Monday, December 31, 2007

CESG Assurance Model

The new CESG Assurance Model for the control of Information risk is scheduled for authorittive release in January, 2008. At present there is an excellent overview website at the following link that includes graphics and an article describing the proposed model. The model encompasses four main elements of information risk and control - intrinsic, extrinsic, operational and implementation. CESG Assurance Model

Saturday, December 29, 2007

Google Replies to Lawmaker's Questions on Privacy - CIO.com - Business Technology Leadership

Despite the considerable attention given to it over the past several years, privacy continues to be a major concern. The current issues around Google and its acquisition of DoubleClick exemplify some of these concerns, and lead to the call by Google for new and better privacy laws. They may have a point. Google Replies to Lawmaker's Questions on Privacy - CIO.com - Business Technology Leadership

Thursday, December 20, 2007

U.K. Data Woes Deepen as 3 Million More Records Lost - CIO.com - Business Technology Leadership

It just keeps happening. A new revelation in the UK of the loss of another three million data records held on CDs in transit. It points once again to the need for strong security over data in transit, particularly encryption and strong controls over the physical custody of the media on which data are stored. U.K. Data Woes Deepen as 3 Million More Records Lost - CIO.com - Business Technology Leadership

Tuesday, December 18, 2007

Security > Hacking and Viruses > Facebook watchers offer advice against data leaks

With the abundance of data included on Facebook, and the recent attempts by hackers to obtain the private information of users, the question arises of whether Facebook is the latest potentially grave threat to the IT systems of companies whose employees use Facebook. Some experts think it is. Security > Hacking and Viruses > Facebook watchers offer advice against data leaks

Friday, December 14, 2007

IBM SJ 46-4 | IBM business transformation enabled by service-oriented architecture

In the latest issue of IBM Systems Journal, there is an article by L Walker titled IBM Business Transformation Enabled by Service Oriented Architecture which provides an excellent description of SOA and how it is used to link the functionality of a business IT system. IBM SJ 46-4 IBM business transformation enabled by service-oriented architecture

Tuesday, December 11, 2007

Online holiday shopping could put corporate IT systems at risk

More people are doing their holiday shopping online and more are doing it at work. Besides the obvious loss of productivity, there are also risks to the IT Systems at this time of year as a result of the shopping. It attracts more viruses and other malicious software. Online holiday shopping could put corporate IT systems at risk

Monday, December 10, 2007

IT Control Objectives for Basel II

ISACA has released the final version of the booklet IT Control Objectives for Basel II. This pulications contains a framework for managing IT risk related to Basel II and is available for download from the following URl: IT Control Objectives for Basel II

Thursday, December 6, 2007

Should your company 'crowdsource' its next project?

Don Tapscott would nod his head and say "Of course". The author of Wikinomics has stated many times that the future lies in open collaboration with large broadly defined groups. Companies are developing new systems using a new technique known as crowdsourcing, which involves essentially outsourcing the code writing to the world. Should your company 'crowdsource' its next project?

Saturday, December 1, 2007

Be gone phishing

Phishing and pharming are modern hacking techniques that pose a serious threat to information systems. IT staff need to be not only aware of them but familiar with the safeguards that can be put in place to thwart these attacks. This article provides a good summary of the major risks: Be gone phishing