|
  
|
Current News -
Information Technology
August 15th, 2008
States to Tax On-Line Music Sales
With retail e-commerce sales now estimated to
exceed $130 billion a
year, and iTunes song purchases topping 5 billion, state politicians and tax
collectors have begun to levy new fees on digital downloads.
  
  
In 2008 alone, at least nine states have considered
digital download taxes, and at least five of those states have enacted them into
law. Nebraska's governor signed a digital download tax bill into law in April,
and a similar measure was adopted in Tennessee in June. As CNET News
reported a few
months ago, Indiana, South Dakota, and Utah also enacted digital download taxes
this year.
The push stems from an odd legal quirk: because
most states' tax laws were written long before the Internet existed, they may
accidentally immunize downloads from taxation. This is the case even in
otherwise high-tax states like California, where physical CDs are taxed heavily but iTunes downloads
remain tax-free for now.
-
more
information
August 11th, 2008
Apple Continues On Closed System Path - Believes It Is Big Brother
With the iPhone many thought that an open architecture platform was on
the horizon. However Apple
continues to "control" hardware and software that carries its label. In a story published The Wall Street
Journal, the CEO of Apple Steve
Jobs acknowledged that Apple has a "kill swicth" it can activate remotely
to disable applicationn downloaded to iPhone and iPod Touch devices.
 
 
Jobs argued. "Hopefully we never have to pull that
lever, but we would be irresponsible not to have a lever like that to
pull."
-
more
information
August 6th, 2008
Step to Create a Secure Disaster Recovery & Business Continuity Plan
The Janco Disaster Recovery Plan & Business Continuity Template
utilizes a framework that is compliant with the National Institute of Standards
and Technology (NIST) Contingency Planning Guide for Information Technology
Systems. The standard is targeted at government agencies that deal with
sensitive information and is fairly long and complex, but the framework is
straightforward, consisting of the following seven steps from the Executive
Summary:
 
-
Develop the contingency planning policy
statement. A formal department or agency policy provides the
authority and guidance necessary to develop an effective contingency
plan.
-
Conduct the business impact analysis (BIA).
The BIA helps to identify and prioritize critical IT systems and
components.
-
Identify preventive controls.  Measures taken to reduce the effects of system
disruptions can increase system availability and reduce contingency life cycle
costs.
-
Develop recovery strategies. Thorough
recovery strategies ensure that the system may be recovered quickly and
effectively following a disruption.
-
Develop an IT contingency plan. The
contingency plan should contain detailed guidance and procedures for restoring
a damaged system.
-
Plan testing, training and exercises. Testing
the plan identifies planning gaps, whereas training prepares recovery
personnel for plan activation; both activities improve plan effectiveness and
overall agency preparedness.
-
Plan maintenance. The plan should be a living
document that is updated regularly to remain current with system
enhancements.
-
more
information
August 1st, 2008
Security Requirments Can Not Be Ignored
  
 Regulations like Sarbanes-Oxley, which affect publicly-held
companies, get most of the press. But there are plenty of regulations with
security implications that hover over smaller businesses, including HIPAA
(Health Insurance Portability and Accountability Act), CaliforniaÂ’s
SB1386databreachdisclosure law, and the Gramm-Leach-Bliley Act, which covers
those who prepare income tax returns, debt collectors, consumer credit
counseling and reporting agencies, and real estate transaction settlement
services. All of these - and others - carry the force of law, and failure to
comply can result in fines and even criminal charges as well as civil lawsuits.
In addition, other standards that do not have the force of law - notably PCI DSS
(Payment Card Industry Data Security Standard), which covers credit card
transactions and is legally mandated in at least Minnesota - can impose fines or
the loss of essential privileges on
violators.
-
more
information
July 22nd, 2008
Wrong E-Mail Address Cause Procution by NYC
(PC Magazine) A message is not always from the person it purports to be
"From: ".
Someone should have explained this problem to the New York City
Police department and the Bronx County District Attorney, both of whom used an e-mail sent by one party to a second party, following an error by
that second party, in order to prosecute a third party for sending
it. In fact, in this case the header may have been
accurate and the problem simple laziness in examining it.
 Bronx resident William Hallowell was arrested on complaint of
his supervisor, Robin Berson. Ms Berson had attempted to send an e-mail to Mr.
Hallowell, but typed in the wrong address and sent it to a Ben Hallowell. Ben
Hallowell's response made reference to illegal activities and hit on Ms. Berson
in a crude way. Still not realizing what she had done she finked on William
Hallowell to the Police who, despite a shocking absence of evidence against him,
arrested him and held him for more than 30 hours. Prosecutors then took 4 months
to dismiss the case. All these claims are as made in Hallowell's civil rights
suit filed recently against police and prosecutors.
-
more
information
July 18th, 2008
Intel and AMD Are Going Green
AMD
and Intel have put in a lot of time and effort devising CPU power management
schemes for their multicore devices aimed at trimming the energy draw of the
server farm. But new questions are being raised as to whether these techniques
are the most effective means to lower energy bills, particularly as
virtualization becomes more popular throughout the enterprise.
Both
AMD and Intel use some form of on-chip processing to shut down idle cores,
allowing energy to be diverted elsewhere. Intel's platform provides for
individual control of processors - ostensibly to preserve laptop battery
life - and it is tying it to a server power management system that allows
admins to direct power within individual server racks. But according to some
critics, enterprises shouldn't expect much from the on-chip power-saving tools,
particularly those that seek to manage idle cores.
-
more
information
July 6th, 2008
Record Retention Mandated by New Federal Rules
 The new
Federal Rules of Civil Procedure (FRCP) have set high standards for the
discovery of email and Electronically Stored Information (ESI). In as little as
30 days after litigation is filed, an organization may need to provide detailed
lists of what ESI exists and be able to produce that ESI quickly. The Federal
Rules of Civil Procedure also require organizations to protect ESI as evidence
from willful and/ or accidental destruction.
- An organization must know at the beginning of a case what
relevant ESI exists, where it is, and how hard it is to access.
- An organization must quickly produce all relevant electronic
information from active systems.
- The opposing litigants want to track changes to documents and
view metadata, and the organization has to help them.
- An organization can destroy ESI as part of a routine,
pre-arranged process until there is reason to believe that organization
|
Type of Data |
Minimal Backup
Policy |
Backup Retention
Policy |
|
System
software |
Latest Version plus patches
At Least
Weekly |
Annual (verified) Backup
Monthly
Generations
Weekly Generations |
|
Application
software |
Latest Version plus patches
At Least
Weekly |
Annual (verified) Backup
Monthly Generations
Weekly Generations |
|
System
data |
Daily |
Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations |
|
Application
Data |
Daily with real time transaction
files |
Annual (verified) Backup
Monthly Generations
Weekly Generations
Daily Generations |
|
Software licenses,
Encryption keys,
&
Protocol Data |
Weekly |
Annual (verified) Backup
Monthly Generations
Weekly Generations |
-
more
information
|
   
 
|
|
