- +
Ticked Off at Tick the Box Mentality 04 February, 2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
What Price Innovation? 05 November, 2007 13:44:31
CIOs say they want more than the traditional “your mess for less” relationship with their outsourcing providers. And the providers want to market themselves as partners in innovation. So why isn’t it happening?CIOs say they want more than the traditional "your mess for less" relationship with their outsourcing providers. And the providers want to market themselves as partners in innovation. So why isn't it happening? - +
Your World. . . Hacked 02 October, 2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
Strategies for Dealing With IT Complexity 24 December, 2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
How to Get Real About Strategic Planning 04 February, 2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such
Read up on the latest ideas and technologies from companies that sell hardware, software and services. The Secrets of C-Suite Success
Choices in Storage Architecture for Oracle Environments
Enterprise Wireless WLAN Security
Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Dude! You Say I Need an Application-Layer Firewall?!
Best Practice in Building an Integrated Information Management Strategy
A Guide to Next-Generation Backup, Recovery and Archive
Wireless LANs: Is my enterprise at risk?
Newsletter Subscription
Large retailers and other key stakeholders in the payment card chain are finally being given a chance to help guide the development and modification of the data security standard imposed on them by the major credit card companies.
Wal-Mart Stores and UK-based Tesco Stores were elected along with 12 other organizations to be the first members of a newly created board of advisers to the PCI Security Standards Council. The advisory board members were chosen by about 200 retailers, banks and other companies that belong to the council, an independent body that was established last September to manage ongoing development of the security standard.
Until now, PCI has been crafted by the five credit card companies that created it: Visa International, MasterCard, American Express, Discover Financial Services and Tokyo-based JCB Co.
Seana Pitt, an executive at American Express who chairs the PCI council, said the group's executive committee hopes that the formation of the advisory board will help reduce the "confusion and resistance" swirling around the security standard. The concerns about PCI stem at least partly from the fact that the companies directly affected by the requirements haven't had "a seat at the table" until now, Pitt said.
According to Pitt, the advisory board will be responsible for collecting industry wide feedback on PCI, which is formally known as the Payment Card Industry Data Security Standard. She said the board is also expected to influence future enhancements to the standard.
One of the members of the advisory board is PayPal, a unit of eBay. Michael Barrett, PayPal's chief information security officer, called the board's formation a step in the right direction for PCI.
"The PCI standard is extremely important in protecting the payment card industry, but it isn't a finished work of beauty yet," Barrett said. "It's a work in progress. It has rough spots that need to be polished down." And that is best done by people who have had experience implementing it, he said.
Practical advice
Barrett said PayPal already complies with the security rules and will be able to provide the PCI council's executive committee — made up of credit card company representatives — with real-world guidance about the standard. "We've seen where it works and where it doesn't, and can therefore make suggestions for tweaking the language here or driving it in a slightly different direction there," he said.
Other advisory board members include Bank of America, JPMorgan Chase, British Airways and APACS Administration, a trade group for payment services companies in the UK. The PCI council's executive committee will select seven more members at a later date. The goal is to ensure that the 21-member board has enough geographic and stakeholder diversity, Pitt said.
The PCI standard prescribes a set of 12 broad security controls that all entities accepting credit or debit card transactions are contractually obligated to implement. The requirements went into effect in June 2005 and cover functions such as data encryption, transaction logging and monitoring, and strong end-user authentication and access controls.
But many businesses began paying serious attention to the rules only after credit card companies warned last December that they would begin assessing stiff fines for noncompliance this autumn. Since then, supporting the standard has become a major implementation issue. One of the big complaints from companies is that the requirements stipulate specific controls instead of broad security objectives.
"PCI effectively is a proprietary standard," said Colin Whittaker, head of security at APACS. Now, he added, the PCI council "wants to get wider engagement in place" to ensure that the security rules meet the needs of businesses worldwide.
"We need to make sure the standard remains relevant to the emerging threat environment," Whittaker said. "And we need to make sure that it is sufficiently responsive and appropriate to all markets where payment cards are used, because there are different threat profiles [in different regions]."
"There's a lot of pent-up frustration in the market about not being able to help shape the standard," said Avivah Litan, an analyst at Gartner. For instance, there is considerable confusion about when companies can use so-called compensating controls in lieu of the actual PCI requirements, she said.
Similarly, Litan said, companies are looking for better guidance on prioritizing the controls mandated by PCI.
The advisory board should be able to put pressure on the PCI council's executive committee to change the current situation, Litan said. But, she cautioned, the advisory board's charter doesn't touch upon PCI implementation and enforcement issues.
Currently, each of the five credit card brands has its own implementation, auditing and enforcement practices, and it's a huge challenge for businesses to keep up with all of them, Litan said. What's really needed, she said, is a way to rationalize the implementation of the PCI standard.
"The [advisory] board is a great communication vehicle," she said. "But there are some immediate problems that aren't being solved here."
2008 CIO Summit
19th August, 2008 Four Seasons Hotel, Sydney Developed in partnership with CIO Magazine, IDC, INTEP and the CIO Executive Council.
The world of the CIO is extremely complex and diverse. Multiple priorities demand attention and decisions are needed instantly. Individual teams need to be driven towards common goals, and businesses strive to become more mobile, agile and responsive. For CIOs, the challenge never ends.
Every year the CIO Summit identifies what is top of mind for CIOs across Australia and New Zealand, and offers insight for CIO benchmarking and vendor strategic planning alike.
Recent IDC research shows that over 59% of CIO's believe that 'to achieve their business strategies, technology should be used more aggressively than today.'
Join us on August 19th to discover how this is possible with the latest technologies including Virtualisation, Web 2.0, IP Surveillance and Software as a Service (Saas).
Click here for more information.
Please email Denyse_Robertson@idg.com.au for further information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
Information security governance: Centralized vs. distributed 05 September, 2008 10:15:00
Should security policies, procedures and processes be managed within a central body, or distributed at an individual level? You need to find the middle ground.The management of information risk has become a significant topic for all organizations, small and large alike. But for the large, multi-divisional organization, it poses the additional challenge of determining how to deploy an information security governance program among what are often disparate business units. Should the policies, procedures, and processes that define the program be developed and managed within a central, corporate body? Or perhaps responsibility would be better placed at the individual unit level? Is there a workable middle-ground? - +
DNS error brings Sophos antivirus updates to a halt 05 September, 2008 13:40:00
Optus, Internode and Equinix affected among others.A sporadic Domain Name Server (DNS) error has blocked Sophos anti-virus updates around the world. - +
Ouch! Security pros' worst mistakes 04 September, 2008 08:05:00
We've all done regrettable things on the job, but does any valuable wisdom come of it? Four security pros candidly explain their biggest blunders and what they learned in the processIt was a mistake so bad the person who made it asked that his name and company not be mentioned here. Let's call him Frank. - +
Security ROI: Fact or Fiction? 03 September, 2008 08:32:00
Bruce Schneier says ROI is a big deal in business, but it's a misnomer in security. Make sure your financial calculations are based on good data and sound methodologies.Return on investment, or ROI, is a big deal in business. Any business venture needs to demonstrate a positive return on investment, and a good one at that, in order to be viable. - +
Information Security and the Importance of Context 01 September, 2008 10:00:00
Those entrusted with information security must raise their contextual awarenessWhen the US Transportation Security Administration (TSA) was first created, it created a sudden need for tens of thousands of screeners. Getting a job as an airport screener was a pretty easy process. It seemed as though if you had a pulse, you were in. Jump forward to 2008 and becoming a screener is a bit harder as the TSA has instituted background checks, has upped the educational requirement to include a high school diploma or GED, and added other significant requirements.
Viva la Verticals! Key to Vendor Growth is Through Vertical Market Opportunities, Says IDC 05 September, 2008 11:05:00
F-Secure delivers fastest protection in the online world 04 September, 2008 16:50:00
Rogue security apps dominate Fortinet's Aug 2008 IT threat report 04 September, 2008 16:00:00
IntraPower Signs Deal with Australia’s Largest Service Station and Convenience Store Network 04 September, 2008 10:07:00
TANDBERG Begins Desktop Videoconferencing Roll-Out at New England Credit Union 03 September, 2008 16:01:00
|
||
|
||
|
|
||
|
Choices in Storage Architecture for Oracle Environments
Database systems have always been at the core of the IT landscape. Not only is storage an increasingly large cost component of database investments, but storage architecture can significantly and directly impact the performance, availability, and recovery of data. Read on to explore the interaction between Oracle databases and EMC and Network Appliance storage architectures.
Subscribe to CIO
