IT Management
Gartner, 3/20/03: How to Manage Your E-Mail to Avoid Liability
An effective e-mail content retention strategy can minimize many of the risks that enterprises face in these increasingly litigious times.
E-mail is often introduced as a key exhibit in many trials on corporate misconduct. Investigating attorneys have found evidence in e-mail messages that led to significant liabilities for now-notorious enterprises. A major challenge for many enterprises is how to best manage the growing number of e-mail and, increasingly, instant messaging (IM) records that could potentially be used in discovery audits.
[more]
Giga, 3/19/03: Giga’s February 2003 CIO IT Spending Survey: 2002 Midtier Customer Outlook Remains Positive
Lisa Pierce
Giga’s prediction that 2002 IT spending will mirror the levels and patterns observed in 2001 has been validated by February’s survey results, which show that the overall level of spending cuts exceeded gains. However, spending changes and outlook vary markedly by company size. For instance, only 39 percent of large companies in the survey ( those with annual revenues in excess of $1 billion) reported an increase in year-to-year aggregate IT spending. In contrast, midtier companies make up 81 percent of those whose aggregate 2002 IT spending levels grew compared to 2001’s.
[more]
Giga, 3/19/03: When the Software License Authorities Come Knocking
David Friedlander
Contributing Analysts: Robert McNeill
What actions should we take if a software vendor or industry association is requesting proof of software license compliance?
The “software police” often attempt to scare organizations in to turning over records by alluding to a possible audit. However, in most countries, the Business Software Alliance (BSA), The Federation Against Software Theft (FAST) and the Software and Information Industry Association (SIIA) — the software industry trade organizations — cannot force a company to turn over records or demand access to perform an audit without both proof of violations and a court order. Significant fines or contract breach suits are rare and most license disputes are settled out of court. The worst-case outcome for most companies means paying up for unlicensed software.
[more]
Giga, 3/19/03: Balance the Dangers of Transforming IT Into a Subsidiary
Richard Peynot
We want to outsource our IT department and one scenario is to create a subsidiary. Is this a good option?
Among outsourcing alternatives, some companies opt for creating an independent subsidiary from their IT department. In today’s tough economical environment, these IT subsidiaries risk difficulties, since they have one unique customer and limited mutualization. The economic success of such companies is uncertain. Usually after two or three years of operation IT subsidiaries are asked to develop their own business and find new clients, this is not something they are usually prepared to do. Instead of this risky adventure, alternative scenarios should be investigated, such as turning to established outsourcers, creating a specialized IT services firm by merging IT departments of similar companies or creating an IT services company with investors. In the 1980s, several major companies created subsidiaries to develop their software and then expanded their business and customer portfolio — such success stories would be uncertain today.
[more]
Security
Computerworld, 3/21/03: DNS expert: More sophisticated Internet attacks coming
By JAIKUMAR VIJAYAN
Last October's denial-of-service attacks against the Domain Name System (DNS) were only the opening salvo in what will inevitably be far more sophisticated attacks against the Internet's core addressing system, according to Paul Mockapetris, one of the designers of DNS. With the 20th anniversary of DNS coming in April, Mockapetris this week talked about some of the new dangers facing the DNS infrastructure and measures that are being taken to better protect against them.
[more]
Information Wee, 3/24/03: Zero-Day Attacks Expected To Increase
Worst-case scenario is for attacks to occur before a vendor uncovers vulnerability
By George V. Hulme
Security experts say they witnessed a worst-case scenario two weeks ago when Internet servers fell victim to a previously unknown flaw in Windows 2000 servers running Microsoft's Internet Information Services 5.0 software.
"It's a zero-day attack," says Russ Cooper, editor of security E-mail list NTBugtraq and surgeon general of security firm TruSecure Corp. Zero-day attacks, or attacks against software vulnerabilities not yet known by software vendors, are very rare, Cooper says. TruSecure says it gathered intelligence that a server operated by the U.S. Army was attacked twice; the Army did not confirm the attacks by press time.
Separately, security firm Internet Security Systems Inc. saw a software exploit--an application used to make it easier for hackers to attack vulnerable systems--in the days prior to Microsoft's announcement of the vulnerability and patch last week. At press time, it was unclear how many servers were attacked or what damage was caused. Microsoft confirmed that it learned of the security flaw after being contacted by a customer on March 12. A Microsoft spokesperson says the company placed roughly 100 programmers who worked around the clock to be able to publish the patch by March 16.
[more]
Gartner, 3/18/03: The Economics of IT Services and Outsourcing in Europe
Few European businesses know the true cost and value of long-term outsourcing deals. Offshore sourcing lowers costs and “gain sharing” ensures business value, but poor relationship management is a big drain on value.
Microsoft
Internet Week, 3/24/03: Microsoft Office Version for SMB On Tap
By Barbara Darrow
Microsoft has been notoriously closed-mouthed about new Office 2003 versions. Until Saturday morning.
The company will, in fact, launch a version of the popular office suite for small and medium businesses with the Office 2003 System debut in June, according to Jeff Raikes, group vice president of Microsoft's Information Worker Productivity Group.
[more]
Internet Week, 3/24/03: Microsoft Windows 2000 Patch May Crash Systems
By George V. Hulme
Microsoft is warning customers that a patch to fix a security flaw found in Windows 2000, which was revealed earlier this week, may cause some systems to crash.
"Microsoft was made aware that some customers who had received a hot fix from Product Support Services experienced stop errors on boot after applying the patch released for this bulletin," Microsoft wrote in an update to its advisory. The company says the errors occur when users are running certain hot fixes that were issued between December 2001 and February 2002 and attempt to apply the new patch in Microsoft Bulletin MS03-007.
[more]
ZDNet, 3/21/03: Office 2003 may pose antivirus problem
By Patrick Gray
The latest test version of Microsoft Office 2003 could cause problems for antivirus companies because the XML-based format it supports will bog down scanning software, according to security experts.
The problem centers on macros embedded in documents in the Office 2003 beta, or test, version. When saved as an XML (Extensible Markup Language) file, the macros can more or less wind up anywhere. This means that scanners must search the entire contents of a file, rather than examine the part of the file where macros are always positioned.
[more]
8:52:21 AM 
|
