Social-networking sites concern cyber-security experts

Gen Y'ers are running into resistance with their new employers about using social networking on the job, some of the employers have banned sites like Facebook and MySpace because of the security risks they carry. Users of these sites often tend to disclose information about themselves or their activities that can compromise corporate security, privacy and secrecy in business activities. Social-networking sites concern cyber-security experts

ISO - News - ISO/IEC standard provides common international framework for RFID frequencies

ISO has updated its ISO 18000 for air interfaces to respond to the growing use of RFID in supply chain interfaces. It's the latest acknowledgement by an important group of the increasing importance of RFID in business systems. ISO - News - ISO/IEC standard provides common international framework for RFID frequencies

Small laptops pose a big security threat

As if there haven't been enough problems with conventional laptops and the loss of sensitive data, now the market is being inundated with newer smaller ultraportables or netbooks. these little machines don't have quite the complex functionality of the others, and therefore can't carry off as high a degree of security. So they are becoming a major security risk. Security officers are going to have to deal with this new challenge soon. Small laptops pose a big security threat

BearingPoint - The Disconnect Between Security and the Business

BearingPoint - The Disconnect Between Security and the Business: "BearingPoint commissioned Forrester Consulting to conduct a study of large enterprises in the US, EMEA, and Asia Pacific. The study asked business and security and risk executives about their priorities and challenges for risk, compliance, and security initiatives within their organizations.
The major findings of the study suggest that:
- Culture, communication, and people are top challenges
- Business and IT have different perceptions on security and risk
- Internal audit is a strong influencer and regulatory compliance is still important
- Respondents unanimously agree that security and risk management is a C-level concern"

You can download the study free at the above link.

ISACA/ITGI Responses to Exposure Drafts from Regulators and Standards Setting Bodies

ISACA's response to OCEG's "Red Book" Exposure Draft is contained on the following link. The Red Book sets out the GRC Capability Model, which takes an integrated and holistic approach to Corporate governance, risk management and compliance. ISACA generally expressed support for the document and a willingness to work with OCEG in further development of the project. Their comments do highlight some inconsistencies in the treatment of IT controls in the Red Book, and recommend a clarification of its message. ISACA/ITGI Responses to Exposure Drafts from Regulators and Standards Setting Bodies

Sophos Security Threat Report 2009

Sophos Security Threat Report 2009: "IT security and control firm Sophos has published its Security Threat Report 2009 examining the threat landscape over the last twelve months, and predicting emerging cybercrime trends for 2009."

The report shows that the US now has the highest rate of malware and malicious websites in the world, with organized crime responsible for much of it. Strong steps need to be taken by legislators. the report can be downloaded from this link.

Special report: Celebrating 50 years of the IBM Journals | Introduction

Special report: Celebrating 50 years of the IBM Journals Introduction: "In this report celebrating 50 years of IBM Journals, the editors have examined citation rates, consulted experts in various fields, and reviewed the earlier retrospective issues in light of the present state of the information technology industry. The result is a compilation of significant papers published in the Journals across the wide span of key technical areas which characterize this industry. Each paper is accompanied by comments which indicate its significance. For simplicity, the papers have been placed in the following categories: applications of information technology, storage systems and databases, computing system architectures, computing methodologies, software, hardware design and implementation, device materials and processes, and fundamental science and mathematics."

Data theft and data loss prevention (DLP): Keeping sensitive data out of the wrong hands

With the continuing increase in the incidence of identity theft and data loss, companies have had to refocus on their data Loss prevention (DLP) activities. PriceWaterhouseCoopers discusses this issue in a document which can be downloaded at the following link. Data theft and data loss prevention (DLP): Keeping sensitive data out of the wrong hands

16 WCARS

The 16th World Continuous Auditing symposium was recently held at Rutgers University in Newark, New Jersey. The presentations for the sessions can be found at the following link: 16 WCARS

Application Outsourcing: Mapping the Route to Business Transformation and High Performance through IT Outsourcing

IT Outsourcing presents many management control issues, but outsourcing remains a fundamentally attractive option in many cases for improving IT systems. In this article, Accenture stresses the governance, management and control issues that must accompany a good IT outsourcing program.Application Outsourcing: Mapping the Route to Business Transformation and High Performance through IT Outsourcing

Most Cited EJIS Articles : European Journal of Information Systems

To promote some of the finest research and scholarship published in the European Journal of Information Systems, they have compiled a list of the 5 most cited articles that the Journal has published. These articles are now freely available to download at the following link. The papers deal with some of the classic issues in the Information Systems field, including assessing the benefits of IS, and the critical success factors in ERP implementation. Most Cited EJIS Articles : European Journal of Information Systems