• submit your feed
• about

• Home
• Business
• Technology
• Sports
• Entertainment
• Blogs
• Classifieds
• Finance
• Browse all

IT Productivity Center

Tools for CIO, CSO, and CFO can use for Sarbanes Oxley, Disaster Recovery, Security, Job Descriptions, IT Service Management, Change Control, Help Desk, Service Requests, SLAs, and Metrics.

RSS FEED IDEMS: IT Productivity Center

• LAN Security Risks Defined
  

  This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO27001 and ISO27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

  

  The 11 areas of audit focus objectives are:

  • Corporate Security Management

  • Systems Development and Maintenance

  • Information Access Control Management

  • Compliance Management

  • Human Resource Security Management

  • Information Security Incident Management

  • Communications and Operations Management

  • Organizational Asset Management

  • Physical and Environmental Security Management

  • Security Policy Management

  • Disaster Recovery Plan and Business Continuity

   

   

  
  Tue, 22 Jul 2008 10:44:43 -0600
  
  
• Bad Assumptions are Made by Many IT Professionals
  

  In good times and bad there are number of assumptions that many IT professional make that are just wrong. The four worst assumptions to make are:

  

  • Assumption: A job search will take no time at all or I have nothing to worry about.
    
    Reality: There is no guarantee how long it will take to find a new position many have found that an easy job search can take between 3 to 6 months... Finding the right opportunity is easy. You might find the right position but there is no way to ensure that you are even offered the job. Many hiring managers may take several weeks to respond to your application. After all, they have full-time jobs with demands of their own, and hundreds, if not thousands, of resumes to review.
    
  • Assumption: I am so skilled and in so in demand that I need to send out only a few resumes.
    
    Reality: Finding a job is a numbers game and the more resumes you send out and the more peers that know that you are looking the greater the chances are that you will find and be offer the right job. A hiring manager may receive countless resumes for an open position. That is why it not smart to hold out for the "perfect" job, which you might not find - which might not even exist – or which you are not offered.  At the same time as you send out resumes, networking with members of your professional network is one way to maximize your time and effort. Many hiring managers give preference to personal recommendations and may move your resume to the top of the pile if someone you know puts in a good word for you.
    
  • Assumption: The resume and cover letter sent out are perfect and need no changes
    
    Reality: Each cover letter should be customized for the enterprise, the hiring manager, and the position desired.  Enterprises look for results and view them as the reason that they most often hire IT Professionals.  At the same time the results should be directed towards the position that you are looking for. 
    
    A resume is employment and education chronology and should be no longer than 1 page and the cover letter so be directed to the enterprise and should stand out in a positive way to the hiring manger.  After reading both the hiring manger needs to be left with the thought that "I need to know more about this candidate.
    
  • Assumption: My skills are in high demand and are needed by almost every company.
    
    Reality: You are one of many – supply and demand are driven by factors outside of your control.  A common mistake may IT professionals make is overestimating their marketability. Although they may think their skill set is solid but they may not be the best of the best.  Value and results performance are what drive success in IT and the hiring manager needs to see that you provide the best value for the salary in any given position.
  
  Thu, 17 Jul 2008 14:11:37 -0600
  
  
• PDF Now an ISO Standard Along With Office Ipen XML
  

  The Portable Document Format (PDF) is now an ISO International Standard - ISO 32000-1. This move follows a decision by Adobe Systems Incorporated, original developer and copyright owner of the format, to relinquish control to ISO, who is now in charge of publishing the specifications for the current version (1.7) and for updating and developing future versions.

    

  Adobe said that it is committed to open architecture and by passing the copyright to ISO they now have a product that competes with Microsoft’s Office Open XML, a proprietary XML-based document format it built for its Office 2007 productivity suite, to the ISO. The ISO approved OOXML on April 1 in a controversial vote that is still being contested by some of the standards bodies that took part in it.

  
  Wed, 02 Jul 2008 23:20:18 -0600
  
  
• IANA and ICANN Sites Hacked by
  

  Muslim hackers yesterday defaced the Internet Assigned Numbers Authority (IANA) site. IANA is the organization responsible for managing the DNS root zone and assigning the DNS operators for the Internet's top-level domains, such as .com and .org. DNS, which translates the domains and URLs - such as e-janco.com - into IP addresses.

  A group calling itself "NetDevilz" claimed responsibility for the hack, which Thursday morning temporarily redirected visitors to the sites for IANA and ICANN (Internet Corporation for Assigned Names and Numbers).

  Users who tried to reach iana.com, iana-servers.com, icann.com and icann.net were shunted to an illegitimate site. According to a screen capture of the defacement snapped by zone-h.org, the bogus site simply displayed a taunting message claiming ownerhship of the assignment processes.

  
  Fri, 27 Jun 2008 16:10:25 -0600
  
  
• Average Worker Wastes 28% of The Day
  

  Based on a study published in the New York Times, a typical worker in information based job wastes 28% of their day with unimportant and personal e-mails, text messages, voice mails.  According to the ITProductivity.org – an Information Technology think tank – most organizations would be able to help their bottom line by doing the following:

  • Install a robust firewall and SPAM filter at the front end of the corporate mail server
  • Improve SPAM filters on both desktops and smart phones
  • Provide company owned laptops and smart phones that have robust SPAM filtering software and
  • Limit the accessibility to POP and non-company mail servers
  
  Sat, 14 Jun 2008 10:36:07 -0600
  
  
• 35% of Businesses Do Not Open Doors After a Disaster
  

  It is impossible to deny how important disaster recovery and business continuity are in today's digital economy.  In a survey conducted by FEMA fully 35% of all businesses that are impacted by a disaster never re-open their doors.

  Without systems in place to keep applications and data flowing after a natural disaster or other interruption, a business risks losses that extend far beyond a manufacturing plant or data center. Many businesses incur ongoing financial loses, damage to a businesses' reputation, and possible regulatory and legal sanctions. In a worst-case scenario like 35% of the companies that FEMA estimated, a company can find its existence threatened.

  How can an organization tackle disaster recovery and business continuity issues effectively? How can it develop a strategy that reduces risk and increases the likelihood of success? And how can it devise a roadmap for coping with constant change? There are no easy answers, but the Disaster Recovery Planning Template with the Security Manual  Template are a step in the right direction.
  

  
  Fri, 13 Jun 2008 16:03:11 -0600
  
  
• IT Hit by Tough Economic Times
  

  Hiring and spending has slowed down in IT as businesses try to control costs in tough economic times

  Park City, UT -  The prospect for IT professionals is not good. Janco has found that IT compensation growth remains flat, hiring is limited to key replacements, and discretionary spending has been cut back and in many cases eliminated. The CEO of Janco said, "As we collected compensation data for our mid-year 2008 IT Salary Survey we found that at the end of the first quarter businesses turned off the faucet for IT spending. Many businesses, in response to economic projections, slowed down and halted discretionary spending for software and hardware as well as placed hiring requisitions on a slow track."

    The summary findings in Janco 2008 Mid-Year IT Salary Survey are:

  • Hiring demand is now the lowest it has been since 2004. Many enterprises have stopped hiring except for key replacements and those positions are being replaced at lower salary levels.
  • Enterprises have slowed down and in many cases eliminated discretionary spending by IT. This has resulted in fewer projects being initiated, consultants use being reduced (if not eliminated), and a slow-down of initiatives that had already been approved.
  • In the last twelve (12) months the increases in compensation for most IT Professionals were lower than increases in the cost of living.
  • The mean increase in compensation for CIO's was less that 1.5%. The mean compensation for CIOs in large enterprises now is $179,823 and $171,755 for CIOs in  mid-sized enterprises. (Large enterprises have over $500 million in revenue and mid-sized have are $100 to $499 million in revenue).
  • The mean compensation (which includes bonuses) for all Executive IT positions surveyed now is $144,645 in large enterprises and $131,763 in mid-sized enterprises.
  • Positions that were in high demand in the 4th quarter of 2007 such as CSOs and others to develop new Web 2.0 applications are now back to normal hiring patterns.         
  • Administrative positions in some IT functions are now being looked at as those that are expendable
  
  Thu, 12 Jun 2008 08:48:17 -0600
  
  
• Google Yahoo Merger Protested
  

  The American Corn Growers Association asked Congress, via letters to John Conyers and Patrick Leahy, to look closely at any potential search advertising tie-in with the top two search providers Google and Yahoo.

  They said that Without competition, the free enterprise system suffers. It is true across all segments of industry, and that includes the business of agriculture.

  The American Corn Growers Association represents part of a thriving industry knows it has to adapt and change to survive market conditions through the years.

  An AGCA spokesperson said it is no different for the family farmers out there, who have come to use search advertising as a way to mitigate risks associated with supplying customers and their businesses. Fewer providers, they fear, means higher prices.

  
  Wed, 11 Jun 2008 09:40:21 -0600
  
  
• Bank of NY Mellon Loses 4.5 Million Records
  

  The Bank of New York (BNY) Mellon lost multiple sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes "included shareowner and plan participant account information, such as name, mailing address, Social Security number, and transaction activity."

  Responding to the bank's delay in reporting one incident, which was not disclosed for over three (3) months, the Connecticut Governor said: "The disastrous effects of identity theft are virtually instantaneous in today's computerized world, and the lag time between the theft and the notification only aggravates what is an already outrageous situation."

  BNY Mellon's chief risk officer said the bank now plans to improve security related to backup tapes. From Computerworld - "To bolster its security controls, the bank said it will now require that any confidential data written on tapes or CDs for transport must be encrypted or transported with undisclosed additional data protections. Further, when "technically feasible," the bank will demand that encrypted confidential data be delivered to off-site facilities electronically".

  After exposing 4.5 million people to identity theft, it seems the notion of tape encryption suddenly popped into their heads. 

  
  Mon, 09 Jun 2008 17:08:18 -0600
  
  
• PDAs, Laptops, WiFi, and Internet Cafés Make Vacation Like Work
  

  With the advent of wide-scale connectivity around the globe people now do have the ability to get away from it all.  In two recent trips the CEO of Janco was able to connect while in the Amazon via a Internet Café  that was driven by a satellite dish and a diesel generator and in Belarus via a public WiFi connection.

  One in four workers said they plan to stay connected with work while they are on vacation this summer, a percentage that has nearly doubled in the last two years, according to a survey released by CareerBuilder.  The bulk of these hyper-connected workers were in the IT industry. Beat out only by sales workers, 37 percent of IT workers said they planned to check in while away.

  Yet while IT workers also led the way in the requirement to be connected in the off-hours - 19 percent said working, checking voice mail and/or e-mail while on vacation was mandated by their employers - the reverse of this is that four in five IT workers are checking in with their jobs while on vacation on their own volition.

  The Solutions Research Group study found that 68 percent of Americans feel anxious when they are not connected in one way or another. This disconnect anxiety (feelings of disorientation and nervousness when a person is deprived of Internet or wireless access for a period of time) affects all age groups, describing their feelings when offline as dazed, tense, inadequate and even panicked.  The study also found that 63 percent of BlackBerry users admitted to having sent a message from the bathroom.

  In fact, this concept of "technology addiction" has gone so far that U.S. psychiatrists are considering adding this "compulsive-impulsive" disorder to the next release of the DSM-V (Diagnostic and Statistical Manual of Mental Disorders) in 2011.

  
  Tue, 03 Jun 2008 12:40:02 -0600
  
  
• Firefox and IE Continue Browser War
  

  Firefox has just released the first release candidate for Firefox Version 3.0.  At the same time Microsoft has announced that it will release a second beta of Internet Explorer 8 (IE8) before the end of October.  Both Mozilla (Firefox) and Microsoft (IE) are looking to at the future.

  Firefox version 3.0 has a cleaner look and is significantlty faster than prior versions.  One issue over the long terrn will be the exposure to security breaches with the Master Password feature.

  IE 8.0 will default to a standards-compliant rendering of Web content -- an approach that had been pushed by site developers in lieu of a mode that stresses compatibility with IE7. A new tag, which can be applied on a per-page basis or site wide, instructs IE8 to display the content as would IE7. Browsing with this default setting in IE8 may cause content written for previous versions of Internet Explorer to display differently than intended

  The first beta of IE8 is not exactly in widespread use. According to the latest data from Janco Browser and Operating System Market Share Study IE8 Beta 1 accounted for just .03% of all browsers used in May 2008. IE7, by comparison, held the top spot with a market share of 30.07% and IE 6 at 34.22%.

  
  Fri, 30 May 2008 13:38:22 -0600
  
  
• Technology Needs to be User Friendly
  

  As more technology is released to users vendors face a risk of too much "bang for the buck". 

  What many vendors do not realize is there are a large number of users who just do not like to change. These people are not technophiles, they are just users who comfortable with what they are using and they do not want to deal with the risk that something they depend on does not work.

  Many feel that just because a product is old it does not mean it do not meet their requirements. Eventually as their computers get replaced they will move to a new version of an OS and Browser because that is what the computer comes with.

  A great example of this reluctance to change is Vista. After 18 months, many have not moved to it because they do not to risk what they have that works with something new.

  Another example is seen in a a survey by Opinion Research Corp. which found that non-iPhone and non-BlackBerry smart phones were the single most-returned gift during the most recent holiday season; more than one-fifth of those purchased were brought back to stores. Why? The top reason was the inability to understand the setup process.

  Returned gadgets are bad enough for the companies that make them, but the survey also found that almost 16% of those polled said that trouble with phone setup 'significantly worsened their perception of the company that manufactured the product."

  
  Wed, 28 May 2008 15:14:05 -0600
  
  
• Firefox Loses Market Share
  

  Janco has found the Firefox has lost some market share in the last three months. Victor Janulaitis, the CEO of Janco said, "With the demise of Netscape and the release of Vista Service Pack 1 users have stopped jumping on the Firefox bandwagon."

  The summary findings in Janco's June 2008 Browser and OS Market Share White Paper are:

  • Firefox's market share now is 15.05% versus 19.06% in January 2008

  • IE's market share is 65.50% versus 66.72% in May 2007 and 61.06% in January 2008

  • Netscape's market share has remained at the same level (10.64%) as before the announcement that it would no longer be supported.

  • Google Desktop is gaining in popularity and now commands 3.27% of the market

  • Microsoft's Vista continues to have a slow acceptance and is on approximately 14.55% of internet connected desktops.

  A summary of Janco's browser market share data can be found on the IT Productivity Center's (ITPC) web site (http://www.itproductivity.org/browser.php) .  In addition the full white paper with excel spreadsheets can be purchased for $249.

  
  Wed, 28 May 2008 15:13:10 -0600
  
  
• SQL Injection Attack in China Impacts Disaster Recovery
  

  In an IDG story it was disclosed that web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.

  The attack in China and Taiwan is ongoing. In addition with the impact of the earthquake and the associated relief efforts, the attack is having a huge impact. Even if they cannot successfully insert malware, they are killing lots of Web sites right now, because they are just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.

  In a SQL injection attack, an attacker attempts to exploit vulnerabilities in custom Web applications by entering SQL code in an entry field, such as a log-in. If successful, such an attack can give the attacker access to data on the database used by the application and the ability to run malicious code on the Web site.

  Mass SQL injection attacks have increasingly become a security threat. In January, tens of thousands of PCs were infected by an automated SQL injection attack. That attack exploited a vulnerability in Microsoft Corp.'s SQL Server.

  Thousands of Web sites have been hit by the attack, he said, noting that 10,000 servers alone were infected by malware on Friday. Most of the affected servers are in China, while some are located in Taiwan. The attackers appear to be using automated queries to the Google search engine to identify Web sites vulnerable to the attack, he said.

  The attackers in the more recent outbreak are not targeting a specific vulnerability. Instead, they are using an automated SQL injection attack engine that is tailored to attack Web sites using SQL Server. The attack uses SQL injection to infect targeted Web sites with malware, which in turn exploits vulnerabilities in the browsers of those who visit the Web sites.

  The malware injected by the attack comes from 1,000 different servers and targets 10 vulnerabilities in Internet Explorer and related plug-ins that are popular in Asia.

  
  Fri, 23 May 2008 07:59:54 -0600
  
  
• Credit Card Data Taken From Resturant Cash Registers - POS Terminals
  

  Three defendants have been charged in a federal grand jury indictment and complaint with illegally accessing the computer systems of a national restaurant chain and stealing credit and debit card numbers from that system.

   

    

   

  The 27-count indictment, returned in Central Islip, N.Y., charges a Ukrainian , and an Estonian with wire fraud conspiracy, wire fraud, conspiracy to possess unauthorized access devices, access device fraud, aggravated identity theft, conspiracy to commit computer fraud, computer fraud and counts of interception of electronic communications.  In addition a one-count complaint charges a Miami resident with wire fraud conspiracy related to the scheme.

   

  
  According to the indictment and complaint, they engaged in a scheme in which they hacked into cash register terminals for restaurants at various locations around the United States in order to acquire credit and debit card information. The defendants then sold the stolen data to others who used it to make fraudulent purchases or re-sold it to make such purchases, causing losses to financial institutions that issued the credit and debit cards.

   

  The data included the customer account number and expiration date, but not the cardholder’s name or other personally identifiable information.  The indictment alleges that in or about May 2007, gained unauthorized access to the cash register terminals and installed at each restaurant a packet sniffer, a malicious piece of computer code designed to capture communications between two or more computer systems on a single network. The packet sniffer was configured to capture the credit card data as it moved from the restaurant point-of-sale server through the computer system at the companys corporate headquarters to the data processors computer system. At one restaurant location the packet sniffer captured data for approximately 5,000 credit and debit cards, eventually causing losses of at least $600,000 to the financial institutions that issued the credit and debit cards.

      

  
  Wed, 14 May 2008 09:57:09 -0600
  
  

Submit your RSS Feed

Subscribe to this RSS Feed

• 
• 
• 
• 
• 
• 
• 
• 
• 
• 

Copyright © 2006-2007 Listopica, Inc. RSS Feed Directory  |  Submit RSS Feed