These same metrics are central to any discussion of recovery from IT disasters, such as the loss of a server or data center or just the loss of a file or data object. Most commonly, experts in DR planning talk about an organization’s recovery expectations in terms of their “Recovery Time Objective” and their “Recovery Point Objective.”

Recovery Time Objective (RTO) describes the goal for how quickly data is to be recovered and made available to users after the failure or loss of a system. For example, some companies may be willing to tolerate six to 24 hours of “downtime,” while others (e.g., large online retailers) are willing to wait only a minute or two.

Recovery Point Objective (RPO) measures the completeness of the data and/or application functionality ultimately recovered. For instance, one shop may be willing to accept the loss (and subsequent manual re-creation) of a day’s worth of transactions, while another may be willing to tolerate the loss of only transactions that were in process at the very moment the system failed.

Just companies have changed their habits to accommodate new technologies and new ways of conducting their everyday business, so security providers have needed to implement new strategies to cope with the massive growth in new malware and new attack vectors.

Keeping track of these continuous and rapid changes is a demanding and complex task, but one that will doubtless be rewarding to the diligent and conscientious. Knowledge is power, and understanding the dangers posed by the modern interconnected world is the first step toward keeping one’s identity, possessions and finances safe and secure.

The proposals would have prohibited wired broadband providers from "unjustly or unreasonably" discriminating against legal Web traffic, but would not apply that prohibition to mobile providers. The bill would have prohibited all broadband providers from blocking consumer access to websites and from blocking legal websites, and it would have prohibited the U.S. Federal Communications Commission from reclassifying broadband as a regulated common-carrier service for two years.

The committee may try to push forward on net neutrality legislation after November's elections, he said, when a lame-duck session of Congress is likely.

Typically these problems are discovered within several hours or at most a few days from when they first occur, resulting in restore requests for more recent data. In general, the only time you may need to restore data that has already been archived would be in the event of a disaster that physically destroys computer equipment and facilities, such as an earthquake or a tornado. While it pays to be prepared against these occurrences, they are very rare.

The Backup and Backup Retention Policy Template has been used to create customized policies for well over 2,000 enterprises world wide. This policy in concert with the Record Mangement Policy Template are must have Best Practices Tools for CIOs and IT professionals.

For example, factors that CIOs and IT professionals need to consider for backup retention include:

• Business and regulatory requirements - regulatory compliance and data preservation
• Economic and budgetary concerns - doing more with less
• Data loss prevention and information protection - protect, preserve and serve
• Environmental and business sustainment - green and economically efficient
• Maximize IT resource effectiveness and return on investment (ROI)
• Reduce total cost ownership (TCO) of IT resources and service delivery

With the ever changing economic climate and security threats, downtime and data loss pose intolerable risks to every business today. From CIOs to the Executive Suite, managers have seen the importance of business uptime and data protection to continued success, productivity and profitability. The Disaster Planning Template provides a road map to the most effective strategies and technologies to protect data and provide fast recovery should data be lost or corrupted due to accident or malicious action.

CIOs know their systems are vulnerable and they want to do something about it. In these tough economic times, it is hard to get funding for business continuity and disaster recovery. CIOs who tie business continuity and disaster recovery planning to mandated compliance needs are more successful in obtaining the necessary funding.

Many of these same companies consider disaster recovery investment as a rolling upgrade that consistently augments existing infrastructure and application investments rather than a one-time event that can be delayed.

In one research study by another firm many CIOs blamed disasters on non-natural disruptions and incidents. The data shows that 42% of the firms surveyed said power failure was the most common cause of declared disasters and downtime, while 32% cited hardware failure, and 21% cited network failure.

• Know which data they need to secure and protect.
• Have procedures in place for digitizing and storing important information that cannot be retained exclusively in paper format.
• Have lifecycle process Information Technology systems.
• Ensue that business data and records that are no longer needed are securely purged.
• Understand their regulatory and compliance requirements for securing and protecting business data.
• Have file-naming conventions to ensure that secured, protected business data are properly identified.
• Ensures that all staff members know the proper procedures for protecting business information.
• Have automated processes for protecting and backing up data.
• Protect data in secure off-site backup facilities.
• Test their backups to ensure that they are protecting the information that they think that they are protecting.

Creation of customer trust makes all the difference. Investment in technology to protect customers and earn their trust is trivial when compared to the overall cost of doing business. When the costs are dwarfed by the potential upside, it’s clear that enhancing e-commerce site security, with technologies like SSL, is an obvious choice for online businesses looking to be successful. To ensure that current and future customers are fully aware of security investments being taken by e-commerce businesses, it is critical to go with a security vendor whose brand name is the best known and the most trusted.

Janco testing also revealed that IE 9 will require that web developers review all of the “design features” they have included their web site designs.

Critical data centers, with backup generators, facilities and fuel supplies, are now built to continue operating during storms. The same can't be said for the computing setups that telecommuters maintain in their homes, and they may be put to the test this year.

Disaster Planning Base for Business Continuity

Last year there were only three hurricanes in U.S. waters last year, and none of them brought hurricane force winds over land in this country. In 2009, there were an average of 236 power outages a month in the U.S. Through July of 2010, the average had increased to 273 a month.

The need for teleworkers to be self-sufficient (and less dependent on coffee shops and local libraries for wireless access) is growing. In a report released last month, the Metropolitan Washington Council of Governments estimated that there as may be as many as 600,000 workers, or about 25% of the region's workforce, who telework at least one day a week. The council also discovered, via a telephone survey of more than 6,000 area workers, that the number of teleworkers could rise by 500,000 over the next few years.

When blizzards early this year prompted a multiday shutdown of federal offices, many federal employees rose to the challenge and continued to work, making good use of telework and other work flexibilities.  The question is will Hurricane Earl be as easy on existing Disaster Recovery and Business Continuity Plans.

On the other hand, virtualization makes it harder and more important to plan capacity from the data center’s perspective. In the past, data center managers could use the projections from applications, take into account the hardware on order, and thus avoid having to dynamically adjust the capacity of deployed hardware. Traditionally, a data center would just need to make sure that it had the capability to support the hardware planned by individual applications. In a cloud environment, however, many different applications will be installed. It becomes the data center manager’s responsibility to predict the average or total resource requirement of all the applications and to order enough hardware in advance independently of the input from application owners.

The basis for capacity planning, then, lies in monitoring existing usage and keeping track over historical time periods. Long-term trends can be projected based on previous activity and adjusted without any knowledge of business plans. In a data center-driven cloud, typical capacity planning techniques can be applied for the most part. Since clouds use virtualized resources that share the same physical resources, this makes capacity planning somewhat more complex. In contrast, the capacity planning does not need to consider each individual application, and can simply track and project the overall summation of all applications on the cloud.

The Practical Guided for Cloud Outsourcing Template includes -- Sample Cloud Outsourcing Contract along with a Service Level Agreement and other tools to facilitate the cloud  outsourcing process. The template includes Janco's exclusive Business and IT Impact Questionnaire.

The template is delivered electronically in WORD and/or PDF format.  Included are two 3 page t job descriptions - Cloud Application Manager and Cloud Computing Architect. Sarbanes-Oxley issues are addressed directly, alond with an ISO 27001 and ISO 27002 audit program.

Google Desktop is going the way of Netscape

Google Desktop has not taken off as the emphasis seems to be on Chrome. Based on these trends we belive that unless Google places more emphasis on Desktop, in short order Desktop will no longer be a force in browser market.

About 3,000 bank accounts were found to be compromised at one financial institution, which was not identified, according to a white paper released by M86 Security.

The multilevel scheme uses a combination of a new version of the Zeus keylogger and password stealer Trojan, which targets Windows-based computers and runs on major browsers, and exploit toolkits to get around anti-fraud systems used at bank Web sites, the report found.

Bank sites that offer two-factor authentication, such as one-time passcodes and ID tokens, are ineffective because the malware has taken over the browser after the victim has logged into the banking site.

Business continuity can mean success or failure if data and applications on a production server are lost. Disaster recovery planning ensures organizations have the capability to continue essential functions across a wide range of situations that could disrupt normal operations. However, traditional data protection strategies focus on just the data and not the application. Read this white paper for a discussion on how layers of protection not only mitigate the risk of data loss, but also maintain the health and uptime of systems and applications.

Contestants got IT staffers at major corporations, including Microsoft, Cisco Systems, Apple, and Shell, to give up all sorts of information that could be used in a computer attack, including what browser and version number they were using (the first two companies called were using IE6), what software they use to open pdf documents, their operating system and service pack number, their mail client, the antivirus software they use, and even the name of their local wireless network.

• Keep people busy with business as usual - Planning for employees, business partners and customers makes up the most critical aspect of business recovery planning. Depending on the nature of the outage, you may need to figure out how and where people can continue working. For a brief period of time, everyone may need to work remotely, but you’ll need to have these contingency plans ready, along with automatic notification to tell employees to work at home.
• Make accommodations for facilities - Facilities make up an important part of business recovery planning. According to the U.S. National Fire Protection Agency, 35 percent of businesses that experience a major fire are out of business within three years. So, if having everyone work at home is not the best option for your business, recovery vendors can provide interim workplaces such as prefabricated mobile offices or buildings designed specifically for use in times of crisis.
• Secure information before the storm hits - Data can make or break a business - According to the U.S. National Archives and Records Administration, 80 percent of companies without well-conceived data protection and recovery strategies go out of business within two years of a major disaster. Backup tape and storage testing services can help ensure that critical data will be available after a major outage. Ideally backups should be performed offsite, preferably at a facility far away from everyday operations. The best way to protect the information for a small business is to use a remote data backup facility, which actually transmits the data either overnight or at scheduled times to a remote site where it is stored.
• Prepare alternate networking routes - Can you keep networks open - or restore them quickly? What happens if you don't have local area network (LAN) or wide area network (WAN) connectivity for an extended period of time? Or phone connections and e-mail? In the worst-case scenario, your business may not have access to any of these vital services. LAN and WAN contingency plans can include services such as remote data access so critical information can be managed and administered from any location. A failover system for e-mail is also highly recommended by Sirota, who notes that keeping in touch with partners and customers can make all the difference in remaining in business. These solutions can be activated in seconds, but keep in mind that these systems need to be in place prior to an outage.
• Keep technology up-to-date and aligned with recovery plans Keep tabs on how technology is applied within your organization - This can be as simple as making sure a security patch has been correctly applied. Otherwise, recovery plans can be easily derailed when new software and hardware is added or upgraded without testing the potential consequences of changes to business technology. That's why experts recommend routine system checkups, as well as longer-term business continuity and resilience planning services. Resilience is the ability to take a blow and keep on going.

Applied properly, the strategic use of social networks will allow a David to outmaneuver and outrun Goliaths, or for heavyweights to propel their reputation and brand awareness to greater heights. As social media gurus have said,  “The unique characteristics of disembodied identities in the virtual world can radically transform rules that traditionally govern social groups.”

This is evidenced in the way large corporations are hiring digital or social media managers, or incorporating such roles into the primary job responsibilities of existing PR or marketing executives. As companies strive to cash in the rewards of successfully engaging social media, guidelines are required to formalize a company's strategy in this new, uncharted terrain. In addition, there is a need to recognize and protect social media practitioners within the company.

Taken together, it is clear that there is a need to craft a proper social networking policy so as to maintain a degree of consistency in your organization's engagement of social media. So what does a social networking policy consist of? The quick answer might be to point you toward a sample of a simple social networking policy  on www.e-janco.com.

• Technology solutions need to be flexible and focused on IT Service Management and Service Oriented Architecture. Businesses must be able to respond to opportunities and challenges faster than ever before. Businesses are battling other well-resourced organizations that may be based where the opportunity originated, lower cost market, or another company that is reaching out for new opportunities. In order to compete, businesses have to be able to rapidly deliver products or service as good, or better, than that of any other company.
• Complexity should be avoided - infrastructure is key. Simplicity has always been rewarded, as the scope of technology increased this has led to increased complexity and risk. While per unit costs of technology typically are decreasing, in aggregate IT and technology cost are increasing. With the pressure on IT to act less as a cost center and more as a way to increase the profitability of business units, just adding more storage, more bandwidth, or additional technologies throughout the organization is no longer viable. Instead, successful CIOs are investing in technologies like continuous data protection, virtualization, and wireless connectivity to help IT slim down its footprint while increasing their business’s competitive advantages.
• Mandated requirements have moved security to be a top priority. With the growing importance of digital applications and data, the sources of threats to enterprise data have multiplied dramatically. Everything from natural disasters to criminals to corrupt sources within the company might try to steal or corrupt data. While businesses do everything that they can to stop these threats in the first place, they still must be prepared to recover from these threats as quickly as possible.
• Business Continuity and Disaster Recovery plans are no longer optional. As businesses have expanded the need for anytime, anywhere application access has become a requirement. At the same time, global 24/7 operations have shrinking maintenance windows and a need for applications to be running at all times. Delay or loss of data for any reason – system failure, natural disasters – has a domino-like effect across the entire organization, at any time of the day or night.

• Validate that police and other first responders can contact the right people in your business - Research the Reverse 911 program for your area and register your business cell phones, voice over IP numbers or pagers. In an emergency situation, Reverse 911 enables emergency officials to send out an automated call to everyone registered in a specific area with important information.
• Program emergency numbers into business cell phones - Save emergency phone numbers for local police and fire departments into your cell phones.
• Create a business phone tree - Each office should have a plan for contacting employees during emergencies through a designated phone tree. Designated staff should have copies of the phone tree and be trained on who they should call.  Management should review and update the phone tree quarterly and conduct regular training sessions. Management should also have back-up copies of employee phone numbers and their emergency contacts. This information should be regularly updated.
• Register your employee's business cell phone number - Individual employees should make sure family; friends and co-workers have their business mobile or BlackBerry numbers. Each person should register their business cell phone on http://www.WhitePages.com/. This will give colleagues and family members the ability to quickly find the information should they not have it on hand.
• Enable texting  - Sometimes cell phone signals can become congested during emergencies, and it can be difficult to make or receive calls. Short text messages might be easier to get through. Plus, texting helps to conserve battery power.
• Have emergency kits accessible - Companies should organize and maintain emergency kits in several places. There should be designated staff responsible for grabbing these in the event of an emergency. Make sure it contains a minimum of provisions for at least three days. Include fresh water, non-perishable food, a manual can opener, blankets, extra clothing, a first-aid kit, matches, a flashlight, a battery-operated radio and extra batteries. Test or replace the batteries at least once a year, especially for smoke alarms.
• Create back-up copies of documents, data files, and software - At work, keep back-up copies of your important personal and financial statements, and health and property records. Be sure to store important original paperwork  in a safe and secure location. This way, you can grab it all quickly in the event of an emergency.
• Have cash available - Set aside an emergency fund of cash or traveler's checks or both. Keep them in a safe, accessible spot in case of the need for evacuation. Banks and ATMs are often inaccessible during catastrophes.
• After the disaster have employees register with the American Red Cross - Register with the Red Cross's Safe and Well Web site. If you have been affected by a disaster, this Web site provides a way for you to register yourself as "safe and well."