Did a colleague forward this newsletter? Please email me to join the list and receive your own copy. Blog Please visit the Technology Reflections Blog on the Web. 08.21. The emerging Threat of IM (Instant Messaging) in the workplace. 07.03. Microsoft Small Business Server 2003 use of Iomega REV (R) Drives for backup. 06.28. Wikipedia as an academic source and authority for citation. News and Announcements We've incorporated to serve you better!  Mickler & Associates, Inc. incorporated effective August 1, 2006 in the State of Washington. Bugs and Viruses A recently found bug (08.21.2006) on AOL Version 9.0 exposes the home directory of the AOL application to full permissions, allowing for hackers to replace critical files with their own versions on users PC's.  All users of AOL Version 9.0 are encouraged to update their copy to receive the latest security patches. As of 08.29.2006, the largest virus threat came from the W32.Stration.D@mm worm that creates a mass emailing on a compromised computer. Manually update your antivirus definitions to address this threat.   Learn more about common microcomputer threats Additional Resources for Technology and Business Professionals www.dnsstuff.com. A free web-based tool that can assist in diagnosing significant problems with router and DNS configurations. www.grc.com/intro.htm. Shields up! is a free web-based port scanner to expose weaknesses in your firewall configurations. Use Shields-up! to see if access to your computer system is secure. Ready for the big one? Take a quick read of a Disaster Recovery Checklist for Business Professionals.

Technology Reflections is a newsletter sponsored and prepared by Mickler & Associates, Inc. of Battle Ground, Washington.  The newsletter addresses the technology concerns of small business in every day lingo, and reflects on trends, issues, and tips to help your company gain competitive advantage from tech spend. Please feel free to distribute to colleagues and partners.

More Than Great Technology

Initially, I recoiled from the idea of creating a newsletter because I was afraid my clients, students, and colleagues would believe I've got this bucket-load of free time on my hands.  And I also didn't want to be labeled some obnoxious spammer whose monthly diatribe arrives to consume more space on your hard drive. No no no, I thought - I didn't want to create this perception that my brand was in some way starving for your attention.

But then I thought about our value statement: "More than great technology. We install trust, respect, and value." I wanted to provide a computer service that avoided geek-speak and focused on the real problems confronted by small business. I wanted to provide a service bigger than the technology itself; one that could be trusted and valued for providing insight beyond the technical support call. A service that is relied upon to reduce expenses and improve speed, accuracy, and reliability.

In my experience, "trust, respect, and value" is demonstrated and earned over time. It's not found solely in the technical solution or in a single lecture, but it is found in the commitment that I have to life-long learning and in understanding my client's business model.  Listening, I think, is most critical to establishing trust and respect.

On the other hand, value, I believe, is found by providing extra services and insight that are uncommon in my field.  The same kind of value that I'd bring corporations serving as their Director or VP of IT, is the same value I want to bring to my clients.  Except that I'm not down your hall, or in a classroom, or standing by the water cooler making conversation. I've found that I need to foster an ongoing sense of community between myself and you that bridges the gap.

Technology Reflections is an attempt to build that bridge - to create a mechanism for student and client feedback, and, a means of sharing insight on trends, risks, opportunities, and solutions that could benefit everybody. So I've decided that a newsletter is, indeed, "More than great technology" and I hope it can become a vehicle to listen, and further instill trust, respect, and value for my clients. And here it is.

Enjoy the first edition - with your permission, I think I'll be doing these once a month. Thanks for your time and please let me know what you think.

Russell P. Mickler, CISSP | MCSE
Principal Consultant, Mickler & Associates, Inc.

The Value of Vista (Part One)

Microsoft intends to release the next version of its Windows (R) operating system in January 2007.  The name of that product is called Windows Vista and its release will be timed with the release of Microsoft Office 2007.

Compounding the confusion small business might have in purchasing Vista will be the licensing options - Vista will come in six different flavors, unlike Windows XP which is boxed in two editions: Home and Professional.

1. Starter Edition. This is a crippled version of Windows prepared for the third world. It's a slimmed-down license with few features, just a basic operating system, and wouldn't be suitable for most business applications.

2. Home Basic Edition. This is for the home user who intends to use Windows as a way to play music, write email, and surf the web.

3. Home Premium Edition. However, if you're a home user that wants to use business applications like Microsoft Office, and, interconnect to networks at your office via VPN or RDC, and if you want a full-blown capability to rip DVD's or view HDTV content, you'll need Home Premium Edition.  The Basic Edition will be so crippled as even to prohibit extensive networking capabilities, and of course, both Home Editions are unable to be used in a complex security architecture like those found in the workplace.

4. Vista Business Edition.  Taking advantage of all of the Professional capabilities and inclusive of Small Business Server integration, Vista Small Business Professional Edition would likely be the candidate that many small businesses would want to upgrade to.  It will allow for professional network controls and remote management, and, client/server computing benefits.  Business Edition will also use the new Aero interface that creates transparencies on the desktop and changes the look and feel of Windows.

5. Vista Enterprise Edition. Inclusive of features found in larger enterprises, SMS integration, o/s virtualization capabilities, encryption, and extended domain management capabilities, large businesses with hundreds if not thousands of microcomputers would be interested in this version; small business would probably not be interested in this version as it's an overkill of functions.  However, this version will only be available to Enterprise Agreement and Software Assurance volume licensing only which will further prevent small business from really securing this product unless they absolutely need it.

6. Vista Ultimate Edition. However, in those occasions where one needs it all, and an occasion where a company only wants to buy just one license of Windows outside of the EA/SA volume agreements from Microsoft. Windows Ultimate will offer all of the aforementioned services and capabilities, not to mention exclusive access to online content not available to the other licenses. Perhaps an overkill for the small business, better this version reside on the desktop of your most productive and technically adept employee, or, just the boss!  Above all, it's the loophole that allows al business to purchase a Windows Enterprise license outside of the volume license agreements offered by Microsoft.

Pricing is not yet formally available, but it is presumed that pricing will come at a premium as one scales versions in Windows; I presume that Vista pricing may look something like this: Ultimate may retail for as much as $399.99; $299.99 for Enterprise; $199.99 for Business; $99 for Home Premium; and $65 for Home Basic - Starter may not even be retailed but available only through special licensing arrangements. These are full licenses, not upgrades, and folks, that's per license (per PC).

As a part of extending value to my clients, I wanted to spend several columns on this broadsheet discussing how Vista may - or may not - be a meaningful investment in the first year of release. This is the first part: examining the licensing arrangements for the product.  At present, based on the current numbers that I've seen from Information Week, less than 13% of CIO's polled intend to deploy Vista in Q1 2007. Frankly, there are questions concerning the value Vista provides; one Microsoft engineer told an online seminar that I attended that Vista will earn back five minutes of better productivity every day.  Good heavens, five minutes of extra productivity a day?  What a deal!

However, naturally, Microsoft intends to curtail support for the Windows XP operating system following two years of Vista's release, forcing small and medium-range businesses to upgrade or be left in the cold for updates and patches.

Look for further revelations on Vista in future editions of Technology Reflections.

The CISSP (Computer Information Systems Security Professional)

I am often asked what the acronym aside my name means and what value a CISSP-certified individual can bring to a small business. The CISSP certification is sponsored and administered by the International Information Systems Security Consortium (or ISC²).  A CISSP designation is a credential reflecting a superior knowledge in information system security and is accredited by the ANSI to ISO Standard 17024:2003.  The CISSP designation is a reflection of a candidate's knowledge and capabilities in ten domains of security protocol, ranging from risk assessment, access control, and encryption,  to networking security, disaster recovery, and to legal exposure based on IT management practices.

For me, earning the CISSP was a seven month ordeal of concentrated self-study effort culminating to the six-hour exam held in Seattle, Washington, in November 2004. I was able to pass the exam on my first attempt; approximately 60-percent of candidates pass the exam on their first attempt.  Every year, I'm required to present my continuing education and experience to ISC² to maintain my certification.

A CISSP-certified professionals are internationally recognized for their excellence in deploying technology to secure electronic information systems. Corporations seek out CISSP-certified professionals for assistance in crafting strategy and implementing new security solutions. Usually, this type of professional is inaccessible by small business; there are financial incentives for CISSP's to work for larger corporations. However, in the spirit of bringing more value to the table, I earned my CISSP to bring this caliber of professional specifically to small businesses. My value to the small business as a CISSP:

1. Assist in creating Administrative policies and procedures that reflect management's "Due Care" in protecting their information assets.

2. Assist in implementing Technical and Physical controls to execute management's commitment to information security.

3. Assist in auditing and testing those procedures to reflect presumed capability, and present evidence to management for confirmation and corrective action.

In short, I can help management walk the walk and talk the talk. I can help small business move beyond the rhetoric and assumption associated with security to install genuine best practices - as measured by enterprise computing and internationally-recognized standards, not by a local geek down the street who simply repairs PC's.  I can help small business management prepare a comprehensive and holistic strategy that minimizes risk and legal exposure to data compromise, damage, or loss.  These days, a documented and articulated information security strategy is often a requirement for vendor and customer relationships. And I help companies plan to delight their customers in this area, not disappoint them with news of data compromise, fraud, or service outages.

Find out more about how CISSP can bring value to your organization.  Then, please give us a call.

Russell P. Mickler, CISSP | MCSE
Principal Consultant, Mickler & Associates, Inc.