|
Papers > Technology > Information Security
Featured Papers from Direct Essays |
|||
1. Social Security
|
|||
This is a preview of a paper to view the full text you need to signup and login.
Information Security |
|||
|
Security in business processes Friday 15th August 2003 A while ago I hypothesised about who might supply your security. ... One of the attractions of e*Xchange is that it can guarantee that sensitive company information is kept private and unaltered, as well as ensuring business transactions are conducted with known and trusted parties. ... 509) with an S/MIME and SSL-based security solution for ensuring data privacy, data integrity, trading partner authorization, and transaction non-repudiation. The e*Xchange Partner Repository acts as a repository for trading partner profile information - such as contact information, B2B protocols, message types, and security - as well as message information, which enables transaction auditing and non-repudiation. ... SeeBeyonds offering is an excellent example of how security is moving towards full integration in the business process layer. A standard approach to security Tuesday 20th May 2003 There are two problems with standards, particularly international standards, according to Willie List. ... It is worth considering in your approach to security management that there is an inevitable compromise between risk acceptance and operational necessity. ... When it comes to information security, a great many people are expecting ISO17799 to solve their problems. What is good about ISO17799 is that it is starting to raise operational security awareness in the boardroom. ... In fact, it could be argued that all ISO17799 does is formalise best practice for operating information technology systems into a universally consistent structure and that only a very small part of it is actually security per se. ... 800-26 proclaims itself as a Security Self-Assessment Guide for Information Technology Systems. ... The Guide aims to be generic - to be applicable to both private and public sectors, to all levels of management, as well as those individuals responsible for IT security at the system level and organisation level. ... Regulation is a way of life in the financial services industry and new rules such as Basel II (risk management and capital adequacy) and Gramm-Leach-Bliley (security and confidentiality of personal information held by financial institutions), usually fall relatively easily into their operations. ... In order to comply with Sarbanes-Oxley, companies should beef up their internal management and reporting controls that ensure integrity and security which will withstand audit. ... Many of the tools required to do security management do not address all the compliance touch-points - basically they address technical measures and seldom, if ever, produce any output that would help an executive or manager find compliance easier. ... Quality is probably understood more by quality professionals and by management than it is by the information security fraternity. ... They may assist with bigger business issues but organisations have to look at the whole picture, not pieces in isolation Security is a people problem - right? ... You do not have to be a security expert to understand security basics. ... There is a woeful lack of awareness campaigns in information security programmes. ... Where information security can differ is in the delivery. Is security a people problem? Talk to Dr James Backhouse who heads-up the Computer Security Research Centre at the London School of Economics. He will tell you that security is not about people but about behaviour. ... I would particularly like to know what secure binding they can offer on the information accessed along with the application. ... In a similar vein of risk management, Qinetiq, claim to have developed a new security framework. I am not sure how many frameworks the security industry actually needs, particularly proprietary ones, so hearing of yet another in itself is not compelling. From the description that Qinetiq give, I have a suspicion that what they have is less of a framework and more of a modelling tool that captures the environment and rationalises the way in which security is applied. ... SchlumbergerSema are another company addressing impact analysis of security implementation. What I like about their approach is that they view security as integral to business process transformation. ... Which, I think, is only partially correct Unless they are able to apply security that is contextual to the process steps, they are not offering a complete solution. How far their thinking actually goes is not clear from the information I have read, so a visit to their stand could be productive. |
|||
To link to this page, copy the following code to your site:
Paper Information |
|||||
Title: Information Security
|
|||||
Signup & Login |
|||||
If you don't currently have a login then Signup here |
|||||
| Pre-Written Papers | |||||
|
|||||
| Custom Papers | |||||
|
|||||
Copyright 2003-2008 doingmyhomework.com. All rights reserved.