Build a Usable Security Plan
Processor (12/28/07) Vol. 29 , No. 52 ; Rudich, Joe

The best defense against corporate network intrusions is a Security Incident Management Plan (SIMP). An effective SIMP will offer several advantages to the security team, including coordination of their measures during the most important moments. Implementing a documented guideline guarantees the correct steps are followed. In addition, the SIMP is a guide for management. Another objective of SIMP is communication, which should entail keeping crucial areas of a company up-to-date about a situation. Lastly, numerous vital security audits and assessments, including PCI, HIPAA, and Sarbox, mandate proof that a consistent procedure is employed to deal with security problems, something SIMP can help with. One of the initial steps in creating a SIMP is to define what incident means. The SIMP needs to define as well the individuals who will take part in incident response. A SIMP plan should also list general response procedures and division points.
http://www.processor.com/editorial/article.asp?article=articles%2
Fp2952%2F30p52%2F30p52.asp&guid=&searchtype=&WordList=&bJumpTo=Tr
ue

Getting Smart is Getting Cheaper
eWeek (12/26/07) ; Schwartz, Karen

There are a variety of low-cost and highly-effective analytic tools that small and mid-sized businesses can choose from to upgrade productivity and efficiency. While many companies provide such tools, there is a growing trend of simple-to-use, high-quality analytic tools, and some of them are free. TransNexus provides tools that helps make the most of how workers are dispensed, while business-intelligence tools vendor LucidEra encompasses reporting, billing analysis, and other functions, provided as a Software as a Service product. Google Analytics provides over 80 reports meant to enable firms to study the effectiveness of their Web sites, monitor the performance of marketing initiatives, and determine how well keyboards are functioning, among other options. As small- and mid-sized businesses start making use of the number of analytic tools on the market, the trend will increase. JupiterResearch predicted in early 2007 that 35 percent of small- and mid-sized based firms would install a Web analytics-bases solution within the coming year. Companies that have under 500 workers comprise a large demographic where analytical-tool use is growing.
http://www.eweek.com/article2/0,1895,2240773,00.asp

Fingertips Key to PC Security
Denver Post (12/27/07) ; Johnson, Kimberley S.

Fingerprint readers are now regularly installed on notebook computers' keyboards. By swiping a fingerprint, users can log on to their computers and often circumvent names and passwords to enter Web sites. "It's another level of security. If someone steals my laptop, they're not going to be able to use it," explains DigitalPersona senior product marketing manager Chip Mesec. He adds that fingerprint readers, either on high-end corporate notebooks or as individual extensions linked to desktops, became popular in the business arena several years ago. Fingerprint readers are frequently situated close to the touchpad mouse or are found on the side of the notebook. It is a scanner camera that obtains and confirms specific points on a user's fingerprint with an image retained inside the system. Fingerprint scanners, however, do not take the place of antivirus, anti-spyware, firewalls, and additional security software, experts cautions.
http://www.denverpost.com/business/ci_7824418

Software as a Service: Collaboration and Productivity Apps Rising in 2008
CIO (12/18/07) ; Lynch, C.G.

Over one-third of small and large companies will incorporate software as a service (Saas) as part of their technology portfolio in the coming year to help expand activities such as project management and inside collaboration, a report by the Cutter Consortium and THINKstrategies states. In a study of 100 big and small firms, researchers discovered that almost 36 percent are thinking about making Saas technologies part of their companies. Around 80 percent of those thinking about Saas say they intend to enact it within the coming year. Of those firms already employing Saas, 90 percent stated they would increase their use of it. Typically, most Saas applications have been used for customer relationship management (CRM). THINKstrategies managing director Jeffrey Kaplan, however, notes that incorporation of end-user productivity and collaboration applications is rising. Nucleus Research thinks the attraction to Saas might be fueled by business executives in units like marketing and sales, where the need to oversee crucial projects has been held back by unsatisfactory information technology-provided tools, including email. But the Saas model, where software is provided via a Web browser, means business-department executives do not need to wait for IT to dispense new tools such as blogs and wikis, but can instead charge a hosted application to their company credit card, obtain passwords and names, and become operational. Nucleus Research analyst Rebecca Wettemann predicts that on-demand productivity applications, such as Zoho and Google Apps, will make more headway with companies in the next year as they try to save money on expensive on-premise software for individuals who are not power users.
http://www.cio.com/article/166250/Software_as_a_Service_Collabora
tion_and_Productivity_Apps_Rising_in_

Preparing for the Worst
Accounting Technology (12/07) Vol. 23 , No. 11 , P. 14

Accounting firms can take several steps to protect themselves from workplace emergencies, such as an office fire or damage caused by a hurricane. Florida-based companies such as Goldstein Schecter Price Lucas Horwitz & Co. place a great deal of emphasis on backing up information offsite and having a comprehensive emergency-recovery plan ready. While Goldstein Schecter kept its information on tapes and had certain employees bring home a "weekend tape" in case something should go wrong, it eventually decided that web-based backup was a smarter option than using tape. The firm now utilizes Evault to electronically back up its files, even though it continues to back up data with tape as an extra protection. A growing number of accounting firms are becoming more interested in forming official disaster-recovery planning and testing and corporate continuity planning, notes Evault vice president of product management Richard Heitmann, whose firm has around 100 accounting businesses as clients. In 2006, Evault began a professional-services organization that offers operational assessments to help firms comprehend what is happening with their business from a disaster-recovery position, as well as try out their plans. After a disaster occurs, More Group provides a trailer office for between 48 and 192 workers, with computers, printers, and fax machines. The leading concern among companies, however, is locating all of their employees after disaster strikes; to that end, it is a good idea to instruct staff to give emergency contact numbers of somebody outside the region in case something happens.
http://www.webcpa.com/article.cfm?articleid=26039

Businesses Must Prepare Now for Pandemic Outbreak
Insurance Journal (12/17/2007)

FedEx Express managing director of corporate safety, health and fire protection Scott Mugno indicates all firms need to develop and test continuity plans, particularly as they pertain to a possible pandemic. Currently, health experts are monitoring the evolution of the H5N1 avian flu virus, which has a high death rate among human cases, but it is not inevitable that the H5N1 virus will be the next pandemic. The virus spreads through migratory birds and between mammals and humans having close contact with infected birds. Businesses need to keep abreast of the latest pandemic news, teach workers how to respond if a pandemic occurs, and have a plan in place to keep operations moving. If a pandemic hits the United States, the GDP will drop over 5 percent, costing the economy about $683 billion, according to Trust for America's 2007 Health Analysis. Mugno indicates poor vaccine supplies and distribution are major concerns, but he also notes that hospital and healthcare worker capacity should be top priorities as well. Contingency plans, according to Mugno, should include trigger points and checklists for each phase of the pandemic, appoint one person to deal with the media, ensure essential company functions are covered, and include an emergency chain of command should executives and other leaders fall ill or die. Coordination with government agencies, increased scrutiny and backup plans for the supply chain, and increased security will also play a large role in these contingency plans.
http://www.insurancejournal.com/news/national/2007/12/17/85725.ht
m

How Small-Office IT Can Make a Big Impact
GreenerComputing (12/01/07) ; Rise, Jim

Small businesses comprise over 99 percent of the 25 million plus companies in the nation. Such a significant sector of American businesses has the opportunity to contribute to environmentally-friendly business operations and product utilization, both of which facilitate employee productivity and reduce office waste. Offices should promote double-sided printing, an act that can cut waste by up to 50 percent. Since 70 percent of all office waste is paper, using recycled paper also contributes to less waste and the use of harmful chemicals. The Environmental Protection Agency notes that producing paper takes 10 times more energy than to duplicate or print the page, so employees should be encouraged to scan documents and keep digital back-ups. Comparing the green-friendly equipment of manufacturers will also mitigate the environmental impact of office waste by supporting those manufacturers that recycle equipment or have end-of-life returns. Purchasing multi-function equipment will also reduce the overall energy output with comparison to multiple systems, a factor that can cut up to 700 kWh each year.
http://www.greenercomputing.com/columns_third.cfm?NewsID=36361

Top 10 Software Selection Mistakes
CA Magazine (12/07) ; Burns, Michael

Replacing a software system is tricky, and there are a number of mistakes to be avoided when shopping for one, according to 180 Systems President Michael Burns. One error is the failure to clearly define and prioritize the system's requirements, and Burns recommends that customers ask vendors how well their product satisfies each requirement. Another mistake to avoid is not defining the system's scope, as is ignoring smaller vendors that might have applicable products. Securing buy-in from stakeholders is essential, and Burns says engaging employees from the outset will help gain support for the system as well as better define system requirements. Among the people who should be involved in the replacement effort is an advocate that serves as a dedicated resource during system deployment as well as subject-matter experts capable of representing the business processes in scope. Burns warns that there should be more emphasis by the organization on the system implementers and less on the system features, while failing to improve business processes through the system is a major mistake. Vendors should be supplied with a script to document business processes, problems that need addressing, scenarios, and requirements, while a lack of risk management is a grievous error. A dearth of project management can also be a substantial disadvantage, Burns concludes.
http://www.camagazine.com/4/1/0/3/7/index1.shtml