" /> 飛耳長目: February 2006 Archives

« January 2006 | Main | March 2006 »

ITGI Research Publications

  • COBIT 4.0 This new version of ITGI痴 flagship product offers a streamlined, pragmatic and business-focused approach to implementing IT governance enterprisewide.
  • COBIT Security Baseline Based on COBIT, this guide is a comprehensive set of resources to guide the information organization as it adopts an IT governance and control framework. This guide focuses on the specific risks of IT security in an easy-to-follow-and-implement way for all users: small to medium enterprises, executives and board members of larger organizations, and home users.
  • COBIT Quickstart This is an abbreviated version of COBIT designed for small to medium enterprises, or those organizations in which IT is not strategically critical to enterprise success. Available from the ISACA Bookstore.
  • IT Control Objectives for Sarbanes-Oxley (PDF, 363K) A new research document from the ITGI, focusing on Sarbanes-Oxley, using COSO as the overall framework upon which the supplementary IT guidance was based, and COBIT as the initial IT controls baseline to develop a control objective template. Download also available in Japanese.

Posted by eureka at February 4, 2006 |

*IT Governance Institute

ITGI:1998年に設立されたITガバナンス普及・促進団体。

ITGI Releases New Survey Data Image
Groundbreaking research into IT governance knowledge and attitudes worldwide in 2003 are updated in the 2005 survey.
- IT Governance Global Status Report 2006 (PDF, 420K)
- IT Governance Global Status Report 2003 (PDF, 1.2M)


Best Practices




  • COBIT 4.0
    This new version of ITGI痴 flagship product offers a streamlined, pragmatic and business-focused approach to implementing IT governance enterprisewide.

















Case Studies





Posted by eureka at February 4, 2006 |

*ISACA

1967年設立。世界140カ国の会員50,000からなる情報システムコントロール協会。60カ国170の支部がある。

   Logo 

CISM(Certified Information Security Manager)『公認情報セキュリティマネージャー』
情報セキュリティの国際的資格。 ISACAにより、2002年に資格制度が創設され、2003年度より試験が開始された。

Posted by eureka at February 4, 2006 |

The future that never was

Seven products that could have changed the industry but didn't
By Geoffrey James -- Electronic Business, 12/1/2005 ≫日本語訳(Member Only)
Sections:
The Beckman analog computer
The AT&T PicturePhone
Bushnell's Computer Space game
The Heathkit Hero robot
The Xerox Alto Workstation
The Connection Machine
The Alpha chip
The electronics industry is in a constant state of growth and evolution. At each stage of its development, there have been key products, such as the IBM 360, the 8086 CPU and the cell phone, that have defined the industry's direction for a decade or more. Looking back at the success of these products, it's easy to assume that history was destiny and that the progress of the industry was nothing more than a logical sequence of inevitable events. But that's just the blindness of hindsight. There have been many key points in the development of electronics at which a different product, had it proven successful, would have accelerated the development of follow-on technologies and changed the direction of the industry. On the heels of our 30th-anniversary issue (November 2005), we thought it would be interesting to look at seven products that flopped in the market but had a massive potential to influence almost every sector of the electronics industry.

Posted by eureka at February 3, 2006 |

Security management tool comes to hospital's aid

Tool guards 250 wireless access points at Carilion Health System
News Story by Matt Hamblen

JANUARY 24, 2006 (COMPUTERWORLD) - Carilion Health System has been working to make its wireless LAN secure and compliant with federal regulations for three years, but the company recently found a new tool to simplify its wireless security management.
Brian Brindle, senior network engineer for the health care provider in Roanoke, Va., said Carilion has been using a new version of a wireless security tool for managing 250 wireless access points that offers better reports and simplifies administration.

The wireless network is critical to patient care and administration of medications in the 700-bed main hospital and 12 other sites that have wireless access, Brindle said.

In addition, recent HIPAA requirements require Carilion, like other hospitals, to keep daily logs showing that the network is working properly, he said.

Brindle began testing AirDefense Enterprise 7.0 in late October and has been using it fully since it was released Dec. 12. The tool, from AirDefense Inc. in Atlanta, has an updated dashboard display that helps present more pertinent security information, rather than just log files of network activity.

"I can better tell what might be going on, such as whether that's an intrusion or just a technical problem," he said in a recent interview. "I get fewer calls from administrators asking, 'What does this mean?' " he said.

According to Brindle, AirDefense has developed a product that can create custom reports on network activity for regulatory compliance that are more sophisticated than what's available from other vendors, such as AirMagnet Inc. and AirTight Networks Inc.

The AirDefense tool has "freed me up big time," Brindle said, since he was the one handling all wireless problems until he could train help desk workers to handle remote monitoring chores.

Brindle has worked with earlier AirDefense versions for three years to detect wireless LAN intruders and rogue users. Over that time, Carilion has collected information on the security incidents and network exposures it has avoided. "We've even had real attacks to enable us to shut down and avoid compromises," he added.

He estimates that over three years, Carilion has spent about $50,000 for security management, but he said it has been worth the investment just in terms of avoiding security problems. "There is no return on investment in security products, period," he said.

AirDefense Enterprise 7.0 pricing starts at $8,975.

Posted by eureka at February 3, 2006 |

Compliance Archiving System with Vignette

JANUARY 19, 2006 (COMPUTERWORLD) - Organizations today face two major information problems: managing increasing volumes of information and complying with stricter regulations. This paper discusses an integrated document management solution based on Vignette Records & Documents and the Sun StorEdge^(TM) 5310 Compliance Archiving System, a solution that streamlines information management and automates compliance with information management regulations.
Download this white paper now

Posted by eureka at February 3, 2006 |

Security: Fast and Furious

What's Next: Security - Computerworld
Expect threats to get nastier as networks become more complex.
News Story by Bob Violino
JANUARY 02, 2006 (COMPUTERWORLD) - Most information technology managers have already devoted long hours to shoring up their companies' security -- and they can expect more of the same in 2006. Attacks will likely come faster and with less warning, and experts predict that there will be attempts against a new range of applications and devices.

Posted by eureka at February 3, 2006 |

Forecast 2006

Computerworld IT Management Special Report
What does the new year hold for IT? Expect project management to be your growing vexation, security lockdowns your No. 1 task and RFID your biggest disappointment. Plus, bold predictions from the industry's top luminaries.

Bold Predictions for 2006 Provocative thoughts about the future of IT, from industry observers Don Tapscott, Thornton A. May, Paul Glen, Bart Perkins and many others.
 - Online Exclusive QuickPoll: Which predictions are sensible and which absurd?
10 predictions for 2006 The IDG News Service offers its picks for the coming year's top IT stories.
>>日本語訳(Member Only)
   - Online Exclusive What's in Store: More predictions from around the Web
   - Online Exclusive Looking ahead: The PC of 2007
Security: Fast and Furious Expect security threats to get nastier this year, as attackers become more skilled and networks grow more complex.    -Sidebar: CISOs Move Beyond Tech
Forecast 2006: RFID Cost and complexity continue to block widespread adoption of RFID.
Forecast 2006: Wireless Manageability problems continue to stymie widespread wireless adoption.
Forecast 2006: VoIP Voice over IP has conquered quality issues, yet savings are still elusive, say experts.

Posted by eureka at February 3, 2006 |

Big and no longer blue

Economist.com Jan 19th 2006

IBM has been an early adopter of many of the features of the new organisation. As Linda Sanford, a senior vice-president and one of the highest-ranking women in the company, puts it, you have to have an organisation that senses change and by itself identifies a working team that can go after the opportunities. To help create such an environment, the chairman and chief executive, Sam Palmisano, in mid-2003 decided that the company needed to rethink and restate its values.… 日本語訳(Member Only)

Posted by eureka at February 3, 2006 |

Bank of Americaなどがデータセキュリティで共通のガイドラインを制定へ

THE WALL STREET JOURNAL 2006年2月1日

Bank of America Corp. 、Bank of New York Co.、Citigroup Inc. 、J.P. Morgan Chase and Co. 、U.S. Bancorp 、Wells Fargo & Co.が集まって、機密データの保護方法の開示に対して、より系統だった方法を取らせるようコンピュータサービスプロバイダに圧力をかける方針を2月1日に発表する。
Member Only

Posted by eureka at February 3, 2006 | | Comments (0)

Empirica

empirica - Gesellschaft fur Kommunikations- und Technologieforschung mbH

empirica is a private, internationally active research and consulting firm concentrating on the following areas:

Our interdisciplinary project teams work on projects such as

  • market and accompanying customer needs research
  • policy and strategic consulting as well as technology assessment
  • consulting on product development and market validation
  • the development and implementation of pilot projects
  • analysing organisations and business processes
  • preparing economic feasibility studies and benchmarking studies
  • organising conferences, workshops and seminars

empirica has many years of experience in quantitative and qualitative research methods. Its clients are private companies and public bodies: large and medium-sized companies in the insurance, pharmaceutical and automobile industries as well as software developers and hardware manufacturers. There are also telecommunications service companies and network providers, social services firms, medical facilities, Federal and State Government ministries in Germany and the European Commission as well as the European statistical office (Eurostat).

The Study on the “Measures to Increase Trust and Confidence of Consumers in the Information Society” will help the European Commission to Improve the Evidence Base for Policy Making

Bonn, 20 December 2005, empirica. This study, carried out by empirica together with DIW (Deutsches Institut für Wirtschaftsforschung), will generate and present a set of recommendations and policy tools to enable the European Commission and Member States, in cooperation with industry and other stakeholders, to improve consumers' trust and confidence in Information Society products and services and to address any related consumer protection issues. The issues at hand relate to a wide range of policy fields including citizens' rights, privacy, social inclusion, international trade, industrial policy, law enforcement and defence. Recommendations will take appropriate account of ongoing policy initiatives at the EU level, in particular the i2010 initiative, and include suggestions as to how new policy activity can best be integrated within the objectives set in the i2010 initiative and with related policy actions.

empirica GmbH
Oxfordstr. 2
D - 53111 Bonn
Tel: +49 (0)228-98530-0
Fax: +49 (0)228-98530-12

Posted by eureka at February 2, 2006 |

EU法規制の概要

Compliance Regulatory Overview: European Union legislation
http://techrepublic.com.com/5208-11179-0.html?foru... - Dec 5, 2005

Lesson 6 of 7

In the United States, the Health Insurance Portability and Accountability Act (HIPAA) addresses the need to protect private and sensitive data. For members of the European Union (EU), those issues are the focus of the European Data Protection Directive of 1995.

The European Data Protection Directive, along with the requirements of Basel II and the UK Data Protection Act, offers the major compliance frameworks for members of the EU.

European Data Protection Directive

The directive sets up a regulatory framework that seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the EU. To do so, the directive sets strict limits on the collection and use of personal data and demands that each Member State set up an independent national body responsible for the protection of these data. Another section of the directive calls on Member States to determine more precisely the conditions under which the processing of data is lawful.

The directive states that personal data must be:

  • Processed fairly and lawfully.
  • Collected for specific, explicit, and legitimate purposes.
  • Adequate, relevant, and not excessive in relation to the purposes for which they are collected.
  • Kept in a form which permits identification of data subjects for no longer than is necessary.

For details on the directive, which covers the processing of personal data including automatically processed data and manual data in a filing system, see EU Data Protection Directive (EU DPD).

Basel II

Gramm-Leach-Bliley and Sarbanes-Oxley require that U.S. financial service organizations put safeguards in place to increase data security. For members of the EU, similar safeguards are addressed in Basel II, which requires that financial organizations meet both reporting and risk assessment requirements.

UK Data Protection Act

The UK Data Protection Act makes it a legal obligation for anyone processing personal data to establish good practice in managing and using the data. Anyone processing personal information must comply with eight enforceable principles of good information handling practice. The act covers any organization that collects personal data.

For a comprehensive list of European Union compliance resources, used with permission of RSA Security, see page two.

Next Page

European Union compliance resources

  • EU Data Protection Directive (EU DPD)
    The directive covers the processing of personal data, including automatically processed data and manual data in a filing system.
  • Basel II
    The Basel II regulation intends to better align bank capital requirements with underlying risk. Basel II applies to global financial services organizations, specifically internationally-active banks with assets greater than $250 billion or foreign exposures greater than $10 billion.
  • UK Data Protection Act
    The act makes it a legal obligation for anyone processing personal data to establish good practice in managing and using the data.
  • Money Laundering Regulations 2003
    Businesses must appoint a money laundering reporting officer (MLRO) to train employees on the relevant principals and requirements of the legislation, verify the identity of new clients, and maintain records of client identification and transactions for five years.
  • The Companies Act 1985 (Investment Companies and Accounting and Audit Amendments) Regulations 2005
    These sets of regulations amend the Companies Act of 1985 and introduce the need for an Operating and Financial Review. This must contain a fair review of the business of the company and a description of the principal risks and uncertainties facing the company. This review must also include business analysis via key performance indicators.
  • Privacy and Electronic Communication Regulations 2003 (EC Directive)
    The legislation protects the public from electronic marketing practices that cause nuisance, offence, and invasion of privacy.
  • The Freedom of Information Act 2000--UK
    The act states that public authority information cannot be altered, defaced, or destroyed. Public authorities need to implement effective records and document management systems.
  • The Turnbull Guidance 1999
    Known as "Internal Control: Guidance for Directors on the Combined Code," this regulation's principal aim is to encourage companies to identify and manage internal and external risk within their organizations.
  • EU Annex 11, Computerized Systems
    The central consideration of this regulation is that "records are accurately made and protected against loss or damage or unauthorized alteration so that there is a clear and accurate audit trail throughout the manufacturing process".
  • Payment Card Industry (PCI) Data Security Standard
    This information security standard enables merchants and service providers to assess their security status by using a single set of security requirements for all payment organizations.

White papers

  • Data Protection: A Global Challenge
    This paper from PeopleSoft provides insight into portions of the European Data Protection Directive, and focuses on some controversial issues, international initiatives, and the Internet. It also describes some of the features PeopleSoft products provide to facilitate enterprises' compliance with data protection laws.
  • Basel II Compliance: The Data Management Challenge
    The New Capital Accord from the Basel Committee on Banking Supervision ("Basel II") effects sweeping changes in the way many financial companies collect and analyze data. This IBM paper discusses the data management challenges that companies will face during Basel II implementations, and how IBM's solutions can help financial companies meet those challenges.
  • Complying with confidence
    Whether it is Sarbanes-Oxley, Basel II, International Accounting Standards (IAS), HIPAA, or the USA Patriot Act, integrating information in support of compliance is not a one-off proposition. Compliance requires ongoing and constant enforcement. It's never a matter of simply checking a box and then moving to another project. Companies typically dedicate one or two people solely to compliance projects. Read this paper from the Sarbanes-Oxley Compliance Journal to learn how to effectively handle data integration and provide visibility.

Course list

Sign up for the Compliance Regulatory Overview series

If you haven't subscribed to this series, automatically sign up today to receive the entire Compliance Regulatory Overview series in your inbox.


Computerworld Legislation
http://www.computerworld.com/governmenttopics/gove... - Dec 6, 2005

Security Conforms To Regulatory Compliance
By Helen D'Antoni InformationWeek 8 29, 2005 12:00 HM
Business-technology professionals spend nearly one day a week dealing with industry- and government-related issues, according to InformationWeek Research. AMR Research expects compliance-related spending to hit nearly $15.5 billion this year. The cost for a typical company is estimated at approximately $500,000. Regulatory compliance is influencing security practices. Of the 2,540 U.S. business-technology and security professionals who recently participated in our 2005 Global Information Security Survey, an editorial research product of InformationWeek and management-consulting and technology-services company Accenture, more than half report that government regulations have pressured their company to adopt a more-structured approach to information security.

More stories on InformationWeek Research's
U.S. Information Security Survey 2005

  • The Threats Get Nastier
  • Sidebar: A New Type Of Worm
  • Sidebar: Source Of The Problem
  • Report: U.S. Information Security 2005
  • Tool: Compare Your Security Practices

    Accenture

  • Security and Privacy Compliance Download the full article [PDF, 178K]
    Client Successes
  • eCommerce Startup: Secure Infrastructure Implementation
  • European Bank: Electronic Banking Service Reengineering
  • European Mint: Electronic Tax Filing System Infrastructure
  • Health Care Organization: Electronic Information Exchange Solution
  • QinetiQ: Leveraging End User Computing Transformation for Improved Business Productivity
  • Spanish Ministry of Labor and Social Security: Human Services
  • Telecommunications Startup: Technology Environment Security Plan

    • Global Information Security Research Highlights

    The Research Results are In—Accenture and InformationWeek Global Information Security Survey

    Alastair MacWilsonI am pleased to share the results of the Accenture and InformationWeek Global Information Security Survey. In its eighth year, the research examines the security drivers, challenges and opportunities as expressed by 2,540 US business-technology and security professionals.

    The research reveal that regulatory compliance, internal attacks, and the vulnerability of electronic communications—especially instant messaging and e-mail—are among the key factors reshaping data security systems.

    Key Findings:

    • Compliance is reshaping corporate security practices, yet is having little impact on technology decisions.
    • Security attacks are becoming increasingly more sophisticated, yet basic passwords continue to be the most common line of defense.
    • Security breaches are increasingly coming from within, forcing companies to keep tabs on their employees.
    • Vulnerabilities in operating systems and applications—including the use of instant messaging—continue to be common points of entry.
    • Concern continues to grow over privacy and identity theft, yet organizations are failing to provide rigorous protection of customer data.

    Posted by eureka at February 1, 2006 |

    Security and Vulnerability Management

    CA NAMED TOP SECURITY AND VULNERABILITY MANAGEMENT SOFTWARE
    VENDOR BY LEADING MARKET RESEARCH FIRM     Follows IDC's Selection of CA as Top Identity and Access Management Software Vendor
    ISLANDIA, N.Y., December 1, 2004 ? Computer Associates International, Inc. (NYSE: CA) today announced that it has been named the worldwide market leader in Security and Vulnerability Management (SVM) software for 2003 by IDC with a 7.8 percent worldwide market share and revenues exceeding $94 million.

    IDC projects worldwide revenue for the SVM software market to reach $3.04 billion in 2008, representing a compound annual growth rate of 20 percent, according to its report entitled “Worldwide Security and Vulnerability Management 2004 - 2008 Forecast and 2003 Vendor Shares: The Death of Security 3A, Part II.”


    This was the first year that IDC split the classic “3A's” (Administration, Authorization and Authentication) market ? a market that CA had led for the last three years ? into two components, Security and Vulnerability Management and Identity and Access Management (IAM). CA continued to lead both of these individual markets this year. An IDC report issued earlier this month said that CA was the worldwide market leader in IAM software for 2003 with a 15 percent market share and revenues exceeding $300 million. Link

    eTrust? Policy Compliance

    Centralized Security Policy and Configuration Management
    features at a glance
     ・Identify misconfigured IT assets
     ・Create secure configuration baselines and monitor deviations
     ・Provide configuration remediation and measure progress through risk-based reporting
     ・Offer extensible tools and open interfaces for custom security configuration management

    eTrust Policy Compliance provides enterprises with the tools and information necessary to eliminate one of the most overlooked threats to networks ? misconfigured assets. eTrust Policy Compliance helps organizations identify and compare the security configurations of their critical business assets to an established baseline, provides the configuration remediation and measures progress through risk-based reporting. eTrust Policy Compliance provides a comprehensive policy and configuration assessment process to mitigate risk and ensure compliance with security policies, government regulations and industry standards.

    Posted by eureka at February 1, 2006 |

    *eTrust Customer Success

    University of Verona Achieves Centralized, Secure Infrastructure Management Using CA Solutions
    Summary:
    “We immediately recognized in Unicenter all the features we considered indispensable…”-Dr. Giovanni Michele Bianco, Director of Information Services University of Verona Read Full Story | 88 KB PDF

    A href="http://www.tsf.it/" target=_blank>TSF Reduces Risk and Maintains Business Continuity Using CA's eTrust? Solutions
    Summary: "CA's proposal convinced us of the quality of the solution and because it responded most closely to what we already had in mind…. a genuine partnership was formed and new projects emerged that were either developed spontaneously or grew out of other activities." - Michele Martini, Director of Operations and Systems Design, Tele Sistemi Ferroviari Read Full Story | 89 KB PDF


    Fujitsu Services Experiences Significant Enterprise-Wide Savings with eTrust?Antivirus
    Summary: “We were in search of a comprehensive, centrally managed desktop antivirus solution and CA’s eTrust Antivirus was the perfect choice.”-Ian Argile, Operational Information Security Manager, Fujitsu Services Read Full Story | 74 KB PDF


    Europ Assistance Streamlines Access Management with CA's eTrust? Solution
    Summary: "CA, who we knew from our mainframe days, is a leader in management software and a solid organization with whom we can safely build an enduring business relationship." - Agostino Fedeli, Head of Technology and Information Systems, Europ Assistance Read Full Story | 97 KB PDF


    Caixa Laietana Simplifies Access to its Multiple Systems with eTrustR Single Sign-On
    Summary:     "With eTrustR Single Sign-On, we have increased security by eliminating multiple access points and reducing them to just one. For users, the authentication process is totally transparent. The identification and access to systems and applications is automatic. For the IT department, it has also meant more control of identity and access security, as well as the resolution of password related issues." - Javier Alcazar, System Administrator, Caixa Laietana Read Full Story | 343 KB PDF

    ICORDA Offers Total Protection For Customers Through a CA Partnership
    Summary:     “CA’s Total Protection solution and the CA partner team give us the integrated software components and overall support we need to successfully sell in the data protection and storage security space. Our clients really appreciate the peace of mind they get, knowing the solution comes from a first class company and they benefit significantly every day from the reduced down time and business risk as well as from eliminating unnecessary IT costs.” - Marc Brouckaert, Sales Manager, ICORDA Read Full Story | 101 KB PDF

    Posted by eureka at February 1, 2006 |