IT news Portal Site - www.newsgroupworld.com

External Drives are a security risk

webmaster — Sat, 24 Jul 2010 13:39:50 -0600

The Department of the Navy's CIO Privacy Office was notified on July 27 that a Naval headquarters office had been burglarized, and that the thieves had stolen at least 10 laptops and nine external hard drives. In the initial reporty by the Privacy Office said that one laptop contained a file with passwords and user names; personal financial data including bank accounts, investment accounts, and credit card information; a personal contact list with cell phone numbers, addresses, and birth dates; "government only" contract information; discrimination and hostile work environment correspondence; and other sensitive information.

Upon investigation, the Navy found that the laptop contained "high risk" personally identifiable information on only eight people. And the external hard drives were either still in their boxes or encrypted when taken.

The incident emphasizes the importance of security policies and continued vigilance over insider threats, according to Navy department of the CIO privacy team lead who disclosed the breach in a blog post on the Navy CIO's Web site.

"External hard drives are becoming as vulnerable as thumb drives," Muck wrote. "A best practice should be to physically secure them at the end of each work day."

The Navy Privacy Offices advised employees to never store personally identifiable information or unencrypted user names and passwords on government computers. And he reminded of the importance of inventory control policies.

What Does Disaster Recovery and Business Continuity Mean

webmaster — Tue, 13 Jul 2010 01:28:42 -0600

The IT industry continues to add emphasis and focus to Disaster Recovery and Business Continuity Planning. While the concept has been around for many years, Disaster Recovery has a different connotation today. As business technology and software applications have advanced, Disaster Recovery has come to mean more than simply the ability to get your systems back online after a power outage. Companies are now expected to recover from unforeseen disasters, and retrieve contracts, memos, invoices, signatures and all other critical documents with minimal interruption.

There is little doubt of the importance of an effective backup plan if a natural or man-made disaster destroys your business records. Many companies, however, still have yet to implement a Disaster Recovery plan, believing that the chance of it happening to them is too slim.

The reality is that an organization may declare a disaster for a number of reasons, including:

Extreme weather conditions
Prolonged power or communications failure
Robbery or other criminal activity
Civil unrest
Terrorist acts

End of life for XP will increase security risk

webmaster — Tue, 22 Jun 2010 22:22:25 -0600

Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP Service Pack 2 (SP2), a report published today claimed.

According to Toronto, Canada-based technology provider, 77 percent of the organizations it surveyed are running Windows XP SP2 on 10 percent or more of their PCs. Nearly 46 percent of the 280,000 business computers they analyzed rely on the aged operating system.

Remote Branch Offices are a Disaster Recovery Business Continuity Risk

webmaster — Fri, 18 Jun 2010 23:41:28 -0600

Distributed data at remote and branch offices (ROBOs) continues to grow substantially year after year. Leaving this data unprotected or inadequately protected poses, serious business risks for organizations. Protection approaches require careful consideration as factors such as technical complexity, capital and operational costs, and expertise of personnel must be taken into account.

Local disk-based data protection strategies improve backup efficiency and reliability over tape-based ones. Consolidation of edge data to the core data center may introduce further efficiencies. Data de-duplication can drive both backup-to-disk and consolidation adoption.

Necessary Steps in Developing a Disaster Recovery Business Continuity Plan That Works

webmaster — Thu, 10 Jun 2010 12:51:57 -0600

The process of developing a disater recovery & buisness conintuity plan requires that you:

Provide management with a comprehensive understanding of the total effort required to develop and maintain an effective recovery plan;
Obtain commitment from appropriate management to support and participate in the effort;
Define recovery requirements from the perspective of business functions;
Document the impact of an extended loss to operations and key business functions;
Focus appropriately on disaster prevention and impact minimization, as well as orderly recovery;
Select project teams that ensure the proper balance required for plan development;
Develope a contingency plan that is understandable, easy to use and easy to maintain; and
Define how contingency planning considerations must be integrated into ongoing business planning and system development processes in order for the plan to remain viable over time.

Apple a monopolist?

webmaster — Wed, 09 Jun 2010 06:37:22 -0600

Apple is acting like a monopolist with its effort to promote HTML5 as the future and to cast Adobe Flash as the past, Apple on Friday launched a new series of Web pages called "HTML5 Showcase."

HTML5 is the emerging standard for next generation of Web pages and applications. It remains a draft specification and isn't expected to be finalized for years.

Apple has been promoting HTML5 as an alternative to Flash, which company CEO Steve Jobs has spent the past few months deriding as slow, power-hungry, insecure, ill-suited for touch-based devices, and deleterious to the progress of the iPhone OS platform.

Apple's crusade against Flash continues in its HTML5 Showcase with its observation that HTML5, as a standard, isn't an add-on to the Web (like Flash).

Post Disaster Assessment - Questions to Ask

webmaster — Thu, 27 May 2010 00:28:15 -0600

After the disaster occurs what are the questions that need to be asked to assess the impact of a disaster on a business from both a financial and physical (infrastructure) perspective:

How many/much of the organization's resources could be lost?
What are the total costs?
What efforts are required to rebuild?
How long will it take to recover?
What is the impact on the overall organization?
How are customers affected, what is the impact on them?
How much will it affect the share price and market confidence?

Downtime is costly

webmaster — Tue, 11 May 2010 16:15:33 -0600

The average midsize company (defined as one with 100 to 1,000 employees) experiences 16 to 20 hours per year of downtime due to network, system, application and operational issues. That works out to about 1.5 hours a month. It has been found that revenue losses per hour for some midsize companies averages $70,000 (or on average more than $100,000 in total).

This business risk strategy guide is designed to help midsize businesses identify and mitigate those risks, thus reducing those costs. Infrastructure is a key componet to a solution.

Scope of Disaster Planning is expanding as world events escalate

webmaster — Fri, 30 Apr 2010 16:50:12 -0600

Disaster Planning scope continues to expand. The volcanic ash air travel crisis caught many by surprise but in hindsight it was a predictable outcome of an event which was almost inevitable. What other such outliers are there? Continuity Central believes that using the huge experience of our global readership of business continuity managers many of these can be identified in advance.

If you add terroist attacks at infrastructure that can cause widespread environmental damage like the oil rig explosion in the gulf, the events to be considered are almost infinate.

A Yellowstone eruption, which would be a super volcand, would make the ash problems from the Icelandic volcano look like a minor event. It would impact the entire US except Calfinoria. According to the Yellowstone Volcano Observatory the last supervolcanic eruption occurred 74,000 years ago at the Toba Caldera in Sumatra, Indonesia. Other known supervolcanoes around the world, include Long Valley in eastern California, Toba in Indonesia, and Taupo in New Zealand. In addition other potential supervolcanoes include large caldera volcanoes of Japan, Indonesia, and South America.

DRP - Business Continuity Template Update Service Is A Must

webmaster — Thu, 22 Apr 2010 00:58:00 -0600

The Disaster Recovery / Business Continuity Template version 5.4 has just been released. Janco contiues to update its templates to meet the ever changing requirements of the business environment.

Janco provides and update service for all of its templates which guarantees its clients have the all of the information they need to meet mandated requirements.

With this new version a fully indexed PDF copy of the template is now provided in addition to the two versions of WORD (2003 and 2007).

The updates to the template included:

Added Pandemic Coordinator job description
Added Business Pandemic Planning Checklist
Updated organization chart to include Pandemic Coordinator
Updated backup and backup retention section
Updated style sheet to be CSS Style sheet format
Added Disaster Recovery Business Continuity General Distribution Information
- What to do after an explosion / terrorist attack
- How to clean up after a disaster
Defined generic metrics for DR/BC success
Business & IT Impact Analysis Questionnaire Updated
Updated references to DRP card
Updated formatting to meet WORD 2007 requirements

The version history for updates to template can be seen at http://www.e-janco.com/drpversion.htm and the full Table of Contents with sample pages can be downloaded at http://www.e-janco.com/Register_drp.asp .

Feds fall short on necessary desktop security

webmaster — Wed, 14 Apr 2010 08:01:04 -0600

A General Accountability Office (GAO) report found federal agencies have not fully adopted secure desktop configuration standards mandated by the Office of Management and Budget (OMB) three years ago, leaving desktops less secure than they ought to be, .

Federal agencies have taken some steps to implement the goals of the Federal Desktop Core Configuration (FDCC), which are to improve overall security and reduce IT operating costs across the federal government.
None, however, have fully implemented all the configuration settings on applicable PCs, citing a number of challenges to doing so, according to the report, published last month.

The FDCC was established by the OMB in 2007 to provide a baseline for security across federal workstations. The OMB based the FDCC on settings developed by the Air Force in partnership with the National Security Agency, Defense Information Systems Agency, the National Institute of Standards and Technology (NIST) and representatives from the Army, Navy, and Marines.

To become compliant with FDCC, agencies were supposed to first submit an implementation plan, and then configure Windows XP and Vista PCs according to the common security settings required by the initiative by February 2008.

They also were required to document any changes from the OMB's recommended settings and have them approved by an accrediting authority; acquire a specified NIST-validated tool for monitoring implementation of the settings; ensure that future IT acquisitions comply with the configuration settings; and submit a status report to NIST.

Internal security threats

webmaster — Sat, 03 Apr 2010 05:24:28 -0600

Several studies have show that 78 percent of data breaches come from authorized insiders of an organization. Loss of proprietary information and intellectual property can trigger fines, litigation, brand damage, and bad press. Enterprises have deployed protective measures - such as VPNs, firewalls, and network monitors - to provide audit trails and prevent unauthorized external access to proprietary information. However, these solutions dont address the rising threat from internal users. Because they have access to data assets, insiders are a major channel for information leaks, whether through deliberate policy breaches or accidental data loss (such as losing a mobile device containing personal records).

To protect sensitive data, enterprises need an effective data loss prevention (DLP) solution that monitors potential information loss at the point of use. However, the explosion of messaging systems, wireless networking, and USB storage devices has made the protection of critical enterprise data difficult. As a result, enterprises are experiencing an increase in the loss or theft of data assets by employees or contractors who accidentally or maliciously leak data.

IT Manager are now younger than most IT professionals

webmaster — Thu, 25 Feb 2010 17:45:33 -0600

The average age of the workforce continues to drop. At no time is this more evident than when you ask older workers what it is like to be managed by younger bosses. A CareerBuilder report that polled 5,200 workers found 43 percent of workers who are 35 or older work under younger managers.

As you go up the spectrum of age brackets, the numbers consistently rise: 53 percent of workers 45 and older have younger bosses; as do 69 percent in the 55-or-over age bracket.

"As companies emerge from this recession, it is important for employees to work together and move the business forward, regardless of their age," said a vice president of Human Resources. "With so many different age groups present, challenges can arise. Younger and older workers both need to recognize the value that each group brings to the table."

Part of the reason is the evolution of the workforce, but also the sheer size of the baby-boom generation. A 2007 Bureau of Labor Statistics study found that between 2000 and 2005, the number of workers over 55 increased 30 percent. In that same time period, younger workers between 25 and 54 increased only 1 percent.

Evolving data threats - CIOs and enterprises adapt

webmaster — Sat, 20 Feb 2010 17:11:07 -0600

Businesses adapt to increased mobility and expanded connectivity: Evolving data threats

Mobile computing and global networking cast a new light on data security issues as, in response, organizations reassess the technologies in use within their IT infrastructures and reconsider the ways in which staff members, customers and partners communicate. Solutions that do not provide the appropriate balance between protection and usability must be discarded in favor of solutions that effectively minimize risks of data theft or loss achieve compliance with existing regulations and equip personnel with tools that help them work productively and securely.

The facts are that business processes today rely on vastly different methods of data storage and data exchange than even a few years ago. These changes in the computing landscape make it essential that companies adopt a very different approach to security. According to the a research report by a leading IT think tank, 90% of organizations say that data security is "important" or "very important" and would get high priority in 2009.

Big Brother gets closer

webmaster — Thu, 11 Feb 2010 15:42:26 -0600

The Obama administration has argued that warrantless tracking is permitted because Americans enjoy no "reasonable expectation of privacy" in their--or at least their cell phones'--whereabouts. U.S. Department of Justice lawyers say that "a customer's Fourth Amendment rights are not violated when the phone company reveals to the government its own records" that show where a mobile device placed and received calls.

Those claims have alarmed the ACLU and other civil liberties groups, which have opposed the Justice Department's request and plan to tell the U.S. Third Circuit Court of Appeals in Philadelphia that Americans' privacy deserves more protection and judicial oversight than what the administration has proposed.

Not long ago, the concept of tracking cell phones would have been the stuff of spy movies. In 1998's "Enemy of the State," Gene Hackman warned that the National Security Agency has "been in bed with the entire telecommunications industry since the '40s--they've infected everything." After a decade of appearances in "24" and "Live Free or Die Hard," location-tracking has become such a trope that it was satirized in a scene with Seth Rogen from "Pineapple Express" (2008).

Once a Hollywood plot, now 'commonplace' - Whether state and federal police have been paying attention to Hollywood, or whether it was the other way around, cell phone tracking has become a regular feature in criminal investigations. It comes in two forms: police obtaining retrospective data kept by mobile providers for their own billing purposes that may not be very detailed, or prospective data that reveals the minute-by-minute location of a handset or mobile device.

Security concerns drive FBI to set new mandades on ISPs

webmaster — Tue, 09 Feb 2010 14:50:24 -0600

Security conserns are making the FBI press Internet service providers to record which Web sites customers visit and retain those logs for two years. This requirement could help it in investigations of child pornography and other serious crimes according to senior FBI investigators.

FBI Director supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. A survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. An Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting.

The chief of the FBI's digital evidence section, said that the bureau was trying to preserve its existing ability to conduct criminal investigations. Federal regulations in place since at least 1986 require phone companies that offer toll service to "retain for a period of 18 months" records including "the name, address, and telephone number of the caller, telephone number called, date, time and length of the call."

SOA improves productivity

webmaster — Sun, 31 Jan 2010 16:10:51 -0600

The applications within an organization's portfolio present a compelling argument for integration and connectivity to reduce maintenance expenses Disconnected applications can strain productivity, increase maintenance costs, and make overall system security difficult and expensive to manage. A proven strategy is to use an SOA approach with an enterprise service bus (ESB). Doing so can cut IT integration cost and maintenance by two to four times. Hence, the more integrations that are performed using this infrastructure, the greater the savings for your organization.

Change Control - Help Desk - Service Requests
Blog - Personal Web Site - Sensitive Information

IT Service Management (ITSM) and Service-Oriented Architecture (SOA) have gained great acceptance as the change management discipline has grown over the last several years. The percentage of participants using a structured approach to manage change has grown from 55% to 75%.

Where will demand be for IT Services in 2010

webmaster — Tue, 26 Jan 2010 15:48:42 -0600

A January 2010 survey of 1,586 CIOs, however, puts actual IT spending budgets for the year at 2005 levels or flat.

Mobile application developers will see job demand grow sharply in 2010 as Google's Android mobile operating system extends with the introduction of the Nexus One, and the leading Internet mobile device--Apple's iPhone--reaches 300,000 applications by the end of the year. It is predicted that mobile apps for Android to reach the 100,000 level by the end of 2010--a number that was reforecast from an initial estimate of 75,000.

Developers with knowledge of mobile operating systems including Symbian, Android, Windows Mobile and the iPhone are in the cat bird seat. The rapid growth of the netbook category from 2009--very small, ultra-portable laptops-- will carry over into 2010 with demand for developers who can create device-specific applications as well as skills in synchronization.

When it comes to cloud computing, it is predicted that a very big year with an expansion in the enterprise of private cloud offerings that take the best aspects of the public cloud--pre-built application and hosting infrastructure, a pay as you go model--with a customer's infrastructure in a more secure, private cloud similar to what you might find in the private "dark fiber networks" that many companies lease now from telecommunications companies and ISPs.

As businesses continue to have concerns about cloud security, availability, and performance, 2010 will be a big year for the announcement of private cloud offerings from virtually all major IT suppliers. This is not surprising: a brand-new (not yet published) IDC survey shows a strong preference by businesses for private clouds over public clouds, and vendors will act accordingly. One important implication: since clouds typically package infrastructure, platforms, and applications together, look for these announcements to drive many strategic partnerships, joint ventures, and acquisitions/mergers.

It's not only the private cloud that is expected to expand in the enterprise. The market for cloud appliances, cloud accessories and hybrid cloud management tools is predicted to see growth in 2010.

Dell, IBM, HP, Sun, Fujitsu, Hitachi - and Intel and AMD - will partner with software vendors for "applianced" versions of traditional on-premise packaged software. Particularly once the EU approves Oracle's acquisition of Sun, Oracle will certainly be an aggressive cloud appliance player.

Information is a security risk bu itself

webmaster — Mon, 18 Jan 2010 00:29:04 -0600

Information is one of the greatest sources of value creation for organizations today, with nearly every aspect of an enterprise dependent on a continuous flow of data. Think of it as currency - freely traded across and beyond the organization, it can yield a significant return on investment, including increased collaboration and innovation, shortened time to market and better decision making.

At the same time, information is one of the greatest sources of risk for organizations today. Whether through intentional or inadvertent means, breaches of data security can expose organizations to regulatory fines or legal actions, reduce a companys competitive advantage and undermine customer confidence. In recent years, lawmakers worldwide have responded to data security breaches with more rigorous data privacy laws.

As data privacy mandates continue to multiply, so too can the risk. Eliminating the risk altogether, however, is not the goal. Were that the case, the solution would be easy: simply lock down both the data and access to it - thus also shutting down the vital link to employees, customers, business partners and suppliers that makes innovation and collaboration possible.

A more sophisticated information security strategy takes a risk management approach that balances risk and reward - availability vs. the confidentiality and integrity of data. This strategy requires the ability to identify and classify sensitive data and mission-critical information within the enterprise and determine the various points of access to this information and the security posture of those access points - all while tracking who has accessed that data and understanding what they have done with it.

2010 IT Salary Survey Released

webmaster — Thu, 07 Jan 2010 10:18:36 -0600

Janco has just released its 2010 IT Salary Survey, which shows that overall pay has stopped falling and has flattened out. In addition the survey show an increase in hiring demand for some IT professionals. The CEO of Janco, Victor Janulaitis stated, "The economic climate is still driven with a cost cutting mindset, business closures, and extensive outsourcing. However the worst seems to be over as salaries for IT professionals are no longer falling. " The CEO added, "...many 'baby-boomers' who had planned on retiring in the next few years are not leaving the job market frustrating middle aged workers who want to advance."

More information on the IT industry can be found at www.e-janco.com

Palm Releases Development Tool Kit

webmaster — Sun, 03 Jan 2010 18:35:20 -0600

Palm announces the public beta availability of Project Ares, which the company says is the first complete set of integrated mobile development tools hosted entirely in the browser.

Palm announced the public beta availability of Project Ares, which the company called "the first complete set of integrated mobile development tools hosted entirely in the browser."

The goal of the new Palm development platform is to lower the barriers keeping Web developers from getting involved in mobile development. Palm Ares makes it "easier and faster" to create Palm WebOS applications, the company said. Project Ares was demonstrated for the first time during a Palm keynote at the Open Mobile Summit in November and an alpha release has been available to a limited group of developers for the past few weeks.

Free Wi-Fi trend expands

webmaster — Thu, 17 Dec 2009 09:07:06 -0600

Computerworld - Everybody wants free Wi-Fi, and McDonald's Corp. is responding to that demand with Wednesday's announcement that more than 11,000 of its U.S. restaurants will have free Wi-Fi in January.

"We've had Wi-Fi working in our restaurants for five years under the pay-to-play model, but now is the time, with the ubiquity of Wi-Fi devices -- including handhelds and laptops -- to extend that offer," McDonald's USA CIO David Grooms said in an interview today.

"We said, let's go with free Wi-Fi.... We talked to customers and asked what they wanted to see, and they really wanted us to go free. You don't need a lot of focus groups to find that out, and we take what customers say seriously."

Asked whether McDonald's sees free Wi-Fi as a draw for new or infrequent customers, Grooms said, "We'll appeal to customers who visit us already, the folks with a [Wi-Fi] device ...who want a cup of coffee and to visit."

The chain plans to expand the free Wi-Fi service to all 14,000 U.S. restaurants over time, he said.

Computer problems are everywhere

webmaster — Mon, 23 Nov 2009 17:39:00 -0600

A computer system used by airline pilots to file flight plans in the U.S. failed and that led to some flight delays, according to news reports

According to CNN, the National Airspace Data Interchange Network in Atlanta wasn't working properly, forcing pilots to process their flight plans through the network's office in Salt Lake City.

A check of several major airports, including those in Boston, New York City, Chicago and Dallas, showed that no flights destined for Atlanta would be allowed to depart before 10 a.m.

Although the problem was apparently fixed by mid-morning, the FAA site later showed several airports on the east coast with departure delays, some of them lasting more than an hour.

The problem occurred just a week before the Thanksgiving holiday, which is traditionally the busiest travel period of the year in the U.S.

Driod sales may not be enough to unseat iPhone

webmaster — Wed, 11 Nov 2009 13:53:06 -0600

Verizon Wireless sold over 100,000 of new Motorola Droid smartphones over its first weekend on store shelves, and the company is "very pleased" with the early returns, according to a spokesman for the device's exclusive carrier.

The number of Droids sold between last Friday and Sunday is about 100,000, or roughly half of the 200,000 Droid phones that Motorola had initially supplied to Verizon stores. Early sales figures are "encouraging."

However, some analysts disagreed with that conclusion. Othes say that selling only half the initial supply of Droids over the first three days is somewhat troubling for Verizon, and even more so for Motorola, which is staking much of its wireless phone future on Android devices like the Droid. The iPhone sold multiples of that amount in its first weekend for the original version."

Does Google know too much about you?

webmaster — Tue, 10 Nov 2009 09:47:35 -0600

Google has launched an all-in-one dashboard that attempts to show you what they know about you. It is an updated "Google Accounts" page that gives you more information than was available previously. Some of this can be classified as sensitive information.

The complete list of Google services that are participating in "Google Dashboard" include:

Google Account, Alerts, Blogger, Calendar, Contact, Docs, Finance, Gmail, Health, iGoogle, Latitude, Orkut, Picasa Web Albums, Product Search, Profile, Reader, Talk, Tasks, Voice, Web History, and YouTube

Not every Google service is represented - there are several that have not joined the Dashboard camp yet - including the likes of Google Analytics, Google News, Checkout, AdWords.

Computer Worm Has Infected over 7 million computers

webmaster — Mon, 02 Nov 2009 03:26:55 -0600

The Conficker has now infected more than 7 million computers, security experts estimate. One of the keys to controling the worm is a set of clear, concise, implemented, and followed security policies and procedures.

Researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker.

They have been able to keep track of Conficker infections by cracking the algorithm the worm uses to look for instructions on the Internet and placing their own "sinkhole" servers on the Internet domains it is programmed to visit. Conficker has several ways of receiving instructions, so the bad guys have still been able to control PCs, but the sinkhole servers give researchers a good idea how many machines are infected.

Although Conficker is probably the computer worm most known about, PCs continue to get infected by it, said a co-founder of The Shadowserver Foundation. "The trend is definitely increasing and breaking 7 million is pretty much of a landmark event," he said.

Conficker first caught the attention of security experts in November 2008 and received widespread media attention in early 2009. It has proved remarkably resilient and adept at re-infecting systems even after being removed.

Government Web Site Fails to Shows if IT Jobs Created

webmaster — Fri, 23 Oct 2009 10:33:33 -0600

WASHINGTON -- One of the primary reasons for the stimulus money is to create jobs and one of the primary things CIOs would like to know from this data is what kinds of jobs were created. There is no information at Recovery.gov concerning the types of jobs either saved or created from the $16 billion in contracts awarded so far, representing 2% of the $787 billion stimulus. One obvious follow-up question to the U.S. government's announcement that the federal stimulus has created or saved 30,000 jobs so far is this: How many were IT and engineering jobs?

The Recovery Accountability and Transparency Board that provides Recovery.gov, designed to allow citizens to track funding, is posting only what it gets in reports from recipients. A spokesman said theat they are not analyzing the data in terms of types of jobs but would do it "later". The lack of detailed information, the absence of data, the lack of consistency to the data collected, and insufficient rules governing how that data is supposed to be collected and displayed makes the site useless.

The Recovery.gov site includes interactive maps and spreadsheets showing companies that have received the data, the number of jobs created or saved, and a description of some of the work. This barebones information makes a rough guess possible about the quality of jobs based on description of the work.

Recovery.gov falls short in a number of respects in helping users understanding spending. Among the problems is site navigation difficulty and an inability to search by recipient. This prompted the creation of the Coalition for and Accountable Recovery, which represents about 30 groups.

Along with OBM Watch, some of its other members include the Center for Responsive Politics, OMB Watch, Sunlight Foundation, Economic Policy Institute. The groups criticized the usability of the Web site, and said it needed functions, such as ability to search by recipient.

The stimulus is expected to create IT jobs but there's never been any estimate about how many. Both IT and engineering jobs have declined in the recession.

However, IT firms are expecting the stimulus to perk up spending. IBM's chief financial officer, said this month that public sector was again the fastest growing sector with 2% growth, led by health care and education.

DHS to hire 1,000 IT Pros - Feds to hire 12,000 in total

webmaster — Mon, 05 Oct 2009 14:47:32 -0600

The Department of Homeland Security wants to hire 1,000 cybersecurity professionals in the next three years, according to agency Secretary Janet Napolitano. That along with the projections of other government agencies puts the feds in the driver's seat of the job market.

The DHS has the authority to recruit and hire cybersecurity professionals over the next three years in order to help fulfill its mission to protect the nation's cyber infrastructure, systems, and networks, she said.

"This new hiring authority will enable DHS to recruit the best cyber analysts, developers and engineers in the world to serve their country by leading the nations defenses against cyber threats," Napolitano stated.

DHS is the focal point for the security of cyberspace -- including analysis, warning, information sharing, vulnerability reduction, mitigation, and recovery efforts for public and private critical infrastructure information systems.

The hiring authority, which results from a collaborative effort between DHS, the Office of Personnel Management and the Office of Management and Budget, lets DHS staff up to 1,000 positions over three years across all DHS agencies to fulfill critical cybersecurity roles, including cyber risk and strategic analysis, cyber incident response, vulnerability detection and assessment, intelligence and investigation, and network and systems engineering.

The need for DHS to bolster its security realm is a hot topic. A Government Accountability Office report this year said that while DHS established the National Cyber Security Division to be responsible for leading national day-to-day cybersecurity efforts that has not enabled DHS to become the national focal point for security as envisioned.

Security and Privacy Under Congressional Scrutiny

webmaster — Wed, 30 Sep 2009 15:46:53 -0600

Four Democrat U.S. senators will introduce a bill to repeal a provision protecting telecommunications carriers from lawsuits due to their assistance to a controversial U.S. National Security Agency surveillance program. The new legislation, called the Retroactive Immunity Repeal Act, would allow lawsuits against telecom providers, such as AT&T Inc., to resume.

The original legislation repealed telecom immunity provisions in the Foreign Intelligence Surveillance Act (FISA) Amendments Act, passed by Congress in July 2008.

The FISA Amendments Act provides some additional court oversight to the NSA wiretapping program, which former President George Bush's administration launched after terrorist attacks on the U.S. on Sept. 11, 2001. The FISA Amendments Act allowed the so-called Terrorist Surveillance Program, which allowed the interception of phone calls and e-mail messages of people with suspected ties to terrorism, to continue until the end of 2012.

Critics of the NSA program said it illegally targeted U.S. residents' communications with people linked to terrorist groups without court-approved warrants. The program was illegal under the U.S. Constitution's Fourth Amendment, prohibiting unreasonable search and seizure, critics said.

Another Data Breach of 160,000 plus SSNs

webmaster — Mon, 28 Sep 2009 06:54:06 -0600

The University of North Carolina at Chapel Hill on Friday began notifying about 163,000 women about the potential compromise of their Social Security numbers and other personal information after a hacker breached a system containing the data.

The breached server belonged to the UNC School of Medicine and contained information that was collected as part of a federally funded mammography research project. The system contained records on a total of 236,000 women, of which about 163,000 included Social Security numbers.

The Chairman of the university's Department of Radiology said the breach was first discovered in July when a researcher reported problems accessing the system. A subsequent investigation by the school's information systems staff revealed that the system had been hacked.

Though the breach was discovered in July, there are indications that the actual intrusion may have taken place as long as two years ago.

Denial of service attacks are on the rise

webmaster — Fri, 18 Sep 2009 11:52:28 -0600

(Washington Technology) - Denial-of-service attacks are not new, but the rapidly increasing number of attacks is making botnets a formidable security threat. Here are six things to keep in mind as you secure your networks.

What you see is not always what you get. Determining the source of an attack is challenging. The so-called North Korean attacks in July appear to have been controlled from a server in the United Kingdom. Remember, just because an attack originates in one country does not mean it is managed from there.
Money changes everything. Money is a motivator as underground developers are selling tools such as an online service to run new malware variants against the most popular antivirus engines to identify which ones make it through. With botnet tools for sale, relative amateurs can launch sophisticated attacks.
It is no longer just kids. Professionalism is on the rise. The most serious attacks can go undetected as botnets designed to steal data or tap computing power have gotten better at encryption and covering their tracks.
It is not the medium, it is the message. Be as suspicious of tweets and videos as you are of e-mails.
Eternal vigilance is the price of liberty. Consider real-time content analysis as a weapon in defending your networks.
New world order. Get used to them -- they are here to stay. New attacks are emerging at a faster and faster pace, so the need to update security is paramount.

Security Adminstrator spends 14 months in jail

webmaster — Tue, 01 Sep 2009 08:36:27 -0600

A Bay Area has been held on a $5 million bond since his July 12, 2008, arrest in a case that captured intense media interest. He has spent nearly 14 months in jail after refusing to hand over administrative passwords to San Francisco's city network is likely to remain incarcerated after a county judge denied his motion for reduced bail on Monday.

Prosecutors had charged a bay area man with holding the city's FiberWAN network hostage and installing unauthorized "back-door" modems on the city's network. Recemtly, a Superior Court Judge threw out three of the four charges against the man. Lawyers for the former city network administrator had hoped that this might lead to a bail reduction and a chance to get their client out of jail.

But that was not to be. The judge has denied the motion to reduce bail, alluding to "public security concerns."

Curretnly the man is now charged with one count of disrupting computer services and could face as much as five years in prison.

Internet warrent search limited by courts

webmaster — Fri, 28 Aug 2009 10:21:47 -0600

The reach of the government has been limited by a federal appeals court that ruled that government investigators cannot retain incriminating information found in electronic searches unless it is within the scope of a search warrant. The majority opinion states this was an obvious case of deliberate overreaching by the government in an effort to seize data as to which it lacked probable.

The U.S. Circuit Court of Appeals for the Ninth Circuit, in a 9-2 vote, rejected arguments by the U.S. Justice Department that it could retain and use all of the data that it seized in 2004 as part of a federal.

The court disputed the Justice Department's argument that it should be allowed to retain and use information not included in its original search warrant because it came into "plain view." The court contended that the so-called "plain view doctrine," which allows investigators to seize evidence without a warrant if it was found in plain view during a legitimate search, does not extend to electronic searches.

The warrant issued allowed the government investigators to search through computer files for the records of 10 individuals. When the warrant was executed however, investigators seized and reviewed the records of hundreds of other individuals.

Goverment sector doing well

webmaster — Mon, 24 Aug 2009 09:26:01 -0600

The government information technology industry seems to be immune to the larger economy cycles.

Generally, the government contracting industry is weathering the economic downturn better than most industry sectors. Just as in 2000-2001 and the early 1990s, the government sector is viewed as a safe haven. The government will not go bankrupt; there are long-term contracts that result in visible backlogs; outsourcing is increasing because of the retiring government workforce and technology changes; and margins are improving because of procurement reform.

Summary Results and Changes in Demand for IT Jobs 2009

Yet there is uncertainty in the air due to the upcoming spending priorities, budgetary constraints, contract award delays and general economic conditions that are resulting in buyers being more discerning and careful when evaluating acquisition opportunities. Buyers are focused on highly strategic targets that have barriers to entry and are synergistic. Adding revenue or increasing critical mass is not as significant a driving force as it has been in the past.

That uncertainty is resulting in deals taking longer to close because of more comprehensive and difficult due-diligence and contract negotiations. Buyers and lenders have become more sensitive to potential liabilities and risk.

Economy on the upswing -- maybe

webmaster — Thu, 20 Aug 2009 09:20:41 -0600

a major consulting firm of enterprises in the hardware and software businesses. The survey reported that the executives at those firms expect improved revenue and profitability in 2010 and half of them are predicting a brighter job picture then, too. About 39% of the respondents believe the economy will recover by next year while 43% said they expect the U.S. economy to recover after 2010.

Executives in Silicon Valley were particularly optimistic -- 77% believe the technology sector will outpace the U.S. recovery, according to KPMG.

Another hopeful sign cited was that nearly 70% of the responding executives said they are emphasizing long-term growth while just 31% said they are emphasizing cost-cutting measures.

Their future vision is in sharp contrast with the executives' current ways of coping with the recession: 68% said they reduced headcount.

Some 60% of the respondents said also that they had been cutting capital expenses and, in an indication that the cost cutting may be running its course, just 28% said they were considering cutting expenses in the future.

Another theme expressed by the executives focused on the role-improved confidence could have on the economic recovery. 42% of the respondents cited improved business confidence as a potential important trigger for reviving the economy while 41% said that improved consumer confidence was important.

Outsourcing and H-1B visas go hand in hand

webmaster — Thu, 06 Aug 2009 17:46:34 -0600

Data prepared a research and outsourcing consulting firm, shows the shift of jobs overseas by some major IT services vendors. In 2006, U.S. and European firms typically had less than 20 percent of their workforces offshore; now, for most companies that figure may well be generally over 30 percent.

U.S. IT providers continue to push jobs offshore, while Indian firms work to refine the amount of work they complete overseas. Although Congress may force the Indian firms to hire more Americans -- and Indian companies have been telling investors that they may have to indeed do that -- those changes will not affect the overall trend and the shift in jobs outside the United States.

Indian offshore firms are very dependent on H-1B and L-1 visas. These companies' business models are based on their ability to move Indian and other foreign nationals in and out of the United States. The majority of Indian companies that operate in the US have more than 50 percent of their workers on H-1B/L1 visas.

The 50 percent figure is important because Indian firms may have to hire more American workers if legislation introduced by U.S. Sens. Chuck Grassley (R-Iowa), and Dick Durbin (D-Ill.) is approved. Among the bill's requirements is one that requires Indian firms to balance their workforces around a 50-50 rule that would limit visa use of the visas to no more than half of a firm's U.S. workforce. However to counter this proposed legislation some Indian companies are redefining their business model to reduce the amount of work at customer locations and move work to other remote locations and hiring of more local nationals in key markets.

Buiness Rules Drive Successful Enterprise Processes

webmaster — Mon, 03 Aug 2009 07:53:48 -0600

Managing business rules gives you control over high volume operational decisions and delivers unprecedented agility. Based on decades of experience developing decision management applications, Janco has developed processes to help you make the most of business rules.

These include:

Picking the right applications. Business rules are a powerful tool for building smarter decisions into your applications but are better suited for some applications than others.
Following a process. Like any development technology, business rules work best when you have a structure and follow a suitable methodology.
Writing the right rules, the right way, and reusing them. Ensure your business rules are concise and atomic and use the right metaphor to manage them. Take advantage of your ability to manage them for reuse and to systematically verify, validate and simulate rules to get the result you want.
Operationalizing predictive analytics. Business rules are an ideal platform for putting predictive analytics to work to improve the effectiveness and precision of decisions.

Microsoft blinks with IE Defaults

webmaster — Tue, 21 Jul 2009 10:50:25 -0600

Microsoft posted the following on its blog, "The goal of the IE setup experience is to put IE users in control of their settings and respect existing defaults." The IE Team blog added, "IE will never install, or become the default browser without your explicit consent. However, we heard a lot of feedback from a lot of different people and groups and decided to make the user choice of the default browser even more explicit. This change is part of our ongoing commitment to user choice and control."

Microsoft has made changes to the first-run experience in its Internet Explorer 8 (IE8) browser to allow users to more easily change their default browser selection. Microsoft is defending a lawsuit brought by European Union antitrust regulators at the behest of Norwegian browser competitor Opera Software over the bundling of Internet Explorer with the Windows operating system.

Perhaps in a nod to European Union (EU) antitrust officials, Microsoft has made changes to the first-run experience in its Internet Explorer 8 (IE8) browser to allow users to more easily change their default browser selection.

Risk Management versus ROI for Security Initiatives

webmaster — Wed, 15 Jul 2009 16:37:37 -0600

Return on investment (ROI) is a conventional business calculation that almost all companies use to allocate resources for maximum profitability. The calculation is simple: subtract the investment from the payback (increased profits) and divide by the investment. The key is to account for all the costs and all the profits. In most business situations, such as adding new production capacity, that is not hard to do. For network security, however, the ROI concept does not work well.

Many attempts have been made to develop a useful approach and even a special term, return on security investment (ROSI) has been coined, but the attempts have been less than successful. With some methods, calculations and speculations are so complex that by the time theyre completed, the security situation has changed. Why is it so hard to do?

One difficulty is that security does not contribute to profitability the way machines or personnel do. Therefore, it cannot produce a return, any more than security fences or security cameras can. The financial benefits it delivers are difficult to identify and measure, because they involve events that (you hope) dont happen and might not even be recognized if they did. Its very hard to project the return on investment when you cant even measure the return.

Another difficulty is that there are so many variables, unknowns and intangibles in the world of network security. There are thousands of threats, with new ones arising every day and thousands of hardware and application vulnerabilities. In addition, the potential economic impact of a security breach is hard to predict; it can range from very small to large enough to threaten your organizations existence.

So, network security ROI is both difficult to calculate and essentially of limited value. But that doesnt mean you cant make a hard-nosed economic case for IT security investments. You just have to take a risk management approach.

Secrutiy Risks Continue to Increase

webmaster — Sun, 12 Jul 2009 07:36:04 -0600

Every employee or contactor that uses e-mail and the Internet is a security risk. They may become a leak, either purposely or more commonly - inadvertently. A worker who was passed up for a raise or laid off may, share some embarrassing information with the press or forward sensitive plans to a competitor.

Many employees do not take safe data handling practices to heart. They copy work files onto USB drives or portable hard drives, or even e-mail them to their personal accounts for retrieval from home. This sort of routine activity can place sensitive data at risk, especially considering how easy it is for a small USB key, a smart phone, or a laptop to be misplaced or stolen.

Even instant messaging exchanges can be used to sneak files or secrets to outsiders. Employees often retain their buddy lists as they move from one department to another or from one employer to the next. Colleagues who IM one another every day could be working for competing firms and a careless response to "what are you working on lately?" can be disastrous.

Many hack attempts use social engineering to infiltrate corporate networks. An e-mail that seems to be from your IT admin and requests your login info seems harmless enough, until the hacker at the other end gains entry. The issue is one of education and awareness, and unsuspecting employees become, in essence, potential threats.