- +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
9 Paths to Higher Performance 10/12/2007 14:09:23
When an organization brings together talented people in a creative, collaborative environment it fosters a culture of high performance, which in turn leads to superior business resultsLike high-achieving individuals, some organizations seem to have the Midas touch. Virtually every initiative they touch earns them gold and even those that fail never seem to cost them much of anything at all - +
Doing Your Sums on . . . Build, Buy or Rent 05/11/2007 13:32:30
You’re trying to build a world-class IT team, but everyone’s going after the same talent pool. What mix works best? Should you grow your own, draft your players or barter your way to the line-up you want to field?CIOs should never forget that while new technologies have a maturity cycle, the maturity cycle for human beings in IT is even longer
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Why Security SaaS Makes Sense Today
Radicati Market Quadrant 2008 on Corporate Web Security
How to Beef Up Your Sales Pipeline
Realizing the Value of Unified Communications
Web Security SaaS: The Next Generation of Web Security
Mobile Solutions Deliver Improved Efficiency to Star Track Express
Solve Exchange Storage Problems Once and For All: A New Approach without Stubs or Links
Wireless LANs: Is my enterprise at risk?
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
IT vulnerabilities such as inadequate documentation and poor PC access controls put enterprises at risk of being noncompliant with regulatory mandates and prone to security events -- and most companies have at least a few such deficiencies present in their environments, according to research released Monday.
The IT Policy Compliance Group surveyed 876 corporations and government agencies, and 69 percent said during the first half of this year they had averaged between three and 15 "compliance deficiencies" that had to be corrected. Another 20 percent said their organizations tallied more than 16 deficiencies, with 36 on average. The remaining 11 percent -- the top performers in the survey -- reported an average of only two compliance deficiencies.
The report, entitled "Managing Spending in IT to Improve Compliance Results," noted that 55 percent of these compliance deficiencies led directly to financial losses due to a security event, and 45 percent were of the type that required remediation to pass external audits or other regulatory reviews.
The survey also identified the Top 10 deficiencies. Beginning with No. 1, they are: documentation; PC and laptop access controls; IT configurations and controls; user, application and server access controls; IT audit, logging and reporting; database access controls; IT security policies and standards; information access controls; business continuity controls; and data archive and management controls.
When the IT Policy Compliance Group asked 520 of the 876 organizations how much money their organizations allocate to IT security as a percentage of the IT budget, the group found -- not surprisingly -- that more spending in general leads to fewer compliance deficiency problems.
Firms that spent more than 10 percent of the IT budget on IT security are consistently among those with the lowest levels of compliance deficiencies. The best-performing segment spent an average of 10 percent of the IT budget on security compared with 7.5 percent spent by the 69 percent of companies deemed the "industry norm," and 6.8 percent spent by the bottom 11 percent or "industry laggards."
Among organizations with stronger policy-compliance track records, there's less spending on contract labor and more on automation of procedures and controls through software or scans, the IT Policy Compliance Group reports.
The firms that were more successful in IT policy compliance are "automating the IT audit and monitoring process on a once every two-days basis, sometimes even more," said Jim Hurley, director of the IT Policy Compliance Group. "The firms that were laggards [in this survey] did the same audits on a once-a-year basis."
IT Policy Compliance Group is a research group formed last year to publish studies on achieving IT policy and regulatory goals. It is supported by the Computer Security Institute and the Institute of Internal Auditors, along with firms Protiviti and Symantec.
This year's survey of 876 organizations is based on interviews with IT managers and directors, as well as individuals from legal, finance and internal audit departments who are knowledgeable about regulatory compliance. The majority of surveyed companies are from North America with some Asian and European organizations are included as well.
Computerworld Member Login
Prioritizing Services with IT Service Management (ITSM)
Computerworld Live Webinar
Wednesday 20th, August 2008
11:00am EST (Sydney, Australia)
To be repeated on:
Thursday 4th, September 2008
11:00am EST (Sydney Australia)
Sign up and receive a free copy of The Forrester WaveTM Service Desk Management Tools, Q2 2008 at the conclusion of the Webinar.
Attend and discover:
- How to deliver value to your business through ITSM
- Best practice ITSM implementation
- Why emphasis is changing from optimizing IT management processes to better servicing customers and demonstrating real dollar value
- If service-oriented ITSM is best for your business
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 2008-09-05 11:05:00+10
F-Secure delivers fastest protection in the online world 2008-09-04 16:50:00+10
NETGEAR expands ProSafe team as business-class products take off in SME market 2008-09-04 16:27:00+10
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 2008-09-04 16:00:00+10
Adaptec Intelligent Power Management Reduces Storage Power Consumption Up to 70 Percent 2008-09-04 11:28:00+10
Choices in Storage Architecture for Oracle Environments
Database systems have always been at the core of the IT landscape. Not only is storage an increasingly large cost component of database investments, but storage architecture can significantly and directly impact the performance, availability, and recovery of data. Read on to explore the interaction between Oracle databases and EMC and Network Appliance storage architectures.
