large and complex data store. A spreadsheet is insufficient for storing and managing rich structured data for thousands of products and vendors. The disaster and business continuity plan should be able to track and maintain the complex relationships between technologies and categories (parent/child relationships, one-to-many mappings, and so on). Developing an appropriate, extensible data store is a complex undertaking.
• Maintenance:  As soon as you have finished the disaster and business continuity plan, you have to start updating it. The Information Technology industry is constantly changing, which means that your work is never done. If you go through a massive effort to produce a disaster and business continuity plan for a single business function, the value of that investment is lost if you cannot keep it up to date.

The survey found a quarter of firms expect to be hit harder during the later stages of the downturn. A quarter reckoned that the first quarter of 2009 was their worst trading period but almost a third - 31 per cent - reported no fall in orders. 19 per cent of SMBs said sales had fallen over 20 per cent.

In the last six months 45 per cent of firms have made people redundant - a third have cut up to 10 per cent of staff.

But looking forward, 38 per cent of small and medium enterprises believe revenue falls will slow in the next six months and just over a quarter expect the downward trend to end completely by year end.

Cloud based managed backup and data recovery services do exist, but they tend to be very expensive "enterprise-class" or offer mediocre consumer-oriented services.  Several issues need to be addressed before cloud base backup and recovery services are a reality:

• Getting data from and to individual desktops needs to be automated and not overhead intense on the desktop or the network
• Developing a  working security model that can be applied and managed universally
• Providing verifialble data integrity to guarantee that the data is actually users data if  they  are not in private space or virtual machines
• Creating services with service level agreements that address the risks associated with data loss

Some of the  groups that exist are for:

• Microsoft
• PeopleSoft
• Oracle
• IBM
• Sun Microsystems

For example, the Microsoft Alumni Network, with its 10,000 members, charges membership fees and offers a range of benefits. The PeopleSoft Alumni Network makes its money exclusively from job ads on its Web site. It has about 3,800 members on LinkedIn, the social networking site for professionals. They are chiefly people who worked at the company before it was acquired by Oracle Corp. in 2005.

Some of these groups to have close relationships with the parent company, which posts job ads on the group's board and helps validate prospective alumni to ensure they previously worked at the companies.

Members can use their connections to an alumni group to search out former colleagues at companies they are interested in working for, to brainstorm and perhaps learn the name of a hiring manager and most alums are willing to help.

• Corporate web site is encrypted but the login process is not
• Data validation for forms is contained in client-side JavaScript
• Using unencrypted or weak encryption for Web site or Web server  management
• Using weak encryption for back end managementConnect to the network from an unsecure access point
• Sharing login credentials
• Using only single level verification for access to sensitive data
• Having "public" workstations or access point is connected to a secure network 

In studies of over 2,600 IT and information security professionals in eight countries it has been found:

• Over 70% of U.S. employees are allowed to store sensitive and confidential information on their notebooks.
• Over 90% of IT security professionals reported notebook theft or loss in their organization.
• Over 70% of lost or stolen notebooks result in a data breach.
  Almost 90%  of employees ask others to watch their notebook while traveling.

One of the problems with notebook security is that anti-theft software products can be installed and uninstalled relatively easily. Software-only approaches also require that the OS is loaded and working properly, which means they may fail if the OS is compromised or inoperable. With a software-only agent, a thief may be able to circumvent the agent by reformatting or replacing the hard drive to make the notebook usable again, or remove the hard drive to another system to access the data on the disk. Employee behavior makes it even easier for thieves. For example,

• Less than half of all notebooks are configured for encryption to protect sensitive data.
• Over half of all employees who have encryption on their notebooks disengage the encryption solution.

In the early industrial era performance management was by carrot and stick with production lines, repetitive, and robotic jobs.

Fast forward to the 21st Century, this stereotyped, reward-and-punishment approach has increasingly limited use.

In addition, your business needs to manage a growing community of perceptive knowledge workers and 'digital natives'.

These are people and teams working on complex issues and opportunities. There is not a simple set of rules and a clear destination. Frankly, they cannot be managed by conventional performance management approaches.

Your 21st Century employees thrive on self-directedness - their work life is about autonomy, mastery & purpose.

Performance reviews remain necessary, but not in the form, most are using them - as a compliance mechanism. Mere compliance incites resistance and loathing - especially for your self-directed types.

• Heightened Data Interoperability: While voice remains a focus, text data, image, video and multimedia are often an additional mode or form needed for a given situation. Interoperability of data communications has assumed increasing importance.
• Flexibility: Responders must have data communications on scene, as well as away from the scene, for command control and information to complete their missions.
• Wireless Broadband Data: Wireless broadband data means high-speed sharing of text, images and video; as well as the availability of IP-based collaboration applications.

Salary Data January 2008 versus June 2009

The compensation study (155 plus pages in PDF or WORD and EXCEL with the data) is one of the most complete and widely used in the industry.

• Alignment of IT investments to business strategy - You cannot deliver sustained business value if the IT strategy and the business strategy are not aligned and tightly linked. Despite years of making this the No. 1 priority, the 2007 membership survey by the Society for Information Management (SIM) found that IT and business alignment was the number two management concern with 42% of CIOs.
• Cumulative business value of IT investments - This metric explicitly measures and communicates the value of IT investments by looking at the cumulative return of the entire portfolio.
• IT spending ratio of new versus old (maintenance) - This metric focuses on the total IT spend. Depending on the industry, IT budgets consume anywhere from 2% to 15% of revenues and more than half of all capital spending. However, many IT organizations find themselves locked each year into a cycle of spending increasing amounts of the budget on just keeping the lights on - leaving less and less to spend on new initiatives. In fact, research has shown that the average IT organization spends 70% to 80% of its budget on maintaining the status quo versus only 20% to 30% on new initiatives.  Best practices companies have taken this ratio to 60/40, and some are actually driving toward 50/50. Measuring and reporting this ratio can be a key indicator of both the efficiency of IT as well as IT value creation.
• Critical business service availability (Service Level Agreements) - This metric focuses on the customers of IT and their satisfaction with the services IT provides. The most useful metric would be one giving insight into current and future customer satisfaction - it is a leading, not lagging, indicator. SLA-related metrics are linked to applications or services that are used by IT customers and not to generic technology assets.
• Operational health (Service Level Management) - This metric focuses on operational health and stability, without which IT will be unable to establish credibility with its users and is more likely to be relegated to a role as a cost center rather than a value center.

Identifying losers is difficult at best -- you need to balance probability of project completion versus probability of enterprise benefit achievement.  Success does not mean completion. Rather success is achieving the business objective that the initiative is designed to meet.  Completed projects produce all of the deliverables described in the statement of work, in accordance with their specifications. It is nothing to sneer at; accomplishing even this is not easy. However, completion does not matter unless the deliverables are put to productive use in ways that change and improve how the business operates.

To be fair, you probably should not kill high-risk projects. Rather they should be broken into a collection of separate small projects, each with no more than 7 core team members and six months from start to finish. You will not officially be doing less with less, you should be able to obtain some benefits sooner rather than later.

In addition, the legislation would prohibit broadband providers from charging Internet content, service or application providers to enable their products, beyond the normal end-user charges for Internet service. The bill would prohibit broadband providers from selling service that prioritizes some Internet traffic over other content, and it would require providers to offer Internet service to "any person upon reasonable request."

CIOs face pressure due to email and Web security -- they must effectively handle traffic generated by spam as well as good email.  For instance, if a company builds its network to support 15 million inbound email messages per day and 14 million are purely junk.

Janco advicses that companies have a multilayered approach to security given the facts that 711,912 new malware threats were reported in 2007, which translates into 1,950 new malware attacks each day.

Typically, IT teams must physically build out their networks to handle corporate growth. And as the network expands, so does the need for IT staff to manage it.For many enterprises security revolves around building and managing either hardware and software or appliances. IT teams must spend a majority of their time focusing on licensing, updates, performance and availability for a host of security systems strewn about the enterprise. They also struggle with implementation and setup costs, as well as compatibility issues. This leaves little time for managing what is most important - the business processes that mitigate risk.

Security Sevice Level Agreements traditionally guarantee a higher level of performance, availability, uptime and security than IT teams would be able to deliver in-house. And there are penalties to collect on if the provider fails to meet this agreement. Most SLAs offer a way for companies to access reports that feature details on threat mitigation, throughput and response-time performance, as well as other metrics.

• Hire good people, no exceptions - Hiring decisions are often made under pressure. The position is advertised and then awarded to the best applicant - even if the best is not that great. Stop! Your business will be more successful if you are completely inflexible on candidate fit. If you do not find people who meet your requirements, you like, and fit in, keep looking. Average companies are the result of hiring average people.
• Deal with staff problems immediately - It is important to take swift action when it comes to poor performers. Failing to act will affect negatively on how other staff and managers view your own competence. Set expectations from the outset. Give regular, frank feedback. Nobody likes firing people, but if it becomes obvious that the person is not going to improve you need to deal with it. Good managers are prompt performance managers.
• Hire people smarter than you - The skills required to lead a company are diverse. There is one constant: Everyone who creates a high performing company hires good people. If you hire people smarter than you, they will probably do the same - and your organization gets smarter.
• Treat people like adults (until they prove otherwise) - Measure outputs, not inputs.Do not have many lengthy policies; nobody reads them anyway. Internet policy is the classic - many organizations have strict policies on hours and extent of Internet use, and ban popular websites (like Trade Me!) and checking your personal email (so people just use their phones). If your primary means of managing staff performance is by limiting their opportunities to NOT work, then you have a problem.  Your people are the foundation of your company culture: do you really hire people to represent your company who you cannot trust to use a computer? Explain your policy: We treat everyone like adults, but only as long as they behave like adults. Deal with people abusing this trust promptly.
• Say Thank You - Most people are terrible at giving praise. As a result, most people are shocked when they receive it - authentic, genuine praise for a job well done. Make an effort to do it every day with every person who reports to you. It helps with morale and performance and gives you a license to take corrective actions when you need to.