• Lesson One: Have a Succession Plan - Start immediately to work with your current executives to create a succession plan. This is not an implied threat, but rather an appropriate leadership responsibility. Prudent and diligent management will provide a clear process in the event of a planned or an unexpected vacancy.
  
  That plan, actually part of the wise management of your organization, should contain systems that capture and preserve the institutional memory of your organization. Too often, executives have treasures of knowledge that are never recorded, entered into the database, or placed in the donor files. When they go, they walk out of the door with those treasures.
  
  Second, make contact with individuals or firms that provide interim executive leadership. This is a growing service being provided by a number of professionals that will allow your organization to have experienced leadership during the transition to your next placement. Having an interim executive managing the organization can free the directors to focus their energies on the search for a permanent leader.
  
  Finally, become knowledgeable about the talent pool in your community and have a list of potential all-stars youÂ’d like to recruit. Pay attention to the success and failure of the other nonprofits in your area and your field. Learn who the players are and donÂ’t be hesitant to keep track of the up-and-comers. Look beyond just other executive directors. I would recommend that top fundraisers might be great sources of potential leaders.
• Lesson Two: When your radar says itÂ’s going to be bad - get out - For many potential disasters, signs of trouble are visible before you feel the wind in your face. One of the intriguing notions about business failures is that you know days in advance that theyÂ’re out there. Trouble often gives plenty of notice, and yet many of us let complacency seduce us into inaction.
  
  Trust your early warning system. Most effective leaders have good intuition that can provide time to head off disaster or to make appropriate preparations.
• Lesson Three: No matter what anyone says – you are on your own - Waiting for the rescue team to get to you is not an option. Solving the problem of executive transition lies firmly (and appropriately) in your hands.
  
  Tackling this matter now, rather than in the throes of the disaster, can be a critical factor in recruiting your next leader. You are demonstrating the kind of management acumen that will attract strong executives. The well-documented shortage of qualified executives will mean the competition for these top candidates will be intense. The way you manage this transition can speak volumes to prospects and will place your organization in the best possible light.
  
  Have a worst-case scenario plan, use and trust your intuition, and take the initiative in managing a potential transition. Face your reality and begin now planning for the unexpected. We all know it will come.

This can be complex and demanding. To assist in this area therefore there are a number of tools available. The most widely known of these is COBRA, which employs a method aligned to various international standards.

The science of risk assessment is currently beyond the scope of this portal, but hopefully the information presented below may give you some insight into this task and some guidance in terms of what is included.

Part of the risk process is to review the types of disruptive events that can affect the normal running of the organization.

There are many potential disruptive events and the impact and probability level must be assessed to give a sound basis for progress. To assist with this process the following list of potential events has been produced:

      Environmental Disasters
          o Tornado
          o Hurricane
          o Flood
          o Snowstorm
          o Drought
          o Earthquake
          o Electrical storms
          o Fire
          o Subsidence and Landslides
          o Freezing Conditions
          o Contamination and Environmental Hazards
          o Epidemic

      Organised and / or Deliberate Disruption
          o Act of terrorism
          o Act of Sabotage
          o Act of war
          o Theft
          o Arson
          o Labour Disputes / Industrial Action

      Loss of Utilities and Services
          o Electrical power failure
          o Loss of gas supply
          o Loss of water supply
          o Petroleum and oil shortage
          o Communications services breakdown
          o Loss of drainage / waste removal

      Equipment or System Failure
          o Internal power failure
          o Air conditioning failure
          o Production line failure
          o Cooling plant failure
          o Equipment failure (excluding IT hardware)

      Serious Information Security Incidents
          o Cyber crime
          o Loss of records or data
          o Disclosure of sensitive information
          o IT system failure

      Other Emergency Situations
          o Workplace violence
          o Public transportation disruption
          o Neighbourhood hazard
          o Health and Safety Regulations
          o Employee morale
          o Mergers and acquisitions
          o Negative publicity
          o Legal problems

Although not a complete list, it does give a good idea of the wide variety of potential threats.

• Enterprise Strategy
• Enterprise Management
• Internal Customers
• External Customers
• Help and Service Desk Management
• Help and Service Desk Staff

Certain projects offer IT organizations the greatest opportunity to increase operational efficiency and save company dollars. These include power management, which provides both actual energy cost savings and per-asset utility rebates; patch management, which reduces staffing requirements and eliminates second-pass remediation; software asset management, which avoids inflated licensing costs by enabling you to use only what you need; and infrastructure consolidation, which reduces the number of consoles and number of Full-Time Employees (FTEs) needed to manage them.

• All Skype traffic is encrypted using proprietary encryption, so none of the communications can be logged. This could be a violation of Sarbanes-Oxley, mandated record management policies, and HIPAA.
• Skype file transfers may expose the enterprise network to viruses, spyware or other malicious code.
• Skype file transfers may also expose enterprises to the risk of confidential information being leaked to outside parties.
• As video data is bandwidth-intensive, Skype users can consume a sizeable amount of bandwidth on an enterprise network.
• Use of Skype PCs as part of a Botnet of PCs to launch denial-of-service and other attacks.
• Skype users may use its Instant Messaging (IM) functionality to evade enterprise IM controls and send out confidential data.

• Data volumes and velocity of change are increasing at an exponential rate - In many enterprises data is dispersed, disorganized, and so voluminous that classifying it comprehensively and implementing standard security standards is resource-intense and one that most IT departments are not staffed to do.
• Information Technology (IT) Departments are reactive not proactive - IT departments are reluctant to invest their increasingly stretched resources in deploying another complex enterprise level infrastructure at the expense of delivering strategic value to the organization.  IT departments tend to respond to problems after the fact versus identifying solutions before a problem occurs.
• User do not want to change or add processes - there is a wariness about deploying yet another set of rules and tasks to follow on each Smartphone, desktop, and laptop that might interfere with doing the userÂ’s job by adding procedures, hogging processor cycles, requiring frequent updates, and slowing down the user as they try to do their jobs.
• Complexity of security compliance - devising and implementing a comprehensive, viable security policy may get in the way of traditional business practices, requiring the involvement of not just IT but also human resources, finance and legal teams, and business unit managers.
• Addressing 20% of the problem versus the 80% - many enterprises focus on intentional data leakage, when in reality most data leakage occurs when there is a lapse and simple proactive steps like enciphering sensitive files on laptops and seeing that only those individuals that need sensitive information have it could have prevented the problem in the first palce.

Adding to this is the requirement that users to change their passwords on a regular basis. This is to mitigate the damage an attacker a hacker can do when the get a hashed or encrypted copy of a password.

However, requiring users to change their passwords invites even more user fatigue, creating more passwords to remember, which invites breaking the rules, and causes more helpdesk calls to reset lost passwords. Ideally a company could require employees to remember and properly use many secure passwords resulting in optimal security. In reality, after a certain point, as the number and strength of required passwords increase, security begins to decrease as employees take short cuts with their passwords. Requiring too many strong passwords actually has an inverse effect on corporate security, as indicated in the figure below.

Industry reports on help desk costs show that 20 to 40 percent of these calls involve resetting lost passwords, that each reset takes between six and 15 minutes, and that each help desk call costs between $25 and $50.6

The number of help desk requests an organization receives will vary according to the strength of the organization's password policy. Some studies show that an average user can request 10 password resets per year.

• Decreasing interactions -Multiple callbacks or email interactions drive up incident handling time, and incident resolution cost.
• Cutting incident handling time - When issues can be resolved quickly, average incident handling time goes down, this in turn frees up agents to handle more incidents and improves help/service desk's staff productivity.
• Reducing escalations - Issues resolved on the first contact are not escalated, cutting the number of incidents escalated to these more expensive support tiers.

• Make the help and service desk functions part of the IT career path - not a holding area for poor performers - Staff needs to have both technical and communication skills to perform the user support functions.  They are the first point of contact. They must have the ability to handle stressful situations and unhappy users.
• Implement a formal training program for users - Employees who are effectively trained on how to use business applications, will use the help desk for real issues and will reduce the requirement to use the help desk as a crutch because they do not know how applications work.
• Implement a formal training program for help desk staff - Help desk staff that is properly trained will provide more consistent service to the user base.  They understand the application better and have a common policies, procedures, and processes they follow which provides a consistent level of service to the user base.
• Provide a link between the Help Desk and the problem solving unit - When a service request comes in via the help desk do not have a layer of bureaucracy which inhibits the help desk in coming up with a solution within a reasonable time frame.
• Place help desk resources close to users - When a user has an issue that needs to be addressed the help desk needs to be available then and there.  Time zones need to be taken into account.  If the help desk is on the East coast and the users are on the West coast the help desk needs to be available during the working hours of the using organization.
• Staff to the level needed not the level approved - When there is a hiring freeze and your enterprise is in the process of implementing a new system, get the extra staff needed.  It will cost less in the long run and be a much easier problem to address.
• Implement a customer is always right process - When a user addresses an issue via the Help Desk, understand that it is an issue to them.  If one user has the problem then another has the same one or will have.  Do not assume that the customer is wrong or there is no problem.
• Implement a 7/24 Help Desk Solution - Users work at all hours of the day and seven days of the week.  Have a way for the user to contact the help desk on off hours and provide support when the problem occurs and do not force the user to wait until Monday at 9:00 AM Pacific Coast time.
• Pay Help Desk staff for the coverage provided - Compensate adequately for after hours support and for 7/24 email - pager coverage
• Provide updates to problem status in a timely manner - Users should be updated on the status of issues they have in a timely manner.  It is always better to call the user and tell them when you expect a solution rather that has them call and ask.

• Consider buying refurbished hardware - For some classes of hardware, buying refurbished is a great way to save money. In the case of most PCs, the hardware and packaging are literally identical to those you would buy new, as is the warranty coverage. The only difference is the price tag, which can be substantially lower.
• Know the market before you agree to a price - The IT hardware and software markets represent capitalism at its messiest, with prices yo-yoing up and down constantly thanks to sales, mail-in rebates, instant rebates, and other offers. If you simply settle for the first price youÂ’re offered, you can end up paying hundreds if not thousands of dollars more than you should.
• Keep your eyes open for special offers and discounts - We've all become accustomed to shopping for good and services online. In many cases, you can get a discount if you enter a code or shop through a specific link. Many companies reserve their best discounts for repeat customers
• Take advantage of discounts - Companies want your business and are willing to offer substantially better prices than you can get through existing suppliers.
• Get the most out of your software licenses - If you already own a program, you might be surprised to learn that you're not using it to its full extent. This is especially true of Microsoft Office, whose licensing terms might be more flexible than you realize.  Reading software licenses isnÂ’t the most interesting way to spend a weekend, but it can save you You might be pleasantly surprised to find that you're already authorized to use a program on more than one PC.
• Watch out for hidden costs. - Don't let hidden costs offset an apparently low price. When buying, be sure to add in shipping and handling charges. Some shady online merchants deliberately advertise low prices on products but make up for it by charging for more than their competitors for shipping.

CIOs and CSOs are now under extreme pressure to control expenses in their enterprises as executive management struggles to maintain earnings in an increasingly challenging market. CIOs and CSOs are being forced to focus on their top initiatives next year while cutting costs.

Enterprises are setting themselves up for a classic battle that between forces that are trying to cut expenses while others see the need for continued, and maybe even increased, spending on information technology and security to improve productivity and mitigate the growing frequency and intensity of potential threats.

The challenge is to translate the value of the organization's investment in information technology and security into the business value that it delivers to the organization. Whether that value is improved productivity, fewer data breaches, reduced shrinkage or whatever metric you happen to use in your industry, be sure to make that argument now before any cuts are mandated by uninformed leaders whose actions could significantly increase the risk to your business.

The proliferation of laptops has put more organizations at risk: Janco predicts that laptops will account for more than 50 percent of the PC market in 2009 and expects that overall notebook sales in the U.S. will surpass desktop sales in that same year. Every year hundreds of thousands of laptops are either stolen or left behind in taxicabs or at hotel rooms. Last year alone, 300,000 laptops were reported lost or stolen in the U.S., with less than 2 percent ever recovered. A laptop theft is not just a loss of a thousand dollars of hardware - it is the missing data that can really set one back by days, in addition to potential security issues. An organization that automatically backs up data from all PCs ensures that an organization/person can quickly recover from a stolen or lost laptop and be up and running in no time.

Included in the standard audit program are two policies (one paragraph long) which need to be implemented to meet PCI DSS security requirements.  The policies are for "Sensitive Data" and "Record Management (Retention and Disposition)" -- the ones provided in the standard package  are shorthand versions of the full polices contained in other Janco products which are available individually or in the premium and gold versions of the PCI Audit program.

Both the Premium Version and the Gold Version include copies of Cornerbowl Software's award winning product Network Event Viewer.

Read on...

Order Now $149 - $1,099

Lehman Brothers' Information and Communications Technology (ITC) costs rose 18% in 2007 from 2006 to reach $1.145 billion, reflecting increased costs from the continued expansion of its investment management systems, according to filings by the bank. In the quarter ended Aug. 31, the New York-based company spent $309 million on technology and communications, up from $282 million in the same period last year.

Sorting out the future of Lehman Brothers' IT financials could prove easier than winding down its ITC investments. Meanwhile, Lehman Brothers' bankruptcy is likely to have a profound spillover effect to the IT industry.

The security concerns are multiple:

• The "Big Brother" aspect that a machine now has gone beyond the text log file to one that is a visual log which could invade the privacy of someone who is looking up some medical records or financial records
• The prospect that someone who wants to "steal your identity" can now know what sites that you have visited so they can get information from you easier.
• The prospect that Google will have a way to capture the information on places that you go so they could sell directed "spam-class" advertizing.

Wharton also supported the proposition that the skill composition of IT work is at least partly responsible for both the higher rates of IT-related oursourcing as well as a greater likelihood that IT offshore outsourcing leads to the displacement of domestic workers than offshoring of work in other professions.  IT jobs tend to have less need for physical presence and are therefore more often moved overseas for cost savings. This not only makes IT jobs more likely to be offshored, but also substantially increases the likelihood that the offshoring of location independent IT services is accompanied by a displacement of domestic IT workers. However, even within IT occupations there is substantial heterogeneity – programmers and software developers are more likely to be displaced, while systems analysts who more frequently interact with other functional areas and are more reliant on interpersonal skills are more likely to be retained.

When it ships, IE 8 will work on Windows Vista, Windows XP, Windows Server 2003 and Windows Server 2008 systems only. According to Microsoft, IE 8 is supposed tp be Microsoft's most standards-compliant release of its browser to date. Microsoft is undoing much of the non-standards-based coding it had included in previous IE releases,.  As of yet, it is not known yet how many existing sites and applications that are IE specific will not render correctly with IE 8. But Microsoft has been trying to get the word out to developers to check for compatibility before the final IE 8 release goes live.

IT Compliance Management Software Suite
Sarbanes-Oxley, HIPAA and ISO 27000 Series Compliance
Auditing and Monitoring Tools
Works with Vista / Window XP / Server

Janco has found that fewer than 40% of all organizations practice capacity management and planning as an ongoing management discipline. This is often due to the labor-intensive nature of the capacity management discipline and the lack of automated tools.
Although often associated with storage, capacity management addresses the entire end-to-end IT infrastructure of servers, switches, various appliances, network bandwidth, and applications. Effective capacity management must keep pace with the growth of all the elements of the IT infrastructure, not just storage. It also must take into account business and market factors that can impact infrastructure performance and availability.