Archive for the Category ◊ IT Security ◊
The worst IT project disasters of 2013
The Healthcare.gov rollout leads a pack of painful projects
December 10, 2013 09:52 AM ET
IDG News Service – Trends come and go in the technology industry but some things, such as IT system failures, bloom eternal.
“Nothing has changed,” said analyst Michael Krigsman of consulting firm Asuret, an expert on why IT projects go off the rails. “Not a damn thing.”
“These are hard problems,” he added. “People mistakenly believe that IT failures are due to a technical problem or a software problem, and in fact it has its roots into the culture, how people work together, how they share knowledge, the politics of an organization. The worse the politics, the more likely the failure.”
Here’s a look at some of this year’s highest-profile IT disasters.
Computerworld – LAS VEGAS — IT managers facing the task of explaining the business value of IT to the C-suite don’t necessarily have an easy time of it.
But eBay believes it has fixed this problem with a metric that translates IT resources into key business measurements: Cost, performance, environmental impact and revenue.
It does this by measuring URL transactions per kilowatt hour (kWh). A transaction is a URL request, and eBay did more than 4.3 trillion transactions in 2012. It assembles the information in a dashboard.
The metric, according to Dean Nelson, vice president of Global Foundation Services at eBay, allows its top executives to see how productive the “engine,” or data center is in delivering services. The e-commerce and online auction company has some 55,500 servers.
CSO – Symantec has downsized their Managed Security Services portfolio, ending support for the managed firewall and managed endpoint offerings. Symantec says the change is part of an effort to streamline things within the company’s Information Security portfolio, but what does that mean for existing managed security customers?
In a statement to CSO, Symantec said that ending the managed firewall and managed endpoint offerings is part of a larger plan to align the Managed Security Services with their new offering strategy, and streamline their product range to provide, “fewer, more integrated solutions for our customers.”
Symantec said the decision to ax the two services was due to the fact that only a small number of customers were actually using the products. This discovery was made after an audit early in the summer, and then in July, Symantec quietly killed them off. Existing customers were told of the change when it happened, and promised support until the end of their annual service period.
The Defense Advanced Research Projects Agency has written a check for $4.8 million to Raytheon BBN Technologies and GrammaTech to build software that blocks backdoor security holes in commodity network devices.
The contract falls under DARPA’s Vetting Commodity IT Software and Firmware (VET) program which address the threat of malicious code hidden in mobile phones, network routers, computer workstations and other networked devices can be secretly modified to function in unintended ways or spy on users.
Under VET, GrammaTech and Raytheon BBN said they intend to develop tools and techniques to let organizations inspect the network-enabled devices software and firmware and protect them from attack. Raytheon plans to develop techniques that enable analysts to prioritize elements of software and firmware to examine for hidden malicious code. GrammaTech also said it plans to develop the tools that examine the software and firmware to let analysts demonstrate that they do not have exploitable security vulnerabilities.
IDG News Service – IBM is developing software that will allow organizations to use multiple cloud storage services interchangeably, reducing dependence on any single cloud vendor and ensuring that data remains available even during service outages.
[ALSO: Top 10 cloud tools]
Although the software, called InterCloud Storage (ICStore), is still in development, IBM is inviting its customers to test it. Over time, the company will fold the software into its enterprise storage portfolio, where it can back up data to the cloud. The current test iteration requires an IBM Storewize storage system to operate.
ICStore was developed in response to customer inquiries, said Thomas Weigold, who leads the IBM storage systems research team in IBM’s Zurich, Switzerland, research facility, where the software was created. Customers are interested in cloud storage services but are worried about trusting data with third party providers, both in terms of security and the reliability of the service, he said.
Mobile device management tools make sense when you are trying to control who can access your enterprise network and applications from particular phones and tablets. But to effectively evaluate these products, you should first identify what you’re trying to control: the apps on particular devices, the pairing of a user with his device, the device itself, or the files on each device.
We looked at six products: AirWatch, Apperian EASE, BlackBerry Enterprise Server 10 (BES10), Divide, Fixmo, and Good Technology’s Good for Enterprise. Each has a somewhat different perspective and different strengths in terms of what it can control best. (Watch the slideshow version.)
The EU’s cyber security agency ENISA has provided a new manual for better mitigating attacks on Industrial Control Systems (ICS), supporting vital industrial processes primarily in the area of critical information infrastructure (such as the energy and chemical transportation industries) where sufficient knowledge is often lacking. As ICS are now often connected to Internet platforms, extra security preparations have to be taken. This new guide provides the necessary key considerations for a team charged with ICS Computer Emergency Response Capabilities (ICS-CERC).
Industrial Control Systems are indispensable for a number of industrial processes, including energy distribution, water treatment, transportation, as well as chemical, government, defence and food processes. The ICS are lucrative targets for intruders, including criminal groups, foreign intelligence, phishers, spammers or terrorists. Cyber-incidents affecting ICS can have disastrous effects on a country’s economy and on people’s lives. They can cause long power outages, paralyse transports and cause ecological catastrophes. Therefore, the ability to respond to and mitigate the impact of ICS incidents is crucial for protecting critical information infrastructure and enhancing cyber-security on a national, European and global level. Consequently, ENISA has prepared this guide about good practices for prevention and preparedness for bodies with ICS-CERC and highlights the following conclusions;
CSO – The cybersecurity-focused SANS Technology Institute has received accreditation that will make it much easier for many students to receive tuition reimbursement from employers.
The institute announced Tuesday that it has been accredited by The Middle States Commission of Higher Education, which is recognized by the U.S. Secretary of Education and the Council for Higher Education Accreditation. The commission approves the academic standards of about 530 colleges and universities, mostly in the mid-Atlantic region.
The SANS Institute, a cooperative research and education organization for security professionals, established the SANS Technology Institute in 2005 to offer a Master of Science degree in information security engineering and information security management. The institute is an independent subsidiary of SANS.