- +
Your Guide to Good-Enough Compliance 17/05/2007 11:55:14
Legislative requirements are mandatory, but going the extra step is a business decision based on what makes business sense. When it comes to compliance, you can, in fact, be a little bit pregnantIn November 2005, Jason Spaltro, executive director of information security at US-based Sony Pictures Entertainment, sat down in a conference room with an auditor who had just completed a review of his security practices. The auditor told Spaltro that Sony had several security weaknesses, including insufficiently strong access controls, which is a key Sarbanes-Oxley requirement. - +
Your World. . . Hacked 02/10/2007 10:51:23
As your business becomes more collaborative and global, the risks to your company’s trade secrets rise proportionally. Fortunately, there are new strategies to protect the data that allows you to competeThe call to Bob Bailey, an IT executive with a major US government contractor, came on an otherwise ordinary day in October 2003. "Why are you attacking us?" demanded the caller, an IT leader with a Silicon Valley manufacturer. He wanted to know why Bailey's company had launched a denial-of-service attack against his network - +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Close Fast, Close Smart 26/02/2007 11:24:37
When it comes to closing the books, the benefits of speed are undeniable. And CIOs are uniquely positioned to help their organizations reap themAs long as they're meeting their regulatory reporting deadlines, most enterprises don't think a lot about closing their books more quickly.
Maybe they should start.
Increasingly, the speed with which an organization closes its books and reports its financial results is being looked at by practitioners, analysts and investors as a defining metric for evaluating whether the organization possesses the best possible processes and enabling technologies. And it turns out that many companies don't, even those making huge IT investments and supporting equally large IT departments. - +
Cracks in the Pharmaceutical Supply Chain 19/02/2007 14:22:09
Faced with a rising tide of counterfeit and mispriced drugs, pharmaceutical companies are turning to technologies such as RFID to better track medications through a convoluted supply chainAs an undercover agent with the US Drug Enforcement Administration and the Food and Drug Administration, Aaron Graham saw firsthand how counterfeit drugs can slip into the pharmaceutical supply chain. Graham, now VP and chief security officer for Purdue Pharma, once posed as the manager of an "institutional pharmacy" selling drugs at a discount to secondary wholesalers who were then supposed to sell them to nursing homes. Soon after he began, his phone started ringing. Dozens of smaller pharmaceutical wholesale companies were calling, desperate to buy his drugs. These secondary or "grey market" wholesalers scour the country and the world for low-price drugs they can sell back to major wholesalers for a profit. In addition to trawling for institutional pharmacies, some secondary wholesalers have been known to purchase counterfeit drugs from criminal organizations in places such as China, Thailand or Colombia.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Good for Business - Virtualisation in Perspective
A Report Card On Ubiquitous Mobility
Business Mashups: Build and deploy applications without the need for professional developers
Realizing the Value of Unified Communications
Implementing Virtualisation in a Global Business-Computing Environment
Unisys Infrastructure Management Suite
The Virtualisation Landscape to 2010
Comparing Multi-Core Server Virtualisation
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
The scope of the security breach disclosed this week by The TJX Companies is starting to make itself evident, with more than three dozen banks in Massachusetts alone now reporting that cards they issued have been compromised.
A spokesman for the Massachusetts Bankers Association said this afternoon that 40 of the MBA's 205 member banks have said they suffered card compromises as a result of the breach at TJX. That number is sure to grow as more banks report to the association, he added, noting that only about 60 have done so thus far.
In addition, the MBA spokesman said some of the banks affected by the breach have confirmed through credit card companies that the information stolen in the breach includes so-called Track 2 data taken from the magnetic stripes on the back of credit and debit cards.
Benson Bolling, assistant vice president of lending at the Alabama Credit Union in Tuscaloosa, also said this week that based on alerts from Visa U.S.A., Track 2 data appears to have been compromised in the breach.
Track 2 data includes account numbers, expiration dates and encrypted personal identification numbers, plus other information that card-issuing banks can include at their discretion. Its apparent inclusion in the breach at TJX provides fresh evidence that IT security remains fragile at some large retailers despite efforts by credit card companies to get them to better protect customer data.
Retailers are forbidden from storing such information under the Payment Card Industry (PCI) Data Security Standard being pushed by Visa, MasterCard International Inc. and other credit card companies. But many retailers continue to do so, often because their point-of-sale systems capture and store the data by default.
Bolling said Alabama Credit Union is recalling and replacing about 2,900 Visa debit and credit cards after having received the alerts from Visa about card information -- including Track 2 data -- being compromised in a retail breach. The alerts didn't identify the affected retailer, Bolling said.
TJX said last week that an "unauthorized intruder" gained access to its systems in mid-December and may have made off with the card data of an unspecified number of customers in the U.S., Canada and Puerto Rico, and possibly in the U.K. and Ireland as well.
The retailer, which owns chains such as TJ Maxx, Marshalls and Bob's Stores, didn't disclose the number of shoppers that may have been affected by the breach, saying that the full extent of the data theft "is not yet known."
Ben Cammarata, TJX's chairman and acting CEO, said in a letter to customers on the retailer's Web site that company officials were "extremely disappointed" when the intrusion was discovered. TJX has since hired both IBM and General Dynamics to help it evaluate the extent of the data compromises and implement unspecified security upgrades designed to better protect its systems.
In a statement released yesterday, Daniel Forte, CEO of the Boston-based MBA, criticized what he said was TJX's characterization of itself as a victim of the data breach, "when what it appears they may have been doing is capturing data that is unnecessary."
Computerworld Member Login
Beyond Virtualisation - The Roadmap to 2012
CIO Breakfast Briefing
8:30am - 10:30am
Brisbane | 22 July | Sofitel Brisbane
Sydney | 23 July | Four Seasons Hotel
Canberra | 24 July | The Hyatt
Attend and discover:
- What happens after virtualisation
- The benefits automation drives
- When automated infrastructures will emerge
- What the roadmap to 2012 looks like
- How to deliver an automated architecture
- How to maximise your investment in virtualisation
- +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future. - +
Data Management Edition #9: Data centre makeover 24/04/2008 07:43:06
This week CW Live looks at the death of the old style data centre which is undergoing its first makeover in more than 30 years.
Zepto release the Mythos, the 2nd installment in the Centrino 2 refresh 2008-07-09 12:05:00+10
Symantec Data Protection Solutions Preferred by Users and Industry Experts 2008-07-09 11:56:00+10
Residential VoIP: Let’s Get Naked, Declares IDC 2008-07-09 10:43:00+10
Frost & Sullivan: Australia’s Mobile Advertising Spend to Grow 300 Per Cent in 2008 2008-07-09 07:57:00+10
DIARY ALERT - Symantec data leakage prevention seminars 2008-07-08 17:20:00+10
Reducing risk through requirements driven quality management: An end-to-end approach
An effective requirements management system must help both business analysts and quality managers meet their commitments with limited resources and in the face of inevitable change. Read on to discover a better business approach to quality management.
