The IMF Blog

Archive for October, 2009

Hacking away at IT security

October 29th, 2009

In an article for SCmagazine, Darryl Gordon from Breach Security provides his own insight as to how hacking has evolved in the IT security field. Gordon says, “SQL injection remains the number one attack vector, accounting for nearly one-fifth of all data breaches according to [a Breach Security] 2009 Web Hacking Incident Database (WHID) report for the first half of 2009.” These hacks attack the data of back-end databases, altering them with scripts that enable hackers to obtain personal and financial information. Gordon say that e-commerce websites that use back-end databases are a target and hackers use SQL injections to steal, hold or destroy customer data.

Hacking of social networking sites is growing tremendously. “In previous years, these types of attacks barely registered, but we have seen that in the first half of 2009, social networking sites are the fastest growing target base for the bad guys and rank just below SQL attacks,” said Gordon. He believes that this trend will continue, and the reason for this is due to hackers going to where users are to get financial data. Because social networking sites do not have strong security safeguards to protect site users from attacks, it makes them even more of an appealing target. Gordon says that it is important to have your web application security in order and that it is easy for someone to exploit a web application vulnerability to plant malware and infect clients visiting the site.

Click here to read Darryl Gordon’s article in its entirety.

A new report by Websense indicated that there was a 671 percent growth in the number of malicious sites in the past year. Seventy-seven percent of websites containing malicious code are on compromised legitimate websites. Thirty-seven percent of malicious attacks include data-stealing code and in the first half of 2009, 57 percent of data-stealing attacks were on the Web. According to the Websense Chief Technology Officer Dan Hubbard, “The last six months have shown that malicious hackers and fraudsters go where the people are on the Web—and have heightened their attacks on popular Web 2.0 sites and continued to compromise established, trusted Web sites in the hope of infecting unsuspecting users.”

How has the IT security landscape evolved? Tell us on Twitter @ITInfoForum

No comments »

Posted in IT Security, News

Tags: Hackers IT secuirty social networking SQL injection Web 2.0

Coming up at the IMF…Join the discussion

October 27th, 2009

As noted in the September 24th blog, “Chargeback: To be or not to be IT. That is the question,” Nick Malik, and Enterprise Architect from Microsoft, provided an alternative view to IT chargeback- Transaction Ratio Funding. This process rewards the IT teams that develop shared resources without punishing the business funding sources that created them. Malik says that transaction ratio funding is currently an idea, and to his knowledge, has not been formally implemented at any particular organization. Malik believes that charge backs fail to provide a measure for IT value and works against the enterprise. There is still continued debate regarding charge backs in relation to IT. On Tuesday, October 27, IMF members will be able to discuss their experiences and best practices with IT chargeback and service catalog. Questions that will be addressed in this web forum include:

· Is service catalog being utilized at your organization? If so, what specific tools are being used in order to implement this?

· How are rates set and adjusted with accuracy and minimal impact to the business?

· What is the general strategy for rate granularity?

Other upcoming IMF web forums include a presentation on green initiatives by Brandi Landreth, the Director of Continuity Management and Data Center Strategy for the Allstate Insurance Company.

As mentioned in the October 19th blog “Green IT: Potential in the possibilities?” 2009 will mark the biggest drop in 40 years of global carbon emissions. This drop was attributed the drop to decreased industrial activity and trade worldwide as well as government actions that had also contributed to the drop in emissions according to the International Energy Agency, an intergovernmental organization serving as policy advisor to 28 member countries including the United States.

Allstate Insurance has had green initiatives in place for a number of years which include telework programs, videoconferencing systems, and in-house printing recycling efforts. Its effort to consolidate four data centers into two moved Allstate into the top ranked green-IT companies. ComputerWorld recently ranked Allstate in its top three list. This move to a two data center model allowed for a significant decrease in the amount of energy used as well as reduced future energy growth. Allstate is currently exploring efforts to move computer resources from desktops to data centers where they can be shared.

To learn more about Allstate’s green initiatives, members may register for the webinar which will be held, Thursday, October 29th at 2:00 EST by logging into our website.

Non IMF members interested in joining the discussion may contact us at information@theimf.com.

Follow the discussion @ITInfoForum

No comments »

Posted in Financial Management, News

Tags: Best practices Chargeback Green IT green IT initiatives Service Catalog Transaction Ratio Funding Webinar

IT Transformation- Just talk?

October 26th, 2009

In an article for CIOInsight.com Brian Watson poses the question, “is ‘transformation’ just more jargon or something real?”

In his article, Watson notes that the term “IT transformation” is a popular term for IT professionals. However, the term’s definition varies depending on the person you ask. Watson says, “Query 10 CIOs or IT executives about the basic definition of transformation, and you’re likely to get 10 different answers.”

Dan Roberts, president of Oullette & Associates, a consulting firm in New Hampshire, stated in the article, “Even when [CIOs] have a good transformation plan, communication is done so poorly that they don’t get people on board or get people driving it across all levels.”

Click here to read the CIOinsight article by Brian Watson.

The communication issue posed in Watson’s article was eased by the steps taken by American Red Cross (ARC) in their IT Transformation strategy. According to Mark Weishedel, Senior Vice President and Chief Information Officer at ARC, “To gain traction [for IT Transformation] we set out a clear direction and looked to implement some small, quick wins to build confidence and boost morale.” Off-site retreats and town hall meetings were planned in the effort to unite everyone on the strategy. Weischedel states, “We established guiding principles, annual objectives, short term plans in 30,60 and 90 day increments…and restructured the organization to align more directly with the business units.”

Weischedel discussed the Red Cross Transformation Strategy at an IMF senior executive forum last winter. In his presentation, he outlined his initiatives of which included: application portfolio rationalization, infrastructure optimization and modernization, upgrading human capital, and strengthening governance, quality, compliance, and controls.

According to Weischedel, “IT turnarounds are increasingly common in our industry, but transformational change Is hard work and every IT turnaround story is unique. Our challenge in a nutshell is to quickly reduce costs while enhancing business value and end-user satisfaction.”

Weischedel describes the transformation agenda as a “balance” because one change in one area cannot be made without regard to others. In the transformation strategy there are three overlapping stages which include stabilization, rationalization, and true transformation.

The need for the IT transformation strategy was brought about by what Weischedel describes as a “decade of discontinuities” With tragic events such as September 11^th and Hurricane Katrina in addition to top leadership turnover and governance reform, it became necessary for the organization to find a way to deal with an already complex operating environment that was both costly and underperforming.

To read the entire IMF report on Mark Weischedel’s presentation please click here.