Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Human Resource Management

CONTENTS

advertisement 
30-08-2004 • VOLUME 7 • NUMBER 32 • £2.60
WWW.ITWEEK.CO.UK
19 CLIENT Intel boosts
Centrino wireless kit
23 NETWORK Top tips to
avoid WLAN interference
28 MANAGEMENT The case
for server-based computing
CONTENTS
ENTERPRISEWEEK
Lotus Workplace for teamwork 13
Why change an Oracle database? 14
Mono for dot-Net development 14
INTERNETWEEK
DTI advises firms on net usage 17
Will interactive TV help business? 18
Insider’s view of W3C web specs 18
CLIENTWEEK
KDE boosts free Linux interface 19
USB Flash storage and security 20
IBM serves up self-control chips 20
NETWORKWEEK
Service to control wireless LANs 21
Cheaper appliances for SSL VPNs 21
StealthWatch kit spots anomalies 24
MANAGEMENTWEEK
Councils get better CRM advice 27
Fujitsu Services chief interviewed 28
Outsourcing
and the law
A banking supervisory body has issued
free guidelines to help firms comply
with corporate governance rules if
they outsource work.
The Joint Forum guide emphasises
the need for due diligence when selecting partners, and advises firms to set up
risk management programmes to
address activities to be outsourced and
the supplier relationship. It suggests
both parties should have disaster recovery plans and regularly test backup.
In a separate move, the National
Association of Software and Service
Companies in India is to audit the data
security policies of its 860 member IT
service provider and software firms,
to reassure European customers that
offshore data will be protected.
The audit will be carried out by
consultancies such as PwC and Ernst
& Young and will lead to the establishment of a new security standard.
Offshore data, p4 Leader, p10
www.bis.org/publ/joint09.htm
Inside crimes reap millions
Madeline Bennett
T
he US Secret Service and security
body Cert last week urged firms to
tighten defences against employeedriven IT crime, after a two-year investigation provided extensive detail on staff fraud
in the finance sector.
The investigation by the two organisations analysed breaches carried out by insiders between 1996 and 2002, involving sums
of up to $691m. It found that 78 percent of
thefts were carried out by authorised users
with little technical know-how.
Despite banks’ investment in sophisticated anti-intrusion technology, most insiders were detected by more prosaic means,
such as “an inability to log in, customer complaints, manual account audits and notification from outsiders”. The most common way
for a firm to learn of an inside theft was
through its customers, who accounted for 35
percent of tip-offs.
The investigators said anomaly-detection tools, which register suspicious use of
applications, proved expensive and largely
ineffective.“It is likely that the detection and
SP2 awaits support tools
M
icrosoft last week issued a guide to
application compatibility testing for
Windows XP SP2 but remains months away
from delivering related tools. It is also experiencing problems with a key tool for delivering the 275MB of service pack code.
The problems mean that despite SP2’s
promise of added security, many firms are
delaying or shelving update plans and will
not install it until next year.
One consultant who has been working
with large sites on SP2 planning complained that partners have had little time to
prepare. “Microsoft has not been particularly clever about disseminating informa-
tion and people who have not turned off
automatic updates have a serious problem –
it breaks a lot of apps,” he said. Some experts
estimate that when SP2 is installed about
one in 10 applications will not work as
before; Microsoft lists more
than 40 such programs.
Last Wednesday, Microsoft released its Application Compatibility Testing
and Mitigation Guide but a
beta-test version of the
Gates: SP2
key to security
companies often focus on
assessment of this kind of
STEPS TO FIGHT STAFF CRIME
the wrong aspects of secinsider incident will conurity. “The technology
tinue to require manual
Log application use
exists to detect incidents
diagnosis and analysis for
or reduce risks,” he said.
the foreseeable future,” the
Restrict remote access
“But management needs
investigators conclude.
to stop worrying about
Instead, firms should
Increase internal audits
network intrusion detecfocus on improving poliTighten access controls
tion in the abstract and
cies and procedures in
start looking at it as part
areas such as password Source: Cert
of a business process.”
management, and logging
The US investigation examined 23 inciapplication use. Firms should also ensure
dents carried out by insiders. In one case, an
that at least two employees are present
investment bank employee altered data in
before critical data can be modified.
trading systems so he appeared as one of
Lynn McNulty of IT security certificathe bank’s top performers, when he had
tion body ISC2 supported the use of auditactually lost the firm more than $600m.
ing and monitoring to detect incidents.“But
Less than a quarter of the crimes were
many firms have not invested as much as
carried out by IT staff, and most exploited
they could in auditing tools and the human
weaknesses in organisations’ policies. In
capital to run them,” he added.
most cases, the crimes were carried out by
Firms are also advised to be cautious
authorised users using simple, legitimate
about remote access. Cert recommends a
commands – for almost half their username
layered approach, enabling remote access to
and password were enough.
non-critical data but only giving staff inside
the building access to critical data.
Outsourced security, p4 Identity theft, p5
Mike Small, European director of secu Nokia, p6 Leader, p10 Data theft, p20
rity strategy at Computer Associates, said
www.secretservice.gov/ntac_its.shtml
Windows Application Compatibility Toolkit
4.0 software, written for SP2, is not due until
October. Also, Microsoft has acknowledged
that SP2 breaks its own SMS 2003, often
used to deliver upgrades.
Though Bill Gates hailed SP2 as “a significant step” in securing PCs and Microsoft
cited analyst Rob Enderle advising buyers
“to apply it at your earliest opportunity”,
others are circumspect. Analyst firm Gartner advised testing PCs with chips that support the DEP function, designed to prevent
worms spreading via buffer overruns. AMD
has this support now but Intel will not provide it until October at the earliest.
NT4 plans, p5 Microsoft costs, p5
Firms wary of SP2, p9 Threats, p11
www.tinyurl.com/6l6wn
PDA boasts
VGA screen
Fujitsu Siemens’ new Pocket
Loox 720 has a 480x640
VGA resolution screen,
enabling it to be used
for apps that previously
required a laptop or
PC.The £325 + VAT
The 720
PDA runs Windows
has a camera
Mobile 2003 for Pocket
PC Second Edition and has WLAN and
Bluetooth capability. A 710 model at
£279 has a standard 240x320 screen.
Full PDA details inside, p8
NEWS INSIDE: SECURITY ID theft, p5 • NT4 Support, p5 • STORAGE NAS kit, p6 • NETWARE Linux, p8 • WI-FI Clients, p9 • INTEL Prices, p9 • SP2 Plans, p9
Related documents
CONTENTS
CONTENTS
FINANCIAL INTELLEGENCE
FINANCIAL INTELLEGENCE
Q's Mock CHM 456 'final exam' paper #1 – alkynes and alkylhalides
Q's Mock CHM 456 'final exam' paper #1 – alkynes and alkylhalides
2nd_Assignment,_IB_Distance_Learning_-_Copy
2nd_Assignment,_IB_Distance_Learning_-_Copy
F. EXAMPLE PROJECTS WHICH BEST ILLUSTRATE PROPOSED TEAM'S
F. EXAMPLE PROJECTS WHICH BEST ILLUSTRATE PROPOSED TEAM'S
Manager/School
Manager/School
Ch 1_1 sample outline notes
Ch 1_1 sample outline notes
Download
advertisement