Have you got the 7 security essentials in your budget?

Warwick Ashford | No Comments | No TrackBacks
| More
Mobile and cloud security services firm Neohapsis has published a list of 7 essential elements in any security budget. 

There is little surprise to see perimeter defences, spam and email content control, and anti-virus, anti-spyware and anti-malware on the list. 

These are the basics and they are still important. 

However, the list does include data leakage protection and internet access control, which several reports in recent months indicate are not in every company's security budget. 

Fewer companies still have patch management on their list, despite the fact that this alone could eliminate a fair proportion of threats as attackers increasingly target applications. 

Companies continue to be affected by malware that exploit patched vulnerabilities. Proper patch management would take care of this problem. 

Perhaps the most interesting item on the list is secure build. Only a few companies understand the value of security by design, DigitalBodyGuard founder Jon McCoy told me recently in an interview.

Businesses can increase data protection and decrease costs by baking in information security from the start of any IT project, he said. 

McCoy says security needs to start when businesses set the goals and plan the day-to-day workflow a new IT system will accomplish.

"Companies that are doing security well typically conduct regular security reviews, include security at the planning stages of all IT projects, and do iterative security testing," he said. 

How does your company's budget match up?

Mobile, social, cloud and big data spell more money for IT, says Software AG

Bill Goodwin | No Comments | No TrackBacks
| More
Roos2.jpgMobile computing, social media, cloud and big data, are top of CIOs priorities says Software AG COO.

The four forces of social media, cloud, mobile technology,  computing and big data, are at the top of  business leaders right now, says Darren Roos, Chief Operating Officer of Software AG.

The topic was one of the key themes that came out of Software AG's user conference, Innovation World in October 2013.

CIOs, for example, snapped up business cards from  9 start-up firms offering technology based each of these four forces, said Roos

And as these technologies come into play, companies will spend more on IT, rather than less, Roos argues.

He talks about research presented by private equity firm, Andressen Hororwiz, which shows that that IT budgets rise with each new wave of technology.

"What is going to happen is more money is going to drift to technology. When that money is going to be spent on innovation and competitive advantage, its going to be easier to get that spend," he says.

That spend may not come from the IT department - it could equally come from marketing, or HR or other parts of the business.

Software AG's focus is on supplying the middleware technology that will make this innovation possible - what Roos calls the innovation and agility layer.

Innovation is likely to drive more Software AG technology acquisitions over the next 12 months.

But that is unlikely to include Business Process Management or Enterprise Service Bus technology: "We believe we are the best in the market," he says.

"We certainly will continue to make acquisitions. We live in a world where you are either being acquired or you are acquiring. The market will continue to consolidate," he says.

Software AG's markets are likely to remain static, but the company plans to grow by taking market share from competitors.

It claims to be the market leader in South Africa and German for business process modelling, management and integration.

That leaves plenty of potential market share to capture in other geographies.

"We are seeing growth globally in our business process engineering business. The growth we are seeing is outpacing the market, because we are able to win market share from other businesses," he says.

His advice to CIOs, as business clamour for new technologies, is to focus on business value.

"Do it incrementally, step by step, and focus on how the business sees value. Don't do it for the sake of technology," he says.
Enhanced by Zemanta

The Value of Benchmarking when Choosing an IT Solution Provider

Bill Goodwin | No Comments | No TrackBacks
| More

In this guest blog post Vaughan Shayler explains how a benchmarking initiative by

CompTIA, a non-profit making trade association which advances the  interests of IT professionals and IT companies, can help IT departments gain confidence in choosing the right IT supplier.


 

We live in a referral-based world. Whether you're researching a new smartphone or tablet, Vaughan_  Shayler_Comptia.jpgseeking a new day-care provider for your children or looking for a house cleaning service - you want to be sure you're making the right decision. If we hire someone, we look at their qualifications; if we buy a computer, we look for trusted brands and read reviews.

 

CompTIA is aiming to allow the world of ICT to do the same, by providing an internationally recognised benchmark which shows solution providers meet an industry approved level of service and professionalism.  We have worked closely with IT companies and solution providers to agree various best practice standards, and developed methods to validate these.

 

The result is two levels of business Trustmark. CompTIA's IT Business Trustmark validates an ICT business' basic demonstration of sound business practices and its ability to provide quality service. The Accredit UK Trustmark+ takes things up a level as an advanced, fully audited standard providing the logical next step for ICT businesses seeking to position themselves for growth.

 

CompTIA business standards are available for a wide range of ICT businesses including those providing communications infrastructure; software product design and development; ICT consultancy; solutions and support; and e-media and e-commerce. They are designed to help the companies themselves prove their abilities and help those outsourcing IT services to identify people to work with.

 

Companies that hold the CompTIA IT Business Trustmark have successfully navigated a process that digs into their internal operating procedures, reviewing their service agreements, systems and tools for delivering their services. These companies have demonstrated sound business practices and an ability to provide quality service.

 

Mark Lambert, technical director at Bear IT - a company that has held the IT Business Trustmark for nearly a year now - said the Trustmark has boosted the company's reputation. "This whole process has enhanced our current certifications and shows our customers that we are a committed IT company," he said.

 

Companies that hold the Accredit UK Trustmark+ have gone through a fully audited process that includes examination of organisational management, company direction, business generation, service delivery, operations and customer relations. These companies have passed the audit by showing their ability to develop and deliver best-in-class ICT solutions and services to their customers and prospects.

 

Tracy Pound, managing director at  MaximITy, first pursued the Accredit UK Trustmark+ designation as a means of differentiation. "It sets me apart from my competition, demonstrates that I'm serious about running a professional business in a professional way, helps ensure that I have a structured and measured approach to growth and makes me accountable for what I do to an external body," she said. MaximITy has held the Accredit UK Trustmark+ for over three years.

 

The confidence that having an independent benchmark inspires is a two-way street. "In addition to the customer or prospect taking confidence from us having this credential, our own confidence grows in knowing that we're externally audited and can prove that we have a structured approach to client work that is to the benefit of the client," Pound said.

 

More than 150 ICT companies have attained either the IT Business Trustmark or the Accredit UK Trustmark+. A complete list of credential holders is available on the CompTIA Trustmark Directory.

 

 

Vaughan Shayler is director, channel strategy at CompTIA.


How colour can influence the success of your website

Bill Goodwin | No Comments | No TrackBacks
| More
Nathalie_Nahai.jpgThanks to Nathalie Nahai, The Web Psychologist, for this guest blogpost.


You don't need to be a designer to understand the impact that colour can have on first impressions.

Whether it's the eponymous woman in red (from Little Red Riding Hood to Number Six, the dangerously seductive Cylon), or the allure of a wide expanse of blue (open skies from our ancestral savannah), the power of colour has long been documented in our offline world.

Although colour meanings can vary dramatically from culture to culture, if I asked you to think of a sexy, hot, aggressive colour, chances are you'd think of red. And if I asked you to call to mind a soothing, cool colour, you might think of blue. It's a simple association exercise, but one that hints at what a growing body of research is discovering: that colour can have a profound influence on our emotional, psychological and even physiological state.

Online, the impact is no less striking. The difficulty is finding a comprehensive, silver-bullet theory that realistically covers effective colour use, simply because the reality is far too complex to be reduced to such terms. The fact is that when it comes to persuasive colour use online, there are a multitude of variables you must consider if you are to communicate your message persuasively.

Everything from your cultural context (such as your age, ethnicity and gender) to your psychological makeup (learned associations) can influence the way in which you interpret and respond to colour. And with an increasingly global audience, knowing which colours to use when designing a website can be tricky at best.

There are a few rules of thumb you can follow, however.

For instance research has shown that using blue as the predominant colour for a website can elicit feelings of trust and security, which may be why it has become de riguer for so many financial institutions (especially given the current economic climate). What you may not know is that the colour blue can also warp our sense of time, making websites on slow connection speeds appear to load more quickly.

Yellow, on the other hand, is best avoided in web design, especially when considering it as the dominant colour for e-commerce sites - it's one of the few colours that appears to be ubiquitously disliked regardless of culture or creed.

There are of course always exceptions, and when it comes to designing for a particular audience your best bet will always be to do your research first and reflect the preferences of your target market. But whatever your message, one thing is certain - colour has a powerful way of communicating meaning.

Getting that meaning right is up to you.


Nathalie Nahai is an award-winning speaker, Web Psychologist, and author of 'Webs of Influence: The Psychology of Online Persuasion'.




Groundhog Day for Data Protection

Warwick Ashford | 1 Comment | No TrackBacks
| More

With the ongoing breaches of personal data by public sector organisations and resultant calls by the privacy watchdog for greater penalties, it seems the UK is making no progress on data protection.

Just this week the Information Commissioner's Office (ICO) issued a monetary penalty of £120,000 for losing an unencrypted non password protect USB memory stick containing sensitive personal data.

Have UK data handling organisations learned nothing in the past five years?

"We are seeing the same pattern we did in the run up to the HMRC data breach in 2007," says Stewart Room, partner at international legal firm Field Fisher Waterhouse.

He believes the increasing monetary penalties against public sector organisations like the Greater Manchester police are the first rumblings ahead of another major data breach.

It remains to be seen whether there will be another data breach that will equal or exceed the HMRC fiasco, but the ongoing breaches nonetheless prove that UK data protection is not getting better.

Did the government's data handling review after the HMRC really achieve anything?

In many senses, the data handling review appears to have had an effect that did not last much more than a year, according to Room.

"The fact that organisations like the Manchester Police are still storing sensitive data on unencrypted USB memory sticks indicates that they are slipping back into bad practices; the data handling review seems largely forgotten," says Room.

He suspects we could be on the verge of another HMRC-style data breach because history appears to be repeating itself in terms of data protection, but how bad will it have to be to make a real difference?

The ICO argued long and hard for the monetary penalties, but they seem to be making little impact. Is there any point in continuing the way we are, simply waiting for HMRC-2, or is it time to do something completely different, before there is another major data breach?

Fortunately the HMRC breach so far does not seem to have had any devastating effect on the lives of the people whose data was lost, but that may not be the case next time around.







BYOD versus BYOL (Bring Your Own Lunch)

Bill Goodwin | No Comments | No TrackBacks
| More
A guest blog post from Adam Stringer, IT expert, PA Consulting GroupAdam_Stringer_PA.jpg
 
As someone who regularly struggles to bring my own lunch to the office (despite numerous New Year's resolutions and Tupperware p
English: iPad with on display keyboard

:iPad with on display keyboard (Photo credit: Wikipedia)

urchases), I have to confess that I think I may be some way off bringing in my own device.
 
On a recent training course, I opted to travel light by taking my own iPad and leaving the laptop at home. To my surprise, I was able to survive.  I am also certain that the technology will come of age.

The trouble is that enabling the technology is only a small part of the change required.  Much like bringing your own lunch, it sounds good in theory but can be problematic in practice. I draw some comparisons from my recent experience:
 
You need to set aside preparation time

Preparing my lunch for the next day requires a bit of thought, not least trying to work out what I think I might want to eat by the time midday comes.

Similarly, when I packed my iPad instead of my laptop, I had to think very carefully about the work I would be doing the next day.

Would I be able to access everything that I need? What would I do if someone asked me to work on a document that my iPad wouldn't be able to load?
 
It might taste a bit different

In the same way that I am not capable of rustling up a coffee shop-quality chunky soup, there are differences between my own device and the corporate offering.
Lunch

Lunch (Photo credit: munir)



I found myself pining for my trusty laptop on more than one occasion in order to do just that little bit more.
 
You have to find a suitable container

When using your own device, you need something to 'contain' the IT services on the device to allow them to be used securely.

Much like my collection of Tupperware, your company needs to select the right one for the job. Without a container, you are really limited to basic webmail (or soup all over the inside of your work bag).
 
Everyone else's looks better than yours

As I place my carefully crafted delicacy in the fridge, I often find myself envious of the leftover tagine with couscous occupying the top shelf.

As organisations move to BYOD, will this spawn a new wave of device envy? Someone on the training course has brought with them their iPad 3. I already feel inferior - no one judges or takes any notice of my trusty laptop!

 
From the outset, BYOD seems like a great idea. But as with many things, there are a few obstacles that I need to overcome, even when the technology is available.
 
Enhanced by Zemanta

Twitter can be dangerous to business: sport celebs show why

Warwick Ashford | 1 Comment | No TrackBacks
| More

Twitter and other social media are increasingly popular in business, but sports celebrities have shown just why business users need to be careful and think before they tweet.

Most recently, Rio Ferdinand referred to Ashley Cole as a 'choc-ice' in a tweet.  The comment immediately attracted attention, with some interpreting the use of the term as racially insulting. 

In June, Dai Greene, Team GB's athletics captain at London 2012, caused controversy when he used the term 'gayest' in a Twitter exchange with Martyn Rooney, a fellow athlete.  Greene was quick to delete the tweet, but comments were already in the public domain. 

Greene escaped a disciplinary sanction, but it has nevertheless forced Team GB to remind all of its athletes that Twitter, and other social networking media must be used responsibly.

Both of these cases highlight the need for organisations to have in place policies and procedures for preventing inappropriate use of social networks. 

Law firm Thomas Eggar has released some guidelines for athletes that could apply equally to all users of social media. Businesses would do well to include such guidelines in their social media policies for employees.

1.    Defamatory comments posted to Twitter are treated in the same manner as those made in any other published medium.  They can, and have, been used as the basis of court action in libel and defamation claims.

Lalit Modi learned this lesson the painful way when he posted a tweet accusing former New Zealand cricketer Chris Cairns of match fixing. Modi had to pay over £1,090,000 in damages and legal fees to Cairns following his allegation on Twitter.

2.    The way in which a tweet or comment is interpreted may not be as expected or intended.  To avoid the possibility of negative interpretations, Twitter needs to be used responsibly, with tweets being read objectively prior to posting. This can be difficult, particular when emotions are running high, but due consideration must be given to the context and timing of comments.

Response to Rio Ferdinand's tweet about Ashley Cole illustrates the point.  Although the Manchester United player claims not to have used the term in a racist sense, it has been construed by some to have racial connotations. It has also resulted in a complaint to the Metropolitan Police and the possibility of an FA investigation and subsequent disciplinary action by the governing body.

3.    Governing bodies will take action where Twitter is deemed to have been used inappropriately.

Ryan Babel found this out following his criticism of match referee Howard Webb, when the FA fined him £10,000 in January 2011. This was the first high profile disrepute charge being brought against an athlete for in appropriate comments and it set a precedent. 

From the above examples, it is clear that the consequences of ill-considered social media posts are real and can be extensive.

Perhaps one of the most important thing to note is that once something is posted, it is out there and can come back to bite the individual who posted it or their organisation, even it if is deleted.

Will you be cut off from the Web today?

Warwick Ashford | No Comments | No TrackBacks
| More



An estimated 20,000 PCs in the UK could be cut off from the web today as a consequence of the DNS Changer virus.

Infected machines will no longer be able to access websites, e-mail, chat or social networking sites such as Facebook.

Worldwide, 350,000 computers could lose web access because of the DNS Changer virus, the FBI has warned. 

In 2011, an international group of law enforcement agencies, including the FBI, arrested the group operating DNS Changer malware botnets. But hundreds of thousands of computers remain infected and are currently using interim systems set up by the FBI to access the internet.

But today, all computers still infected with DNS Changer malware will no longer be able to access websites, e-mail, chat or social networking sites such as Facebook, when the temporary systems will be disabled because of high operating costs.

To check if a computer is affected and find out what to do about it if it is, visit the DNS Changer Working Group site: www.dcwg.org/detect/ and follow the relevant links.

Enhanced by Zemanta

ICO to lift veil on "cookie" warning letter

Warwick Ashford | No Comments | No TrackBacks
| More

For at least the past year, the ICO has maintained that its enforcement of the "cookie" law will be complaint-led, but in the past week it has fired of what have been described as "nasty letters".

With just days to go before the expiry of the year of grace the ICO gave UK organisations to comply with the law, the ICO appears to have changed tack.

Just last month, the information commissioner Christopher Graham said the ICO would be responding to complaints about organisations that are not following the rules, but now it is issuing letters, giving high-traffic websites 28 days to show what they are doing to comply.

From 26 May 2012, websites need to obtain users' opt-in consent first if they want to install cookies that pass on information about browsing activities to third parties, or risk action by the ICO either in the form of a monetary penalty, or more likely an enforcement notice.

Why in the final days of the grace period, has the ICO switched from the complaint-led approach to what is tantamount to a far more aggressive from of sabre-rattling? Is this an attempt to catch a high-profile website with its pants down so the ICO can whip it into line as an example?

Far from it, the ICO would have us believe. According to the watchdog's press office, the letters are about reaching out to organisations that may not have had much contact with the ICO before and sites that the public may be concerned are not complying with the UK law on the use of cookies that derives from an amendment to the EU's Privacy and Electronic Communications Directive (PECD).

By the weekend deadline for UK organisations to comply with the cookie law, the ICO says it will publish on its website the template of the letter it has sent out as well as the names of the 50 high-volume websites that were targeted.

Assuming that all will be revealed, the question remains: Why is the UK the only EU member state that is demanding to see what website owners are doing to comply with the cookie consent requirement of the PECD?

Enhanced by Zemanta

Autonomous car: A Security risk?

Warwick Ashford | No Comments | No TrackBacks
| More

Google is set to step up its road testing of the company's autonomous cars now that the vehicles have passed the Nevada driving authority test, but security experts warn of potential dangers.

Science fiction could soon become science fact thanks to investment by Google, and competitors, including car manufacturers and defence firms.

But autonomous vehicles aside, research firm Frost and Sullivan estimates that ordinary cars will soon need up to 300 million lines of software code.

As cars become increasingly connected, it exposes the automotive industry to the same threats as any other consumer device, warns Raj Samani, chief technology officer for Europe at McAfee.

While cutting edge advancements in technology could result in some impressive innovations, like driverless cars, he says, the industry must ensure that it is thinking about the security implications.

"For example, the first remote keyless entry systems did not implement any security and were easily compromised. As more and more digital technology is introduced into cars, the threat of malicious software and hardware manipulation increases," he said.
 
Wireless devices like web-based vehicle-immobilisation systems that can remotely disable a car could potentially be used maliciously to disable cars belonging to unsuspecting owners, said Samani, citing a recent case in Texas where 100 vehicles were disabled from a remote disable system.

The system had been installed by the car dealership, but was maliciously manipulated by a disgruntled former employee who remotely disabled the cars and wreaked havoc by setting off the car horns.

Enhanced by Zemanta






Computer Weekly: Download in-depth profiles on leading IT suppliers

Bill Goodwin | 1 Comment | No TrackBacks
| More

Computer weekly has produced a series of in-depth profiles on leading IT suppliers and consultants, to help IT professionals in their due diligence research.

These in-depth reports  will  bring you up to speed with each organisations place in the market, its product range, its financial performance and the competitive challenges that it faces.

Each report covers:
*Overview of the company
*Analysis of company strengths and weaknesses
*Analysis of the competitive challenges it faces
*Strategy and future direction
*Financial performance
*Analysis of key products
*Place in the market
*Key directors and company contact addresses

The reports, packed with graphs and diagrams, and independently written and researched, are essential reading for any organisation thinking of partnering with a major IT supplier.

You can down load the reports free of charge by signing-up to Computer Weekly:



Accenture

 CA Technologies

 Capita

Dell

EMC

Fujitsu

Hewlett Packard

Oracle

 SAP

Symantec

 

 

SAP storm in a teacup?

Warwick Ashford | No Comments | No TrackBacks
| More

News that SAP UK and Ireland is to get a new managing director for the third time in three years has sparked speculation about what appears to be a high rate of churn.

But the fact of the matter is that out-going MD, Steve Winter, has been deployed elsewhere in SAP, albeit just six months of being appointed to the role.

Winter is to head up a newly-created HR Solutions team as part of SAP's drive to ramp up business around its nascent Hana in-memory technology, cloud and mobile offerings.

His predecessor, Tim Noble, was also redeployed within SAP to oversee the company's emerging markets in Europe, Middle East and Africa in July 2011.

The departure of an MD is also hardly a major management change, so presumably all customers' points of contact and relationships with SAP will remain unchanged.

"Everyone is reading too much into this," SAP commentator Ray Wang, principal analyst and chief executive at Constellation Research told Computer Weekly.
 
"In the larger sense, a company as large as SAP has to move its resources around based on sales priorities which at times maps to customer priorities and internal goals," he said.

Paris-based Fred Hessabi, SAP general manager of Europe, Middle East and Africa, will act as interim MD for SAP UK & Ireland until Winter's successor is appointed.

Hessabi fulfilled that same interim leadership role following Noble's re-deployment and Winter's appointment in August 2011.

Whether or not Winter's departure from the UK MD role is due to more than a simple redeployment remains to be seen, but it seems more likely that all the speculation it has provoked will, in hindsight, be little more than a storm in a teacup.

Enhanced by Zemanta

Getting the message across with social media

Bill Goodwin | No Comments | No TrackBacks
| More

In this guest blog, Windsor Holden, research director of telecoms analyst group, Juniper Research, gives his take on the debate on social media, at Computer Weekly's 500 Club for IT leaders.



Windsor_Holden_Juniper_Research.pngHe was not, Dave Britton wanted to stress, responsible for the weather. As Press Officer for the Meteorological Office, his role is primarily to disseminate information about said weather, rather than to cause the rain which was teeming down onto the roof of the Davidson Building in Southampton Street where Computer Weekly was hosting the latest in its CW500 sessions.

Well, these days we no longer shoot the messenger, although - since the public has a tendency to view the Met as God's representative on Earth viz a viz the weather -  the temptation may be very great. (Particularly when the weather was very, very bad indeed.)

Instead, we sat back and listened to David outlining the Met's strategy on social media. Essentially, he said, the Met "wants to be recognised as the best weather service in the world, respected for our climate science on the international stage... we need a communications strategy enhancing, promoting and protecting the brand of the Met Office".

Social media, he continued, had allowed the Met to put the weather at the heart of everything it did. The organisation's engagement with social media had begun around three years ago, when it spent around five months "just listening to what people were talking about [on social media] and where our audiences were likely to be."

This led into the Met's first forays into Twitter, by delivering weather warnings; this was followed - over a period of 18-20 months - into developing two-way conversations via Twitter, engaging with critics: "taking notice of what they were saying, providing them with more positive stories". Finally, it involved "creating content that people want to share".

As a result, the Met now has around 140,000 users of its social media platforms: Dave said that "although our range is huge through Twitter, with Facebook you see the most engagement".

Dave was followed by Warren Buckley, Managing Director, Customer Service and Service Operations, BT Retail. Warren said that BT's social media journey also began around three years, and was in part instigated by Mike Skinner - he of popular beat combo "The Streets" - who had complained on Twitter about the failings of his BT Vision service.

Sensing an opportunity, BT created a Twitter account, contacted Mr Skinner, resolved his concerns, dried his eyes, mate (you see what I did there?) and lo, Mr Skinner, tweeted back to BT (and to his thousands of followers) that BT Vision was fantastic, and that he loved the product.

Finally, David Cotterill, Head of Innovation, Department for Work and Pensions,  outlined how his organisation had sought to use social media to crowd-source ideas from its staff. DWP employees were invited to put their ideas onto the "DWP Idea Street", for which they would receive virtual currency. This currency would also be doled out to those who subsequently commented on those ideas.

Next up, staff were invited to recruit team members from across the organisation would could, effectively, receive shares in the idea for their participation in the project: if an idea was carried through to completion, the shares paid out more virtual currency; if it bombed, they lost currency.

And then, folks, there were canapés.

Outside, after the canapés, it was still raining.

But I didn't blame Dave.


Full report: The business case for social media


More from the CW 500 Club


Browse the latest research from Juniper Research in the Computer Weekly library

 

40 years on: Why Unix standards still matter.

Bill Goodwin | No Comments | No TrackBacks
| More

A guest blog post from Andrew Josey, Director of Standards at The Open Group.

 
It might be as old as the moon landings, but the UNIX operating system is still as relevant today as it was back in 1969.

Andrew_Josey.JPGAt 43 years old, it is older than the microprocessor, the PC, and even the video display terminal, and few software technologies since have proved more durable or adaptable than the UNIX operating system.

At the heart of this durability lies its stability. Since 1995, any operating system wishing to use the UNIX trademark has had to conform to the Single UNIX Specification, a standard of The Open Group.

Standard programming interfaces are an integral and scalable foundation on which today's Unix infrastructure is built; from embedded systems, mobile devices, internet routers, servers and workstations, all the way up to distributed supercomputers.

As well as the server systems from HP, Oracle, IBM, Fujitsu, Silicon Graphics and SCO Group, and the desktop systems from Apple, Unix  also provides portability across related operating systems such as Linux and the BSD systems, and many parts of the standard are present in embedded systems.

The Single UNIX Specification ensures compatibility across all these platforms by providing a level of openness. Applications written to the standard can be easily moved across a wide range of platforms because it establishes a baseline of core functionality above which suppliers can innovate.

The standard enables suppliers to focus on offering added value, while providing guarantees about the underlying durability of their products.

And, when you consider that the UNIX interfaces have found use on more machines than any other operating system of its kind, having a single, maintained standard is incredibly important.

Backed with certification, the UNIX standard enables customers to buy with increased confidence, and this not only assists with application portability but also programmer skills portability.
 
The open source movement has brought new vitality to the UNIX tradition and the community of users of the UNIX standard is now wider than ever, including commercial vendors, related operating system developers such as Linux and BSD, and an entirely new generation of programmers.

Over forty years since it was created, and UNIX is still here, long after Buzz Aldrin and Neil Armstrong hung up their moon boots. And, with the proper standards in place to protect it, there's no reason why it shouldn't double those innings.


UNIX is a registered trademark of The Open Group


Download the Single Unix Specification


You can download more resources from the Open Group from the Computer Weekly Research Library. Topics include cloud computing, enterprise architecture, TOGAF, and security.



Time running out for many UK firms on the cookie law

Warwick Ashford | No Comments | No TrackBacks
| More

With under a month-and-a-half to go before a major new EU law comes into force governing website cookies, it is surprising that 95% of UK companies have yet to comply, according to a survey of 55 UK organisations by consultancy KPMG.

It is surprising for two reasons: one, any organisation that is not compliant by 26 May will risk a fine of up to £500,000 and two, UK organisations have had a year to prepare.

The regulation on the use of cookies derives from an amendment to the EU's Privacy and Electronic Communications Directive, and although the EU directive came into force on 26 May 2011, the UK's Information Commissioner's Office (ICO) gave local businesses 12 months to address the new regulations and "get their house in order".

The ICO even went as far as publishing a set of guidelines and setting a good example by making sure that the watchdog's own website was compliant very early on.

The directive becomes enforceable UK law from 26 May 2012. From then on, websites need to obtain users' opt-in consent first if they install cookies that pass on information about browsing activities to third parties. Non-compliant websites may be subject to a fine.

Yet the KPMG analysis showed a surprising lack of compliance with only one asking specifically for opt-in which is the key requirement of the directive. Two sites did not use any cookies at all.

This means that the majority of UK organisations need to do a substantial amount of work to their websites.

But with fewer than 50 days to go, time is running out, said Stephen Bonner, a partner in the Information Protection and Business Resilience business team at KPMG.

"While the majority of the websites we analysed made a reference to the use of cookies under either the terms and conditions or specific privacy policies, and some also state how the cookies are being used, this is not enough to ensure compliance with the directive," he said.

According to Bonner, organisations now need to focus their efforts on establishing an inventory of their web sites and the cookies currently in use, before evaluating their purpose and establish a pragmatic plan to ensure compliance before the deadline.

The KPMG review revealed that, in addition to the one site already asking specifically for opt-in; only two sites mentioned that they are currently being updated to become compliant before the deadline.

Helpfully, KPMG has drawn up five tips for organisations to ensure full compliance:


1. Perform a review of the use of cookies on your website
2. Evaluate the information obtained from any cookies currently in use, and whether this information is paramount for your organisation
3. Start adding consent requests to cookies related to logon, registration and other similar processes
4. Create a plan to expand this activity to the remainder of your website
5. Don't waste any more time: Make sure you know which cookies your sites uses, understand the applicability of the law and seek legal counsel if required and have a concise schedule to make your website compliant







One tweet is all it takes

Warwick Ashford | No Comments | No TrackBacks
| More

User education and awareness training are important elements of information security, most infosec professionals agree, but most o alsadmit their organisations are not investing enough in these areas.

This was one of the many interesting revelations at this month's Rant for infosec professionals hosted by Acumin Consulting and the NCC Group in London.

The topic was social media governance. The reason organisations need to pay attention is encapsulated by US business magnate Warren Buffet, is reputed to have said: "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that you'll do things differently."

And since the advent of social media, destroying a reputation has never been easier. Services such as Facebook, Twitter and YouTube are very easy to use. Within an instant, anyone can publish anything.

Add to that the fact that publication is effectively worldwide and, in many cases, cannot be withdrawn or destroyed. Once published, content can live for years online in obscure archives.

One tweet is all it takes, said one infosec professional to general agreement of the assembly who recounted several examples of notorious social media postings by people about their employers.

Social media governance is therefore essential, but someone suggested that the last thing most companies need is another policy.

"What has worked for us, is consolidating as many policies as possible to bring all the key messages together," he said, in combination with continuous engagement using innovative methods.

Barclays Bank, for example, has used a series of short comedy videos that both entertain and inform. Traditional channels like newsletters and emails are less likely to capture the imagination and encourage better behaviour.

"Keep it simple, but do not expect behaviour to change overnight. It needs to be reinforced continually," the speaker added.

Social media governance, it was agreed, is about people. It is a long-term process. Infosec professionals need to communicate with users; explain to them the consequences of their actions, and most importantly show them how to do what they need to do in a way that does not pose a risk.

But because social media is accessible to all age groups, it was also agreed that educations needs to start at school. While some infosec professionals said they were engaging with schools, it was agreed that there was room to expand this.

The Rant ended on an interesting proposal: Considering members of the younger generation are "digital natives" perhaps today's professionals should be looking to them for a solution.

"We should ask these digital natives what they would do to solve the problem," it was suggested.

Enhanced by Zemanta

Supercomputers: a Computer Weekly sponsored lecture

Bill Goodwin | No Comments | No TrackBacks
| More
Computer Weekly is sponsoring a lecture at the House of Lords on 18th of April by Hans Werner Meuer, Europe's leading expert on high performance computing.

Professor Meuer is Chair of the International Supercomputer Conference, held in Germany, each year, and is the co-founder of the influential TOP 500 Supercomputer list.

The lecture has attracted IT professionals from major supercomputer centres in the UK, the UK government, and Japan.

Plans for the first UK supercomputing conference are expected to be announced at the event along with the creation of a special interest group in supercomputers at the British Computer Society (BCS).

There are a number of places for the event for Computer Weekly readers. More details below.


"Supercomputers-Prestige Objects or Crucial Tools in Science and Industry"

 

The 2nd Lorraine King Memorial Lecture

will be given by

 

Professor Dr Hans Werner Meuer, University of Mannheim and Chair, the International Supercomputer Conference 2012

at

The House of Lords

Committee Room G on Wednesday 18th April at 1900

 

Professor Meuer is Chair of the International Supercomputer Conference, and is Europe's foremost expert on Supercomputers

He has grown the ISC, held in Germany annually, from less than 100 delegates to over 2,500 last year. With Jack Dongerra

he helped to devise the TOP 500 Supercomputer list published twice annually.

 

The event is hosted by Professor the Lord Laird of Artuigarvan, a former computer programmer and sponsored by

Kevin Cahill FBCS.CITP and Computer Weekly   

 

It is hoped that the first UK supercomputer conference will be announced at the event and that the Supercomputing Specialist Group of the

BCS will be formed.

 

Places are very limited and will only be offered on a first come first served basis. Entry is by ticket only and is free.

Booking .Please contact Kevin Cahill e mail;  ros@globalnet.co.uk to book, (Mob 07787176706) enclosing your full postal address.


New EU Cybercrime Centre to be set up in The Hague

Warwick Ashford | No Comments | No TrackBacks
| More

As expected, the EC has announced plans to establish a European Cybercrime Centre to help protect European citizens and businesses against these mounting cyber-threats.

According to the announcement, the centre is to be set up within the European Police Office, Europol in The Hague, Netherlands.

The centre will be the European focal point in fighting cybercrime and will focus on illegal online activities carried out by organised crime groups.

Interestingly, a priority for the centre will be to protect social network profiles from e-crime infiltration and preventing online identity theft.

It will also focus on cybercrimes which cause serious harm to their victims, such as online child sexual exploitation and cyber-attacks affecting critical infrastructure.

"We can't let cybercriminals disrupt our digital lives. A European Cybercrime Centre within Europol will become a hub for cooperation in defending an internet that is free, open and safe," said Cecilia Malmström, European Commissioner for Home Affairs.

In theory, the European centre will warn EU Member States of major cybercrime threats and alert them of weaknesses in their online defences. It will identify organised cyber-criminal networks and provide operational support.

To "achieve its tasks and to better support cybercrime investigators, prosecutors and judges in the Member States", the EC said the centre will collect information from open sources, private industry, police and academia.

The intention is for the centre to serve as a knowledge base for national police in EU states, pooling European cybercrime expertise and training efforts.

The EC wants the centre to serve as a platform for European cybercrime investigators, where they can have a collective voice in discussions with the IT industry, other private sector companies, the research community, users' associations and civil society organisations.

For the Centre to be established, the EC's proposal now needs to be adopted by the budgetary authority of Europol, but if everything goes according to plan, the centre is expected to start operations in January 2013.


Jeremy Nicholls, European channel director at Arbor Networks said the company's  Worldwide Infrastructure Report published last month revealed that almost 74% of respondents do not refer security incidents to law enforcement.

"This figure, which appears to be caused by factors such a low level of confidence that something will be done, lack of resource within companies and general company policy - is a concerning one," he said.

Ron Gula, CEO of Tenable Network Security said cybercrime is often perpetrated by individuals working together from different countries. "I'm in favour of any law enforcement initiatives that allow for easier sharing of cyber-crimes, the techniques used and any data that may have been stolen," he said.

Gula believes the new European Cybercrime Centre will enhance cybercrime coordination across the EU. "At the moment, each EU country has different laws which affect user privacy and stipulate varying corporate penalties for losing data. Coordinating cybercrime offenders at the EU level will not only better leverage crime fighting resources in each EU country, but it will also provide a consistent response," he said.

It is also important to remember, said Gula, that while the new centre will focus on ecommerce and protection of internet users privacy, if and when there is a cyber-terror event, the culture and practices of sharing cyber-criminal investigations will ultimately enable the EU to respond quickly and effectively.

 

Enhanced by Zemanta

Sony's Jackson hack: a common security failing?

Warwick Ashford | No Comments | No TrackBacks
| More

The reported theft of Michael Jackson's 50,000-track back catalogue from Sony Music by two UK hackers illustrates several interesting points.

First, even organisations with valuable intellectual property stored in their computer systems are not yet automatically detecting hacker intrusions.

Only when Sony began to scour its IT systems after the massive security breach of its IT systems in April last year, was the unrelated theft of the Jackson tracks discovered.

This raises the question as to how long it would have taken for the Jackson theft to have been discovered if the other breach had not occurred. Would it ever have been discovered?

The fact that a company like Sony did not have an effective intrusion detection capability at the time of the breach probably means that many others like it were, and still are, in a similar position.

Second, the theft illustrates that digital assets can now have an equal or greater value than physical assets. The problem is they are easier to steal and are often not nearly as well secured.

No company would fill a warehouse with $250m worth of goods without putting tight security around it, yet that is in effect what Sony did. They did not even have any form of burglar alarm.

Modern business organisations need to realise that as an increasing amount of intellectual property exists online, anything with street value will be considered fair game by criminals.

Ray Welsh, security expert at The Bunker, says organisations need to change their security culture to demonstrate their digital property is just as secure as their tangible assets.

"Criminals will always look for the opportunity that presents the least risk for the greatest reward, so the greatest protection is to be demonstrably more secure than rivals," he says.

Third, companies need to consider the reputational damage that breaches can cause over and above the theft of intellectual property.

Being compromised in this manner would be embarrassing and lead to a loss of business for any company, says Welsh.

"However, for industries that specialise in selling digital information, the loss of consumer confidence could wipe them off the face of the map," he says.

Because of its size, Sony appears to have survived the last year's series of breaches, but few companies would be able to match its resources.

All companies that have significant digital assets should follow Sony's example and conduct a root and branch review of their defences before they suffer a potentially fatal breach.

Enhanced by Zemanta

SOCA go after pirates

mattscott49 | No Comments | No TrackBacks
| More
The Serious Organised Crime Agency (SOCA) has recently taken control of RnBXlusive.com after the music website was accused of hosting music illegally. 

David Cook, a cyber crime expert at law firm Pannone, who previously defended individuals in the FileSoup filesharing case last year spoke to ComputerWeekly about his take on the closure. 

"The prosecution of criminal copyright infringement has globally been something of a mixed bag. While US prosecutors and courts have taken a fairly severe approach to online file-sharing hosts and the owner's subsequent sentences, this has not been reflected in other jurisdictions." 

"For example, Spanish Courts seem to suggest that peer-to-peer networks are 'mere conduits' for the transmission of the data and therefore not liable.  This "mere conduit" point arises out of the EU Electronic Commerce Directive 2000/31/EC, which has been effected by the EU member states. This defence applies in UK law as well.  
 
"The 'mere conduit' defence for online file-sharing hosts was successfully used in the UK in the 2010 case of TV-Links. I then mounted a multi-faceted defence in the OiNK case, which included the 'mere conduit' point, but the prosecution dropped the case prior to responding in Court to the issues raised. I used a nearly identical defence in FileSoup and, again, the prosecution backed off and discontinued the matter. Of course, none of these results are binding on other UK courts, but it makes for interesting reading. Significantly there has still not been a successful prosecution of a file-sharing host site in the UK."
 
"Only recently, it has been troubling to learn of the plight of Richard O'Dwyer, who ran the TV-Shack site. The US is trying - and apparently succeeding - to extradite him to stand trial in a country in which there are far more severe sentences, little chance of public funding and where the EC defence does not apply. It is my view that there must be a unifying theme to these prosecutions - they are clearly at the behest of the major music labels and it would appear that the prosecutions are directed from afar."  

"It was therefore my opinion that the prosecutorial and investigative failures in the UK had directly resulted in the attempts to extradite O'Dwyer to the US.  Simply put, "If we can't successfully prosecute in the UK, find a way to get them somewhere where we can prosecute them successfully".  However, this conspiracy theory of mine may have been entirely wrong - News has reached me recently that the RnBXclusive site has been taken down by the UK Serious Organised Crime Agency and the host has, apparently, been arrested.

SOCArnbxclusive.jpg
 The warning that displayed on the RnBXclusive website until last night

"Firstly, it must be borne in mind that O'Dwyer was arrested by UK police who were kindly acting as messengers for their US counterparts who then swooped in, took all of the evidence and began the process of extradition. SOCA is more heavy-weight than the officers who arrested O'Dwyer, but they still might be mere cyphers in an investigation that is entirely US-based in origin and execution. Interestingly, US prosecutors state that they have jurisdiction to hear the TV-Shack case as it runs through a .com domain name, as does the RnBXclusive site. Eventually, the true picture will become clear but it may be that attempts are made to extradite the RnBXclusive host as well."   
 
"The issues involved in this matter are entirely different to those in the MegaUpload case.  OiNK and FileSoup were peer-to-peer file sharing sites in which users share the material between themselves by way of a 'swarm' which allows for a very efficient method of distributing the material quickly."   
 
"The OiNK and FileSoup sites provided files, then opened in third party software which would then direct that software to the various distributors. Similarly TV-Links did not host the material and acted as an online directory. These sites were independent of the distribution."  
 
"MegaUpload is a 'cyberlocker'. This is a site which specifically hosts the material that you want to store there. You can use cyberlocker sites to host anything you wish. You pay a subscription for the service and that is how owners such as the 'hilariously' named Kim DotCom made his money. The prosecution state that copyrighted material would be placed on MegaUpload and the address of where it could be found would be distributed. Downloaders would then obtain the material directly from the MegaUpload link. Whether DotCom acted dishonestly by providing this service is another matter. What is significant is that the material was obtained from MegaUpload itself. That makes it very different to the peer-to-peer filesharing websites that we have seen prosecuted before."
 
"As I understand it, RnBXclusive did not host the material itself and was more similar to TV-Links in the way it ran. It appears that the download links would be placed on the RnBXclusive pages, which, when clicked on, would take you off site, and to various cyberlockers, to actually download the material. The difficulty that RnBXclusive will have is that the mere conduit defence relies on the host being unaware of precisely what the material was and that, if copyright material was being distributed, it was the users who were responsible. It will be interesting to see what new information comes out and how things unfold."  

SOCAnew.png
The new message that greets visitors when they click through to RnBXclusive
 
"It is alarming to read that SOCA approximate the losses due to RnBXclusive to be £15,000,000 per year. That does seem greatly exaggerated, but we haven't seen their calculations. In the past, such figures have been calculated using slightly flawed logic - one download equals one release and all tracks are each worth the cost of a full price individual for example. The issue that the material was "illegally" obtained from the artists is also worth further consideration given that music industry executives, desperate to appear to be 'down with the kids', have previously sanctioned early leaks of their products being uploaded to file-sharing sites in order to obtain a pre-release buzz." 
 
"The US pressure on Europe in relation to perceived infringement does not stop there. The multi-national Anti-Counterfeiting Trade Agreement (ACTA) was drafted, in part, by the US, and seeks to further criminalise "commercial-scale" copyright and trade mark infringement.  This will no doubt impact on the digital world, as well as in the physical world, and is another example of attempts to harmonise legislation that covers the internet - a world without borders. Current concerns about the legislation centre on it going too far. There is no doubt that copyright holders should be afforded the full protection of the law. However, many of the ACTA provisions appear disproportionate to the infringements that it is intended that they prevent. For example, ACTA  codifies what is arguably a flawed idea that every unlawful download represents a lost sale, when calculating the losses through piracy. It also seeks to make Internet Service Providers liable for file-sharing by its users." 

"The direct result of this will be an increase in monitoring by the ISPs and a feared resultant loss of liberty. It is not just digital freedoms that would be affected, the Agreement would also affect the sale of generic drugs - not counterfeit as such and, as they tend to be cheaper, the prohibition of which will directly affect the less well off in society (especially third world countries)." 

"There is clearly a fine balancing act between protecting the legitimate interests of copyright holders and imposing overly restrictive legislation on the Internet using public. Various challenges have previously been made to Internet liberty but, as I see it, the Internet is still fairly unregulated. One way or another, this will change and may result in certain activities simply going underground.  One things for sure, this cat-and-mouse between the authorities and a more knowledgeable and aware online community is not going to stop any time soon."

Find recent content on the main index or look in the archives to find all content.

Archives