New Books

Click on a book cover for more information or to order.

Assessing and Reducing Information Exposure
As someone responsible for security, you should ask yourself several questions to determine how much of your corporate information is at risk. While it may sound simple, many organizations don’t take the time to examine information from all sides, including both an internal view and an external view. As information traverses networks, applications, endpoints and people, an information exposure assessment of actual data loss risk across networks, Web applications, storage and endpoints can help companies determine how exposed their information might be. Gleaning visibility into your organization’s internal and external exposures provides a good view of digital and critical assets.

Cloud Security Challenges
Although virtualization and cloud computing can help your company accomplish more by breaking the physical bonds between an IT infrastructure and its users, heightened security threats must be overcome in order to benefit fully from this new computing paradigm. This is particularly true for the SaaS provider. Some security concerns are worth more discussion. For example, in the cloud, you lose control over assets in some respects, so your security model must be reassessed. Enterprise security is only as good as the least reliable partner, department, or vendor. Can you trust your data to your service provider? This excerpt discusses some issues you should consider before answering that question.

Symantec 2010 State of Enterprise Security Study Shows Frequent, Effective Attacks on Worldwide Business
Symantec Corp. just released the findings of its global 2010 State of Enterprise Security study. The study found that 42 percent of organizations rate security their top issue. This isn't a surprise, considering that 75 percent of organizations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Finally, organizations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010.

Mobile Enterprise Transition Goals
Mobile technologies contribute uniquely to the communications revolution by eliminating the need for physical land-based connectivity between people, processes, and entities. However, its success depends heavily on a meticulously planned and executed methodological framework. The Mobile Enterprise Transition (MET) framework provides detailed guidance based on the questions of "why, what, how, and who," thereby facilitating the strategic adoption of mobility by business. The MET framework focuses the goals of the organization on strategic and formal adoption of mobility and, at the same time, ameliorates the risks associated with the transition. This excerpt discusses the goals of Mobile Enterprise Transition and managing the expectations of the business.

Designing Backup for Recovery
The goal this article is to discuss how a backup system needs to be designed to facilitate recoveries. The purpose of a backup is to provide a mechanism to recover, and therefore it follows that the backup system must be designed to allow those recoveries to take place with as little effort or cost as possible.

The Top Trends Shaping Business Analytics
While the practice of collecting and extracting intelligence from business information is not new today's analytic requirements are evolving dramatically. Business managers need answers today or tomorrow, not next month or next year. They need to capture and make sense of massive volumes of data spanning both traditional sources, such as transactional systems, as well as an ever expanding array of data from online and mobile devices. And in an economy that's forcing everyone to do more with less, they need scalable, affordable and simple-to-use solutions. Here are the top trends shaping analytics in 2010 and beyond.

Five Ways to Increase Operational Efficiency with Alert Management
An alert management platform empowers companies to target actionable information from IT applications and systems automatically to the employee who can resolve the issue--escalating as necessary. Effective alert management provides the tools to access internal systems and address events from a mobile workbench as well as resolve issues from any web-enabled mobile device. Process acceleration and service improvements can help resolve incidents an average of 40 percent faster, saving up to millions of dollars annually. There are five ways that implementing alert management can immediately increase operational effectiveness across the enterprise--including process and efficiency improvements in incident, service, and change management--while significantly reducing costs.

Ten Steps to Sarbanes-Oxley Compliance
One problem with the implementation of SOX is that it tends to set a standard for compliance that may be inadequate. Meeting SOX standards--i.e., passing 404--does not imply that a firm or an IT department has the processes in place required to manage its business. Nor does it mean that an optimal level of control exists anymore than having a pulse signifies good health. SOX compliance is the minimum standard, not an optimum standard. Regardless of your firm’s current maturity level, you will need to demonstrate SOX compliance efficiently and honestly. This article describes the typical steps required to pass section 404.

Troubleshooting 10 Gbps Networks
With 10 Gbps network deployments finally taking off in 2009, the focus of network administrators is now turning to the challenge of managing 10 Gbps networks and in particular to troubleshooting these networks. Existing network management tools can provide an overview of the network, but these systems are only as good as the information provided to them. By employing proactive performance monitoring tools in the network, problems can be avoided and if a network error occurs, the cause of the error can be quickly detected by utilizing the information gathered by these tools. This article by Dan Joe Barry from Napatech looks at some of these tools outlining the benefits that they provide for network administrators.

The 'New Normal' and Its Effects on Supply Chain Management
Senior managers in many businesses are using the catchphrase "The New Normal" as if it were a prescient view of the way things will be from now on. For those managers this view is unfortunate because their perception of The New Normal suggests a sort of baleful future in which everyone will have to do with less. In the supply chain management space, the New Normal perception usually translates to "fear driven." And that usually manifests itself in one of two reactions.

Stretching the IT Budget: Look Beyond the Obvious
IT departments willing to look beyond the surface and the obvious can often eliminate apparent tradeoffs without having to choose one side or the other. When faced with a situation that appears to force a tradeoff, try to examine the problem from a different angle. Taking this fresh-thinking perspective can stretch the IT budget to achieve goals that you might otherwise forgo in an environment of severe financial constraints.

The Keys to Intergenerational Harmony
Most of what's been written about multiple generations working side by side has come from those of us who are considerably older and more experienced than our Gen X and Gen Y counterparts. In this article, Sheryl Lindsell-Roberts and Nancy Settle-Murphy sought the perspectives of some of their Gen X and Gen Y colleagues. After all, for all of the wisdom we older generations think we have to offer, the Gen X and Y folks of the world have a lot to teach us, too.

Software Testing Project Execution
In an ideal world, project planning would be the main task and project execution would be like pressing a button to start and finish it. Alas, this is not the case. In many industries execution is still the king. This is because despite all the advances in automation and standardization of processes, executing any plan is still difficult. The road to execution is laden with unimaginable pitfalls and unavoidable circumstances that ensure that execution is a challenge and not a walk in the park.

12 Dangers of Endpoint Security
2010 promises to be filled with new technologies giving SMBs access to a growing variety of IT tools to improve productivity, such as netbooks, smartphones and cloud computing-based services. But without adequate endpoint security best practices in place, a business leaves itself open to external and internal threats that can cripple it. To enable SMBs to get maximum benefit in 2010 from these technologies, Symantec has developed a list of the "12 Dangers of Endpoint Security" to help SMBs and their solution providers identify and thwart them.

Why Are Information Technology Controls and Audit Important?
The role of IT control and audit has become a critical mechanism for ensuring the integrity of information systems and the reporting of organizational finances to avoid and hopefully prevent future financial fiascos such as Enron and WorldCom. Global economies are more interdependent than ever and geopolitical risks impact everyone. Electronic infrastructure and commerce are integrated in business processes around the globe. For the IT auditor, the need for audit, security, and control will be critical in the areas of IT and will be the challenge of this millennium. There are many challenges ahead; everyone must work together to design, implement, and safeguard the integration of these technologies in the workplace. The chapter from Information Technology Control and Audit, Third Edition by Frederick Gallegos and Sandra Senft explains why.

The Internet Security Landscape: A Look Back at 2009 and Predictions for 2010
It's been said we should learn from the past, live in the present and plan for the future. Symantec Security Response's top researchers analyzed the data they collected over the past year and compiled a list of the top security trends they saw from 2009. In their quest to stay ahead of the bad guys and anticipate security protection needs for their customers, they also theorize on what they expect to see in 2010. One thing is for certain, Internet security threats are not diminishing or going away. These researchers expect to continue to see an increase in sophistication of security threats and social engineering tactics in an attempt to victimize computer users.

Improving Performance in Troubled Times through Distance Learning
This article maps out several important steps to creating a successful multifaceted distance learning program. The starting premise: Simply throwing a slide presentation onto a website, while it may be fast and inexpensive, almost never achieves the intended results. Instead, it is a thoughtfully-created program that encompasses a variety of learning activities that can cultivate skills and accelerate time to practical application.

Introduction to Risk Analysis
Risk management is a process that provides management with the balance of meeting business objectives or missions and the need to protect the assets of the organization cost effectively. In this period of increased external scrutiny due to the myriad questionable management decisions and the corresponding legislative backlash, risk management provides management with the ability to demonstrate actively due diligence and how they are meeting their fiduciary duty. This chapter from How to Complete a Risk Assessment in 5 Days or Less by Tom Peltier examines how risk analysis helps managers meet their due diligence requirements.

Top Five Considerations When Retiring Legacy Applications
Due to the tricky nature of retiring legacy systems, managing the retirement of these systems must be completed in stages, and not by adopting an overly simplistic unplug-and-play approach. So how should a legacy application retirement project proceed? While there are in fact no hard and fast rules, here are five general tips for you to consider.

How to Make the Transition to the Collaborative Web 2.0 Work Process
According to research, eighty percent of the future collaborative work approach will be inspired by Web 2.0 technologies. As more companies are turning to cloud-based solutions to business computing needs, it becomes more obvious that Web 2.0 has much to do with the way things are shaping up in enterprise technology. At this point however, the trick is in making the smooth transition from file-based and offline methodologies to the collaborative "always on" approach. Here are five tips to help you make the transition to a collaborative Web 2.0 work process.

Data Protection: Where the Problems Lie
This article looks back at the foundations of data protection. It discusses how the introduction of RAID technology changed data protection and why RAID alone is not enough. It then discusses what needs to be done to provide better logical data protection. It closes with why disaster continuity faces issues related to cost, distance, and under protection and some recommendations for improvement.

The Insider Threat: A View from the Outside
Most employees and contractors are trustworthy and contribute their energy everyday towards the company mission. However, unexpected, disappointing events can cause individuals to perform criminal activities and they are sometimes unaware of the magnitude or the consequences of their actions. To provide adequate information assurance, special attention to the insider threat should be built into our security programs.

7 Steps for Staying Relevant in a Tough Market
This article describes a number of ways you can shore up your knowledge, skills and qualities that are likely to help position you favorably among employers, clients and business colleagues, especially important during these increasingly competitive times.

CIO Core Skills and Career Development
CIOs vary in appearance, age, gender, educational background, hobbies, and personality. There is no average CIO. However, successful CIOs have a core set of skills that allow them to succeed in an age of complexity and constantly shifting business requirements. This piece outlines the skills, challenges, and important management and information technology subject matter to help you with your own career and long-term strategic planning. Every successful person acknowledges the need for discipline - going beyond the "order-taking" mindset and deliberately working toward increased personal productivity, satisfaction, and contribution to the business. The following provides a high-level road map to becoming an effective CIO.

Overview of Software Testing Techniques
Software testing, as a separate process, witnessed vertical growth and received the attention of project stakeholders and business sponsors in the last decade. Various new techniques have been continuously introduced. Apart from the traditional testing techniques, various new techniques necessitated by the complicated business and development logic were realized to make software testing more meaningful and purposeful. This chapter from Software Testing and Continuous Quality Improvement, Third Edition by William Lewis discusses some of the popular testing techniques that have been adopted by the testing community. These techniques are Black-Box Testing (Functional), White-Box Testing (Structural), Gray-Box Testing (Functional and Structural), Manual versus Automated Testing and Static versus Dynamic Testing.

Survey: Employees Plan to Spend Nearly Two Full Work Days Shopping for the Holidays Using Work Computers
This holiday shopping season, employees plan to spend close to two full working days on average shopping online from a work computer-one in 10 plan on spending more than 30 hours shopping online from work. This according to the second annual online holiday shopping survey conducted on behalf of ISACA. The potential danger of shopping online is that it can open the door to viruses, spam and phishing attacks that invade the workplace and cost enterprises thousands per employee in loss productivity and potentially millions in destruction or compromise of corporate data. This article highlights security tips for employees and businesses.