IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives Informatiion Security Today Book Proposal Guidelines IT Today Catalog Auerbach Publications ITKnowledgebase IT Today Archives Informatiion Security Today Book Proposal Guidelines
IT Today is brought to you by Auerbach Publications

Channels

IT Performance Improvement

Management

Security

Networking and Telecommunications

Software Engineering

Project Management

Database

Editorial Calendar

Author Guidelines

Advertising Rates

Contact Editor

Privacy Policy

 

New Books

Information Security Governance Simplified: From the Boardroom to the Keyboard by Todd Fitzgerald, ISBN 978-1-4398-1163-4, $79.95
Asset Protection through Security Awareness by Tyler Justin Speed, ISBN 978-1-4398-0982-2, $69.95
Cybersecurity: Public Sector Threats and Responses edited by Kim J. Andreasson, ISBN 978-1-4398-4663-6, $59.95
IT Best Practices: Management, Teams, Quality, Performance, and Projects by Tom C. Witt, ISBN 978-1-4398-6854-6, $79.95
Web-Based and Traditional Outsourcing by Vivek Sharma, Varun Sharma, and K.S. Rajasekaran, ISBN 978-1-4398-1055-2, $59.95
Practical Data Mining by Monte F. Hancock, Jr., ISBN 978-1-4398-6836-2, $89.95

Click on a book cover for more information or to order.
SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--when you checkout.

Key IT Security Trends for 2012
Kroll Ontrack announced the most important technology trends for the coming year. However, businesses that want to benefit from these trends need to look at adopting iron clad information management and security strategies to ensure data security and data loss avoidance.

Online Merchants Made Most Progress against Fraud in 13 Years
CyberSource today announced results of its 13th annual survey of eCommerce fraud. The overall picture: merchants are making gains against fraud but the battle continues. The fraud rate by order (the percentage of orders that turned out to be fraudulent) dropped from 0.9 percent in 2010 to 0.6 percent in 2011-the lowest in the 13 year history of the survey. But the cost of combating fraud continues to grow. Dollar losses were up, manual review continued to climb, and merchants reiterated their concern that fraud is becoming more difficult to detect. 27 percent of respondents said they are engaged in mobile commerce and initial indicators regarding fraud in that channel are promising.

Untangle Your Virtual Team with 10 Most-Needed Norms
In this article, Nancy Settle-Murphy of Guided Insights provides 10 "best practices" norms that can do the most to save time, reduce frustration and boost productivity of virtual teams. Extracted from one of her Bridging the Distance Virtual Leadership workshop series, these examples include specific actions that can support each one. For this piece, she touches on virtual meetings, decision-making, the use of email, shared documents and scheduling, areas for which a lack of explicit norms can cause especially thorny problems for virtual teams.

Ben Rothke: Security Reading Room
Review of Defense Against the Black Arts: How Hackers Do What They Do and How to Protect Against It.

Lean Management
One of the concepts that is gaining popularity is called Lean management or Lean performance. It’s based on the principles from Toyota’s production system (TPS). These concepts helped take Toyota from a small car company to one of the market leaders in the automotive industry in terms of quality and efficiency. The primary goal is to get rid of waste that occurs in the product process. For most Lean efforts everything is based around the muda (waste). Muda translates into any activity that is wasteful, meaning it does not add any value or is unproductive. Seven activities fall into this category.

Passwords Are Not Enough: Why Enterprises Need Strong Authentication, Too
In this article, Tim Matthews, Symantec’s director of User Authentication, discussing the uselessness of passwords and what organizations should be doing to keep data how it should be--safe and under the right control at all times. He then explains how strong, or two-factor, authentication is a simple and flexible alternative to the antiquated password.

Monitoring the User Experience
One of the great challenges of network administrators is monitoring of the user experience. It's become something of a buzzword, with management telling the network team to do it, without any actual indication of what they want. Without clear direction, it's nearly impossible to know what metrics will be meaningful, and then how to configure monitoring solutions in order to produce useful data. And yet the overall goal of everything IT does is to make the user is able to access the resources needed to be productive. Users won't care if they have state-of-the-art endpoints if the network itself is slow. That, as Brad Reinboldt of Network Instruments explains, means that monitoring the back end of the user experience is vital for IT.

Security Is Broken
When discussing the information security sector, the word "broken" crops up quite often in magazines, journals, conferences, blogs, and other sources. In his book The Myths of Security, John Viega says about security, "A lot of little things are just fundamentally wrong, and the industry as a whole is broken." So, if it's broken, can it be fixed? This is a Herculean-like task Ian Tibble has assumed.

Organizational Change: Ignore Roadblocks at your Peril by Nancy Settle-Murphy
We all have different ways of dealing with roadblocks, based on our personalities, perceived sense of urgency, navigational abilities, experience dealing with similar roadblocks, and other factors. And so it is when we encounter resistance to organizational change, a very particular type of roadblock, that tends to stop even the most experienced leaders in their tracks. Just as drivers must determine how best to handle different types of roadblocks that block their paths, so, too, must company leaders learn how to anticipate and address resistance to organizational change. In this article, Nancy Settle-Murphy of Guided Insights offers tips for determining just how formidable that roadblock is, and deciding which interventions make the most sense to remove the roadblock, or at least to minimize the inconvenience.

Patterns and Antipatterns
Antipatterns describe dysfunctional approaches to problem-solving, followed by the changes that should be made to overcome this dysfunction. That is, antipatterns describe situations that we often find ourselves in, situations that are not healthy for the individual or the organization. We obviously do not set out to create these dysfunctional situations; they occur because of neglect, malice, ignorance, and assorted other reasons. Once in these predicaments, how do we get out and stay out? This is the rationale for antipatterns.

Reflections on the Current State of IT Project Management
Any project could face difficulties that threaten the goal it is attempting to achieve. In fact, most professionals agree that all projects will experience some level of difficulty that could interfere with the project's progress or outcome. However, the simple fact that projects will face such difficulties is not the primary concern. What does matter is how project managers and their teams react to project difficulties-how they respond to each situation that threatens the progress and successful outcome of their project.

Balance Innovation and Expediency for a Supercharged Team
According to Booz & Company's annual study on global innovation, strategic alignment and company culture are far more important than R&D spending when it comes to deriving competitive advantage through innovation. Yet, close to half of all respondents reported that their corporate cultures do not support innovation. So, while companies talk about the importance of innovation, many have not set up the conditions for success in a sustainable way. (And sadly, offering a few courses here and there won't breed systemic, continual innovation.) So how can we take responsibility for creating more opportunities for innovative thinking? Here are a few practical tips, for both individuals and for teams.

6 Steps to Security Policy Excellence
Striking the right balance between risk mitigation and the commercial demands of the business is an essential skill, which must be adapted according to the nature of your industry and the size, culture and risk appetite of your organization. This role needs to have clear ownership at senior management level. Organizations need to take a systematic and proactive approach to risk mitigation if they are to be better prepared to satisfy evolving legal and regulatory requirements, manage the costs of compliance and realize competitive advantage. Achieving and maintaining policy compliance becomes more difficult to sustain as organizations grow, become more geographically dispersed and more highly regulated. But, it doesn't have to be this way.

Some Dirty Little Secrets about IT
In the world in which we live--a world that changes almost daily--there are truths and untruths. There's hype and there's reality. There are technologies that work and there are technologies that stay forever in what the Gartner Group describes as the "trough of disillusionment." There are subtleties and nuances. There are smart people and nasty people. There are crazy organizations and there are insane corporate cultures. Steve Andriole looks at some of the perceptual anomalies of your world or, if you prefer, some dirty little (and not-so-little) secrets about the people and processes in your world.

Ben Rothke: Security Reading Room
Review of Defense Against the Black Arts: How Hackers Do What They Do and How to Protect Against It.

What Is Insider Computer Fraud?
An organization's employees are often more intimate with its computer system than anyone else. Many also have access to sensitive information regarding the company and its customers. This makes employees prime candidates for sabotaging a system if they become disgruntled or for selling privileged information if they become greedy. This excerpt introduces the fundamental elements of computer fraud, then discusses insider threat concepts, concerns, and defenses.

NFC Applications with an All-in-One Device
This excerpt guides you through the numerous NFC applications that have evolved over the years or that are expected to come in the near future. First, it provides a brief summary of the main strong points of NFC over other wireless technologies. Then, it looks at NFC-enabled mobile phones as the goose that lays golden eggs. Finally, before we begin to explore the applications, this chapter includes a basic explanation of the three modes of operation of NFC technology, illustrating the operational basis of NFC applications.

Successful Virtual Collaboration Takes a Lot More Than Just the Right Tools
In this article, Nancy Settle-Murphy of Guided Insights and Michael Sampson, "The Collaboration Guy," explore what it takes for people to use virtual collaboration tools to their fullest advantage, and conditions need to be in place to foster smarter adoption. Spoiler alert: the technology is the least relevant aspect in the mix.

Product Lifecycle Management: A New Path to Shareholder Value?
Manufacturers are implementing powerful, enterprise-wide software solution, known as product lifecycle management (PLM), which is complementary to ERP, to manage the product's digital life. PLM is a flexible, dynamic environment that can manage product knowledge and data as it flows from and to a wide variety of sources, and give companies the power and flexibility to innovate, and then deliver more value through management of information. In so doing, PLM can have an even larger impact on business performance than ERP: innovation delivers added value, which drives revenue and profit growth. Shareholder value is enhanced, while competitive advantage is optimized through process improvement.

Protecting Mobile Data: When Is Enough, Enough?
This article discusses how the dramatic increase in smart mobile device use makes it impossible for organizations to know everywhere their potentially sensitive data will travel. It provides an in-depth analysis on how encryption technology can be used to round out a defense in-depth approach to mobile security to ensure sensitive corporate data is protected no matter where it might end up. It also provides practical best practices organizations should follow when implementing mobile-specific encryption policies.

Making Your Data Center Energy Efficient
This excerpt from Making Your Data Center Energy Efficient examines the use of different techniques to reduce energy consumption. Some techniques mentioned may only reduce your energy consumption by a percent or two, however, as many people might note, cumulatively the total savings can become significant. Thus, the old adage about saving a dollar here and a dollar there can result in some serious savings is true.

How Virtual Leaders Can Help Others Thrive in a World of Complexity
Today's companies set themselves up to six times more performance metrics than they did 50 years ago. So with all of this analysis, tracking, reporting and coordinating, how do leaders ever focus on the "real work" that needs to get done, including the essential work of guiding their teams? One way is to find ways to enable their employees to become more self-sufficient and resilient. Virtual managers have a different set of challenges, given that they can't be present (either in person or even virtually) every time a staff member has a question or problem. This article offers practical advice for virtual leaders who want to create more self-sufficient employees in a world of increasing complexity.

The Opportunity Cost of Software Testing
For every ten tests that we perform, we don’t perform a thousand other tests. For everything we know, there is a lot more we don’t know. Every choice we make to do something means choosing not to do others. These opportunity costs, the roads not taken, are everywhere in software. It’s time to make those costs explicit.

Social Software Engineering: Development and Collaboration with Social Networking
The development of software systems has long been considered a social activity. Software is developed using a team model and the work is divided among the various team members. Several studies suggest that developers of large projects spend 70 to 85% of their time working with others. Thus, it is important that a team collaborate effectively to achieve a common goal. So, how can you use social networking to software engineering efforts?

Terrorism: An Overview
What do you know about terrorism? Yes, it's a violent, destructive, political act. What else? If you can't easily explain terrorism, then is excerpt from The Counterterrorism Handbook: Tactics, Procedures, and Techniques, Fourth Edition will help bring you up to speed.

Sensor Networks: An Overview
Sensor networks are dense wireless networks of small, low-cost sensors that collect and disseminate environmental data. Wireless sensor networks facilitate monitoring and controlling of physical environments from remote locations with better accuracy. They have applications in a variety of fields. Sensor nodes have various energy and computational constraints because of their inexpensive nature and ad hoc method of deployment. Considerable research has been focused at overcoming these deficiencies through more energy efficient routing, localization algorithms and system design. This is a good introduction to wireless sensor networks.

Security Risk Assessment Approaches
There are nearly as many security risk assessment approaches as there are organizations that perform them. There are strengths and weaknesses within each approach, but the applicability of the approach to your specific environment, objective, and available resources will be the biggest driving factor in selection of the appropriate approach. The following briefly describes some of the differences between currently available approaches to assist in your understanding and to aid in the selection process.

How to Disengage Your Virtual Team in 10 Easy Steps
Nancy Settle-Murphy is in the midst of rolling out a new virtual leadership series for a client. She starts every series by exploring the three building blocks of successful virtual team leadership (literally, the ABCs): Accelerating Trust, Building Social Capital, and Creating a Level Playing Field. One major challenge comes up in every conversation: How to keep virtual team members engaged, enthusiastic, motivated and energized? Rather than writing a bunch of tips to help you engage virtual team members, She thought she'd flip it around and give you tips for disengaging your virtual team members. After all, it's summertime and we can all do with a little fun!

Seeding the Cloud with Trust: Real World Trusted Multi-Tenancy Use Cases Emerge
As the demand for Cloud services continues to gain traction, every end-user organization seeks high operational efficiency of its resources while reducing the operational cost of maintaining a standalone infrastructure. It is becoming increasingly critical to enable trust models and interoperability that support secure multi-tenant use and management of back-end infrastructure, and permit the sharing of high-density IT resources. Trusted Computing Group's (TCG) Trusted Multi-Tenant Infrastructure (TMI) architecture is an open framework that defines end-to-end reference models for the practical deployment of trusted cloud or shared infrastructures.

Testing the Cloud
Managing IT networks requires a broad set of competencies in a growing number of technologies and products. It therefore makes sense that these competencies are centralized in larger data centers providing cloud services to a number of smaller enterprises for which IT is not a core competency. Larger data centers also mean larger installations with higher-speed interfaces as well as an obligation to maintain service availability. This requires extensive test and management capabilities to ensure service "up-time." However, will test and management of cloud services differ from how they are performed today? What are the special challengers that cloud service providers face in this regard?

Email Records Management and SharePoint
There is no doubt that email is the predominant form of communications both within and between organizations. Yet, organizations struggle with how to manage emails, the content contained in emails, and attachments- both for collaboration and records management purposes. Lost or "smoking gun" information contained in emails hits the news from time to time, and corporations are held to account for the mishandling of vital emails. While emails come in all shapes and sizes, not all of them are vital to keep on record. So how do you approach setting up a system where those vital pieces of information are kept so that employees that need access to them can easily search and find what they are looking for? How do you ensure you are compliant with regulations, laws and standards? Why is email management so hard?

Talk Trumps Text for Harnessing Hidden Know-How
Let's say your team, which is scattered across several locations, has to produce a complex proposal with little time to spare, and discovers that others in your organization have tackled similar proposals. How can they mine this hidden know-how, when they are running out of time, and don't know exactly what to ask, of whom, or how? A "Knowledge Jam" is a streamlined, fast-paced process that brings together knowledge seekers or "brokers" and knowledge originators for a sharply-focused conversation aimed at sharing relevant knowledge within a very short period of time. This article describes the essential steps of a Knowledge Jam.

SMBs Show Signs of Coming Round to Cloud, but on Their Terms
Liberated from the burden of a fixed office infrastructure, it is a natural step for small- to medium-sized business (SMB) to embrace the Cloud to take advantage of its flexibility, its pay-for-what-you-use cost structure and its dynamic access-anytime-anywhere environment. With this comes a desire to manage and share data between geographically distributed teams together with partner and customer ecosystems. So why are so many SMBs holding back?

Consolidating Network Appliances with Virtualization
Virtualization has brought many benefits to data center infrastructure, such as lower cost, space and energy. Nevertheless, network monitoring, analysis and security infrastructure - due to the data-intensive and processor-intensive nature of these types of applications - still rely on discreet appliances based on standard servers. The article looks at opportunities that not only allow network consolidation of multiple appliances through virtualization but also enable the upgrading of legacy systems to support higher line-rates at minimal changes application software.

Virtual Meetings: Design for Worst-Case Scenarios for Best Outcomes
This article offers some practical tips for anticipating and addressing problems that arise frequently during virtual meetings. Of course, in an ideal world, we think through every possible risk and mitigate each one before a problem occurs. But in the real world, which admittedly is not quite perfect, we can only take our best guess about what might go wrong and plan accordingly.

Integration: The Missing Link in the Cloud
Cloud computing or cloud-based solutions have been portrayed as a panacea for companies looking for the flexibility and scalability they need to grow their businesses, while keeping costs down. Unfortunately for many businesses, data, application or business-to-business (B2B) integration is an afterthought when evaluating the cloud, and it becomes the stumbling block that prevents companies from realizing the cloud’s true benefits. Companies should absolutely look at how the cloud could improve their agility and business impact. There are three key rules when evaluating a cloud migration or implementation.

Productivity vs. Security
Enterprises are increasingly concerned about the risk in cyber threats, and the rising number of incidents revealed publicly justifies their worries. Yes, budgets are being reduced and technology departments are being asked to cut resources. Attackers use the downturn in security enforcement to step up the pace of exploitation at a time when an enterprise can ill afford downtime, decreased productivity, stolen data, lost sales and a damaged enterprise reputation. This is the "security paradox" or "productivity versus security. This debate is becoming harder to implement as single point external attacks have moved toward multi-source external attacks and the model of the "trusted employee" is being eroded.

Does Your Business Continuity Plan Cover Cyberattacks?
In this day and age, most companies, regardless of whether a single office or a large international conglomerate, are reliant on computer systems to function. If you were attacked tomorrow, the reality is it will shut you down. How long it takes to get back up and running, if at all, is down to you. Sit up, take note, and plan for the inevitable.

Strong Virtual Leadership + a Few Essential Tools = Great Collaboration
As a successful leader of virtual teams, you know you have what it takes to keep the team motivated and focused: choosing the best combination of tools to enable this team to collaborate and communicate in lockstep. Fortunately, your company has invested heavily in collaboration tools over the last few years. Your team needs to determine which tools will work best, under what conditions, to achieve these ambitious goals, from afar. Here's a "short list" of "must have" tools for geographically dispersed teams, or for any type of team that relies on virtual collaboration tools to get work done.

The Internet of Things
The Internet of Things (M2M) is about convergence and integration of the latest advancements in the research areas of software and hardware with industrial technologies invented many decades ago. This chapter highlights two concerns of great importance for the Internet of Things. One comes from the software engineering domain, namely the use of a good software architecture style for the design of any software system, and another one is related to the knowledge engineering domain and deals with context awareness.

Realizing the Benefits of Vulnerability Management in the Cloud
In this white paper, Gordon MacKay, CTO of Digital Defense, Inc., discusses two types of vulnerability management deliveries: cloud-based and premised-based. I highlight several challenges with vulnerability management and I argue that a cloud-based vulnerability management delivery keeps organizations more secure as compared to a premise-based solution.

Types of Server Virtualization Technologies
There are many different approaches and technologies used to implement virtualized systems. It is important to be aware of these technologies and how they differ from x86 server virtualization. This chapter provides a high-level overview of these approaches, how they are used, and their differentiation.

 
Free Subscription to IT Today






Google Reader or Homepage
Add to My Yahoo!

Add to Technorati Favorites!

Search the Site

News

January 24, 2012 - Canadian spy case erupts as navy casts wider security net

January 24, 2012 - New York State Electric & Gas and Rochester Gas & Electric Corp customers' personal information breached

January 24, 2012 - CT AG asks Zappos executive for information following security breach

January 24, 2012 - Hackers jailbreak iPad 2, iPhone 4S

January 23, 2012 - SharePoint users develop insecure habitst

January 23, 2012 - Security roundup: Anonymous attacks DOJ, RIAA sites; Israeli-Palestinian cyberconflict escalates

Productivity Press

Events

nullcon in Goa, India from February 15 to 18, 2012. nullcon is Asia's first ever event organized and managed by an official security community, null, and its members. nullcon, a four-day event, brings together business decision makers and security professionals from national and international areas to address important security issues and innovative mitigation solutions.

The SharePoint Technology Conference, February 26-29 in San Francisco, is the world's premier independent event for Microsoft Office SharePoint Server technology and services. The format includes 90+ technical classes, workshops and breakout classes with content geared to IT professionals, business managers and developers. It features a top Microsoft MVPs, dozens of expert MS speakers and solutions from 50+ exhibitors (exhibits admission is FREE!). As an IT Today reader, you can receive a $100 discount off either the 4-day or 3-day pass (first time registrants only - cannot be combined with other offers) by inserting the code MEDIASPONSOR when prompted on the eRegistration page linked from www.sptechcon.com.

ISWec 2012 Infosecurity World Exhibition & Conference 2012 in Kuala Lumpur, Malaysia from March 21 to 22, 2012

InfoSec World Conference & Expo 2012 at Disney's Contemporary Resort, Orlando, FL from April 2 to 4, 2012. The event features over 70 sessions, dozens of case studies, 9 tracks (including a Hands-On Track), 12 in-depth workshops, 3 co-located summits and an exhibit hall showcasing the industry’s leading vendors. With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business!

STAREST: Software Testing, Analysis, and Review in Orlando from April 15 to 20, 2012. SuperStrategies Conference & Expo delivers a content-driven, jam-packed agenda featuring speakers who are top audit practitioners from leading organizations. Each session provides lessons learned and real-world case studies on audit, fraud and ethics from prominent companies and organizations. No matter what your informational needs are, SuperStrategies will provide the subject matter you need to stay ahead and arm you with the latest audit tools to be most successful back at the office.

SuperStrategies 2012 in Las Vegas from April 24 to 26, 2012. SuperStrategies Conference & Expo delivers a content-driven, jam-packed agenda featuring speakers who are top audit practitioners from leading organizations. Each session provides lessons learned and real-world case studies on audit, fraud and ethics from prominent companies and organizations. No matter what your informational needs are, SuperStrategies will provide the subject matter you need to stay ahead and arm you with the latest audit tools to be most successful back at the office.

Partners

Scrum Methodology

Guided Insights

© Copyright 2011 Auerbach Publications