I then added that the gift of interconnectivity does not come for free, it has opened all of us to threats to our privacy, identity, intellectual property and other confidential information that our society never have to face before.

That thesis was written when Web 2.0 and social media were still at their infancy. It was before the age of Facebook and iPhone. The best technology available for remote access to your work place is through an unstable Virtual Private Network (VPN) connection. The cloud computing concept was generally still pretty much a concept. And finally, even in the heart of the Silicon Valley, I still knew people who still have dial-up connection because neither DSL nor Internet Cable is available in their neighborhood. It seemed like ages ago. However, those statements still ring true, and I would dare say more profoundly, today than back in the early part of the decade.

Fast forward to the present, my mom just demoed her new Droid-powered smart phone and her Video phone to me and she essentially knows more about Facebook features than I do. It will be quite rare to meet someone who is still using dial-up (unless that person, of course, live somewhere in the far reaches of the galaxy or maybe somewhere very remote). In one of my trips from the Bay Area to San Diego, I met someone who works for Google and she bedazzled me with all the work she can do through the cloud. No VPN, no remote access software, just an Internet connection and the cloud.

Within the past half-decade we bear witness to evolution of technology’s usability and also the tech savviness of the end-user. To paraphrase one of my former instructors, “technology is ready for mass market once it becomes as easy as making a phone call.” Facebook, the iPhone, the video phone, cloud computing and the like, no matter how complex they are in the back-end, have made computing essentially as easy as dialing a telephone.

These innovations with all the benefits and promise they provide to the individual and businesses, they also make the task of insuring the confidentiality, integrity and availability of information a little bit more of a doozy than it was in 2004. Social media, portable mass storage present in outwardly benign devices such as smart phones, USB flash drives, digital cameras and even digital photo frames, availability of mass storage (often free) in the web, present a clear challenge for businesses to ensure the security of the information that they are responsible for.

Technology alone cannot provide the answer to the dilemma brought upon by these new technologies. Every security professional, and common sense should, attest to the simple fact that there is no silver bullet to information security. To effectively address the ever evolving threat presented by an ever-changing and extensively complex digital world, businesses of all sizes must be able adapt and effectively ensure the security of the information within their organization. Smart businesses understand that there is a need to develop a information security management strategy that focuses on development, delivery, implementation and enforcement of a comprehensive information security program.

Effective information security goes beyond the boundaries of technology solutions, businesses, specifically information security managers face a daunting, yet highly achievable, task of developing, implementing and maintaining an information security program that is both systematic and is aligned with the organization’s overall business objectives. This involves an extensive understanding the effective information security management will greatly involve a synergized integration of people, policy, process and technology.

An effective information security management strategy will typically involve understanding of and accomplishing key tasks within 5 key functional areas:

• Information Security Governance
• Risk Management Strategy
• Development of Information Security Program
• Management of the Information Security Program
• Incident Management and Response Strategy

Overall, an information security management strategy will need to address various threats faced by an organization with regards to its security posture and how it protects information. In addition, to addressing the obvious ones such as malware or malicious intrusions, it must also concern itself with non-technical threats such as legal liabilities and compliance issues. The organization must develop an information security program that is cost-effective and based on an effective assessment of risks faced by the organization and finally it must be able to develop a plan that will ensure effective response in the event of an incident or a disaster.

Anyway, an unavoidable facet of blogging or the Web 2.0 framework in general, wherein the web publisher allows their visitors to submit entries such as comments, is the fact that you will be dealing with a lot of spammers who will use every trick in the book to exploit your system. This blog is no exception. I do, however, care and try to monitor and try my best not to let spammers inundate this blog with useless crap.

It is a standard practice for all Web 2.0 systems developers to provide some form of spam protection in their system and it is wise for the users of these systems to utilize these protections in order for them to avoid getting their site inundated with junk and their mailbox with even more junk.

I am not sure if the company well-known for their efforts on ensuring security , Microsoft, missed this simple concept or they simply don’t care. In the past two days that I have not worked on this blog, I received several comments on one of my entries and to my disappointment , they are not from fans of this blog but from spammers…

One of the items that I found interesting in this spam entries, however, was the URL that they were using: http://social.technet.microsoft.com/Forums/en/ucccommunitygovernance/thread/<and-some-gibberish-link>

Yes this is the link the the Microsoft’s Technet forums. Technet where most Microsoft Geeks go to figure out how to battle the Microsoft gremlins that pops-up everytime the tech giant runs an update … At first I thought that the URL was simply spoofed, common practice used by Phishers. But as I look further, it is a valid Microsoft link. So I followed the URL and I landed on a spam site. I backtacked the links and ended up here.

Yes ladies and gentlemen most if not all the forum topics in that site will lead you to a spam site… Attention Mr. Ballmer, I didn’t know you love spammers so much… I don’t remember even Bill Gates being this sloppy. It is one thing when it is happening in MSN or other Microsoft run community sites. It is an almost accepted menace, but FOR CRYING OUT LOUD, this is a tech site. A RESOURCE FOR PEOPLE WHO FIXES THE DAILY PROBLEMS YOUR SOFTWARE BRINGS!!! And even that site now brings more problems…

WAY TO GO MICROSUCK!!!

Ok in slight fairness to Microsoft, they are not the only site that is supposed to provide a community and resource, but is left alone to become a hub of spammers. This is one example… Moving forward, I’ll try to monitor sites like this and will report as I find them… Will also report if anything else changes…

Customers buying cheap ad packages were extremely happy and loyal (well over 90% retention).  They got a great value and bought a product that they understood.

But as the advertising become more sophisticated and expensive, advertiser churn became a major drag.

It was like running a 100 yard dash wearing MC Hammer parachute pants.  (Not that I’ve ever actually done this).

The initial sales came easy, but small business advertisers buying online media left at triple or quadruple the rate of the traditional print Yellow Pages.

There were a couple problems . . .

Gone with the Wind Poster
(Online Advertisers are often Gone with the Wind)

No Penalty for Leaving

The traditional Yellow Pages model paginates a directory based on size of ads and then seniority of advertisers.  So the largest ads are placed first in the category, and among ads of the same size, the advertiser who has been buying that size ad for the longest comes ahead of advertisers who have not been customers as long.

This is a powerful customer retention tool, because even if an advertiser is having a bad year, or doubts the value of his advertisement, he is often reluctant to reduce his spending or to sit out for a year because he will lose the preferential position he has earned from years of faithful participation.

Some directories have 50 or 100 pages of attorneys, plumbers, or roofers.  The more businesses participating, the more painful is the thought of losing the position.

No Reward for Staying

Most online advertising does not have a meaningful reward for customer retention nor a substantial penalty for early withdrawal.

On Google, if you want a better position, just increase your budget or your bid amount.  Positioning of ads changes moment to moment, so no one company owns the position.

This makes it easy for advertisers to drop out and jump back in later.  One bad day, and a major campaign can be tossed out the window.

Social media does nothing to change this, providing little stability or predictability for small advertisers.

Tips for Online Publishers

A company wishing to have sustained success selling online advertising would do well to build a model that combines substantial rewards for customer loyalty and substantial risk of loss for failing to maintain a program.

One method of doing this is to sell exclusive positions and to drive meaningful, quality traffic to the site.

The trick is to balance the consumer’s need for accurate information and the advertiser’s need for consumer attention.

This is probably best accomplished in narrow niches combined with hyper-local targeting.

Post your thoughts here.  http://bit.ly/5Uvcb9

Dick Larkin
Dick Larkin
The Small Business Commando
Dick @ DickLarkin.com

———————————————————————————–

FOUR LESSONS IN IT DISASTER RECOVERY PLANNING FROM AN FAA OUTAGE
http://go.techtarget.com/r/10130216/6358329
Linda Tucci, Senior News Writer

What can CIOs learn about IT disaster recovery planning from the U.S. Federal Aviation Administration’s (FAA) recent computer problems, which caused flight delays and cancellations at airports across the country? Plenty, say disaster recovery experts.

“Here we have a system that is vital to the flow of air traffic in the United States. It is hard to imagine how many dollars are riding on people getting to their destinations on time,” said Gene Ruth, who covers disaster recovery (DR) at Midvale, Utah-based Burton Group Inc. “You have a failure in the network and there is no ability to set up a disaster recovery site immediately? That is completely unacceptable.”

The root cause of the FAA outage, which lasted nearly five hours, was reportedly the failure of a circuit board inside a router at the FAA Telecommunications Infrastructure (FTI) facility in Salt Lake City.

Details on why the backup router did not engage are still unavailable. The failure brought down a flight management system, forcing air traffic controllers to rely on faxes and emails to communicate flight plans.

The FAA attributed the outage to a software configuration problem, suggesting the single-component failure was compounded by a configuration management failure.

READ THE FULL TIP
http://go.techtarget.com/r/10130217/6358329

Quick Intermission: FAA is a large org and this article may be directed mostly to larger organizations, but small businesses also need to realize the importance of having a disaster recovery and business continuity plan. For large organizations, failure to have an effective BCDR plan may cause major embarassment, but for small businesses it may mean the entire life of the business. Do you have a BCDR plan?

—————————————————-

Eleven Questions
CIOs Should Ask Their IT Managers
Every business is looking for ways to be more efficient. You know information technology is critical — you can’t be in business without it. But what is your IT really costing you? Making the right choices around technology is critical to the success of your business. Finding out becomes a lot easier when you know the right questions to ask. This technology brief provides tips to get you started and how Red Hat can help.

This document is free to IT Business Edge members and it’s easy to download. Just click on the button or image of the document and follow the simple instructions.

Click link to download the whitepaper: http://www.itbusinessedge.com/offer.aspx?o=02760010em1203

Quick Intermission: As a small to medium size enterprise, you more than likely don’t have a CIO, but you may have an IT Manager or may be dealing with an IT Consulting firm. Read and see how you can find best value from your IT Team…

————————————————————————————

HOW TO DRIVE A SUCCESSFUL WEB 2.0 TECHNOLOGY IMPLEMENTATION
http://go.techtarget.com/r/10169189/6358329
Niel Nickolaisen, Contributor

A few months ago, I was talking with the CIO of a midsized steel manufacturing company about his approach to implementing Web 2.0 technologies at his company. He was adamant that his company would not and could not support the use of such things by its employees. When I pressed him for reasons why this steel company would not deploy Web 2.0, he gave me two very clear reasons:

First, by implementing Web 2.0 technologies, his employees could either intentionally or unintentionally leak company trade secrets.

Second, if Web 2.0 technologies were permitted, large groups of employees would spend their time updating their Facebook pages and profiles rather than doing real work.

To be honest, these reasons have not deterred me from pursuing my own Web 2.0 technology implementation at my company. If I have an issue with employees sharing company intellectual property, I expect that happens whether I deploy Web 2.0 technologies or not. And if my employees are not getting work done because they spend their time on Facebook, I have a management problem, not a Web 2.0 problem. In my opinion, the rewards of Web 2.0 far outweigh the risks.

READ THE FULL TIP
http://go.techtarget.com/r/10169190/6358329

Final Note: Again something directed to CIOs and IT Executives, but any business owner who have to deal employees, computers and the Internet will be able to get some nuggets out of this.