- +
Doing Your Sums on . . . Build, Buy or Rent 05 November, 2007 13:32:30
You’re trying to build a world-class IT team, but everyone’s going after the same talent pool. What mix works best? Should you grow your own, draft your players or barter your way to the line-up you want to field?CIOs should never forget that while new technologies have a maturity cycle, the maturity cycle for human beings in IT is even longer - +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Strategies for Dealing With IT Complexity 24 December, 2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
Ebb and Workflow 04 February, 2008 12:44:54
Workflow isn't rocket science, but it isn't magic either. It can improve the way your organization runs only if you apply its principles correctlyFrom a business perspective, workflow is a way to make people, information and computers work together consistently and efficiently to produce the results the business needs. In effect, workflow applies the equivalent of systems analysis to the entire process, not just to the part done on a machine - +
How to Get Real About Strategic Planning 04 February, 2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such
- +
Five ways to roll out SOA 06 November, 2007 10:15:14
Big name companies from Comcast to United Airlines are jumping into SOA, changing the way organizations plan, develop, and deploy enterprise applicationsBack when SOA first started getting traction, the goal was simply to make application functionality available as a shared service. Companies made up their architectures as they went along -- and of course, they're still doing that. The difference today is that, in the last couple of years, the business side has a better sense of the strategic value of IT, while IT has learned more about the competitive pressures business must endure. As a result, SOA now offers the possibility of greater alignment between IT and business than ever before. - +
Clean up your SOAP-based Web services 27 November, 2007 13:16:14
The Test Center inspects five worthy tools for keeping your services squeaky cleanSOAP is the currency of the SOA marketplace -- for now, anyway. Though SOAP's significance may diminish as Web services evolve, its importance for the time being is unquestionable. Therefore, a substantial portion of the QA work by Web service providers and consumers must entail verifying the accurate exchange of SOAP messages. Not surprisingly, several SOAP-focused Web service testing tools have appeared. - +
Can Macs conquer the enterprise? 11 January, 2008 10:55:53
The field is wide open for a Macintosh insurrection on the business desktop. It could happen, but probably won't. Here's why.If Apple were a football team, the New England Patriots would have had some serious competition this year.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Newsletter Subscription
Digital forensics is still a young science. That newness, coupled with the fast-changing world of computer technology, has resulted in a taxonomy and methodology for digital forensics that is poorly defined and confusing to computer security experts and law enforcement.
Network forensics, a subdiscipline of digital forensics, deals with computer network data that has become evidence. Network forensics can be used to check an organization's networks for vulnerabilities and thus keep them secure, and it can be used in the context of traditional law enforcement and the court system.
If no standards exist, researchers can't test new software to see if it meets those standards
We must anticipate that in the near future, network forensics will be a common component of trial cases. As a result, having credible standards for network forensics is vital to the continued speed and fairness of the US judicial system.
As forensic evidence, network data is slippery to collect: It resides neither with its sender nor with its receiver. Usually it is archived only by network service providers or by law enforcement. Who owns such evidence is one of numerous legal dilemmas created by the lack of standards. These issues could be resolved were standards bodies to create formal taxonomies, procedures and tools for network forensics. The US computer security community should assist in the creation and maintenance of formal standards. The most expedient way to implement these standards may be to use proprietary tools rather than open source software or freeware.
In the absence of formal standards for network forensics standards, many de facto standards and best practices have been implemented. In fact, de facto standards have been in use since network forensics has been part of the corporate and legal landscape.
The most general best practices in network forensics concern preservation, identification, extraction, documentation and interpretation. Each component of these best practices is broken down into smaller, commonsense procedures. For instance, the preservation best practice recommends working in teams and collecting maximum amounts of data. There's also an evidence-collection chronology best practice: Focus on network danger first, then collect the data. Although these practices represent a fraction of the network security corpus, they do signify a core knowledge base.
Lack of standards also creates recursive problems: If no standards exist, researchers can't test new software to see if it meets those standards. Nor can they create benchmarking tools to test software for standards applicability. In fact, researchers at the US National Institute of Standards and Technology (NIST) complained their methodology for testing tools for network forensics "was complicated by the lack of standards or specifications that describe what forensic tools should do", and subsequently have not revised their research.
Learning from the EU
In 2003 the European Union released the world's first network forensics standards, which it intended all EU nations to implement. These standards were clearly presented and strongly promoted, but they were unsuccessful nonetheless. Indeed, the EU's computer security community appears to have rejected or ignored these forensic tools, as well as the call to use them.
How did this happen? The solution could lie with the standards themselves. The EU's recommended forensic applications were Web-based freeware, written in XML. This design was well intentioned, even practical, given the EU member nations' varying rules of evidence. XML is slow, however, and quickly has become outmoded; a Web-based application's value depends on its browser and network connection; and as a way to gather evidence in a high-stakes judicial case, freeware is a dicey solution.
The corporate argument that "we shouldn't have to pay for commercial network forensic tools if we won't ever need them", theoretically is certainly valid. But in practice, if an organization's network data is subpoenaed, that organization should be prepared to present its best possible forensic evidence.
Commercial network forensic and analysis tools are common now, and need not be highly elaborate or expensive to provide users with complete and easy-to-understand data. Manufacturers of forensic and visibility tool kits should partner with standards bodies such as NIST to create functional and lasting standards for network forensics.
Network forensics is only growing more important. Standardized tools and methods will ease the job for network admins, researchers and expert witnesses, and will be an improvement to the judicial system.
Rosenberg is Sandstorm's editorial communications coordinator. Reach her at beth@sandstorm.net.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Cutting Through the Spin of Recent Vulnerability Disclosures 13 October, 2008 10:53:00
The FUD surrounding the ClickJacking and TCP/IP vulnerabilities has the world seemingly frozen in fear. But once you cut through the spin, the vulnerabilities aren't all that they were made out to be.There are a few highly publicised vulnerabilities at the moment which haven't completely been disclosed and which, it is claimed, could threaten the whole Internet as-we-know-it. Only, when the vulnerabilities are finally disclosed, it seems that the whole incident has been somewhat Chicken Little. - +
PCI app security: Who's guarding the data bank? 13 October, 2008 11:09:00
Compliance strategies for PCI's new application security requirementsWhile Willy Sutton never really said it, the truth is that people rob banks because that is where the money is. Today's criminals don't walk into banks with loaded guns and get-away drivers. Rather they connect from a remote location using a browser and are armed with hacking tools and spyware. - +
Data-center security tools to not overlook 10 October, 2008 11:37:00
With the rise of security suites, it's time to consider some emerging security tools and rethink othersProtecting a corporate data center is like trying to keep an elephant safe from a swarm of flies. Despite your best efforts, bites happen. As the staples of security -- such as firewalls, antivirus software, spam and spyware filters -- come together in suites of products that allow for sophisticated management, there are other security tools either emerging or worth a rethink. - +
IBM, Secret Service, others study identity/cybercrime issues 09 October, 2008 10:09:00
Center for Applied Identity Management Research organization teams experts in criminal justice, financial crime, biometrics, cybercrime and cyberdefense, data protection, homeland security and national defense.IBM, LexisNexis and the Secret Service are among a group of corporations, government agencies and academic institutions that has formed to study and help solve identity management challenges around cybercrime, terrorism and narcotics trafficking. - +
Strange account management at Amazon 09 October, 2008 09:51:00
A careless login led to the discovery of some strange ccount management practices at one of the Internet's largest retailers.Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.
NetStar Networks Calls Brisbane Home 13 October, 2008 12:01:00
New Verizon Business Managed Service Makes Collaboration Easier 13 October, 2008 10:06:00
F-Secure achieves excellent results in Internet security suite comparison 10 October, 2008 14:37:00
Lock It Up With Maxtor BlackArmour, Hardware Encrypted Storage Provides Government Grade Security For Consumers 10 October, 2008 09:04:00
Pitney Bowes MapInfo Launches New Version of AnySite 10 October, 2008 05:58:00
|
||
|
||
|
|
||
|
Web Security SaaS: The Next Generation of Web Security
Discover the latest web security SaaS solutions. Learn how to increase overall security effectiveness and reduce the burden on your IT department. Uncover the security challenges facing SMB environments today and identify the critical elements that can provide you with lower-cost and easier-to-manage web security solutions.
Subscribe to CIO
