Sunday, August 31, 2008

A Windows Vista FAQ | Dell - Technology Brief | Web Buyer's Guide

Windows Vista was developed primarily for enhanced security, which is one of the reasons why it can be so annoying to its users and one of the reasons why implementation has been slow. However, companies are now starting to move to Vista in greater numbers, and finding that the move presents some important issues. It's not a move that should be taken lightly. The new security measures affect applications as well as the OS itself, and so all applications need to be fully tested before going live. In this Technology Brief from Dell, the planning considerations for a Vista implementation project are discussed and some useful suggestions made to help smooth the way. A Windows Vista FAQ Dell - Technology Brief Web Buyer's Guide

Thursday, August 28, 2008

Top Ten Critical Risks

E&Y has prepared an analysis of the impact of the critical risks expected to affect businesses in 2008, prioritized by industry sector. Download the study at the following URL:
http://www.ey.com/Global/assets.nsf/International/EY_Strategic_Business_Risk_2008/$file/EY_Strategic_Business_Risk_2008.pdf

Monday, August 25, 2008

Memory Stick With 84,000 Prisoner Records Lost In U.K. -- Storage Security -- InformationWeek

It's happened again. A loss of large amounts of personal data - this time data on 84,000 prisoners in the UK and 33,000 police records. Again, the loss stemmed from data stored on a memory stick that was in the hands of a contractor. The contract even forbad storing data on portable units like memory sticks, but it was done anyway. This is one of the chief challenges of contemporary data management - setting up security procedures that trace the movements of data and cover all the places in which it is stored or through which it moves - security procedures that follow the data. Memory Stick With 84,000 Prisoner Records Lost In U.K. -- Storage Security -- InformationWeek

Friday, August 22, 2008

Aberdeen Group:Do Consultants Improve Application Security?

The Aberdeen Group conducted a survey to address the question as to whether the employment of consultants for applications security actually results in improvements in that security. For the report, please visit the following link. The results do intify a number of interesting correlations showing that consultants generally do have a positive impact. But it's hard to know whether that is because of the contributions of the consultants or because the employment of consultants simply reflects an enhanced effort on the part of the company to address their security concerns. Aberdeen Group:Do Consultants Improve Application Security?

Tuesday, August 19, 2008

The Information Future of the Corporate Board

The purpose of information systems is to help sound decisions to be made. The directors are an important part of the decision-making process, yet they often don't get the best information on a timely basis. There is an information asymmetry at work. Also, IS auditors usually report to the Board in some fashion, whether directly or through general auditors and therefore form part of the information system. This absence of direct information coming from within the formal information system to the directors places additional responsibility and liability on the auditors and is therefore a matter of concern to them. Accenture has begun a new series of "research notes" to explore the informaton future of the board and discuss the implications. The first note s at the following link. The Information Future of the Corporate Board

Monday, August 18, 2008

IBM Systems Journal | Vol. 47, No. 2, 2008 - Real-Time and Event-Based Systems

"Due to the growing demands for responsiveness in business processes, command-and-control systems, and embedded systems, the deployment rate of responsive systems is increasing. This issue of the Journal is dedicated to responsive systems, a class of systems that includes real-time and event-based systems. An introductory paper, authored by the issue coordinators, is followed by ten papers that cover platforms, middleware, and development support for responsive systems." This trend fits well with the movement of external Financial and Business Reporting to a real time/events based paradigm. This will continue for the next few years and have a major impact on systems development. IBM Systems Journal Vol. 47, No. 2, 2008 - Real-Time and Event-Based Systems:

Friday, August 15, 2008

ITIL – Insight into Breaking Down IT Silos

The new Version 3 of ITIL is out. ITIL has been gaining ground as a vehicle for better control across an organization as well as for focusing control management in the areas where it will be most effective. ITIL – Insight into Breaking Down IT Silos

Tuesday, August 12, 2008

Aberdeen Group:Making Progress in PCI Compliance: Assessing Risk

"Aberdeen research has shown that Best-in-Class companies conduct vulnerability and risk assessments more frequently and more broadly than their Industry Average and Laggard counterparts. They also prioritize and remediate the most critical vulnerabilities found as a result of assessment scans more quickly, reducing their window of exposure for security issues by a factor of 1.7. Aberdeen's June 2008research on PCI DSS and Protecting Cardholder Data revealed that Best-in-Class organizations are between 40% and 90% more likely than lagging companies to conduct regular vulnerability and risk assessments for all system components in their card processing environment, as part of a sustainable approach to assessment, prioritization, remediation, and management." Aberdeen Group:Making Progress in PCI Compliance: Assessing Risk

Monday, August 11, 2008

Technology Review: Internet Security Hole Revealed

A researcher has discovered a flaw in the domain name system that could open the way for a greater incidence of fraud, including more effective phishing attacks. It's yet another area where IS professionals need to be aware. Technology Review: Internet Security Hole Revealed

Saturday, August 9, 2008

globeandmail.com: Hackers mull physical attacks

The advent of powerful smart phones that can tap into wireless networks pose a security risk for companies. They can even be used as a sort of trojan horse, placed within a company secretly to check out its networks. If any of them are unsecured, look out! Once again, it points to the need to ensure that all wireless networks are encrypted. globeandmail.com: Hackers mull physical attacks

Wednesday, August 6, 2008

Laying the Foundation for ERP Implementation Success

ERP implementation has long been a minefield for trouble, and experience has shown that good control practices can make all the difference. Internal auditors can help in this area, and this article outlines how this is so. Laying the Foundation for ERP Implementation Success