Click on a book cover for more information or to order. SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--at checkout.
Realizing the Benefits of Vulnerability Management in the Cloud
In this white paper, Gordon MacKay, CTO of Digital Defense, Inc., discusses two types of vulnerability management deliveries: cloud-based and premised-based. I highlight several challenges with vulnerability management and I argue that a cloud-based vulnerability management delivery keeps organizations more secure as compared to a premise-based solution.
On Project Management: When in Doubt, Leave it Out
Types of Server Virtualization Technologies
There are many different approaches and technologies used to implement virtualized systems. It is important to be aware of these technologies and how they differ from x86 server virtualization. This chapter provides a high-level overview of these approaches, how they are used, and their differentiation.
Tips on Living with and Managing Microsoft Outlook PST Files
IT administrators know that mailbox quotas imposed on network users encourage the use of Microsoft Outlook's AutoArchive feature, which creates personal storage (PST) files. Messages and attachments often contain sensitive company data that should be part of a central store. Difficult to locate and manage, PSTs clog up local drives and server space and are rarely included in normal security and backup processes. The need to use PST files can have a negative impact on business productivity. On the other hand, managing and living with PSTs scattered around the network may not be a problem for some organizations. The following PST management tips from C2C are intended to help you determine whether action should be taken and how to live with PST files.
IPv6: An Introduction and Overview
IPv6 is the next-generation Internet Protocol. The current version of the Internet Protocol, IPv4, has been in use for almost 30 years and exhibits some challenges in supporting emerging demands for address space cardinality, high-density mobility, multimedia, and strong security. This is particularly true in developing domestic and defense department applications utilizing peer-to-peer networking. IPv6 is an improved version of the Internet Protocol that is designed to coexist with IPv4 and eventually provide better internetworking capabilities than IPv4.
Balancing Network Security and Business Impact
When a business transaction over the Internet is worth a few thousand or more, one thinks twice before suspending any kind of traffic to the website, even if, in some cases, these transactions are highly susceptible to a cyber attack. How much money a business may lose as a result of the wrongful implementation of a security measure is "precious" information that every network manager would know to appreciate. Simulation of the required security action, before implementation, in real network environments that carry real business transactions, would allow for the collection, analysis and correlation of business related information and thus, would provide a way to predict the business impact. This article introduces the concept of business impact analysis (BIA), and discusses applicable technologies that can support it.
How to Tilt the Work-Life Balance in your Favor in a 24x7 World
Is achieving "work-life balance" really possible in an always-on, constantly connected world? In this article, Nancy Settle-Murphy offers some observations and practical tips for those who want to reclaim more of the "life" in that elusive work-life balance equation.
Designing for Mobility: User Experience as a Design Driver
User experience is a concept separate from ease of use or usability. While a system can be easy to use, it does not guarantee a positive experience for the user. How far can we go in making users feel pleased and happy to use our system? Can we rely on ease of use alone? This chapter discusses concepts dealing with the subjective and hedonistic aspects in the design process.
Lean IT: An Idea Whose Time Has Come
How many IT organizations do you know that are not running at 100% capacity (or greater) with increasing backlogs? To reap the benefits of Lean IT, to drive out the waste and create real value for the business, the IT organization and the business must work together to create time and space for improvement to happen. How can this be done? Steve. Bell and Mike. Orzen invite you to read and learn for yourselves.
Why Risk Management?
A CIO must deliver IT services to enable the business to run effectively. The CIO must also protect information to prevent it from being lost or stolen. The CIO walks on the edge of a sword, balancing service delivery on one side and liabilities on the other. Straying too far on either side will result in failure, and that failure may be catastrophic.
Data Center Storage: Migration and Retiring Aging Systems
Why migrate? If it's not broken, don't fix it, right? Wrong. Sooner or later, we must migrate: User demand grows, application demand grows, the use of the data expands as it integrates with other applications, data itself grows, and hardware ages. It is in your best interest to organize the task of migration well and use it frequently. The cost of the hardware is a fraction of the costs of maintenance, people, backup, and so forth of the total cost of the system.
FISMA Requirements Case Study
In analyzing FISMA and breaking down its requirements from an agency perspective, a useful approach for the CISO to take is to clarify its requirements in four categories: general requirements, requirements for senior agency officials, requirements for CIOs, and requirements for agency information security programs. These categories are addressed in the following four sections, in which agency perspectives are reflected according to what Pat Howard has observed in his experiences with implementing FISMA-based information security programs at the federal agency level.
Advancing Green from Idea into Action
CDW's third annual Energy Efficient IT Report found that organizations increasingly value energy efficiency. Two-thirds of IT managers surveyed believe that understanding best practices in energy-efficient IT is vital to their professional success. Further, the percentage of IT managers who believe that energy efficiency is a critical consideration when purchasing new IT equipment increased significantly over the past year, from 26 percent in 2009, to 39 percent in 2010. This article presents a list of things to do or consider if you are considering implementation energy efficient technologies.
Ten Tips for Starting Revenue Assurance
Eric Priezkalns, the founder of talkRA.com, is frequently asked, "how do I start doing revenue assurance (RA) in a communication provider that has never done any before?" Until now he put off writing a public answer and giving away the answers for free. Now, here are his 10 tips for how to start doing RA for the first time.
COSMIC Full Function Points (FFP) and the Worldwide Field Trials Strategy
This excerpt from COSMIC Function Points: Theory and Advanced Practices discusses the key concepts of COSMIC FFP-related functional size measurement (FSM) design and the structure of its measurement process, as well as the strategy of its worldwide field trials.
The Strategic PMO: Aligning Projects and Strategy
The Strategic Project Management Office (SPMO) not only provides all the services individual projects and department-level project offices, it serves as the critical link between executive vision and the work of the enterprise. By providing a standard organizational methodology for planning, executing, staffing, prioritizing, and learning from all the projects that comprise todayís organization, the SPMO gives organizational life a coherence that has long been lacking. Letís explore just what an SPMO can do for your organization.
For High Impact Global Communications, One Size Never Fits All
This article examines steps that any change leader needs to take in creating and implementing a global communications plan designed to resonate with those most affected by the change.
Cyber Attack Toolkits Dominate the Internet Threat Landscape
Attack toolkits are increasingly available to an unskilled black market that is eager to participate in the speedy spread of malware. Not only are toolkits more widely available, but they are also advanced enough to evade detection while automating processes. Developers of toolkits are selling a product that is fueling the growth of a self-sustaining, profitable, and increasingly organized global underground economy.
Key Cloud Strategies: First Steps
When any organization is looking at adopting a new technology, success comes from proper planning, and clouds arenít an exception to this oft-ignored rule. The temptation is to do a physical-to-virtual migration just by "jumping into the deep end of the pool." Here the fallacy is that the virtualized server canít be that much different from a physical server. Well, yes and no: It can feel the same, but there are some differences that could potentially bite you. This article discusses a few that weíve stumbled across.
Time to Re-write the Security Rulebook as Social Networking Goes to Work
Social networking and Web 2.0 applications are second nature to young people entering the workplace. For them email is slow and old-fashioned. They bring their Facebook, Twitter, YouTube and other identities to the office with them. At the same time, they use professional social networking such as LinkedIn and other business-oriented online communities for more work-related duties. As social technology in the office reaches critical mass, organizations need to pursue a secure social media strategy alongside their traditional email-based security measures. For those that do not adapt, catching up has the potential to be a major problem.
Can a Government Prevent a DDoS Attack on One of Its Systems?
On December 8, 2010, a group of hackers launched DDoS (distributed denial of service) attacks against the Visa and Paypal web servers and also on a Swedish Government website. The attacks were successful and the services offered by all these sites were severely disrupted. If major corporations, who operate in a multi-national environment, couldn't prevent these attacks can the UK Government stop such an attack on one of their web services? Well, the simple answer is no, or maybe "probably not." To understand why this could be so we need to consider what a DDoS attack is and how it differs from a DoS (denial of service) attack. Then we can consider what could be done to mitigate it.
Mobile Device Security: What Are You Trying to Protect?
The risk many organizations face through mobile data moving around their networks or the mishandling of data on mobile devices is enormous, and without a concentrated effort to place effective controls on this type of data, the risk will continue to rise. However, many of these efforts are based on little more than the idea that there is some type of data out there called "mobile data," that it can reside on things called "mobile devices," and that somehow this "data" on these "devices" must be protected. Unfortunately, neither of these terms has a clear definition, and without those clear definitions, there cannot be a satisfactory answer to the question, "What are you trying to protect?"
Too Many Metrics and Not Enough Data
The software industry is unique in having more metric variants than any other engineering discipline in history, combined with an almost total lack of conversion rules from one metric to another. As a result, says Capers Jones, producing accurate benchmarks of software productivity and quality is much harder than for any other engineering field.
Responsible Hard Drive Destruction
The safe, responsible disposal of used computer hard drives is complicated, and made more so by all the bad advice on the Internet. Because today's technology permits the retrieval of information even from damaged drives, the use of a hammer, blowtorch, pistol, acid bath, etc., in a facility's basement or parking lot is not the way to go. This article outlines the pros and cons of degaussers, shredders, and other hard-drive-destruction equipment and services available on the market today.
The Lesson of WikiLeaks
The ongoing WikiLeaks debacle reminds us all of the fact that online and offline security is still vulnerable. It's easy to dismiss the incident as lax oversight on the part of the U.S. Department of Defense, and that may be the case, but the truth is that most organizations have gotten complacent about data security---this is a wake-up call to us all. If you find yourself suddenly faced with a data security breach, your goal is a quick, but considered response. Gather the facts as quickly as you can and act as soon as you have enough information to respond correctly. Don't take any action until you can accurately define the problem (not necessarily the cause) and know its scope. Consider the following six steps.
Adaptive Security Management Architecture Overview
The adaptive security management architecture is a method of organizing security-how it is applied, managed, supported, and incorporated into a business-to provide better business alignment, demonstrate value to the business, and be an enabler of success. Ultimately, with these capabilities in place, the objective is to create an operating environment that allows security to adapt to changes in the business and security more efficiently and effectively. The ASMA is, in part, founded on the fact there is a great deal of untapped expertise and capabilities that exist in most information security groups and in the industry. Although these can be very powerful, there is a wide range of definitions of what security should be in the industry and in business, which results in varying forms of how security is performed.
Watch an interview with author Jim Tiller as he discusses the adaptive security management architecture.
Preventing Vendor Lock-In as You Migrate to the Cloud
While IT has been battling lock-in since the earliest days of computing, not too much attention has been paid to the problem of vendor lock-in as IT rushes to madly to embrace the cloud. To prevent being locked in to a single vendor, you need to ensure that the architecture you have selected can run on multiple clouds, and that the data can be easily migrated from Cloud A to Cloud B. While that sounds trite and simple, it's still true. And in theory, it is not hard. But as usual, the devil is in the details.
Is Virtual Queuing a Model for Unified Communications?
Virtual queuing technology, such as that deployed in some contact centers, sequences and prioritizes workflows and requests. What does that mean for unified communications?
Policy-Based Network Management
Policy-based management (PBM) is a management paradigm that separates the rules governing the behavior of a system from its functionality. It promises to reduce maintenance costs of information and communication systems while improving flexibility and runtime adaptability. It is today present at the heart of a multitude of management architectures and paradigms, including SLA-driven, business-driven, autonomous, adaptive, and self-management.
Six Keys to Successful Security Strategic Planning
The following six elements of strategic planning are the keys to successful strategic planning: simplicity, passion (emotional energy)/speed of planning and adapting, connection to core values, core Competencies, communication, and implementation.
The IT Dilemma
We have seen much discussion in recent writing about how Information Technology has become an increasingly significant component of corporate business strategy and organizational structure. But do we know about the ways in which this significance takes shape? Specifically, what are the perceptions and realities regarding the importance of technology from organization leaders, business managers, and core operations personnel? Furthermore, what forms of the participation should IT assume within the rest of the organization?
Why Information Security Training and Awareness Are Important
Creating an information security and privacy awareness and training program is not a simple task. It is often a frustrating task. It is often a challenging task. And many times, unfortunately, it is often a thankless task. However, providing your personnel with the security and privacy information they need, and ensuring they understand and follow the requirements, is an important component of your organization's business success.
How Bridging the Skills Gap Can Make IT a Business Leader
With a new world order gradually emerging from the economic chaos of the last couple of years, Xantus felt it was time to take a litmus test of the IT industry and see what the UK's leading CIOs felt about the future. Some of the results were surprising. It would appear that money may not be the greatest immediate concern for IT departments. In fact, almost half the CIOs we talked to claim that key skill shortages within their departments are hitting performance and collectively costing their organisations millions of pounds. This finding was one of a number of interesting trends that emerged from the Xantus report, Supporting Business: The CIO Challenge.
Protect Your Apache Derby Database from Superuser Attacks
Apache Derby is a relational database used by many software vendors because of its small memory footprint. In terms of security though, for every single security protection that it supports, there is at least one type of local attack. This article presents such types of attacks when someone has acquired superuser access on the Apache Derby machine. Moreover, it proposes a mechanism to protect a Derby database from additions, deletions or modifications of the records, by hashing the database entries instead of protecting the database itself.
5 Reasons Why Object Storage Is the Best Choice for Cloud Storage Environments
Cloud storage has changed the rules for deploying simpler, infinitely scalable and more affordable storage. So it makes little sense to burden a cloud storage platform with storage systems that are based on 20th century file systems that inhibit administration, scalability and cost. Selecting the correct underlying storage system can greatly impact the success or failure of implementing cloud storage. The characteristics of object storage are ideally aligned with a cloud storage infrastructure, delivering a superior cloud storage experience with better scalability, accessibility and affordability. Here are five reasons an object storage infrastructure should be the foundation for a cloud storage system.