Database and ERP Security and Best Practice Management
Up-to-date syndicated information on database & ERP privacy, security, audit and compliance
Database and ERP audit plans and best practices at www.checklist20.com
-
How to Leverage Best Practices to Build Effective IT Audit Plans
Posted on March 4th, 2011 1 comment
Why best practices?
Process practices are improved every day. “Best practices” are recognized as the preferred methods for saving time and building efficiency within a process or group of processes. IT auditors should leverage best practices to build collaborative and effective technical audit plans, improve efficiency, and address risks.
What are best practices?
Wikipedia defines best practices as:
“…a technique, method, process, activity, incentive, or reward which conventional wisdom regards as more effective at delivering a particular outcome than any other technique, method, process, etc. when applied to a particular condition or circumstance. The idea is that with proper processes, checks, and testing, a desired outcome can be delivered with fewer problems and unforeseen complications. Best practices can also be defined as the most efficient (least amount of effort) and effective (best results) way of accomplishing a task, based on repeatable procedures that have proven themselves over time for large numbers of people.”
Best practices evolve over time. Best practices used in the appropriate situation should consistently produce the best possible results.
Don’t reinvent the wheel
Everyone—regardless of their profession—wants to accomplish tasks using the minimum available resources. Best practices can be leveraged effectively to design, implement, support, and audit a given technology area. This becomes increasingly important in fast-paced and complex sectors like IT where technology is constantly changing and processes must be able to efficiently adapt.
In addition, the IT industry is dominated by major vendors such as Microsoft, Oracle, SAP, and Google. Similarities of servers, databases, network peripherals, and functionality requirements make building a collection of best practices a major attraction for the IT community.
There are several key advantages of utilizing best practices in IT:
• Benchmarking operations with industry peers can calculate a true return on investment (ROI)
• Leveraging collective human capital to cut down on the time and expense of individual “trial and error” process development
• Reducing the total cost of operations (TCO) for individual organizations by using the combined knowledge of leading resources across multiple organizations
• Identifying and targeting well-known gaps or vulnerabilities
Building a collaborative platform of best practices, based on the input from a diverse group of domain experts, vendors, and authoritative organizations, serves the larger community and help share community knowledge.
How to build multi-dimensional and up-to-date best practices
Best practices, when captured, must be associated with relevant task scenarios and organized so that the community can apply and use them as required by their specific situation. This organization can be achieved using “tags”, or metadata, within the structure of the information. Tags, in Web 2.0 terminology, are keywords or terms assigned to practices, and topics that enable efficient organization or information and rapid searching across large information sets.
As the availability of best practices increase within a given field of technology, massive repositories will contain best practices for every conceivable task scenario. To reduce the time required to find the specific best practice, or groups of practices, needed for a given task, each practice is tagged for multiple contexts and user requirements. As new task scenarios develop to support evolving compliance and business requirements, existing practices can be tagged for association with the new scenarios.
In addition to clear associations and organization, it is essential to ensure that best practices are kept up-to-date in the fast-changing technology world. The incredible amount of information in the form of whitepaper, blogs, books, presentations etc., is isolated and lacks the framework to be updated frequently. Referencing a best practice published several years ago might yield undesirable results. These best practices are continuously kept up-to-date on the easy-to-use web platform with dedicated contributors and a review and comments section for the public.
Who builds best practices and why?
In our increasingly ‘connected’ world, the best ideas and practices can come from anywhere. The key to leveraging best practices is to get up-to-date details of practices that have similar dependency factors and then share them globally.
A physician in India might operate on ten (10) to twenty (20) patients per day. But best practices that apply to a physician working with a large population, such as in India, might not be ideal for a physician in a small, rural hospital in the United States. By collecting best practices from experts with varying demographics and organizing them to be easily accessed by others in similar situations, we can substantially reduce the total time required to develop efficient processes in any given field and with any specific set of criteria.
For example, best practices collaboratively developed by physicians who operate on many patients might enable more rapid deployment of successful triage and treatment processes during a natural disaster in an area that typically does not service large patient populations.Why use best practices for IT audit planning?
IT Audit is the process of collecting and evaluating evidences to determine if an organization’s information systems are:
• Designed to maintain data integrity and safeguard assets
• Positioned to achieve current and future organizational goals effectively
• Designed to use resources efficiently
An effective and efficient information system leads the organization to achieve its objectives and uses minimum resources in achieving the required objectives. IT auditors must know the characteristics of information systems in the organization while evaluating the effectiveness of any system since IT governance and strategy are critical to an organization’s success. IT auditors play a major role in identifying risks and gaps in the system.
Controls in an information system reflect the practices designed to provide reasonable assurance that business objectives will be achieved. IT controls also ensure effectiveness and efficiency of operations, reliability of financial reporting, and compliance with rules and regulations using a global best practice knowledge base, organizations can learn from others who have experienced the same or similar issues and quickly employ controls to mitigate risks.
To develop an effective risk assessment and audit plan, it is essential to break down the IT universe into smaller and more manageable components. Typically, IT sub-components are defined as infrastructure and applications systems
Infrastructure systems consist of hardware systems that include servers, routers, communications devices, desktops, etc. The hardware infrastructure controls the flow and processing of information throughout the organization.
Applications systems are typically the software used to record and store business transactions. Examples would be databases, enterprise resource planning systems, cloud-hosted applications, and business intelligence software.
The hardware infrastructure and applications are audited to ensure security, effectiveness, continuity, maintenance, and cost. The IT controls that monitor these elements are generally contained in security and risk management documents, business continuity plans, and service level agreements (SLAs). By leveraging the best practices developed at the component level, an IT auditor can quickly build an audit plan based on specific criteria and provide a risk assessment report of the IT environment.
Why Checklist 2.0?
Checklist 2.0 is building the premier repository of best practices for creating effective and comprehensive IT audit plans. Our global collaborative knowledge base is organized for easy access and rapid deployment. Our dedicated contributors and online community update and validate practices every day to ensure they remain up-to-date for changing business requirements. We welcome your thoughts and inputs. To contribute to our global IT Audit Best Practices, please register at http://www.checklist20.com -
EminentWare Announces New Version of Add-on Tools for Microsoft …
Posted on February 4th, 2012 No commentsAll customers holding a current maintenance contract with EminentWare may download the new version free of charge. ... EminentWare?s solutions reduce management time and expense by providing 3rd party updates, advanced update management control, on-demand enterprise actions such as reboots, enterprise discovery, software and hardware Inventory, software update scans and deployments, extensive reporting, policy evaluations, WMI and Windows ... -
I have usually place of getting some type of computer routine …
Posted on February 4th, 2012 No commentsNevertheless, I'm sure that a routine maintenance contract is very vital if you are using computer systems with regard to organization purpose because the information that's held in laptop computer is essential. If you're a home business ... Although deciding upon a long commitment, just be sure you make a deal for further reduction in the costs. Agencies in addition ... Assist pertaining to software applications just like Microsoft Office is not covered. Positive Pc Servicing ... -
7 Tips to Keep Your Computer in Tip-Top Shape. – IT-Winds
Posted on February 3rd, 2012 No comments2 Software: There is a tendency to rely upon counterfeit operating systems to save some money. This will prove as a wrong decision on the long run. Information technology being on a fast track, there are newer versions and ... -
2012 Top 10 IaaS Cloud Predictions For I&O Leaders
Posted on February 3rd, 2012 No commentsEarly in 2011, Forrester made a series of predictions about the future of infrastructure-as-a-service (IaaS) cloud for that year. With 2012 now upon us, it's time to evaluate last year's predictions and introduce new prognostications. In 2012, Forrester predicts that cloud computing will move out of the shadows and become a mainstream technology that IT must proactively manage. This means big changes in the test and development process, business intelligence, and corporate governance. Infrastructure and operations (I&O) might have gotten away with blocking public cloud service consumption on the grounds of immaturity or security in the past, but those arguments won't hold in 2012. I&O leaders should start the year with policies and procedures in place and must get involved in the consumption of these services. And no, your private cloud alone won't be good enough. -
TechRadar(tm) For Security Pros: Strong Authentication, Q1 2012
Posted on February 3rd, 2012 No commentsThe strong authentication landscape has undergone tremendous churn in recent years as new mobile-fueled technologies have come online and as RSA, the premier vendor of hardware one-time password (OTP) tokens, and some of its customers experienced breaches. These disruptive trends, along with updated authentication guidance from the US Federal Financial Institutions Examination Council (FFIEC), have driven many clients to ask us which strong authentication methods can meet all of their compliance, risk, cost, and usability requirements. Hard tokens and smartcards remain effective in managing high risk — but their appeal is becoming more selective compared with software OTP tokens and OTPs sent by text message. This report helps technology planners in security take users' newly favored devices, apps, and communications channels into account in designing a mix-and-match strategy for strong authentication. -
Sizing The Cloud Markets In Asia Pacific
Posted on February 3rd, 2012 No commentsExploiting cloud computing growth opportunities in Asia Pacific requires insights into future cloud market size, growth dynamics, adoption trends, and demand drivers, all of which vary widely across different markets within the region. Based on Forrester's previously published cloud market taxonomy, we provide forecasts and guidance on seven distinct cloud market segments across five key markets in Asia Pacific for 2010 to 2020. In this report, we focus specifically on the public cloud and virtual private cloud markets. We will cover forecasts and analysis of the private cloud market in Asia Pacific in subsequent research. Vendor strategists can use this report to validate internal estimates and guide strategy and planning in the key cloud computing markets and segments across Asia Pacific. -
It Help Desk Software -license For Small Companies? | mybrother02
Posted on February 3rd, 2012 No commentsAccording to various consumer reviews, FootPrints is said to be one of the most sought after IT help desk software. It offers limitless user abilities and complimentary upgrades along with the yearly maintenance contract. -
Marvel's The Avengers Coming to IMAX 3D | Comic Book News …
Posted on February 2nd, 2012 No commentsThread synchronization: Threatened evangelist Threats download viveza 2 of security tools can be achieved by reduction of costs that have completed the exercises. He pushed buy and download windows 7 oem the sendreceive .... The use of MMC Data Recovery Software: A buy microsoft office download competitive range of price, clock speed range from low cost and neglecting the maintenance contract. Perl is very useful to have your phone norton partitionmagic ... -
North American Energy Partners Announces Results for the Three …
Posted on February 2nd, 2012 No commentsThese gains were achieved despite a customer cancelling a large program of work on short notice, coupled with the significant year-over-year reduction in revenues from the long-term overburden removal contract with .... During the current period the Company started construction on a new contract with TransCanada PipeLines Ltd. and work on a new pipeline maintenance contract also began, with activity scheduled to take place at different sites across Canada. -
MITRE Engineers Use Positive Deviance Approach to Identify and Advance Successful Practices in Systems Engineering
Posted on February 2nd, 2012 No commentsIn their recently released paper entitled "Patterns of Success in Systems Engineering: Acquisition of IT–intensive Government Systems", George Rebovich, Jr., and Joseph DeRosa of The MITRE Corporation used a method typically associated with social science to explain what's working—and why—in systems engineering (SE) and acquisition of IT systems in government. -
Master audit program of administration expenses – Audit Articles …
Posted on February 2nd, 2012 No commentsRead the insurance policy and check whether all conditions have been adhered to - for example the policy might state that the Annual Maintenance Contract be submitted. 3.See that all the new assets have been insured on time. 4.Check that all incidental costs ... Software installed – cost of software tapes and systems software to be insured under electronic equipment policy. f. Assets which take a longer duration for installing or acceptance - erection cum fire policy. -
MSSP Valuation – Information For Selecting An MSSP
Posted on February 2nd, 2012 No commentsI attended two really great presentations at MSPWorld yesterday. This is a very interesting conference, sponsored by the MSPAlliance[i] and co-hosted with IT-Expo but focused on managed service providers. Both dealt with the issue of MSP (MSSP) valuation. Many of the attendees are SMB (MSP/MSSP) business owners and this was a hot topic.
So what is an MSSP worth and if someone wanted to buy a business like this how much should they pay? This is an important question for Forrester's IT clients because the rules of valuation can help IT clients evaluate potential partners. Financial stability and the intermediate and long-term plans of the MSSP should factor into the decision of selecting an MSSP. In any negotiation it's also always good to know what the other side is thinking. Here's the list:
1. Recurring Revenue - What is the firm's recurring revenue profile? What are the sources of revenue and how much of this revenue comes from long-term (multi-year) contracts?
2. Service Agreements - What is the nature of the service-level agreements the firm has in place with other clients? Do they address risk management and risk sharing? How much liability is the MSSP willing to accept for regulatory compliance and information breaches?
3. Service Revenues - What percentage of the MSSP's revenue comes from what types of business?
Read more -
Cost Estimating Software, Costimator, Offered to Help Colleges …
Posted on February 2nd, 2012 No commentsFor more than a decade, manufacturers have also continued to experience a reduced pool of adequately skilled candidates from which to select for hire", states Jay Snow, Marketing Manager at MTI Systems, Inc. "Our manufacturing customers tell us, if colleges could take the initiative to train students on the software used by their manufacturing company, ... It will also include initial training to the educational institution and an annual support and maintenance contract. -
Q&A: President Obama’s Memorandum On Records Management
Posted on February 2nd, 2012 No commentsPresident Obama's November 2011 memorandum on managing government records directly affects US federal government agencies and will ultimately have significant impact on enterprises in a variety of vertical markets. In response, security and risk (S&R) leaders should refocus attention on records management (RM) programs and be prepared to take strategic steps stemming from an RM directive anticipated this summer. In making these RM plans, S&R leaders should factor in how to improve eDiscovery processes and monitor cloud-based RM applications as they mature. -
US Financial Services Lead Interactive Marketing Spending
Posted on February 2nd, 2012 No commentsUS financial services interactive marketing spend will more than double by 2016 but won't grow its investments in every channel at the same pace. This brief report breaks down the increase by channel and highlights what interactive marketers at financial services firms must do to ensure they engage the next generation of digital customers. -
The Risk Manager’s Handbook: How To Evaluate Risks To Plan An Effective Response
Posted on February 2nd, 2012 No commentsThe goal of a risk management program is to drive effective decisions and actions based on an understanding of how uncertainty may affect objectives. However, even mature programs that have sophisticated risk identification and measurement methodologies often have only loosely defined guidelines for what to do with those risks once they've been identified and measured — and we've seen many high-profile corporate failures occur because of this gap. Addressing the "Evaluate the Risk" stage of the ISO 31000 risk management standard, this report outlines lessons learned from companies that did not respond effectively to the risks they assessed, provides an explanation of options that are available when choosing how to treat risks, and provides best practice examples of the criteria to use when making these choices. -
The Forrester Wave(tm): Enterprise Hadoop Solutions, Q1 2012
Posted on February 2nd, 2012 No commentsIn Forrester's 15-criteria evaluation of enterprise Hadoop solution providers, we found that in the Leaders category, Amazon Web Services led the pack due to its proven, feature-rich Elastic MapReduce subscription service; IBM and EMC Greenplum offer Hadoop solutions within strong EDW portfolios; MapR and Cloudera impress with best-of-breed enterprise-grade distributions; and Hortonworks offers an impressive Hadoop professional services portfolio. Strong Performer Pentaho provides an impressive Hadoop data integration tool. Of the Contenders, DataStax provides a Hadoop platform for real-time, distributed, transactional deployments; Datameer has a user-friendly Hadoop/MapReduce modeling tool; Platform Computing and Zettaset offer best-of-breed Hadoop cluster management tools; and Outerthought has optimized its Hadoop platform for high-volume search and indexing. HStreaming is a Risky Bet with a solution that is strong in real-time Hadoop. -
Internal Auditor Unveils New Look, App
Posted on February 1st, 2012 No commentsInternal Auditor magazine has launched a new look AND a smartphone app. The magazine went through a major redesign to create a look that is up-to-date, more reader friendly, and translates easily to mobile editions of the publication. “From the cover to every inside page, our design firm, Yacinski Design LLC, used a cleaner, more open look and a wider variety of design elements to create a more interesting appearance for the publication,” say Editor in Chief Anne Millage. “The firm captured our vision for the redesign perfectly.” The new app includes the digital edition of the redesigned magazine, daily news updates, and the latest posts from InternalAuditorOnline’s “Chambers on the Profession” and “Marks on Governance” blogs. Readers can access the magazine via their iPhone, iPad, iPod, or Android phone by downloading the app from either the App Store or Android Market using their member/subscriber number and password. They must currently receive the publication to be able to download the app. For more information: http://www.theiia.org/intAuditor/mobileapp/ -
Updated Supplemental Guidance Released: The Role of Auditing in Public Sector Governance, 2nd Edition
Posted on February 1st, 2012 No commentsUpdated Supplemental Guidance Released: The Role of Auditing in Public Sector Governance, 2nd Edition This supplemental guidance updated by The IIA is intended to further clarify the importance of the public sector audit activity to effective governance and defines the key elements needed to maximize the value the audit activity provides to all levels of the public sector. The guidance is intended to point to the roles of audit (without differentiating between external and internal), methods by which those roles can be fulfilled, and the essential ingredients necessary to support an effective audit function. As such, it may not be fully applicable in every jurisdiction, particularly where public sector audit roles and responsibilities are specifically defined by governing institutes or legal mandates to exclude certain functions or assign them to other entities You can download The Role of Auditing in Public Sector Governance, 2nd Edition and other supporting supplemental guidance today. This document is classified in our new category titled “Supplemental Guidance.” Please note that this new category is not part of the IPPF. This material is not mandatory or strongly recommended IPPF guidance. Learn more about this category and other guidance available. Additional supplemental guidance focused on the public sector will soon be released: Value of Internal Audit and the Internal Audit Capability Model – Public Sector and Implementing a New Internal Audit Function – Public Sector. Public Sector Definition is currently available for download. -
Research Identifies Opportunities for Internal Auditors to Provide Greater Insight to their Organizations
Posted on February 1st, 2012 No commentsALTAMONTE SPRINGS, Fla., USA — The Institute of Internal Auditors Research Foundation (IIARF) has recently released a new report examining the prospect for internal auditors to make meaningful contributions to the organizations they serve by providing insight into organizational risks and opportunities. Based on a 2011 survey of 358 chief audit executives (CAEs), board members, and senior management from organizations in 39 countries, as well as in-depth follow-up interviews, Insight: Delivering Value to Stakeholders provides a global snapshot of stakeholders' views on whether internal audit should and is delivering insight, and with what regularity. “The value of the internal audit activity is in its ability to provide objective assurance and insight on the effectiveness and efficiency of governance, risk management, and internal control processes,” explains IIARF Vice President Margie Bastolla, CIA. “And although there is extensive reference material available to support the assurance and objectivity aspects of the function, there’s an opportunity for The IIARF to provide more detailed knowledge about the topic of internal audit insight.” With that in mind, The IIARF commissioned research to gain an understanding of how CAEs and key stakeholders view the current state of insight delivery. Researchers also explored key enablers or hindrances to insight delivery and provide suggestions for CAEs eager to enhance the delivery of insight by internal audit. The top five factors consistently identified as critical enablers of insight delivery are: A strong control environment and tone at the top, where executive leadership and operating management are open to improvement recommendations. Clear board and management expectations for value delivery. A reporting relationship that supports the independence of the internal audit function. A competent CAE. An internal audit team with sufficient practical skills as well as industry and organizational knowledge to provide a pragmatic bridge between an audit process and the business management of risk. The study also revealed a gap between CAEs’ perceptions of how the internal audit activity provides insight versus stakeholders’ perceptions. Specifically, 66 percent of CAEs indicated their internal audit function “always or frequently” provides insight, whereas only 61 percent of board members believe their organization’s internal audit function always or frequently provides insight. That number drops sharply for senior management executives: A mere 38 percent believe their internal auditors always or frequently provide insight. In the interviews, board members consistently identified the importance of internal auditors having strong information technology (IT) knowledge and experience. This partially sheds some light on the differences in opinion between board and executive stakeholders regarding internal audit’s actual delivery of insight “frequently” or “always.” During research interviews, board members expressed they value the assurance on internal controls and risk management that internal auditors provide. They particularly value assurance on IT areas of the organization where, as board members, they generally have minimal hands-on experience. Executive stakeholders felt IT assurance, however, does not rise to the level of “insight” They do view as insight the advice from internal auditing on things such as a new way to approach an issue or a useful recommendation to enhance operations.” Stakeholders expressed that an internal auditor’s lack of operating or general management experience is viewed as a hindrance to providing true organizational insights, and may cause management to reject an internal audit analysis or recommendation. “We hope CAEs use the information provided to thoughtfully self-assess their functions, consider the applicability of the examples provided by other CAEs, discuss expectations with their stakeholders, and ultimately strive to enhance insight delivery within their organizations,” says Deloitte & Touche Internal Audit Partner Patricia Miller, CIA, who co-authored the report. If there is one take-away CAEs should glean from the study, she says it is this: “You have to be proactive, well-informed, articulate, business- and management-knowledgeable, and sometimes a courageous leader to demonstrate insight delivery to your stakeholders.” The IIARF report indicates an opportunity for internal audit practitioners to bridge the gaps and provides workable guidance and recommendations. It outlines five “next steps” for CAEs to enhance insight delivery: Meet with your stakeholders routinely. Consider the importance of reporting relationships and sufficient organizational independence. Align the internal audit mission and focus with the agreed expectations. Refocus your internal audit approach to agree with the mission. Assess your leadership skills and communication style. Researchers also found a statistically valid relationship between certification and insight delivery. Those CAEs with more than 50 percent of their staff holding a certification were more likely to agree that their internal audit organization delivered insights, and did so more frequently than those who had fewer certified staff members. Authored by Patty Miller, CIA, CISA, CPA and Tara Smith, CIA, Insight: Delivering Value to Stakeholders was published by The Institute of Internal Auditors Research Foundation and available for free download at http://www.theiia.org/bookstore/product/insight-delivering-value-to-stakeholders-1587.cfm. ### About The IIA Established in 1941, The Institute of Internal Auditors Inc. (IIA) is an international professional association with global headquarters in Altamonte Springs, Fla., USA. With more than 170,000 members in 165 countries, The IIA is the internal audit profession's global voice, recognized authority, acknowledged leader, chief advocate, and principal educator. About The IIA Research Foundation Founded by The IIA in 1976, The Research Foundation expands knowledge and understanding of internal auditing by providing relevant research and educational products to advance the profession globally. About the Authors Patricia Miller, CIA, CISA, CPA recently retired as an experienced internal audit partner in the Northern California Advisory Services practice of Deloitte & Touche. She led the internal audit risk management function nationally, providing consultation on engagement quality and risk management, and on quality assurance activities. She has worked with large and small public clients in a variety of industries. Tara Smith, CIA is a senior manager at Deloitte & Touche, serving a range of clients with a primary focus in the oil & gas industry. She has managed all engagement-related items for large global projects, including planning and execution, coordinating international resources, and ensuring standard global deliverables. -
HP PRINTER REPAIR SERVICE
Posted on February 1st, 2012 No commentsIf the HP printer is frequently overheating, you may service/repair the problem by simply reducing the temperature of the fuser. Again, you have to find the HP toolbox button. You can do this by ... of nationwide hp repair service and xerox printer repair. Sign printer maintenance contract with us and keep your printer working without error. Become a Fan .... 1. Simplifying Record Management with Salon Software. 2. Protection against Phishing: A Safer Cyber World. 3. -
LASER PRINTER REPAIR SERVICE
Posted on February 1st, 2012 No commentsHP distributors keep their words in giving high quality repair services. ... Sign printer maintenance contract with us and keep your printer working without error. .... Anti-virus Software Rating for Finding Suitable Software. 2. -
GISjobs.com Customer Service Manager Highways Maintenance
Posted on February 1st, 2012 No commentsCustomer Service Manager Highways Maintenance Share/Save/Bookmark ... Current software is the construction industry standard ERP. Background within TfL highways or Birmingham ... Candidate may have experience as Customer Services Manager on one of the existing TfL Highways, Birmingham Highways or similar. Maintenance Contract teams. Interquest Group PLC is acting as an Employment Business in relation to this vacancy. Job Requirements: ... -
Planning Road Map: Adopting ITIL
Posted on February 1st, 2012 No commentsITIL is now in many ways bigger than its "master" — IT service management. From its origins in the UK government, its use has grown rapidly in the last decade and ITIL continues to dominate corporate thinking in IT operations, IT support, and IT service delivery. There are many benefits to ITIL adoption, particularly productivity, service quality, business reputation, and cost savings. However, ITIL is fraught with adoption challenges that could be prevented, or at least minimized. This report helps IT infrastructure and operations (I&O) professionals plan for ITIL success by understanding what commonly goes wrong and best practices to employ to mitigate these risks. -
Top Three Ways Manufacturers Can Drive Higher Conversion Rates Through The Online Retail Channel
Posted on February 1st, 2012 No commentsTo better understand how manufacturers can increase the ultimate conversion rate on leads they send to online retailer websites, Forrester teamed up with Channel Intelligence to analyze the patterns resulting from 44 million initial clicks on "buy" buttons across more than 150 major manufacturers' sites in 2010 and 2011. The purpose of the study was to determine the optimal page design, price presentation, and stock status display for manufacturers offering "where to buy" information on behalf of online retailers. Forrester found that shoppers who were shown "buy" button language, pricing information, and stock status in a specific way upstream on a manufacturer's website converted at a much higher rate downstream with online retailers. -
Security Alert for CVE-2011-5035 Released
Posted on January 31st, 2012 No commentsHello, this is Eric Maurice.
Oracle just released a Security Alert for CVE-2011-5035. In recent weeks, it was widely reported in the security community that a number of programming language implementations and web servers were vulnerable to hash table collision attacks. US-CERT (United States Computer Emergency Readiness Team) has posted a detailed explanation of this issue (VU#903934) on its web site.
This vulnerability affects a significant number of products from Oracle and other vendors. It is particularly severe as it could allow a malicious attacker to create a denial of service condition against the targeted system through an easy unauthenticated attack over the Internet.
Today’s Security Alert provides fixes to address this issue in Oracle WebLogic Server, Oracle iPlanet Web Server, and Oracle Containers for J2EE. As usual, the availability of the fixes is noted in the Patch Availability Documents listed in the Security Alert Advisory. Note that these fixes were not included in the January 2012 Critical Patch Update, which however included the corresponding fix for Oracle GlassFish server.
Due to the threat posed by this vulnerability, particularly because of its ease of exploitation and the wide interest it has received in the hacking community, Oracle strongly recommends that customers apply this Security Alert as soon as possible. Users of affected non-Oracle products should contact their respective vendor as soon as possible to obtain the appropriate fix.
For More Information:
The Advisory for Security Alert for CVE-2011-5035 is located at http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html -
Don't Underestimate the Value of Hardware and Software …
Posted on January 31st, 2012 No commentsBusiness owners need to give serious consideration to their hardware maintenance and software assurance policies. If you refuse the extended warranty on a new ... For example, how much money would a store lose if its old cash registers stopped working, and they had no maintenance contract to cover repairs? Processing sales by hand is time ... Often, they will postpone hardware refreshes during difficult economic times to save money. This is a mistake. They may save a little ... -
Don't Underestimate the Value of Hardware and Software …
Posted on January 31st, 2012 No commentsReduced support costs – Having a current maintenance agreement means spending less time requesting technical support. Your IT staff should have the necessary training to integrate hardware and software into your company's infrastructure ... -
Don't Underestimate the Value of Hardware and Software …
Posted on January 31st, 2012 No commentsWritten on January 30, 2012 by Netology LLC in Business, Economic growth, Industry, keep technology, Productivity, regular hardware, software upgrades. Many business owners fail to understand why it is important to ... -
Don't Underestimate the Value of Hardware and Software …
Posted on January 31st, 2012 No commentsReduced support costs – Having a current maintenance agreement means spending less time requesting technical support. Your IT staff should have the necessary training to integrate hardware and software into your company's infrastructure ...