Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
O.T. COMMON PLATFORM FOR ELECTRONIC HEALTH CARD IN EUROPE
http://www.eurosmart.com/Update/05-11/Eurosmart_PP_HealthCard.pdf
dude_danny
National Agenda for Information Security in 2006
Proposals by the Cyber Security Industry Alliance
December 13, 2005
Interesting Read...
Sorry if posted
https://www.csialliance.org/StateofCyberSecurity2006/Information_Security_Report.PDF
dude_danny
WoW! That's almost a 100% increase from the May projection! Great find Awk! Demand is definitely ramping up.
Thanks,
dude_danny
O.T. NBC, Apple Ink iTunes Deal on TV Shows
By MAY WONG, AP Technology Writer
1 hour, 30 minutes ago
http://news.yahoo.com/s/ap/20051206/ap_on_hi_te/apple_nbc
SAN JOSE, Calif. - NBC Universal has inked a deal with Apple Computer Inc. to become the second network to sell television shows a la carte on Apple's online iTunes store, the companies announced Tuesday.
ADVERTISEMENT
More than 300 episodes from about a dozen prime time, cable, late-night and classic TV shows are now available for $1.99 apiece, viewable on computers or downloadable on the latest, video-capable iPod.
The programming spans from the 1950s to the present, including shows from "Alfred Hitchcock Presents," "Dragnet," USA Network's "Monk," the Sci-Fi Channel's "Battlestar Galactica," and NBC's hit series "Law & Order." Sketches from "The Tonight Show with Jay Leno" and "Late Night with Conan O'Brien" are also for sale.
Apple unleashed a dramatically different way of distributing television programs when it debuted videos for sale on its iTunes Music Store on Oct. 20 with Walt Disney Co.'s ABC as its first network partner. Customers have since downloaded more than three million videos.
The latest deal expands Apple's TV catalog from five shows to 16.
Terms of the deal were not disclosed.
For NBC, the move is part of its growing digital distribution strategy to be "as ubiquitous as possible," Jeff Zucker, president of General Electric Co.'s NBC Universal Television Group, said in a phone interview.
The network recently signed a deal to begin selling replays of its most popular shows on an on-demand basis through satellite TV provider DirecTV Group Inc., and last month announced it is collaborating with Sprint Nextel Corp. to make Leno's monologue and comic sketches available on mobile phones.
NBC had been in talks with Apple's chief executive Steve Jobs since the beginning of the year as Apple was developing its new video-playing iPod, Zucker said.
"Seeing how well it's been received by the consumer has given us a lot more comfort and confidence with it," Zucker said of the downloadable TV shows. "As long as our content is protected from piracy, then there will be no barriers."
"There's certainly more to come," he said.
Videos sold on iTunes are wrapped in Apple's copyright-protection technology, which allows users to store their purchased content on up to five computers and transfer them to iPods. Users cannot copy the TV shows to a CD, DVD or the Internet.
An optional cable can be used to display an iPod show on a regular TV.
dude_danny
Dell Recognized As Most Reliable PC Manufacturer In North America
Sorry if posted.
http://www10.mcadcafe.com/nbc/articles/view_article.php?section=CorpNews&articleid=217761
Frost & Sullivan CEO Choice Award Salutes Best Overall Quality, Price vs. Performance
ROUND ROCK, Texas—(BUSINESS WIRE)—Oct. 27, 2005— For the second consecutive year, Frost & Sullivan has presented Dell (NASDAQ:DELL) with its CEO Choice Award for the most reliable manufacturer of notebook computers. This year, Dell also received the CEO Choice Award for the most reliable manufacturer of desktop computers in North America.
Frost & Sullivan's latest poll of company CEOs and presidents ranked Dell notebooks as most reliable by a margin of almost two to one, while Dell desktops received, in the same measurement category, more than three times as many votes as the nearest competitor.
Dell notebooks and desktops placed No. 1 in several measurement categories, including overall quality and price vs. performance. Dell also took the top spot in notebook customer service, receiving four times the number of votes as the nearest competitor.
"These results indicate the preference of the leaders of the professional world using, as well as recommending, Dell notebook and desktop computers," said Katerina Konstantinou, research executive, Frost & Sullivan. "The 2005 CEO Choice Awards recognize the company's commitment to quality, reliability, performance and customer service at a reasonable price."
Frost & Sullivan, a leading growth consulting and market research company, conducted its most recent CEO Choice Mobile Computing and Personal Computing Surveys in early 2005. The surveys assess preferences, views and opinions on a range of performance characteristics in mobile and personal computing.
About Dell Enterprise Client Products
Dell offers a comprehensive portfolio of enterprise client products addressing a full range of business requirements and customer usage models. These systems -- from the sleek 2.5-pound(1) Latitude X1 notebook to the next-generation OptiPlex GX620 desktop -- integrate some of the latest technologies to deliver outstanding performance, reliability and security.
Dell adheres to stringent quality and reliability levels. For example, computer systems under development undergo thousands of hours of testing to validate designs that help protect against a variety of bumps, drops and shakes, temperature extremes and even liquid spills on keyboards.
Technical specifications and product information for Latitude notebooks and OptiPlex desktops can be found at www.dell.com/latitude and www.dell.com/optiplex.
About Frost & Sullivan
Frost & Sullivan, a global growth consulting company, has been partnering with clients to support the development of innovative strategies for more than 40 years. The company's industry expertise integrates growth consulting, growth partnership services and corporate management training to identify and develop opportunities. Frost & Sullivan serves an extensive clientele that includes Global 1000 companies, emerging companies and the investment community by providing comprehensive industry coverage that reflects a unique global perspective and combines an ongoing analysis of markets, technologies, econometrics and demographics. For more information, visit www.frost.com.
About Dell
Dell Inc. (NASDAQ:DELL) is a trusted and diversified information-technology supplier and partner, and sells a comprehensive portfolio of products and services directly to customers worldwide. Dell, recognized by Fortune magazine as America's most admired company and No. 3 globally, designs, builds and delivers innovative, tailored systems that provide customers with exceptional value. Company revenue for the last year was $52.8 billion. For more information about Dell and its products and services, visit www.dell.com.
(1) Weights vary based on configuration and manufacturing variability.
Dell is a trademark of Dell Inc.
Dell disclaims any proprietary interest in the marks and names of others.
dude_danny
Leveraging an Identity Map for Regulatory IT Compliance
2005-10-17 12:00:00.0 CDT
http://www.s-ox.com/Feature/detail.cfm?articleID=1159
Sorry if posted.
By Brian Milas
In striving to meet regulatory requirements, reduce costs or improve security and user productivity through automated provisioning and password management projects, companies often find themselves facing a seemingly insurmountable problem of dispersed and inconsistent information on users' identities and resources. Mapping corporate identities allows enterprises to associate people with their resources and access permissions ("who has what?"). This helps establish a clean authoritative source of who has access to specific information.
Regulatory requirements such as HIPAA, Sarbanes-Oxley, and Graham-Leach-Bliley, focus on the identification of digital assets and access rights. Automated provisioning software assists in enforcing access requirements by addressing authentication, access controls, user account management, and real time auditing and reporting capabilities.
Enterprise provisioning software can manage users’ digital identities, access rights, and resources through their entire corporate lifecycle - from on-boarding, internal change, and termination. This is accomplished by looking at who is present (Authentication Management and Access Control), how they are managed (User Management, Delegated Administration, Workflow) and what do they really need access to (User Provisioning and De-Provisioning) - all in a self-service manner that puts the information in the hands of those who know it best - the business line managers.
This article explores identity mapping and how to establish processes that will enhance an enterprise’s ability to ensure consistently updated information, authoritatively identify each resource to which a user has access, and provide detailed audit information to achieve regulatory compliance.
WHAT IS AN IDENTITY MAP?
Mapping corporate identities allows enterprises to associate people with their user identities and resources (“who has what?”) in order to establish a single authoritative source. Identity mapping projects are designed to identify many different kinds of resources including valid and assigned resources, orphaned resources, dormant (unused) resources, administrative resources or system resources.
User provisioning and password management software that is directly linked with an identity map ensures the secure association of people and resources required for secure, self-service, pre-approved or delegated identity management. This association of resources means that users can only manage the accounts that are appropriate for the person(s) being managed. The result of this automated identity management approach is increased efficiency and reduced support costs, as well as improved security and the ability to achieve regulatory compliance.
USINNG IDENTITY MAPPING TO IMPROVE SECURITY AND DECREASE COSTS
Having a map of all users and their associated resources allows enterprises to immediately act upon vulnerable accounts according to their security policies. For example, orphaned accounts - credentials on systems that are not associated with a valid subject in the organization – create a security loophole and access verification challenge.
Orphaned or unassigned accounts are typically remnants from an employee who has left the company, an employee who has transitioned to another role, or a contractor whose engagement has ended. Duplicate accounts may also be identified in organizations where seasonal workers return to a job and a new account is established instead of simply re-enabling the worker’s previously assigned account. Duplicate accounts are vulnerable to abuse from both internal and external sources. Security analysts estimate that as many as 20-25 percent of the accounts within an enterprise fall into the orphaned category. Having a map of all users and their associated resources allows enterprises to immediately act upon vulnerable accounts according to their security policies.
Automated provisioning and de-provisioning enables the business manager or IT Security staff to deactivate all of the access rights of employees, partners, and contractors as soon as their relationship is terminated. This immediate termination of access rights dramatically improves security. By automatically terminating access rights, enterprises can decrease costs associated with security breaches
An identity map may extend beyond traditional accounts to include other IT and non IT resources such as software licenses, cell phones, cell phone plans, computers, desks, or other non-IT assets. Timely and correct termination, de-allocation, or return to inventory of these resources can help reduce operation costs associated with items that are no longer in use. With integrated identity management software, enterprises are able to tighten security and reduce costs while efficiently solving a complex IT problem.
USING AN IDENTITY MAP TO ACHIEVE REGULATORY COMPLIANCE
Regulatory requirements such as HIPAA, Sarbanes-Oxley, and Graham-Leach-Bliley, put more focus on the identification of digital assets and access rights. Automated identity management software assists in enforcing access requirements by addressing authentication, access controls, user account management, and real time auditing and reporting capabilities. Identity management software can manage user’s digital identities and access rights through their entire corporate lifecycle by looking at who is there (Authentication Management and Access Control), how they are managed (User Management, Delegated Administration, Workflow) and what they really need access to (User Provisioning and De-Provisioning) – all in a self-service manner that puts the information in the hands of those who know it best – the business line managers.
The problem with compliance from an IT perspective is that identity information is scattered throughout the enterprise. Corporations have a variety of users as well as many different types of applications and different identities across different platforms such as Active Directory, UNIX, and mainframe.
Achieving regulatory compliance today requires IT to:
• Establish consistent and repeatable business processes;
• Ensure that sensitive information can only be accessed by employees who need it to perform their job;
• Immediately delete access to information upon employee termination;
• Provide detailed audit information.
By establishing consistent identity mapping processes, enterprises can ensure consistently updated information, identify each account to which a user has access, and enhance their ability to achieve regulatory compliance.
OVERCOMING POLITICAL BARRIERS WITH IDENTITY MAPPING
By definition, effective identity management initiatives cross organizational and operational boundaries. The ability to pull information from different identity sources and utilize that information with disparate views to drive policies is both the blessing and curse of identity mapping processes. In order to successfully manage effective identity management and mapping initiatives, the IT department needs to present them as a solution that aligns to corporate initiatives, improves the existing business processes, provides technology that maps to the business, and ultimately provides the flexibility to match the way the company works today, as well as into the future.
In order to gain cross-functional support, IT is also wise to ensure that the identity mapping and larger identity management initiative is not intrusive to the lines of business. By being able to align the project with business goals and initiatives, IT can demonstrate how implementing identity mapping can help the enterprise run more efficiently and show incremental and measurable returns along the way.
An important component of identity management and identity mapping solutions that will impact the ultimate success of the overall projects is the requirement to not force a schema or process onto the business based on the proposed technology – but in fact to do just the opposite – utilize technology whose schema and processes adapt to the existing organization. This also ties into the need to be able to demonstrate real flexibility in making the identity mapping and larger identity management initiative map to the way the enterprise works today, and to show that it has the flexibility to mirror the inevitable changes that the organization will encounter moving forward.
Successful cross-functional deployments are all about the politics of reducing risk, reducing costs, minimizing impact and maximizing return. Identity mapping provides an excellent way for IT to introduce larger identity management initiatives to the enterprise, easing concerns and gaining cross-functional support.
BUILDING AN EFFECTIVE IDENTITY MAP
At its core, an identity map identifies “who has what”. Several different techniques may be used to construct the identity map - from a fully automated approach to a manual approach. Each offers pros and cons to be weighed against the requirements of the business and the user community being targeted. Once in place, the identity map is updated by the provisioning system as resources are added or deleted from the infrastructure.
The key to implementing a successful identity mapping process is to link a person’s profile to the accounts and resources assigned to them and store this information in a data repository. Identity management solutions leverage this capability to enable individuals, managers, security, or support staff to manage the resources appropriate to their profile for use in compliance, provisioning or password management activities.
Automated Approach
An automated approach to building an identity map involves using mapping rules to determine “who has what”. First, resources in the infrastructure (usually accounts) are discovered and inventoried. Next, mapping rules are applied to associate accounts on the target systems to individuals in the organization. Mapping rules typically use information about people (first name, last name, email address, location) and resources to locate the accounts that they are using. The rules accommodate the different naming conventions on target systems and name conflicts such as John Q. Smith and John A. Smith. The map is built and maintained on a scheduled basis making mapped resources available for use in provisioning, compliance and password actions.
Automated identity mapping generally consists of four steps: 1. Discover the accounts on systems in the infrastructure and move to a staging area.
2. Apply exclusions on accounts and profiles that are not part of identity management (i.e. system, admin or other sensitive accounts).
3. Run mapping rules that match profiles and accounts. Mapping rules may vary by company, business unit, geography, platform, etc. The mapping rules must be able to handle this level of complexity to be effective.
4. Apply manual mappings that have been pre-defined in the system Typically resolved by an administrator, these mapping represent conflict resolution or mapping of accounts that are not covered by any rules.
PROS: The automated approach provides the most streamlined end user experience, as the individuals are not required to take any action. The map quickly provides a view of orphaned resources that could not be associated with a person.
CONS: With this technique the administrator is responsible for refining the mapping rules, resolving conflicts, resolving unmapped resources, and excluding administrative resources.
Manual Approach
A manual approach, or resource claiming, requires owners to identify or “claim” the resources that they use or manage. The claiming process may require the owner to validate that they are entitled to “own” the resource. For example, when the resource is an account, the owner can be challenged to login and authenticate with its credentials. Once authenticated, the identity map associates the account with the owner.
Another variation is an administrative claim, or assignment of a resource to an owner. For example, an IT security administrator might simply assign accounts to John Q. Public without authenticating to the accounts. This approach is useful when a privileged user needs to manage the identity map, adding and removing entries in a manual fashion.
PROS: Resource claiming provides a quick way to deploy and begin building an identity map. Mapping rules and conflict resolution rules are not required to for the claiming process. When authentication is used with claiming, the additional verification provides a level of protection to ensure correct assignment of resources to owners in the identity map.
CONS: This technique increases the time it takes to build a complete identity map, depending on the rate at which users adopt the new process and claim their resources. This approach relies on resource owners (users) adding resources to the map. It also places some burden on the end users. End users must understand how systems and applications are named, then submit their account names and credentials for verification. Thus, the completeness of the resources available in the identity map for compliance, provisioning or password management may be delayed as well. Because orphan and unused resources are based on the identity map, their identification may be delayed as well.
Hybrid Model
By combining elements of automated identity mapping with elements of claiming, a hybrid model can be used to build the identity map. Suggestions are used in the context of claiming to propose the resource that the system believes should be associated with an individual. These suggestions are based on mapping rules that are similar to those used in the fully automated approach. Once resources are selected from the suggestion list, the various claiming methods are employed to add the resources to the identity map. Suggestions help guide the end users through the claiming process, reducing some of the complexity of a pure claiming approach. The speed at which the identity map is built and the time to completion is still, in part, dependent on the adoption rate of claiming.
The identity mapping process, no matter which approach is taken, generates a list of unmapped accounts where no profile was matched - conflicts where two or more profiles were matched or other aspects of the rules may have moved them into the unmapped category. The set of unmapped accounts is the candidate list of orphaned accounts that can then be dealt with according to the security policy.
IMPROVING ACCOUNTABILITY WITH IDENTITY MAPPING
In today’s constantly evolving marketplace, the ability to perform identity mapping across an enterprise has become a corporate imperative. An identity map provides a central view of “who has what” that is leveraged for performing compliance and attestation actions, provisioning actions and password management. By tracking “who has what,” the identity map also shows resources that are not owned by a subject. These orphaned or unused resources are a potential security risk that can be addressed with deprovisioning or disablement.
Identity mapping solutions can help to ensure consistently updated information. It allows enterprises to authoritatively identify each resource to which a user has access and provide detailed audit information to achieve regulatory compliance while reducing operational costs and improving security.
dude_danny
Todd DeLaughter, temporary head of Software Business at HP is actively involved with Liberty Alliance Strong Authentication Expert Group along with Wave
http://66.102.7.104/search?q=cache:k5V0auP_2Z0J:www.projectliberty.org/press/details.php%3Fitem_id%3...
dude_danny
O.T. HP software head resigns
By Dawn Kawamoto
Staff Writer, CNET News.com
http://news.com.com/HP+software+head+resigns/2100-1014_3-5978519.html
Published: December 1, 2005, 9:11 AM PST
TalkBack E-mail Print TrackBack
Nora Denzel, the head of Hewlett-Packard's software business, has resigned, marking the latest executive roster change under CEO Mark Hurd, who was appointed to his role earlier this year.
Denzel, senior vice president and general manager of HP's global software business unit, has resigned for "personal reasons," an HP spokeswoman said. Denzel's last day will be Dec. 9.
Todd DeLaughter, general manager of HP's OpenView system management software business, will serve as interim head of the global software business unit. HP will conduct a search for a permanent replacement.
"HP admires Nora for her many contributions to HP and for bringing the business to profitability in the fourth quarter," the company stated.
In other news:
Web rebirth for desktop apps
What's the 411 for VoIP 911?
Laptops getting extreme makeovers
Finding harmony among iPod rivals
Denzel, a five-year HP employee, oversaw a business unit that largely posted quarterly operating losses during the past two years, despite generating double-digit revenue increases, according to the company's financial statements.
Hurd, who previously served as NCR chief executive before joining HP, has previously said he uses a set of metrics to gauge the performance of business units. Industry analysts have characterized him as having a strong operations background.
Since his appointment as CEO in March, Hurd has instituted several changes in HP's executive ranks. In July, Hurd named Randy Mott, former chief information officer from archrival Dell, as HP's new CIO. And in June, he separated the PC and printer businesses and named former PalmOne CEO and Gateway executive Todd Bradley to oversee the PC end of the business.
dude_danny
O.T. Electronic Rx Could Solve Physician Penmanship Problem
Friday, November 25, 2005
http://www.foxnews.com/story/0,2933,176708,00.html
LOS ANGELES — Doctors' poor penmanship is a long running joke, but there's nothing funny about a pharmacist trying to fill a prescription and being unable to accurately decipher a physician's sloppy scribbles.
The consequences of a mistake can be severe, if not fatal. But now, if a new initiative in Nevada catches on, doctors throughout the state may soon be trading in their prescription pads for mouse pads. The idea? Doctors would email prescriptions to pharmacists rather than having patients deliver hand-written instructions.
"Once our doctors saw the advantages of electronic prescribing, I think they could never go back to handwriten prescriptions," said Dr. Craig Morrow, an internist at Las Vegas' largest medical group, Southwest Medical Associates, and advocate of electronic prescriptions. "It saves lives. It is much more accurate. The system will alert you of allergic reactions, drug interactions and it's a huge improvement," he said.
"I don't know how pharmacists read our writing," said Dr. Anthony Marlon, CEO of Sierra Health Services, Nevada's largest health plan. "It's terrible."
Doctors who support the initiative say the computer is safer and faster because prescriptions would be filled by the time the patient arrived at the drugstore. The program would also save patients money because it automatically checks for generic drugs.
"We got a 10 percent bump in the utilization of generics," Dr. Marlon said. "That saves everybody money," he said.
The main objection to the program is privacy concerns, fears that medical information could be compromised, mishandled or used for more intrusive marketing by insurance and drug companies.
"There's always potential [for privacy breaches] with hackers or a misdirected prescription," said attorney Michael McCue. "There's always the potential for divulging a patient's prescription information to someone unintended."
Nevada's program would be the first statewide electronic prescription program, though other places are trying it as well. The idea is supported by the White House and has bi-partisan support in Congress. This summer, Sens. Hillary Clinton, D-N.Y., and Bill Frist, R-Tenn., joined forces to rally support for a measure that would computerize all medical records, not just prescriptions.
dude_danny
Security concerns dog U.S. online shoppers, says survey
http://www.computerworld.com/securitytopics/security/story/0,10801,106462,00.html?SKC=security-10646...
News Story by Martyn Williams
NOVEMBER 22, 2005 (IDG NEWS SERVICE) - Despite the increasing size of the online shopping market, one in four U.S. consumers won't shop online during the upcoming holiday season because of concerns over buying goods online, according to the results of a survey published on Tuesday.
A major concern of consumers when shopping online is that their personal information will be sold to a third party, according to the survey, which was commissioned by the Business Software Alliance and conducted by Forrester Custom Consumer Research. The results found 79% of the 1,099 U.S. consumers surveyed worried about such a sale of their information.
Another big concern was identity theft (74%), and consumers were also worried about spam, credit card fraud and computer viruses, the survey found.
Users are turning to technology to fight against some potential online annoyances like spyware and spam. Just over four out of five reported they are running antivirus software (81%), while levels were lower for antispyware software (67%), e-mail filtering and spam blocker software (65%), and firewalls (63%).
Almost three quarters of users are concerned about buying and selling goods through online auction services, the BSA reported.
More details of the survey and tips on how users can protect themselves online can be found at the BSA's Web site.
dude_danny
Fear of identity theft bad for business, survey finds
Companies that lose customer data risk losing the customer
http://www.computerworld.com/securitytopics/security/story/0,10801,106505,00.html?SKC=security-10650...
News Story by Nancy Gohring
NOVEMBER 23, 2005 (IDG NEWS SERVICE) - Most online shoppers say they will take their business elsewhere if they find out their personal information was compromised, according to a survey of U.S. Internet users. The results of the study show that consumers are aware of identity theft and that companies are likely to lose business if they fail to handle customer information securely.
Two-thirds of adults with Internet connectivity who participated in the survey expect to shop online this holiday season, with 14% of them planning to do half or more of their holiday shopping online. But 67% of Internet users who were part of the study said they were likely to stop shopping at an online store if they found out that their personal information was compromised.
Half of the respondents said they were likely to switch financial institutions if they found out that their personal data stored by the bank had been compromised.
An increasing awareness of identity theft may be driving these Internet users to say they’ll change their behavior if their personal information is threatened. Thirty-four percent of those surveyed said they’d either been a victim of identity theft or they know someone who has been a victim. Eighty-three percent said they think people are more likely to become victims of identity fraud around the holidays.
The study was commissioned by Sun Microsystems Inc. and carried out by Harris Interactive Inc. More than 2,000 adults across the U.S. took part in the research.
Sun warned that consumers should be careful when releasing information such as Social Security numbers and said that companies need to mitigate the risk of identity threat by employing security mechanisms.
dude_danny
Mobile Platform: Technical Perspective
Justin (Joon Sung) Hong
Software Center, Samsung Electronics
http://diplab.snu.ac.kr/courses/2005f/tds/lectures/Mobile_Platform___Technical_Perspective__SNU.pdf
sorry if posted.
p.17 Atmel TPM?
p.20-23 TC/ARM Trustzone
dude_danny
Happy Birthday OknPV! and Happy Thanksgiving to you and your family!
dude_danny
O.T. TiVo Inc. Expands to IPods and PSPs By MAY WONG, AP Technology Writer
50 minutes ago
http://news.yahoo.com/s/ap/20051121/ap_on_hi_te/tivotogo_expands;_ylt=AmLR7AyUHTf.VXV9QQDegoGs0NUE;_...
SAN JOSE, Calif. - TiVo Inc. is expanding its video recording service so users will be able to transfer recorded television shows onto Apple Computer Inc.'s iPods or Sony Corp (NYSE:SNE - news).'s PlayStation Portable — the latest move aimed at putting TV in people's hands for viewing anywhere.
The enhanced TiVoToGo feature being announced Monday will also add more copy-protection measures to discourage possible copyright abuse that would anger Hollywood.
TiVo officials said shows recorded via TiVoToGo will have digital watermarks. The extra encoding will follow the copied program wherever it goes, giving TiVo the ability to trace the origin of a transferred program that might get posted freely onto the Internet.
With its introduction in January of TiVoToGo, the digital video recording pioneer gave its broadband Series2 subscribers the ability to transfer recorded shows to Windows-based PCs and laptops as well as portable media players. But the service was available only to devices compatible with Microsoft Corp.'s Portable Media Center platform, such as Creative Technology Ltd.'s Zen.
Now, by adding support for the MPEG-4 video format, TiVo hopes to capitalize on the popularity of iPods and PSPs, which are among today's hottest handheld gadgets with video capabilities.
"There's a lot of flexibility now in the devices we support, and this puts choices in the consumer's hands," said Jim Denney, TiVo's vice president of product marketing.
Some tech-savvy owners of the new video-playing iPod or PSP have already figured out on their own how to sync TiVo shows with the portable players, but the process involves video format conversions that many consumers would rather not tackle.
TiVo will now do the conversions in the background.
The new service feature will be available Monday for current TiVo subscribers as a beta test and for the general public in the first quarter of next year.
Consumers would need certain video encoding software on their computers, provided by TiVo or purchased elsewhere for about $15 to $30 in stores.
The enhanced TiVoToGo also will allow users for the first time to set their TiVos to automatically load new recordings of their favorite programs to portable gadgets via their PC. The recordings would be transferred overnight, similar to how shows are downloaded to TiVo boxes overnight for those who request automatic recording of certain programs.
Don't expect instant gratification: The transfer process from a TiVo Series2 set-top-box to a PC — a necessary step before syncing to a portable — occurs roughly in real-time. An hour-long show will take an hour to transfer to the PC, then roughly another 10 minutes or so to sync to a portable device.
dude_danny
Punish poor information security setups
11/08/05
By Alice Lipowicz
Staff Writer
http://www.washingtontechnology.com/news/1_1/security/27391-1.html
Congress may want to consider penalizing organizations and companies that have poor information security policies that contribute to a major loss of sensitive information, according to a new Congressional Research Service report on cybersecurity.
Other policy questions Congress may choose to consider are whether computer product vendors should report quickly all serious, newly discovered vulnerabilities to the Homeland Security Department, and whether computer service providers and businesses should be required to report to DHS any “major security vulnerabilities that have been newly exploited by cybercriminals,” the report said.
The CRS report, “Terrorist Capabilities for Cyberattack,” states that security experts disagree about whether global terrorists are capable of launching a successful cyberattack against U.S. civilian critical infrastructure, and whether such an attack would seriously disrupt the U.S. economy.
However, tighter physical security may be encouraging terrorists to turn to cybersecurity, either by developing new computer skills themselves or by aligning with cybercriminals, the CRS report said. Those new capabilities may be used in an online terrorist attack with the intent of crippling IT infrastructures, or to finance a more conventional terrorist attack against facilities or people.
There is evidence that terrorists are gaining understanding of IT and have expanded their recruitment of people skilled in computer sciences, engineering and mathematics, the report said. Several recent terrorist events appear to have been funded partially through online credit-card fraud.
Whether it is linked with terrorism, cybercrime is increasing dramatically. The report cites research by IBM Corp. stating that during the first half of 2005, criminal-driven computer security attacks increased by 50 percent, most frequently targeting government agencies and industries in the United States.
Policy issues for Congress include evaluating whether counterrorism efforts ought to be linked more closely with international efforts to prevent cybercrime, the CRS report said. Also, there are policy questions about whether the Defense and Homeland Security departments ought to collaborate more closely to strengthen the computer security of civilian agencies and infrastructure.
The report identifies five pieces of legislation before Congress related to improving national computer security: H.R. 285, 744, 1817 and 3109 and S. 768.
dude_danny
Intel releases chips that can divide PCs
By Chris Nuttall in San Francisco
Published: November 14 2005 18:11 | Last updated: November 14 2005 18:11
Intel has released its first desktop processors featuring technology that allows computers to divide themselves into several virtual PCs.
Intel’s Pentium 4 chips using its new Virtualisation Technology will initially be found in computers by Acer, Founder, Lenovo and TongFang.
Virtualisation has become an industry buzzword – it offers businesses greater efficiencies and security by allowing servers and PCs to do the work of two or more computers. Software partitions the machines into compartments running different operating systems and applications, with any viruses confined to just one part of the computer.
“Analysts believe virtualisation is one of the most disruptive technologies to the PC in a decade,” said Robert Crooke, general manager of Intel’s business client group.
“Our technology combined with industry enabling efforts are going to help bring this into the mainstream.”
dude_danny
Thanks Awk.
dude_danny
Larry...from Awk's find, he underlined "and is bundled with security software tools". I'm thinking that this may be Wave ala ie. ETS. IMO. I would ask Awk to comment.
Regards,
dude_danny
Good find Awk! It seems that they are really proud of being in TCG, stating that fact in the first sentence of their company profile. Another interesting note is that they are located in Amherst, Massachusetts, about an hour from Wave's HQ.
BlueRISC, Inc., a member of the Trusted Computing Group, was founded in 2002 by Dr Csaba Andras Moritz, Dr Israel Koren, Dr Mani Krishna and Dr Vijay Lakamraju. BlueRISC took on the vision to develop, from ground-up, a processor and compilation technology that provides unprecedented security without compromising performance, power consumption, and area/complexity, and without being limited by compromises due to decade-old instruction sets, performance-driven mindset, compatibility, and legacy issues.
The promise of security in current systems built with primarily performance-focused mindset is countered by daily news about security break-ins at all system layers. BlueRISC products aim to be the "root-of-trust" in future computing and mobile systems and can also work in conjunction with existing processors/system solutions. BlueRISC solution is tightly coupled with the emerging security centric platforms and the Trusted Computing Group overall objectives for the computing and mobile world.
BlueRISC has assembled a talented team of executives and advisors with cutting-edge experience from leading semiconductor and software companies as well as academia. Its technical team is composed of senior engineers (several PhDs) specialized in CPU architecture, chip development, compiler design, low power design, and security. BlueRISC has been led since inception by Dr Csaba Andras Moritz and is headquartered in the beautiful town of Amherst Massachusetts with offices in California. BlueRISC is privately held. It is a winner of 4 NSF awards and has filed several patents on its technologies. For further information please contact marketing@BlueRISC.com.
dude_danny
Dell hypes clusters and printers in Dublin
http://www.enn.ie/frontpage/news-9650699.html
Dell hypes clusters and printers in Dublin
Wednesday, October 26 2005
by Ciaran Buckley
Ireland is one of Dell's most advanced markets for the adoption of server clusters, a trend driven by green-field industrial sites and cost considerations.
This was one of the facts revealed at the Dublin stop of the Dell Technology & Solutions Tour, which took place in UCD on Wednesday. The tour stops off at around 20 locations in Europe every year.
This year the computer hardware giant provided demonstrations of its latest multi-core servers and printers. It also demonstrated the network management, storage and security products offered by its partners.
Irish customers have been particularly receptive to Dell's Intel-based server clusters, John Fruehe, head of enterprise systems group marketing at Dell, told ElectricNews.Net.
He attributed this to the number of green-field industrial sites that have developed in Ireland over the past ten years, which have no legacy mainframe or mid-range computer systems. Cluster servers -- which are also sold by Dell's competitors such as Hewlett-Packard and Sun Microsystems -- have been gaining market share from traditional mainframes and UNIX servers because they can run enterprise applications on low-cost hardware.
Dell has also enjoyed significant success in the public sector server market, particularly in the US. Fruehe said that the move to server clusters have helped to provide value for money to the US public sector. He said that public universities and research institutes have adopted cluster computing because low-cost servers are sufficiently powerful for high-end computing. He said that less tech-savvy government offices -- such as the Texas Department of Motor Vehicles -- are using clustered servers because they have a lower maintenance overhead than older server systems.
Dell was also promoting its imaging products, including its range of colour photo printers. John Kelly, Dell's imaging and printer manager for the UK, told ElectricNews.Net that although it is still cheaper to print photographs in a pharmacy or from a photo booth, the adoption of colour photo printers will be driven by convenience rather than by price.
Dell is also looking at ways to reduce the cost of its ink cartridges. Kelly said that the WEEE directive, which requires Dell to take back empty ink cartridges, will help to reduce the cost of printer ink. Kelly said that Dell already has a programme whereby it charges less for recycled laser printer cartridges, as part of a use-and-return programme.
dude_danny
New Data Security with SQL Server 2005
http://www.theserverside.net/news/thread.tss?thread_id=37294
Posted by: Paul Ballard on October 26, 2005 @ 03:39 PM
Microsoft has released a new Technical White Paper on using SQL Server 2005 Encryption to secure important data. The document is based on Microsoft's own internal usage of encrypted SQL Server including meeting mandated regulatory statutes, sample implementations, and best practices for key management.
This document shares Microsoft IT experiences with these security strategies and with SQL Server 2005 encryption capabilities. Because many SQL Server 2005 pilot projects are currently in progress, Microsoft IT has learned valuable lessons and best practices that relate to data consolidation and encryption in the Microsoft IT LOB application space. Because Microsoft IT requirements are among the most challenging in the world, the strategies that Microsoft IT develops and the lessons that Microsoft IT learns through the deployment of SQL Server 2005 should provide meaningful guidance to corporations that want to deploy a SQL Server 2005–based encryption and key management framework.
After a brief executive introduction the paper outlines the regulatory compliance required for data storage including Sarbanes-Oxley, HIPAA, etc. It then provides an overview of encryption such as symmetric, asymmetric, and hybrid.
The paper then describes the application environment for three separate database systems implemented with SQL Server 2005 encryption including a description of SQL Server 2005's encryption capabilities.
SQL Server 2005 includes many security-related features that help protect the data in an organization. SQL Server 2005 includes password policy enforcement, a strong authentication functionality, and a granular hierarchical permissions model. SQL Server 2005 also includes a built-in data encryption capability. This column-level encryption capability is enhanced by an integrated and hierarchical infrastructure for managing encryption keys. Built-in encryption functions and application programming interfaces (APIs) make it easier for an organization to create an encryption security framework.
dude_danny
Internet use in Europe: security and trust
http://epp.eurostat.cec.eu.int/cache/ITY_OFFPUB/KS-NP-05-025/EN/KS-NP-05-025-EN.PDF
dude_danny
Financial Firms Declare War On Hacking
Sorry if posted
The focus is on eliminating vulnerabilities by building security into applications rather than relying on perimeter security tools.
By Steven Marlin, InformationWeek
Sept. 22, 2005
URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=171100277
Financial-services companies are ramping up efforts to protect themselves from hacking incidents, especially ensuring that software developers and business units take responsibility for building security into their applications.
The focus of application security is "evolving from the perimeter," said Wendy Walasek, VP at Morgan Stanley & Co., at the Cyber Security Executive Summit in New York Thursday. The company has taken a multifaceted approach to information security, including developing security "blueprints," providing developers with tools and services for information security, and training.
Information-security experts can help developers by pointing out potential vulnerabilities, such as exposure to an "SQL injection attack," said Walasek, referring to a form of attack that bypasses firewalls to steal information from a database or gain access to an organization's host systems.
The consciousness level of business users has been raised by the barrage of incidents involving lost and stolen data this year, as well as regulations such as Sarbanes-Oxley that stress the need for security access controls.
"Users are more accepting of the need to build security into applications," said Jennifer Bayuk, chief information security officer at Bear, Stearns & Co. Business users are consulting with information-security staff prior to launching IT projects, she said.
At Investors Bank and Trust Co., which administers $1.4 trillion in assets, all high-risk applications are subjected to tests called "ethical hacking attempts," said Kevin O'Neil, director of application security architecture. In addition, all source code is scanned for security flaws prior to being put into production.
Given the right tools and education, developers can easily build secure software that eliminates many vulnerabilities. The idea is to "engage developers by teaching them defensive security techniques," O'Neil said.
Web-facing applications make a particularly tempting target for hackers. Rather than penetrate perimeter defenses, attackers can, in effect, walk through the front door by taking advantage of weaknesses in the code used to authenticate users. On Monday, Symantec Corp. released its Internet Security Threat Report, covering the six-month period from Jan. 1 to June 30, 2005, which said that hackers are devising new methods of using malicious code to target desktops rather than enterprise perimeters. During the first half of 2005, malicious code that exposed confidential information represented 74% of the top 50 malicious code samples reported to Symantec, up from 54% in the previous six months.
Action also is being taken to stop phishing and pharming attacks, with which thieves trick consumers into disclosing access credentials such as user names and passwords. M&T Bank, a $52-billion asset institution, uses regular mail instead of E-mail to communicate with its online banking customers, said John Walp, VP of network security solutions. It's also experimenting with different techniques around spam filtering, he said.
dude_danny
O.T. Apple and Disney herald new media era
By Richard Waters in San Jose, Joshua Chaffin and Paul Taylor in New York
http://news.ft.com/cms/s/3fe6085e-3b43-11da-b7bc-00000e2511c8.html
Published: October 12 2005 19:11 | Last updated: October 12 2005 21:33
Walt Disney and Apple Computer are to sell episodes of Desperate Housewives and other television shows over an iPod device capable of playing video.
The companies made the announcement on Wednesday at an unveiling of the video iPod in Silicon Valley. The device, to go on sale next week, features a 2½in colour screen and can hold up to 150 hours of video as well as music and photos.
The agreement marks a potential milestone in the migration of traditional media to digital distribution devices such as the iPod. It is a development that could further challenge the traditional model of broadcast television and allow consumers to view television, films and other content when and where they choose.
It also represents the first bold move by Robert Iger since he took over as chief executive of Disney on October 1, and demonstrates his vision of using technology to increase sales of the company's prized television and film content. “For the first time ever, prime-time shows can be purchased online the day after they appear on TV,” he said.
Apple shares down despite ‘best quarter’
Strong sales of the iPod portable digital music player and “staggering” demand for the new Nano player helped Apple Computer report surging fourth quarter sales and profits. However, shares fell as revenues fell short of expectations.
Go there
Media companies have envisaged a shift towards selling movies, television and other content online in the same way they sell music through iTunes and other digital stores.
However, they have trodden cautiously because of concerns about piracy and cannibalising revenue from other streams, such as DVDs or the television syndication market. There is also the complication of negotiating new digital rights among producers and distributors.
For Apple the launch of the video iPods is expected to give iPod sales a further fillip and consolidate Apple's position as the leader in the market for portable digital content players.
The video players, slightly thinner than music iPods, will come in a 30Gb (gigabyte) and 60Gb model, priced at $299 and $399, respectively. They will be available in black and the iPod's traditional white.
The iTunes store, which will sell music videos for $1.99, has a library of 2,000 offerings, including animated short films from Steve Jobs's other company, Pixar.
Apple has sold more than 28m iPods since their introduction in October 2001 and now has about 75 per cent of the market for digital music players. The success of the hard-drive-based iPod and other digital music devices, including the pencil-sized Nano launched last month, has helped underpin Apple's financial rebound highlighted by the company's strong fourth-quarter results earlier this week.
Apple has continued to improve and refresh the iPod line-up many times since its introduction.
dude_danny
Sinosun's Customers
http://www.sinosun.com.cn/eng/marketing/index.asp
Practically all of Sinosun's present customers are banks and financial services companies...
dude_danny
http://eval.veritas.com/downloads/con/Bank_Security_News_2005.pdf
page 4
TRUSTED PLATFORM MODULE (TPM) CHIP
Description: The TPM method uses a chip
embedded on a computer’s hard drive to store
passwords, digital certificates, and encryption
keys. The chip verifies the integrity of the
connected device at boot-up, and theerification results in a
chain of trust betweenmachines.
Advantages/disadvantages:
The concept holds promise,
but TPM chips have problems recognizing
unlicensed software unrelated to the
computer’s operating system, and they could
be costly to upgrade.
Merchants: IBM Corp., Armonk, N.Y.,
already installs some form of the chip in many machines.
dude_danny
Reviews for Gateway M280E Tablet with TPM
http://www.gateway.com/products/GConfig/proddetails.asp?system_id=m280eb&seg=gv
http://www.tabletpcbuzz.com/forum/topic.asp?TOPIC_ID=28122
"Wow, the press loves it, and they typically don't go all out like this...The Gateway M280E has won an Editor뭩 Choice and Best Buy distinction, while also appearing on the cover of the September 12th issue of PC News Weekly. This is the first time a product has earned an Editor뭩 Choice and Best Buy distinction from PC News Weekly. The unit earned a 5 Star Rating with the editor stating, 밯e like this system so much, we are giving two awards! Our Editor뭩 Choice and a Best Buy Award for price, functionality and ease of use."
dude_danny
Group Mulls About Security Techs for Mobile Devices
Smart-Phones Need Security Improvement – Group
Sorry if posted.
by Yaroslav Lyssenko
http://www.xbitlabs.com/web/display/20050927183706.html
[ 09/27/2005 | 06:38 PM ]
Today, in a number of countries, you can do almost anything with your cell phone, including e-mailing, money transfer, bill payments, shopping. But those kinds of activities require decent security measures, it appears.
Data security has been one of the major headaches not only for end-users but for software and hardware manufacturers as well. There are a lot of means to protect your PC, for example install a firewall and/or anti-virus software. While this approach is common for desktop computer world, it still requires a relatively powerful processor to perform this kind of protection, thus, this approach is not suitable for mobile phones in general and smart-phones in particular.
“Without proper security, mobile phones may become a target for hackers and malicious software. The benefit of hardware-based security is that users can rely on their phone and (know) that private data is protected,” said Janne Uusilehto, senior technology manager at Nokia and chairman of the TCG’s Mobile Phone Working Group.
“The TCG’s plans call for mobile handset hardware to support features similar to those of the Trusted Platform Module. The TPM is a security chip designed for PCs and servers that enables a variety of security features, including authentication, protected storage and secure e-mail. The TPM technology will need to be adapted because mobile phones are much smaller than PCs,” writes CNET News.com.
dude_danny
Secure Foundations for Mission-Critical Computing
IBM Thomas J. Watson Research Center _ Secure Systems Department
http://www.cs.stevens.edu/~rwright/JapanUS/Talks/griffin.pdf
sorry if posted
dude_danny
Re: Wavxmaster, concur!
dude_danny
O.T. Is Infineon up for sale?
Chinese may be eyeing it up
http://www.theinquirer.net/?article=26434
By Adamson Rust: Sunday 25 September 2005, 19:47
RUMOURS ARE CIRCULATING in the memory business that Infineon (tick: IFX) could be contemplating a sell off.
The rumours, and that's all they are at press time, is that Infineon is under some pressure from Siemens, which spun its semiconductor division as IFX some years ago. Siemens still holds a chunk of shares in IFX and has its own problems, which we've reported in other places.
The talk on the street is that Infineon has been chatting to both Nanya - part of giant Taiwanese conglomerate Formosa Plastics, and to Chinese would-be giant SMIC.
There is, so the same sources suggest, a special board meeting to be held on November 17th to discuss possible bids for the memory business.
But so far it's just rumours, and could well be sheer speculation. We'll see if we can contact the Dresden press office in the morning for an official denial or a no comment.
dude_danny
Passwords create security risks
And frustrated users
http://www.theinquirer.net/?article=26516
By Nick Farrell: Wednesday 28 September 2005, 07:59
THE LATEST RSA Security Survey shows that users are suffering from password overload syndrome and are fed up with having to manage way too many.
The survey was of 1700 enterprise technology users in the United States. It showed that over a quarter of respondents must manage more than 13 passwords at work, and that nine out of 10 respondents are frustrated with the whole password thing.
Companies are aware of this and many have been trying to force staff to comply with rules that make employees change passwords more often, or use difficult to remember passwords.
Users have been getting around the problems by creating more security nightmares by keeping a spreadsheet or other document stored on the PC, or PDA.
According to Andrew Braunberg, senior analyst at Current Analysis, password policies that are not user-friendly spur risky behaviour that can undermine security. They also force IT help desks to waste time doing many password resets.
Of course it would be a lot more credible if RSA did not have a password management product it was trying to flog. You can read the survey here.
dude_danny
Why Vista wants to shut out other OSes
Old problem needs fixing
By Jeff Lawson: Wednesday 28 September 2005, 14:57
http://www.theinquirer.net/?article=26537
IN A current INQUIRER news item, Microsoft Vista to shut out other OSes, the firm was quoted as saying that Vista will support full volume encryption to prevent disk access to files by other operating systems but that Microsoft is not entirely clear what this implies. In reality, it is likely that Microsoft doesn't want to reveal a security problem that has been around for more than a decade.
On a drive up to Birmingham in the mid-'90s, Ross Bentley and I figured out that an easy way around file-level security on Windows NT is provided simply by installing a second instance of the operating system. An administrator of the second instance, e.g. the installer, can take ownership of files created on the first instance then do with them as they please - except they cannot give ownership.
If permissions are changed to 'Everyone | Full Control' and the second instance of NT is then deinstalled, it should take a while before anyone notices the changes. Unlike individual user accounts, like a new administrator, Everyone is a well-known group and has identical status on all instances of NT so when someone does figure out that something changed, i.e. anyone logged onto NT can access previously-protected files, they would have no way of knowing how it came about. In fact, most people would think that they had done "something wrong".
Needless to say, all non-encrypted files on all versions of Windows are vulnerable to this attack. Stealing a hard disk enables the thief to install it as an additional drive on a machine that already runs NT and then they can take ownership of all files. A clever thief would simply use a disk-copying device and leave the original computer intact. NT was never built for anything other than the simplest security scenarios. It only got C2 certification on the basis that, for it to hold good, machines need to be held in a secure location and not connected to a network.
If this sounds worrying to you then I suspect that it is one of very many security holes that you haven’t thought of before. Here’s an obvious one: suppose you set up a share on an SMB file server and restrict access to certain user groups, Executives, say. Only members of Executives will be able to access the share point through Windows. When they do access the share, however, the data that is transferred to and fro travels over the network cable unencrypted (unless the files are themselves explicitly encrypted). If I was to insert my laptop on the same subnet as the server or the client and use software like Microsoft’s Network Monitor that switches my network adaptor into promiscuous mode, I could read all the packets and stitch them together. Naturally, this applies to non-encrypted e-mail messages too. I could see all your e-mail traffic very easily. This was very simple on 10BaseT networks but with networks that use slightly more sophisticated network switches I could simply daisy-chain a hub and snoop without detection.
When you consider the problems that each iteration of Windows has brought with it, it’s a wonder that anyone is willing to embrace the next version. How can anyone in the twenty-first century be contemplating buying a brand-new operating system that isn’t based upon a relational database, for instance? Imagine such a system, every piece of disk-based data being managed by a single RDBMS. Microsoft’s knee-jerk reaction to such a desire would likely be to claim that each piece of data is best managed by software that is purpose-built, like the Active Directory and NTFS. Unfortunately, far too many people accept this nonsense so Microsoft is able to sell them more and more versions of Windows, ad infinitum.
We shouldn’t blame Microsoft for this situation, it is merely doing what it is supposed to do, i.e. create the most profit for their shareholders. It's the customers who are to blame for being so gullible. Customers should, at the very least, test each new release of Windows then present Microsoft with a list of things that must be fixed before they make bulk purchases. Alternatively, blue chip companies could form an alliance that gathers experts from around the world to specify what a great operating system would look like and how it would be developed. Open standards would be de rigour. Software releases would be made when everything worked! Innovation would not be permitted until all bugs are removed. Software would be written in a secure object-oriented language that does not permit exploits like buffer over-runs. There would be one and only one central distribution point and no-one would be allowed to charge for copies.
While we are at it, such an alliance of big-hitters should demand that hardware be put together better, e.g. that network connectors don’t break, internal power connectors that don't require Charles Atlas to unplug them and printer consumables be sold for reasonable prices. An alliance could save billions be setting up their own ink and toner plant.
In the meantime, I wonder if Vista will carry the Windows Explorer folder-lock bug of its predecessors that forces me to log off and back on to clear it.
dude_danny
Windows Vista: The Final Countdown Begins
E-Mail Article
Print Version
By Rob Enderle
TechNewsWorld
09/19/05 5:00 AM PT
http://technewsworld.com/story/AViuO5r1twGnhR/Windows-Vista-The-Final-Countdown-Begins.xhtml
The real power in this platform has always been tied to the support of the developer community. When they get excited about changes the platform's potential is better realized. When they don't the market simply doesn't move. The developers at this year's PDC seemed more excited than I have seen in years.
Web Search is free. Now so is Enterprise Search. Verity Ultraeek delivers free Enterprise Search, so you can find the information you’re looking for wherever it's located. Download the award-winning, feature-rich, full version of Ultraseek -- index and search up to 25,000 documents free for one year.
Windows Vista is the biggest release for Microsoft (Nasdaq: MSFT) since Windows 95. With that release, Apple (Nasdaq: AAPL) was tested -- and they failed miserably. I was at Dataquest at the time and not only did I warn Apple to take 95 more seriously, I also accurately forecast the massive decline that would happen to them if they didn't do just that.
This was in 1994, after Steve Jobs had been fired from Apple. Of course, he is back now. Apple is again growing with the market and, unlike 1994, is dominant in an emerging market -- digital music players.
However, Microsoft has changed as well. Having made vast improvements in terms of security and quality the company has benefited from a solid influx of customers formerly tied to their competitors and partners to become both more capable (good) and more complex (bad). They are still light on marketing talent and here the need for capable outside talent remains very pronounced. This is clearly not a weakness shared by Apple.
The MS platform has changed dramatically as well, however, and it is much greater than just the operating system these days. Apple, on the other hand, hasn't advanced nearly as much but they are predominantly consumer-based today and less vulnerable to this comparative weakness as a result. Apple will be positioning its Intel-compatible OS version against Vista and they have about 12 months to prepare for the threat. Just like the last time, they will largely leverage hardware this time, and, as before, they will be up against companies with resources that eclipse their own.
Windows Vista and Office 12: Power on the Desktop
It will be the combination of Microsoft's two products, Vista and Office 12, that will carry the competitive load. Both products have undergone massive change and that has been the main purpose of this latest Professional Developer's Conference: to bring the developer community up to date.
There are a couple of things that stand out that could change the way we do things. The first is the auxiliary display called Side Show. This is a small PDA-like display on the cover of notebook computers that provides access to PDA-like functions without powering on your laptop. For instance if you want to check an e-mail for directions, or your calendar, or contacts, you can bring them up instantly without having to wait for your system to boot.
Glass is the user interface enhancement that appears to improve on what Apple currently has with Tiger. Granted, Tiger is shipping and Vista isn't, which gives Apple time to respond. Still, this is the closest to Apple's capability we have ever seen from Microsoft and for those of us who simply cannot use Apple machines this will be very well received.
Instant On has been promised for years and this product provides a huge advancement when loaded on appropriate hardware. While this feature remains largely in stealth mode awaiting availability of compliant hardware, this provides a massive improvement in boot times and, when coupled with PreFetch, described below, a sharp improvement in perceived performance. This, coupled with the knowledge of the security improvements that won't work on currently shipping hardware, leads to a strong suggestion that folks moving to Vista might want to do so with new hardware.
PreFetch is a new technology that will look for applications you frequently use and preload them so they pop when selected. This will be a memory hog and make you really glad memory is inexpensive. Two GB of memory should result in a machine that loads applications in a fraction of the time they would typically take to load. One cool thing is you can use a USB memory stick to increase your dynamic memory. Many of us figure that if you know enough to do this you likely know how to increase your system memory and that remains the better path, but this was kind of cool in a geeky way.
IE improvements are broad and easily eclipse those by Firefox and Netscape, but remember this is still beta code so these competitors do have time to respond. Web applications are now more effectively sand-boxed so they can't do damage and IE extends tabs to include full preview windows. In addition, there has been a massive improvement in resistance to phishing which leads me to favor the Netscape browser for individuals. The new IE expands on the idea of tabs to provide real time views of the active pages.
For Office 12 the clear advancement is discoverability. The product has over 1,500 features and most of us use 30 or 40. The massive UI enhancement has to do with being able to find and understand these features, the vast majority of which have been included in earlier versions of the product. This is something where the words "long overdue" seem incredibly inadequate. Everything else, no matter how compelling, that is new in this product simply seems unimportant when compared to this one comprehensive overdue enhancement.
The Power of the Back End
The real power in this platform has always been tied to the support of the developer community. When they get excited about changes the platform's potential is better realized. When they don't the market simply doesn't move. The developers at this year's PDC seemed more excited than I have seen in years and that bodes well for the success of this platform. However, unlike in 1995 when it was all about the desktop, and 2000 when .NET was only a future concept, this generation is backed up by a relatively mature and complete back end.
Much of what has been demonstrated so far suggests massive advancements for vertical applications like CRM and horizontal applications like enhanced peer-to-peer wireless collaboration tools. This finally suggests the emergence of the Uber-Platform that was envisioned five years ago.
For some time it really has been about the Web and there has been a clear separation between the client and server capabilities that limited what we could do. At this PDC they have showcased a much higher level of integration between the concepts into something that is much less client/server and much more like an integrated platform that more effectively, and often dynamically, blends the concepts from both platforms. This is something that neither Apple nor Linux proponents can yet fully address (even IBM (NYSE: IBM) who is the only real challenger here seems well behind because they remain server-centric).
The most powerful visual tools are Acrylic, Sparkle, and Quartz which dramatically improves the Web-based visual toolset available and probably goes further to explain why Adobe (Nasdaq: ADBE) felt the need to acquire Macromedia (Nasdaq: MACR) than anything else I can think of. This promises richer Web sites and future multi-media hosted applications that can better exemplify products and services and create a more immersive experience.
Apple vs. Microsoft: Die Another Day
In 1995 Apple was nearly shut down by a product that wasn't as visually exciting as Apple's on hardware that was a pale image of what Apple had on the market. But Windows 95 had more application support and where it lagged Apple the vast majority of buyers found it to be good enough. For this round Vista in many ways is equal to or better than Tiger or more advanced, relatively speaking, than Windows 95 was during its beta period.
As for hardware, unlike 1995, the hardware OEMs not only cover a broader range with companies like Voodoo and Alienware in the mix, but historically staid companies like Gateway, HP, Acer, and even Dell are much more aggressive on design today, often surpassing Apple, which was preeminent in this area in the 90s. While this design parity clearly hasn't impacted the iPod market yet it is incredibly evident in the PC space.
Apple will have to improve its game sharply to compete. However, given the strength at the back end, strength that Apple has never had, the exposure now goes well beyond Apple's available resources. This means Apple will have to partner to avoid what may be the most damaging competitive threat the company has ever faced. While possible, Apple's one prevailing weakness has been their inability to partner and unless that changes we should be able to call the outcome of this competition relatively easily -- and it isn't positive for Apple.
Linux vs. Microsoft
Linux and Microsoft make for a more interesting match up: developer against developer from a resource and tool standpoint. Microsoft appears to have the edge, but from a support standpoint the groups are more evenly matched. However, Linux isn't yet viable on the desktop and this is a blended attack suggesting that, over time, Microsoft should prevail unless Linux, through the combined efforts of all if its supporters, can address this desktop shortcoming. The fact that some of the most powerful Linux supporters also support Microsoft will make this a rather interesting dance to watch.
Strangely enough Linux and Apple together could probably address this threat effectively but the two groups are at opposite extremes. Such a partnership is not only unlikely but virtually impossible.
While Vista is unlikely to displace massive amounts of in-place Linux platforms it should reduce Linux growth measurably (Linux should still be favored for most Unix migrations). Were Microsoft to come out with a platform that was more similar to Unix that also integrated with .NET and used enhanced Microsoft development tools this slowed growth could advance into competitive displacement. There is, however, no indication yet that Microsoft is planning such a platform. But the opportunity can't be lost on many. A future offering could address this competitive Microsoft weakness.
Conclusion
Going back to Windows 95, the problems with that product had to do with the immaturity of tools at that time, a horrible post-launch marketing effort, and support decisions that were so bad they were legendary. Even so, it nearly put Apple out of business. While it is too early to judge the marketing effort (and if the Office 2003 program case is any indication there's a chance Microsoft could screw this up again) but the product, tools, and back-end integration is light years ahead of where they were in '95, both absolutely and relatively.
The Linux community is under substantially less threat because Vista simply doesn't yet embrace what makes Linux compelling, but it should slow Linux growth. If the reaction of the PDC developers is any measure, this will be bigger than Windows 95 was, and if Apple and the Linux community can't make the hard decisions needed to address this competitive threat the negative impact on both of them will cover a broad range and will be unavoidable.
That said, Microsoft has certainly stumbled in the past and could still stumble here. While there is no indication of that happening, other than the obvious delay of this product, now just as there are opportunities for success, also embedded in this effort are massive opportunities for failure.
The net is that users will like the changes they see that the developers are already excited about. Most users don't use Linux and the market moved from Apple PCs years ago. Better reliability, security, and a more appliance-like experience are all good things and we can only imagine what might have been had Microsoft not delayed this product two years. As always, and particularly in this case, the best experience for users of this new OS will be had on new hardware which is becoming both more attractive and less expensive year after year.
This suggests that 2006, at least after August, will be great time for buyers and sellers of PC hardware and that has to be a good thing for everyone -- except Apple.
dude_danny
Ballmer: Microsoft Is Intent to Deliver Value
By Peter Galli
September 19, 2005
http://www.eweek.com/article2/0,1759,1860443,00.asp?kc=EWRSS03119TX1K0000594
Microsoft Corp.'s professional Developers Conference in Los Angeles last week was perhaps the Redmond, Wash., company's most important event of the year, as officials try to sell developers on the value of creating new applications for the company's next generation of products. Microsoft CEO Steve Ballmer talked with eWEEK Senior Editor Peter Galli at the show about these upcoming products.
A lot of enterprises are unconvinced or unaware of the benefits Windows Vista will bring them. What do you tell them is compelling for them in Vista?
I always talk about the security, reliability and performance benefits, which are the underlying benefits to IT. Performance and management benefits are harder to sell. I also talk to them about the new kinds of applications they can do with the Windows Presentation Foundation, Internet Explorer 7 and "Atlas." I also talk to them about the user benefits.
You talked recently about extra value-added high-end versions for Windows Vista and Office. Customers are questioning how you can differentiate and add value to these products even more. Can you explain your thinking in that regard?
I got a little ahead of the troops in talking about the Enterprise Edition of Vista. There are features and capabilities that enterprises want that are really not that interesting outside of the enterprise. There are capabilities I know that our enterprise customers want that make a lot less sense anywhere else, and we will introduce those in the Enterprise Edition. But there are concerns about down-level applications and compatibility and the way you image and build and distribute this stuff.
Do you think enterprises will be willing to pay more for that specific technology?
We haven't said what the packaging and pricing is. I have just said that it is additional value and we will figure out a way to let the enterprise get that value. You don't think about this in the context of some big pricing change to Windows for enterprises. It's more complex and nuanced than that.
Some Microsoft critics say that many of the features in "Longhorn" already exist in other operating systems. How do you respond to that?
I don't hear that from enterprise customers. They don't look at the Mac. They just don't. Some people will say some of the features are kissing cousins to features they've seen elsewhere, and that is true. I'm not apologetic about the fact that we should, in a way that doesn't offend anyone else's intellectual property, study and learn and benefit from the work others have done
dude_danny
How to Protect the Data?
BY JACK MILLIGAN
http://www.bai.org/bankingstrategies/2005-sep-oct/data/index.asp
Onsite or offsite? Tape or disk? Continuity planning involves a series of inter-related decisions.
| SYNOPSIS | Since the 9/11 terrorist attacks in 2001, financial institutions have been under regulatory pressure to improve their disaster recovery and business continuity plans. Compliance with the mandates requires resolution of several issues that center on storage, backup and retrieval of internal data. Institutions need to differentiate between critical and non-critical data.
Data security and recovery may be the most important piece of a business continuity plan. Even a local power outage lasting just three or four hours can cause a major disruption, depending on what processes the bank uses to save its data. In an industry that’s paying more and more attention to the management of operational risk, it makes good business sense to have a plan in place that protects that data and lays out a roadmap for getting the bank up and running again.
Institutions are expected to focus on all their critical operations when preparing a business continuity plan (see sidebar), but the preservation of internal data is what inevitably attracts the most attention from bankers. “The only irreplaceable piece of the company is the data,” says Sami Akbay, senior director of marketing at GoldenGate Software in San Francisco, which provides a data recovery solution to a variety of financial services companies, including Charlotte-based Bank of America Corp.
Related Sidebar
Regulatory Mandate
There are certain basic elements that every data recovery program should have, beginning with offsite storage of all critical information, experts say. Large institutions generally maintain backup data processing centers that are in close proximity to their primary operations center, and certain core data is stored simultaneously at both locations.
Some large institutions have also established additional data centers well away from the primary site so that a major event like the failure of an entire power grid would not result in both centers shutting down, experts say. The vast majority of community banks cannot afford the luxury of a secondary data center, but must still take steps to store their critical data in a secure location away from the bank’s own facility.
The data should also be encrypted to ensure its confidentiality if it is lost or stolen — a distressingly frequent occurrence nowadays. In fact, the Gramm-Leach-Bliley Act of 1999 makes corporate directors explicitly responsible for reviewing and approving their bank’s data security program. “It’s crucial that banks ensure the protection and privacy of data — their own data as well as the customer’s,” says Aida Plaza Carter, director of bank information technology at the OCC.
What process should an institution follow to store data? That’s a decision to be based on both cost and performance considerations. Steve Finnes, continuity manager for IBM Corp.’s line of iSeries servers, estimates that a significant number of banks employ some type of real-time data storage, although a great many still rely on tape backup technology to secure their critical information.
In a typical tape storage system, the bank would back up its critical data to tape each night, turn over the tapes to a courier, who would deliver them to an offsite storage location that is often managed by a third-party service provider. There are three fundamental problems with this approach, experts say. First, any disruption that occurs during normal business hours will probably result in at least a few hours of data loss, since the backup function occurs only at day’s end. It can also take longer to restore lost data when it has to be retrieved from a tape. And, tapes are subject to being lost or stolen during transit offsite.
“If you’re managing data, the fact that you’re moving it on a common channel means that at some point something is going to get lost,” says Ron Roberts, president of Blupointe DRS in Atlanta, which distributes data backup and recovery software developed by Toronto-based Asrigra. “At some point a truck is going to tip over, or the courier is going to lose the tapes,” he says. “At some point, it’s going to be a disaster.”
Indeed, it was reported in June that CitiFinancial Inc., the consumer finance unit of New York-based Citigroup Inc., lost information on 3.9 million CitiFinancial branch customers when a box of mainframe data tapes was being shipped to a credit bureau. Bank of America Corp. likewise was reported to have lost backup tapes with account data on 1.2 million customers.
Both Citigroup and BofA declined to comment.
REAL-TIME DATA BACKUP
Alternative storage solutions marketed by several firms use the Internet to back up data in real time and store it offsite on disks. This eliminates the risk of losing vital customer information while in physical transit and the inherent 24-hour lag time in tape systems. These systems also enable the bank to restore lost data in much less time.
For example, Renasant Corp., a $2.3-billion-asset bank headquartered in Tupelo, Miss., avoids tape altogether by using a product from Hoboken, N.J.-based NSI Software to save all loan and customer service transactions in real time to mainframes at its tech center in Tupelo and also to a disaster recovery site 10 miles away, according to vice president and network operations manager James Hayes. (The bank is in the process of relocating this disaster recovery facility 150 miles away to Birmingham, Ala.)
Other information, including certain teller transactions, are not saved to the tech center online, but are still copied at night and saved to both tape and disk. For his part, Hayes believes the extra cost of real-time replication over the Internet for Renasant’s most critical data is worth it. “The advantage to us is that we could recover faster,” he says.
While backing up data online to disks is generally more expensive than off-line tape storage, Tony Barbagallo, EVault’s senior vice president for marketing, argues that the cost of the online approach has declined significantly as the cost of bandwidth has dropped. Jason Buffington, director of business continuity at NSI, says pressure from the FFEIC to make drastic improvements in recovery time after a significant event has gradually moved some large banks toward online storage. “If you have to be back in operation within four hours, tape is immediately off the table,” he says.
As the Renasant example attests, putting together a data recovery plan requires banks to differentiate between critical and non-critical data, particularly if they’re considering online backup. EVault’s Barbagallo says the cost of online storage can be a function of volume — the more you store, the more you pay. He defines critical data as anything that changes daily and is crucial for the operation of the bank. This would include, for instance, all transactional data like teller and ATM transactions, trading and related capital markets information and any kind of electronic payment.
“It’s anything where [the bank] basically would be dead in the water if it was lost for good,” Barbagallo says. This is the kind of data that banks should consider backing up using technologies that entail fast recovery times, he adds.
Non-critical data might include whatever doesn’t change daily or isn’t absolutely essential to the quick recovery of the bank’s transactional capabilities, such as human resource files. This information can be more safely backed up using various copying and storage technologies that aren’t performed on a real-time basis.
E-mail is rarely placed in the must-save data category by recovery experts, although this earns a strong dissent from Dale Windle, chief executive officer at Ottawa-based Decisive Technologies, which offers a data retention and archival solution to companies, including banks. Windle argues that recent regulatory initiatives such as the Sarbanes-Oxley Act, combined with e-mail’s emergence as important evidentiary matter in civil and criminal suits, has created a legal liability that tips it into the critical category.
“If a court says it wants to see certain documents and you can’t produce them because a disaster has occurred, you’re guilty of a crime,” Windle says.
Finally, experts agree that it’s crucial for banks to test their disaster recovery systems periodically — an expectation that the regulators impose on all banks. Cynthia A. Bonnette, director of risk assessment at Alexandria, Va.-based consultant NETBankAudit, says the regulators no longer require a “big bang” test where, once a year, institutions test all their critical systems simultaneously. Instead, banks can test various pieces of their business continuity and disaster recovery plans on a staggered basis throughout the year, she says.
Hayes says that Renasant has never had to rely on the institution’s data recovery plan in a real life situation, but does test the system on a regular basis. “We think of it as a nice security blanket,” says Hayes. “It’s like insurance. Hopefully we’ll never have to use it.”
dude_danny
O.T.Sloppy Software? Banks Are Being Held Accountable
September/October 2005 issue
BY JOSHUA KENDALL
http://www.bai.org/bankingstrategies/2005-sep-oct/sloppy/index.asp
Heightened Scrutiny Aims to Instill Discipline in Software Selection.
| SYNOPSIS | Since the passage of the Patriot Act in 2001, federal regulators have increasingly turned their attention to monitoring banking software. Late last year, FDIC exams began to discover record-keeping that was not in compliance because of the software used. The consequence: Software is now the subject of more rigorous scrutiny, presenting one more challenge for financial institutions and their software selection teams.
One of the many repercussions of the war on terror has been the imposition of added legislative and regulatory burdens on America’s banks. The government has reached beyond financial institution policies and procedures to impose requirements even on the software used to comply with the anti-money laundering (AML) detection regulations.
Over the past year, in their determination to prevent suspected terrorists from wiring or laundering money, federal banking regulators have become much more vigilant about enforcing the regulatory requirements concerning computer software due diligence. That’s because the functionality and reliability of the software is essential to the success of an AML detection effort.
Related Sidebar
Background on the Crackdown
“Bank examiners had looked at banking software even before the Patriot Act, but banks haven’t always done their part. So, the Federal Deposit Insurance Corp. (FDIC) recently felt a need to underscore the seriousness of these regulations by sending banks a reminder of their responsibilities,” says Breffni McGuire, a senior analyst with Tower Group Inc., based in Needham, Mass.
This reminder took the form of a Financial Institution Letter (FIL), or regulatory guidance, published by the FDIC last November. The guidance did not contain new requirements for implementing anti-terrorism legislation, but rather provided a brief summary of the applicable regulations and laws (see sidebar).
As part of this summary, the FIL stated that banks must “use a documented methodology” when selecting software — either commercial-off-the-shelf or in-house products. In addition, banks must make sure that their software is in compliance with laws such as the Bank Secrecy Act (BSA) and the USA Patriot Act and update their software whenever these laws change.
Although the guidance noted that banks should insert a regulatory requirement clause in their contracts with vendors and service providers, it also made clear that banks are ultimately responsible for the quality of their software. “This FIL stresses that banks can’t blame their software if they are not in full compliance,” says Leonard Steinmetz, a senior manager in the AML practice of Deloitte Financial Advisory Services, based in New York City.
The regulatory guidance provides a unique set of challenges for bankers. Since the end of last year, financial institutions have had to devote considerable time to double-checking that all their software is in compliance and if not, update it or replace it. But the main effect of the increased regulatory scrutiny has been to transform the purchase of all software, but particularly AML software, into a multi-layered endeavor.
Banks can no longer simply just select a software product off the shelf that appears likely to fit a need, experts say. Computer software due diligence requires an elaborate selection process in which quality and functionality is evaluated. For example, banks must determine the risks associated with each new product and come up with a strategy for mitigating those risks. Banks also need to take a closer look at the financials of vendors and their track record in providing support services. These compliance activities typically demand a team effort involving dozens of executives from throughout the bank, not just compliance and technology officers.
Vendors’ livelihoods depend on their assurances that their products are in compliance, with some considering this an opportunity to establish a niche in the marketplace. “Our industry is used to dealing with new laws and regulations such as the Patriot Act. But we now have a chance to distinguish ourselves by developing new products that can make compliance easier for our customers,” says George Ravich, a senior vice president at Fundtech, a vendor based in Jersey City, N.J. Ravich cites the example of his company’s new software program, Payment Archive Manager, which enables banks to keep detailed archives of all payment activity.
SMALL BANK RESPONSE
The new software regulations have tended to have more of an impact on small banks. To comply with the regulations of the Patriot Act, large banks have typically updated the systematic, centralized controls they developed in the wake of the Bank Secrecy Act, which was originally passed in 1970. Though large banks must devote extensive resources to engaging in computer software due diligence, they already have teams in place that have long been addressing various compliance and technology issues.
“But small and mid-tier banks often lack these same formalized processes to ensure that their software is in compliance with new regulations,” says TowerGroup’s McGuire.
Although there are exceptions, experts say, the average community bank had not computerized its compliance activities until required to by the passage of the Patriot Act in 2001. That’s when “small banks were forced to give up many age-old manual processes,” says Ravich of Fundtech. For example, Ravich notes, only in the last few years have small banks begun to use software to check their payments against the Specially Designated Nationals and Blocked Persons List kept by the Department of Treasury’s Office of Foreign Assets Control.
Another difference is that large banks generally run software on their own systems, while many community banks outsource. For very small banks, software evaluation often translates into monitoring their service-level agreements rather than commercial or in-house software.
Though community banks may face a less complex task than big banks, they often experience a relatively bigger burden because they usually lack the resources to hire technology or compliance specialists. “The compliance officer at a very small bank is typically wearing a few hats,” says Viveca Ware, director of payments policy for the Independent Community Bankers of America, who describes BSA/AML compliance as “very challenging” and “a necessary evil.”
Consider, for example, Cambridge Trust Company, a mid-tier community bank that has nine retail branches and a full service trust department in the greater Boston/Cambridge metropolitan area. Cambridge Trust relies on Milwaukee-based Metavante Corp. for most of its software needs. Last year, the bank, which has $750 million in assets, renewed its seven-year contract with Metavante.
For Cambridge Trust, computer software due diligence largely takes the form of an annual review of the Metavante contract. According to Lynne Burrow, the bank’s chief information officer, this includes a review by the bank’s management committee of the software functionality, service-level agreement performance and compliance with regulatory requirements. The committee consists of five senior bank managers, including Burrow.
Occasionally, the bank needs to buy additional software to supplement core processing. When that happens, the vendor is selected by a project team, with representatives from the business lines, Information Technology (IT), Risk Management, Audit, Information Security and Marketing. Several vendors are usually asked to make presentations to the team, which requests documentation regarding company financials, software compliance with regulatory requirements, business resumption, confidentiality and information security. The team also conducts interviews with a sampling of the vendor’s current customers. A recommendation is then forwarded to the management committee to obtain ’s quite an undertaking for the 200-employee bank.
LARGE BANK RESPONSE
The more comprehensive large bank efforts can be seen at First Horizon National Corp., which is based in Memphis and has $37.2 billion of assets. The operations risk committee, which includes 20 operations officers from compliance, bank operations, loan operations, risk evaluation and human resources, meets every other month. While the entire group focuses on risk and compliance issues, a subcommittee, composed of the bank’s chief financial officer, the executive vice president and other senior executives, reports back to this committee on its evaluations of new products.
“The Patriot Act didn’t change anything. Our processes work the same way to achieve compliance with any new law,” says chief technology officer Patrick Ruckh, who supervises 450 IT professionals. Generally, about 70% of the bank’s software is commercial and the other 30% is developed in-house. Nearly all of the AML software is off the shelf, Ruckh says.
In assessing software options, the subcommittee considers functionality, cost, technology fit and risks. It also factors in the worthiness of the vendor. Each subcommittee member scores the proposed software on a matrix and the product with the highest score wins. Ruckh says the selection process can take from a few days to six months, depending on the size of the project. The bank recently selected some new AML software after a three-month approval process.
BB&T Corp., based in Winston-Salem, N.C., also conducts an in-depth request-for-proposals process when it considers buying new software, according to Paul Johnson, the bank’s chief information officer. Like First Horizon, BB&T, which has $105.8 billion in assets, relies primarily on commercial software (70%), and all AML software is bought off the shelf.
When analyzing new software products, the bank looks at both the financial and operational strength of vendors. Various regulatory requirement clauses come up during these negotiations, but the bank does not take the vendor’s word for it. “We do our own testing to see if regulatory compliance has been achieved,” Johnson says.
For AML/BSA software, the bank tests performance under certain scenarios. Johnson, who has been at BB&T for about six years, notes that the consumer identification program piece of the Patriot Act “was particularly complicated and took the most work to address. We needed to make some system-level changes so that we could capture more information about our customers,” he says.
Questions or comments about this article? Post them at the Banking Strategies blog.
Mr. Kendall is a freelance writer based in Boston, Mass.
dude_danny
RE: CM, very interesting! Looking forward to developing news.
Thanks,
dude_danny
O.T. 2005 Global Security Survey
http://www.deloitte.com/dtt/cda/doc/content/Deloitte+2005+Global+Security+Survey.pdf
dude_danny
O.T. Security Relaxes as IT Threats Increase
By Allan E. Alter Sept. 15, 2005
http://www.cioinsight.com/article2/0,1540,1857910,00.asp
The news on the IT security front is alarming. Recent months have seen one report after another of companies exposing, selling or simply losing customer data to criminals.
The reason: The security threat has changed, according to Bruce Schneier, CTO of Counterpane Internet Security Inc., of Mountain View, Calif.
In the past three years, he says, "criminals have taken over from hackers." The latest twist in cybercrime is online extortion.
The August 2 issue of "Newsweek International" reported that online gambling sites have been hit by extortionists who threaten to shut down their Web sites with denial-of-service attacks unless the gambling sites pay off the blackmailers.
Does Cyberterror Matter to Counterterrorists?
Making Legitimate Business From Data Theft
Customer Data May be Too Risky to Keep
Feds Flunk Security 101
National ID Cards are On The Way
According to Alan Paller, director of research at the SANS Institute, an IT security educational organization located in Bethesda, Md., banks and online retailers have also quietly paid off online extortionists, whose demands have, to date, ranged as high as $1 million.
And in June, the U.K.'s National Infrastructure Security Co-Ordination Centre warned that Trojan horses (transmitted by e-mail or through Web sites) that appear to come from legitimate sources, and so can evade antivirus software and firewalls, were specifically targeting individuals who work with sensitive "commercially or economically valuable information."
Click here to read about how some customer data may be too risky to keep.
The latest update from IBM Corp.'s "Global Business Security Index" indicates that such targeted attacks are a fast-growing percentage of the 237 million infected e-mails and attacks perpetrated in the first half of 2005.
In light of these reports, our latest security survey of nearly 300 IT executives presents some pretty grim findings.
Three out of ten respondents admit that their company's attitude toward security has become more relaxed as the events of Sept. 11 fade into the past.
Two-thirds report some kind of security breach, from penetration by viruses or spyware, to lost data and inappropriate access.
And while security experts are encouraged to see that the sort of carelessness and negligence that lets hackers and thieves get past a company's defenses is now recognized as the top security issue problem.
"It's a good sign, a sign we're starting to see CIO awareness match actual risks," says Counterpane's Schneier.
Still, many companies aren't taking steps to improve awareness and education.
This last problem was also identified as a major concern in both Ernst & Young's 2004 "Global Information Security Survey" and in Deloitte's 2005 "Global Security Survey" of major financial services companies.
"What's disturbing is that while employee negligence is a big concern, training and awareness programs are not high on the radar screen," says Ted DeZabala, a principal in the security services group of Deloitte & Touche LLP, in New York City.
The IT executives and experts we spoke with agree that defending companies from attack and theft requires more than deploying security technology.
"It takes a combination of people, processes and technology, not one thing," says David Siesel, the CTO of the direct marketing group at Harte-Hanks Inc., a $1 billion media company based in San Antonio.
So why the reluctance to invest in security awareness and training?
Says Paller of the SANS Institute: "Awareness education doesn't work. The current security awareness programs are not effective at keeping people from making the mistakes that cause their computers to become zombies.
ADVERTISEMENT "Managers are right to resist security awareness training that's ineffective. Why should I send a person to training if they won't do anything differently?"
Alarming Results:
Finding 1
Four years after Sept. 11, not all IT executives remain on their guard.
Finding 2
Negligence is the biggest security worry for IT executives
Finding 3
Companies are failing to take steps to improve security awareness.
Finding 4
Security isn't truly strategic until it's integrated with risk management.
Finding 5
Companies still aren't going the extra mile to keep customer and employee data private.
Finding 6
Technologies that prevent identity theft lag behind other security technologies.
Does Cyberterror Matter to Counterterrorists?
Making Legitimate Business From Data Theft
Customer Data May be Too Risky to Keep
Feds Flunk Security 101
National ID Cards are On The Way
DeZabala notes that it is easier to justify spending on technology than on training.
"If you are skeptical about these programs, will you be criticized if a security event occurs, and you've spent your money on training and awareness rather than on something that's technological or operational in nature?" he said.
Our survey suggests that if companies want to lower the risk of negligence, carelessness and management resistance, they need to put security into a broader, more strategic perspective, rather than just take a defensive posture.
Companies with a real security strategy—especially one that's grounded in corporate risk management—typically take more steps to protect themselves from employee carelessness and ignorance.
Does cyberterror matter to counterterrorists? Click here to read more.
Such companies are much more likely to provide training and security updates, and to develop policies regarding e-mail attachments and network access.
Harte-Hanks, for example, has taken many steps to raise employee awareness, from alerting employees about new threats, to brown-bag luncheons and asking employees to sign documents attesting to their security and confidentiality standards.
According to Siesel, the key is to show employees the direct impact a security lapse could have on them and their company.
"When people understand how their behavior can affect their customers, their company or themselves, they are more likely to take steps to protect them. They could lose stock value. The company could be shut down. We could lose important customers."
Companies that develop an integrated IT-risk management strategy are also more likely to establish responsibility for managing IT risk between IT and business managers, which helps to make sure that management will stand behind the company's IT security policies.
If, as Schneier says, companies need to create "a culture of security" from the top down, putting in the time and effort to work with executives to develop a real, workable security strategy appears a necessary step.
More Alarming Results:
5.9 percent of the average IT budget is dedicated to security.
64 percent have strengthened security in the wake of recent news reports on identity theft.
37 percent of companies have been penetrated by spyware.
72 percent rank careless or risky employee behavior as one of their top three security concerns.
48 percent provide special training to employees who handle customer data.
dude_danny