Category: Uncategorized

FAIR USE NOTICE: This site contains excerpts from copyrighted material (along with links and attributions to full text original sources) the use of which has not been pre-authorized by the copyright owner. This material is made available to advance understanding of political, economic, scientific, social, art, media, and cultural issues. The ‘fair use’ of such copyrighted material is provided for under U.S. Copyright Law. In accordance with U.S. Code Title 17, Section 107, material on this site is distributed without profit to persons interested in such information for research and educational purposes. If you want to use copyrighted material from this site for purposes that go beyond ‘fair use’, you must obtain permission from the copyright owner.

Introducing a new product or service, adding a new channel partner, or targeting a new customer segment–any of these can present unforeseen costs, complexities, and delays in a business that runs enterprise applications. The expense and difficulty can be so great that some companies abandon new business initiatives rather than attempt one more change to their enterprise applications.

The good news is that just as the limitations of the current generation of IT architectures are becoming painfully apparent, new methods of organizing technology resources are appearing. IT is on the verge of a shift to a new generation of “service oriented” architectures that promise to go a long way toward reducing, if not removing, current obstacles to new operational initiatives.

Service-oriented architectures will enable companies to introduce new business practices and processes more rapidly and at lower cost. Companies that follow suit will break free from the constraints of today’s architectures and become capable of leveraging IT–mostly for the first time–to gain strategic advantage.

More info: [url=http://news.com.com/2030-1069_3-5144911.html?part=rss&tag=feed&subj=news]http://news.com.com/2030-1069_3-5144911.html?part=rss&tag=feed&subj=news[/url]

Surveys show that any large organisation lose between 3-5% of their laptops every year.

Relaying laptop theft stories in the local pub is almost as common-place as people boasting how much their houses have shot-up in price over the last two years. However, with an increasingly mobile workforce, often using privately bought mobile devices, the board and IT departments have to take greater notice of who is carrying what around with them and take a rain check of the damage that could be caused if this information was lost and broadcast to the outside world.

[i]One[/i] You must have a mobile Use policy or ensure that your corporate IT security policy has specific provision for mobile devices and you update it whenever you adopt new hardware categories such as combined PDA/phones.
[i]Two[/i] Take the responsibility of IT security away from the end-user and centrally manage and deploy it.
[i]Three[/i] Invest in a solution which is usable and flexible.
[i]Four[/i] Have a blanket approach to security by owning every mobile device that leaves your office and make access control and encryption mandatory.
[i]Five[/i] Be realistic with passwords
[i]Six[/i] Become a realist

This article provides tips on what to include in your policy is excerpted from an article on incident management published by their sister publication Information Security magazine.

An effective incident management program must assign responsibilities and specify routine procedures in the event of an incident.

Next, getting down to brass tacks, your computer incident response team (CIRT) policy should specify first responders, responsibility for management of the response to a specific incident, and follow-up and reporting responsibilities.

That’s the mostly-technical first part of a more detailed and comprehensive IMP. Besides the MIS and network technical staff who are first responders, who should be part of the IMP?

At the very least: risk management, corporate legal, corporate security, public relations, human resources and labor relations, the office responsible for regulatory compliance, and all major business units with oversight and advisory responsibility. Further, while initial response in many cases will be technical, IT staff can’t make decisions in a vacuum.

California’s Database Security Breach Notification Act (SB 1386), which went into effect last July, requires companies to inform California customers of incidents involving the compromise of their names in combination with their Social Security, driver’s license or credit card numbers.

More info: [url=http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci945247,00.html]http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci945247,00.html[/url]

The outsourcing providers–which included IBM, Accenture, Electronic Data Systems and Hewlett-Packard–are all technically competent, Meta analyst Dean Davison said.

A customer choosing between them should consider factors such as industry-specific knowledge and how their corporate cultures mesh with its own, he suggested.

IBM, Electronic Data Systems, Computer Sciences, Accenture and Science Applications International Corp. all made it into Meta’s category of outsourcing “leader.”

More info: [url=http://zdnet.com.com/2100-1104_2-5141899.html]http://zdnet.com.com/2100-1104_2-5141899.html[/url]

Organizations ranging from the U.S. Marine Corps to CSX, one of the larger transportation companies in the world, found themselves temporarily out of business. At CSX, the Nachi worm took out the sprawling railroad’s signaling systems, stranding train traffic for nearly two days.

You need to stay on your toes and keep up with new techniques for dealing with these worms as they are developed. The best worm defense means doing what you’ve always done — keep your anti-virus software up to date, and patch, patch, patch — and backing it up with cultural changes that emphasize the value of security.

Worms do their damage quickly, and they’re getting faster. Worse, there is evidence reported by Symantec’s Deep Sight (currently being tested in InfoWorld’s labs) that penetration attempts are on the increase. Hameroff notes that “the time between disclosure of a vulnerability by a vendor and the malware that exploits it is getting shorter,” which is further evidence that worm creators are getting faster and better.

The best defense is to do as you’ve always done — but with increased vigilance. And while you’re at it, check for new security tools. This patching “consumes a lot of people resources,” says Ken Tyminski, chief information security officer at Prudential Financial, who notes that the company has been “very, very aggressive with patching.”

More info: [url=http://www.infoworld.com/article/04/01/09/02FEworms_1.html]http://www.infoworld.com/article/04/01/09/02FEworms_1.html[/url]