CPTTM CIO newsletter issue #23

Dear CIO/IT managers,

This CPTTM CIO newsletter is to bring useful news to you, CIO/IT managers in Macau, for references without obligations, so that you can do your jobs easier and better! Hope you like it. if you'd like to unsubscribe or recommend your friends to subscribe, just let me know. Old issues are available here.

Kent Tong, Editor in Chief

Topics in this issue:

Revisited: Could your web sites be hacked in 10 minutes?
Scary story on security
Web server OS uptime & performance comparison
Must attend: Seminar on Aruba thin AP WiFi enterprise architecture
Upcoming courses for CIO/IT manager

Revisited: Could your web sites be hacked in 10 minutes?

Three months ago I performed a very simple security test on four web sites and found two (50%) were vulnerable to a security problem known as cross-site scripting (XSS). Are your programmers introducing the same security holes into your web applications right now at the moment? It's not their fault as writing secure code requires good training. It is just not something that will happen automatically. To address this issue, CPTTM is now launching a new course Writing Secure Code in Java. It is the due diligence of every CIO, IT Manager, Chief Security Officer to ensure that their programmers attend such training. No one can ensure 100% security. If (or better, when) incident does occur and you are found to have not perform due diligence, you'll be in big trouble!

Scary story on security

Did you know that:

50% of IT professionals write their passwords on Post-It notes.
1/3 of IT professionals still have access to the IT system even after they left the company (because the administrator passwords are not changed).
1/3 of IT professionals use their priviledges to snoop around the IT system.

All these are facts found by a survey. These problems can be solved with proper security policies ("You shall never store passwords in unsecure places") and audits. In shorter term, a security management system is needed. To learn how to setup such a system, you can attend our Implemeting ISO 27001 course.

Web server OS uptime & performance comparison

A study shows that Linux-based servers are found to have a higher uptime and faster response than Windows-based servers in a web server environment. The uptime of Linux is at least 0.5% higher. 0.5% means about 50 minutes per week.

Must attend: Seminar on Aruba thin AP WiFi enterprise architecture

If your company has a significant sized WiFi network or plan to have one, you must attend this seminar. You won't regret it. You will learn about a wildly successful trend in the world of WiFi: the thin access point architecture, right from the company that pioneered it (the Aruba networks). This architecture increases security, mobility, manageability and scalability, while reducing both the acquisition cost and the operating cost. Nowadays, just about every WiFi vendor including Cisco is adopting it. If you're facing mobility or manageability issue with your existing WiFi network, it may help. If you're planning to deploy a WiFi network, why choose an outdated architecture with outdated equipment? This seminar will be hosted on 22nd June at Head Office of CPTTM. To learn more, click here. To register online, click here.

Upcoming courses for CIO/IT manager

Course code	Title	Start date	Duration (hours)	Fee (MOP)
CM273-06-2007-C	Implementing ISO 27001	2007/06/10	21	5880
CM260-07-2007-C	ITIL Foundation with hands-on simulation workshop	2007/07/09	21	7980

Feedbacks

Any questions, ideas or experiences to share? Contact me at 28781313 or kent at cpttm dot org dot mo.

Until next time,

Kent Tong