"It is impossible for ideas to compete in the marketplace if no forum for   their presentation is provided or available."         Thomas Mann, 1896 Scroll Down for a Complete Listing of White Papers The Business Forum Library This library is presented in alphabetical order of the organizations that contributed the White Papers included.  To locate a paper that meets your needs you can scroll down and search this page or, to find the specific words, organization or abstract you require you can use the SEARCH button to the left to search the entire site. All of the current White Papers that are on our site are listed by subject matter in alphabetical order in the right hand column of this page.   Selecting & Monitoring 401(k) Plans Authored by: Fred Reish, Esq. & Bruce Ashton, Esq. Reish, Luftman, Reicher & Cohen Contributed by: 401(k) Advisors, Inc. The 401(k) market sometimes ignores the central social and legal purpose of these plans: to provide retirement benefits to employees. Sponsoring a plan is not primarily about providing investments, even sound investments (though that is certainly important); instead it is about the adequacy and quality of benefits that participating employees are accumulating for retirement. Fiduciaries in participant-directed 401(k) plans are responsible for managing that process in a careful, skillful, knowledgeable and prudent manner. Investment Due Diligence - 401(k) Plans Author: Vince Giovinazzo Contributed by: 401(k) Advisors, Inc. Fiduciaries of qualified plans are required “to act with the care, skill, prudence and diligence under the prevailing circumstances that a prudent person acting in a like capacity and familiar with such matters would use.”  Over time this has evolved to become known as the “prudent expert” rule.  Fiduciaries lacking this type of knowledge (conceivably making them an “expert”) are directed by the regulations to hire one.  Unbeknownst to them, this is where many fiduciaries have failed to meet the mark, due to the widely held acceptance that registered representatives and/or registered investment advisors (RIA’s), are “experts”, when, in fact, the standards they must meet are minimal in scope and content. A Primer on Electronic Document Security Contributed by Adobe Systems, Inc. As organizations move more business processes online, protecting the confidentiality and privacy of information used during these processes, as well as providing authenticity and integrity, are essential. Because many automated processes rely on electronic documents that contain sensitive information, organizations must properly protect these documents. Many information security solutions attempt to protect electronic documents only at their storage location or during transmission. However, these solutions do not provide protection for the entire lifecycle of an electronic document. When the document reaches the recipient, the protection is lost, and the document can be intentionally or unintentionally forwarded to and viewed by unauthorized recipients. A significantly more effective solution is to protect a document by assigning security parameters that travel with it. Off-shoring and Outsourcing Contributed by: Agile360, Inc. There are numerous new outsourcing and off-shoring issues that need to be recognized and dealt with before a company jumps on either practice’s bandwagon. “Company executives are always looking for ways to lower costs and increase services delivered,” says Al Solorzano, practice manager in Application Delivery Infrastructure at Agile360. “Outsourcing and off shoring are ways to increase efficiencies, however, the shift to globalization is not without pitfalls.” Technology Roadmaps Contributed by: Agile360, Inc. Sometimes you have to give to get something back.  When businesses need to get things done, it’s expected that to accomplish these missions their IT organizations must spend at least some money on technology infrastructure.  But is everyone on the same page concerning that spending?  You have got to spend money to get solutions or products to keep things up to date, but do you have a roadmap to ensure that the IT organization’s solutions are in lock step with the business requirements? Disaster Recovery Begins With Having a Plan Author:  Charlie Turner Contributed by  Alliance Integration Inc. In reaction to recent events, it would be very easy for the average manager going about his or her day-to-day activities to become swept up in a frenzy of disaster recovery planning. But before their knowledge of the organization is put to work, it is worth remembering that for many of us there are always a number of questions are left hanging as we set about the task of creating and implementing a complete and successful Business Continuity Plan. SSL VPN Embraced by Large Enterprises Contributed by Array Networks, Inc. Virtual Private Networks or VPNs allow corporate enterprises to extend access to their internal networks to external employees and partners over standard Internet public networks. The primary reason VPNs came to be was the immensely expensive lease line solutions. An enterprise had to have a physically closed network connection between its partners and remote employees, either through dial-up RAS (Remote Access Server) solutions into the enterprise network, or lease fractional T1 type connections between remote offices and partners. A Multi-Layer Approach to Security Contributed by Array Networks, Inc. Array employs a defense in-depth approach to security with a multi-layer SSL firewall built on Array’s proprietary SpeedStackTM which is a networking architecture where every single flow (associated stream of packets) is inspected in both directions. Inspection of packets is done at multiple layers of the OSI stack. However, the beauty of the architecture lies in the underlying implementation where no data is ever copied or otherwise moved around, and all duplication of work is eliminated. If a certain piece of work has already been done at a certain layer and the information is required for a subsequent piece of work at a different layer, the information is made available without the second layer needing to repeat the same work. Remote Access for Business Continuity Contributed by Array Networks, Inc. Business disruptions take many shapes and forms, from hurricanes and earthquakes to man-made problems such as transit strikes. No matter the nature of the disaster, they all have the potential to prevent employees from getting to their place of work — if not to render that place of work uninhabitable. Internet Protocol Security Contributed by Array Networks, Inc. Virtual Private Networks or VPNs allow corporate enterprises to extend access to their internal networks to external employees and partners over standard Internet public networks. The primary reason VPNs came to be was the immensely expensive lease line solutions. An enterprise had to have a physically closed network connection between its partners and remote employees, either through dial-up RAS (Remote Access Server) solutions into the enterprise network, or lease fractional T1 type connections between remote offices and partners. End Point Security Contributed by Array Networks, Inc. Today’s enterprises have evolved into open network environments where corporate data are accessed from third-party owned devices by a combination of employees, business partners, contractors, and customers. Many applications and services, such as email, virtual private networking (VPN), customer relationship management (CRM), enterprise resource planning (ERP), financial applications, and human resource applications, have transitioned from client-server to Web-enabled architectures. The security implications of this fundamental shift have changed the way employees, business partners, customers, and suppliers access and utilize corporate information. In this environment, enterprises have little or no control over the security of the end point accessing the Web application and the data that are transmitted to them. The results are high levels of exposure of corporate data and the associated risks to the enterprise. Secure Remote Access Contributed by Array Networks, Inc. Secure Remote Access enables mobile employees, home workers, extranet partners, customers and other authorized users to access business critical applications and resources – thereby increasing productivity. Secure remote access is also an ideal business continuity solution with which to prepare for emergencies, when employees cannot make it into the office.  With an increasingly mobile workforce, and more users using more applications across a broader mix of devices, it is important to select a secure remote access solution that fully addresses several key considerations: The New Pay Innovations in Employee Compensation Author: Martin Kenny Contributed by  Baker, Thomsen Associates This paper discusses the developments in compensation practices that have culminated in the new paradigms in use today, with suggestions for new formulae to hire and retain key employees. Paperless Benefits Administration Communicating Employee Service over the Internet Author: Paul Mead Contributed by  Baker, Thomsen Associates World Wide Web applications are being utilized to enhance and simplify every area of business, and the administration of employee benefits is not immune to this innovation. By using web sites and "intranets" it is now possible to achieve an almost paperless benefits administration that is effective, efficient and economical. Weblication Technology Author: Hitesh Bhatnagar Contributed by  Baton Rouge International, Inc. Weblication technology allows the management of confidential information that comes from anywhere within an organization (such as: legacy systems, desktops, OLTP and others). This includes the publication and access managed retrieval of dispersed information formats and facilitates user access to all information from anywhere within the organization across an intranet utilizing weblication technology. Bitkoo’s SecureWithin™ - How does it work? Author:  Doron Grinstein Contributed by Bitkoo SecureWithin™ enables organizations to securely expose firewall-protected internal network resources to Internet clients.  The focus is on organizations that wish to expose various services without requiring clients to use VPN software or hardware. Especially in cases of web services, web applications, FTP or similar services.  Clients in this context may mean humans using applications such as web browsers or email applications; or machines consuming web services, or other network technologies to obtain services from other machines.  Network resources range from SOAP based web services to intranet-hosted web applications or Exchange Servers and everything in between that relies on TCP/IP. Security Monitoring Author: Bill Rudolfsky, CISSP Contributed by: Blue Lance, Inc. This paper discusses the importance of including security monitoring within a company’s best security practices and explains the difference between “state” and “event” monitoring.  Guidance is offered to deal with process and organizational issues that could impact the ability to get a security practice operational.  Finally, the capabilities within LT Auditor+, Blue Lance’s security monitoring solution, is reviewed to promote awareness of the role technology plays in contributing to the effectiveness of a security monitoring practice. Addressing Regulatory Compliance Issues Author: Bill Rudolfsky, CISSP Contributed by: Blue Lance, Inc. In today’s business environments, computers and information systems have become critical tools in conducting business. The trustworthiness of these systems that a business depends on is vital and will increasingly be of interest to regulators. Relevant regulatory pressures depend on a number of factors, including industry type, size of the business, the degree of non-public information that the business processes, and the criticality of the business to the economic well being of the United States. This paper explores the regulatory landscape that influences the demand for information security and specifically focuses on the role of security event monitoring within an information security practice. California SB 1386 Compliance Author: Bill Rudolfsky, CISSP Contributed by: Blue Lance, Inc. On July 1, 2003, Senate Bill (SB) 1386 became effective in the State of California, requiring government agencies and businesses operating in California to publicly disclose computer security breaches, whenever it is reasonable to believe that a security breach may have compromised personal data belonging to a resident of California and that the compromise could lead to an incident of identity theft. Covered entities include government agencies in California and any entity (individual or company) conducting business in California where the business involves collecting personal data belonging to a resident of California. IT Regulatory Compliance & Risk Management Author:  David Lacey Contributed by Brabeion Software, Inc. Organizations today are waking up to the realities of managing a fast-moving business in a permanent regime of complex regulatory compliance. SOX, HIPAA, Basel II and a myriad of other regulations are driving companies to implement sophisticated compliance frameworks in record timescales and with unprecedented levels of budget and resource. Compliance functions are on a steep learning curve to design cost-efficient processes that can be easily repeated across a changing business and technology landscape. Organizations are asking the question.  How can we reduce the ongoing cost and complexity of compliance? The answer is: By taking a smarter approach that draws on established best practices and exploits the tools and knowledge base that already exists.. This paper sets out the principles and pointers to enable organizations to develop an efficient, long-lasting and adaptable compliance framework that will mitigate risks, reduce the costs of incidents, and meet the requirements of the most demanding auditors. Easing the IT Audit Contributed by Brabeion Software, Inc. Easing the IT Audit - Part II Contributed by Brabeion Software, Inc. e-Commerce 101 Author: Bruce Clay Contributed by  Bruce Clay, Inc. This paper is devoted to the basic needs of eCommerce, such as; attracting prospects to your site, encouraging visitors to browse your site, rather than leave it, leading the visitor to a completed transaction by offering products or services easily and without undue complexity, and by addressing the concerns of the visitor to prevent frightening them away. The Perfect Exit Strategy for Owners of Closely Held Businesses The $1.82 Story Author: Guy Baker Contributed by  BTA Advisory Group How many business owners will transition their business ownership in the next 10 years? Based on the tsunami of Baby Boomers – quite a few. Baby boomers have dramatically impacted markets as they have aged. First it was baby gear, then overcrowding of schools. There was an impact on housing, the stock market and ultimately, consumer spending which is keeping the economy afloat.  As these Boomers near retirement, this tidal wave of humanity is going to impact social security, health care and retirement homes. What impact will they have on the sale of a business? 401(k) Plans - Update Business Strategies for Improving your 401(k) Plan Author: Guy Baker Contributed by  BTA Advisory Group How do you ensure that your 401(k) Plan is being efficiently managed? How do you know if you are receiving the full benefit from your investments? When you understand that it is the cost of administration which changes your income from a 401(k), it is important to discover how such costs are established and charged. This paper describes the benefits and pitfalls just understanding how such costs are established can bring you. Business Resumption Planning Author: Dr. Paul Rosenthal Contributed by California State University, Los Angeles Modern organizations have a large variety of operational and managerial functions whose continuous operations are critical to the organizations continuing viability. Business Resumption Planning (BRP) involves arranging for emergency operations of these critical business functions and for resource recovery planning of these functions following a natural or man-made disaster. Business Resumption Plans are needed for all such organizational units, including data centers, information systems (IS) supported functions, and those organizational functions which are performed manually. Business Continuity Management by Paul H. Rosenthal - L. Jane Park - Jan I. Weissman Contributed by California State University, Los Angeles Modern organizations have a large variety of operational and managerial functions whose continuous operations are critical to the organizations continuing viability. Business Continuity Management (BCM) involves arranging for emergency operations of these critical business functions and for resource recovery planning of these functions following a natural or man-made disaster. Business Continuity Management Plans are needed for all such organizational units, including data centers, information systems (IS) supported functions, and those organizational functions which are performed manually. Exercising the Disaster Management Team Author: Professor Paul H. Rosenthal, PhD Contributed by California State University, Los Angeles Disaster simulation exercises are used to test the staffing, management, and decision making of both the computer and non-computer related aspects of an organization's business continuity and life-safety plans.  Special simulation methods must be used to exercise the Disaster Management Team and their Emergency Operations Center.  A proven approach to designing and conducting this type of simulation is presented, including a full script from an actual simulation exercise. An Outsourcing Internal Control Methodology for Information Systems Author: L. Jane Park Ph.D., CPA., Professor of Accounting and Paul H. Rosenthal, PhD, Professor of Information Systems Contributed by California State University, Los Angeles Industry and government has a long tradition of purchasing and subcontracting for products and services.  This type of purchasing and subcontracting is currently called sourcing or outsourcing. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations in the health care industry and the Sarbanes-Oxley Act’s Section 404, requires the management assessment and audit of all public companies Internal Controls as an integrated part of their financial audit [AICPA and HIPAA].  Following from these regulations, the AICPA’s Professional Ethics Executive Committee is exploring issues surrounding outsourcing to third-party providers.  Outsourcing control methodologies are therefore becoming an essential element of organizations required internal controls. This paper presents a proven outsourcing internal control methodology that has been used for decades in the information technology arena, since the primary functions of a modern Information Systems organization, except for strategic planning, can be either performed in-house or outsourced to development, processing, networking or consulting providers/vendors.  The evaluation of these providers/vendors is usually based on some type of cost-value analysis to rank and select providers.  A basic method for such cost-value analysis is the computation of a worth index. Physical Level Systems Design: The ignored component of Systems Analysis & Design Training Authors: L. Jane Park Ph.D., CPA., Professor of Accounting and Paul H. Rosenthal, PhD, Professor of Information Systems Contributed by California State University, Los Angeles This paper presents a recommended information system physical level design theory and charting methodology for use in System Analysis and Design training that is designed for student comprehension and rapid programmer implementation.  It also includes a discussion of Transaction Processing Systems applications (TPS) which make up the majority of administration oriented multi-million dollar projects, but are given little attention in systems analysis and design training perhaps due to their complexity.  Where to in the New Economy? Author: Robert Burlin Contributed by  Cambridge Management Consultants A new economic order is evolving. Technology, in particular the Internet, has become a strategic business weapon. Business cycles are shrinking and whole industries are being turned upside down. Customers are in the driver's seat like never before, triggering a shift in power away from business. Intellectual Capital is now the prime currency. This paper deals with the changes already upon us. . . and what we may expect in the future. Enabling your Enterprise to deliver IT Service Excellence Contributed by Candle Corporation This business white-paper examines why it is essential for organizations to achieve Information Technology (IT) service excellence, and describes the challenges faced both in the construction and delivery of IT services. Best Practices for Better WebSphere Performance Contributed by Candle Corporation  There is no one solution for all organizations. Currently, the industry doesn't have the knowledge required to build a single architecture that satisfies all business requirements, and perhaps never will. Why? Because corporations are different, choose to operate differently, and have a vast array of business requirements. And, as any good architect will inform you, business requirements drive technology. Attack Trees: It's a Jungle out there. Author: Michael S. Pallos Contributed by: Candle Corporation Computer security is an important aspect of any IT architecture. The requirement for security vigilance is especially critical, given the widespread availability of technology that potentially enables novice hackers to penetrate corporate IT defenses simply by using a tool available on the Internet. WebSphere Application Server & Database Performance Tuning Author: Michael S. Pallos Contributed by: Candle Corporation Optimization of the production runtime environment boosts the performance of WebSphere Application Server applications, allowing organizations to harness the full potential of their hardware and software investments. Performance tuning of the network and database interfaces are two of the most important elements of the optimization process. This white paper explores best practices for performance tuning as it relates to the persistence layer of WebSphere Application Server and a database management system (DBMS).   WebSphere - Creating a Framework Authors: Lloyd Hagemo & Ravi Kalidindi Contributed by: Candle Corporation Many patterns have been published for J2EE applications. By developing and connecting multiple patterns, developers can create a framework that improves the stability, performance, and scalability of their J2EE application architectures. Because the number of patterns continues to expand, it can be difficult for developers to select the best combination of patterns to create frameworks that optimize J2EE applications and fulfill specific IT or business requirements. Cisco Threat Defense System Guide How to Provide Effective Worm Mitigation Contributed by Cisco Systems, Inc. The network today is a critical business asset. It not only allows the smooth running of business applications, it also enables the easy delivery of data, voice, and video. As a result, companies are increasingly concerned with keeping their network running and applications online while protecting one of their most critical assets — their information. In order to protect your business, you need to protect your network.  In recent years, not only has the number of network and computer attacks been on the rise, but also the level of complexity and sophistication with which they strike. The most commonplace and perhaps most damaging of these attacks are called “worms.” Building a Self-Defending Network Contributed by Cisco Systems, Inc. Increasingly, mission-critical business applications and services are deployed on open networks with substantial connections to the public Internet. Without appropriate security policies, processes, and products, Internet connectivity can compromise the very gains in productivity that help make today’s companies more profitable and that enable them to serve a larger and more diverse customer base.  Security enables enterprises to confidently extend the network to customers, partners, and remote/mobile employees, thus increasing revenues sources, efficiency of business processes and employee productivity. In some industries, data privacy and the threat of litigation has become a government mandate. U.S. healthcare providers must comply with the Health Insurance Portability and Accountability Act (HIPAA), U.S. financial services providers are governed by the Gramm-Leach-Bliley Act, and U.K. companies must adhere to the Turnbull Report on Internal Control for public companies, as well as the Data Protection Act of 1995.   Technology Best Practices for Endpoint Security Contributed by Cisco Systems, Inc. As technologies such as high-speed networks, switching, and end-to-end encryption are more widely adopted, providing desired security at the network level becomes a major challenge. One important place to enforce security is at the endpoint, where data resides and the potential for damage is greatest. Today, businesses are confronted with the availability of several point products, each attempting to solve a part of the endpoint security problem. These include distributed personal firewalls for protection against network-borne threats, antivirus scanners for detection of file-based threats, and audit or integrity products for detection of malicious configuration activity. These technologies do not address new attacks that are carried over existing protocols to attack applications, or new content-based attacks that attack systems before vendors are able to release and distribute signatures and other responses. This document outlines the technology best practices for endpoint security solutions, to help organizations make informed decisions when choosing endpoint security products. Network Admission Control Contributed by Cisco Systems, Inc. Network Admission Control (NAC), an industry initiative Contributed by Cisco Systems, uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from viruses and worms.  Using NAC, organizations can provide network access to endpoint devices such as PCs, PDAs, and servers that are verified to be fully compliant with established security policy. NAC can also identify noncompliant devices and deny them access, place them in a quarantined area, or give them restricted access to computing resources.  NAC is part of the Cisco Self-Defending Network. Its goal is to create greater intelligence in the network to automatically identify, prevent, and adapt to security threats. Intrusion Protection for Remote Corporate Users Contributed by Cisco Systems, Inc. Increasingly, employees are working remotely from corporate offices. Some of these users are mobile workers accessing corporate applications like e-mail from hotel rooms, airports, or customer offices. Others are tele-workers working from home. Often, these users access the corporate network through the Internet instead of using a dialup modem. All of these users are exposed to probes or attacks from the Internet, and none are protected by the central corporate firewall. Remote users whose computers are compromised provide attackers with a point of entry into the corporate network. A Security Blueprint for Enterprise Networks Contributed by Cisco Systems, Inc. The SAFE Blueprint from Cisco Systems® is a secure blueprint for enterprise networks. Its principle goal is to provide best practices information on designing and implementing secure networks. SAFE takes a defense-in-depth approach to network security design, serving as a guide to network designers considering the security requirements of their networks. This type of design focuses on expected threats and their methods of mitigation, resulting in a layered approach to security where the failure of one security system is not likely to lead to the compromise of the rest of the network. Although this white paper is a product-agnostic document, the SAFE proof-of-concept lab is based on products from Cisco and its partners. This document begins with an overview of the blueprint’s architecture, and then details the specific modules that make up the actual network design. When discussing each module, the first three sections describe the traffic flows, primary devices, and expected threats, with basic mitigation diagrams. Detailed technical analysis of the design follows, along with more detailed threat mitigation techniques and strategies. Sales and Operations Planning A Key Element of Supply Chain Success Author:  Chuck Poirier Contributed by: Computer Sciences Corporation In spite of the fact that most of us are very active and busy these days, we sometimes find ourselves searching for something of value that can be added to our business efforts.  When you find yourself in that position, consider a tested and proven technique that can bring significant new value to your firm’s supply chain effort. Consider discussing how a planning tool can improve forecast accuracy, better match supply with demand, and greatly reduce dependence on inventory.  That tool is sales and operations planning (S&OP).  S&OP has become a major tool for supply chain leaders tired of accepting the inherent problems with poor sales forecast accuracy, complications with planning and scheduling due to changing customer demand, and the need to build safety stocks into inventory for the inevitable problems introduced by vagaries in the marketplace.  This paper addresses the ideas behind S&OP and discusses techniques that have been successfully applied. Contemporary Logistics From Pre-Manufacturing to Acceptable Delivery Author:  Chuck Poirier Contributed by: Computer Sciences Corporation As a business analyzes its costs of operations, logistics typically appears as the second largest element, following the cost of purchased goods and service. Most companies have been pursuing improvement in this critical element of cost for half a century or more, often with very credible results. Many organizations continue the pursuit of logistics excellence with the aid of trusted partners or external constituents, including those companies interested in assuming the responsibility for some or all of the process steps. From a modern perspective, these costs are now considered as part of an end-to-end supply chain network, and businesses pursue together the means to optimize those costs across the extended enterprise. Some extremely impressive gains have been recorded as these efforts move forward. The purpose of this paper will be to briefly explore this contemporary approach to a fairly standard and stable business practice, that of packaging, loading, storing and transferring goods across an extended supply chain. Reverse Logistics A Supply Chain Opportunity Author:  Chuck Poirier Contributed by: Computer Sciences Corporation Most practitioners have their own understanding of the fundamental processes involved in an extended supply chain network.  The novice will tell you it starts upstream with suppliers supplying suppliers, moves through manufacturing and production and goes downstream through distributors or direct to the business customers. An improvement effort starts within the four walls of a business by drawing a process map and working on product, information and financial flows to improve the key steps in the linkage that will save time, money and use of assets.    The journeyman will go further and explain that a supply chain continues externally, until products and services have been delivered to the end consumer. System improvement involves order management, planning and distribution, inventory management and effective customer satisfaction. This counselor knows that supply chain is about bringing the key process steps to best practice and optimized conditions, while receiving high satisfaction ratings from the customers and consumers. Forensics Data Handling Author: Ty Gast Contributed by: Cybertrust, Inc. Computer forensics involves the complex task of accurately investigating events or activities on computer systems without adversely affecting the integrity of the data contained on those systems. This is a difficult task to perform properly, requiring expert handling and care. A forensics investigator is asked to answer fundamental questions surrounding an event: who did what, when did they do it, and how was it accomplished? At the same time, they are expected to take precautions that ensure the integrity of the original data is maintained. To that end, investigators follow precise procedures to safeguard the data while allowing the investigation to proceed. These procedures include maintaining a chain of custody for all evidence material, maintaining the integrity of the data source media, and creating accurate mirror images of data sources. Only after these important steps are taken can an investigator begin the forensics analysis of mirrored data. Identity, Identifiers and Identity Fraud Author: William H. Murray, CISSP Contributed by: Cybertrust, Inc. Recently the press and the public policy makers have begun to speak of “Identity Theft” as though it was a novel concept requiring severe new legislation. These laws are likely to put significant new burdens on business. While most identity theft problems originate via plain old “snail mail,” the discussion these days is all about the Internet. The sponsors of the legislation point to exponential growth in the problem as justification for these laws. This paper suggests that the “growth” actually comes from redefining traditional fraud, not from the growth of the Internet. It begins with a discussion of the concept of identity and ends with recommendations for individuals, fiduciaries and merchants to safeguard themselves. The Joy of Sarbanes-Oxley Author: Marne E. Gordan Contributed by: Cybertrust, Inc. In 2002, the US Congress passed into law the Public Company Accounting Reform and Investor Protection Act (PL 170-204), also known as the Sarbanes-Oxley Act (SOX). Its purpose was to stabilize the US markets in the wake of the enormous corporate scandals—Enron, WorldCom, HealthSouth, and the like—that cost investors millions of dollars and had a devastating impact on the US economy. Congress designed the Act to revise corporate governance procedures for publicly-traded companies, particularly the verification of the accuracy of earnings information and the disclosure of financial reporting. It also established the personal responsibility of CEOs, CFOs and other senior directors and officers of these organizations for the accuracy of this information. This will raise consumer confidence and allow them to make reasoned decisions when investing. Sarbanes-Oxley affects all publicly-traded companies in the US, and foreign filers in US markets. It is a fairly broad and far reaching regulation, containing a variety of fraud protection provisions, including requirements for auditor independence, the rotation of public accountant partners every five years, appropriate uses of non-GAAP financial measures, and protection for corporate whistleblowers, but the provisions that most companies are concerned with are under sections 302 and 404. Encryption Technology Author: Jasper Rose Contributed by Cylink Corporation. As Government and business leaders come to terms with the implications of the events of 2001, people are worried by terrorist threats directed at air travel and paper-based mail leading to a definite movement for less face-to-face meetings and less reliance on traditional mail.  Insurance premiums are also rising steeply, thereby forcing organizations to consider distributed operations. The result is a change in the way we conduct business and a much greater use and dependence on electronic communications and networks. Digital Signatures: The Foundation for E-commerce Author: Dr. Charles Williams Contributed by Cylink Corporation Business and technology have driven each other since recorded history. We see business changing to exploit the efficiencies afforded by new technologies. Also, we see technologies developed to satisfy the demands of new business practices. We see new technologies opening new business possibilities, and just as often we see new technologies decimating entire industries. We are at the beginning of yet another cycle of technology and business: this is the technology of cryptography enabling a revolutionary business paradigm, e-commerce. Digital signatures represent the key (yes, pun intended) technology for e-commerce. This paper addresses introduces technology of digital signatures and the role of digital signatures in e-commerce. This paper was written for the uninitiated (some would argue uncontaminated), so you should not be concerned if you can't spell "cryptography", yet alone understand it. Who Goes There? Authentication in the On-Line World Author: Dr. Charles Williams, Chief Scientist Contributed by  Cylink Corporation The Internet is changing the way we make and spend our money. Consumers will spend $20 billion this year and business-to-business transactions could top $100 billion for the first time. One of the main concerns consumers, merchants and business have about e-business is how do we identify our customer or partner over an electronic network. This paper discusses the latest technologies that address this issue. Complying to the Gramm-Leach-Bliley Act Author: Charles Baumert Contributed by Cylink Corporation A recent NetworkWorld survey reported that in 2002, 66% of IT managers increased their spending on IT security.   Recent world events have certainly played a part in raising awareness of the importance of IT security and encouraging investment in this area.  At the same time government and industry regulators worldwide have been working steadily to put into place measurable and enforceable standards to ensure that business can be carried out in an environment of trust. How to use Collaborative Commerce to Manage an Extended Enterprise. Contributed by Deloitte Consulting When a company and its key value chain work together to meet customer needs, they are operating in an Extended Enterprise model—and virtually all large organizations today are already doing just that. Yet most fail to realize the full potential of the Extended Enterprise due to the self-imposed walls that isolate them from their trade partners. Companies that are better able to manage the process dynamics of this complex ecosystem can derive significant advantage. Collaborative commerce breaks the walls down, transforming cross-enterprise business processes and information flows, and gives companies the methods and tools to work effectively across enterprise boundaries.   Integrating Systems, Customers & Suppliers Author: Michael Klotz Contributed by eBI Solutions LLC In this paper, the author attempts to shed some light on the realities of Enterprise Integration projects, which, not unlike many big ERP and CRM implementations have a high failure rate or do not deliver the benefits originally anticipated. After examining the common misconceptions and mistakes made before, during and after an integration project, a set of guidelines that will all but guarantee that such projects are successful and deliver on their promise. Is Web Service Technology a Good Fit for My Organization? Author: Jay Lee Contributed by eBI Solutions LLC Unfortunately, there is no complete correct answer to this question. Though the growth and adoption of Web Services in business hinges upon the convergence of a “generally accepted” set of industry standards, today’s myriad of overlapping, and sometimes divergent, standards do not help this cause.   The goal of this paper will be to help place your organization at the beginning of a roadmap to successful adoption of Web Services as part of your application integration strategy. Guarding the Information Infrastructure Contributed by the Federal Bureau of Investigation (1998) The National InfraGard Program began as a pilot project in 1996, when the Cleveland FBI Field Office asked local computer security professionals to assist the FBI in determining how to better protect critical information systems in the public and private sectors. From this new partnership, the first InfraGard Chapter was formed to address both cyber and physical threats. Protecting Enterprise Messaging Systems From Spam, Viruses, and Other Threats Contributed by FrontBridge Technologies Inc. This white paper explores the threats to business email and considers the various methods for protecting enterprise messaging systems. Businesses that do not sufficiently protect their networks and email systems are confronted with the fallout from uncontrolled content – such as unsolicited email (Spam) and malicious code and viruses – flowing into and out of their corporate networks via email. New Incident Response Best Practices Author: John Patzakis Contributed by: Guidance Software, Inc. Information security technology traditionally focuses on protecting the perimeter to keep the bad guys and the bad code out of the enterprise. But as every CIO knows, information security breaches in large enterprises are inevitable. Hackers will penetrate the network, or — in what many believe are more frequent occurrences — insiders will compromise customer and company data. With such compromises a certainty, enterprises are left scrambling to manage these proliferating incidents. Internal Computer Investigations under Sarbanes-Oxley By John Patzakis and Victor Limongelli Contributed by Guidance Software Inc. In response to a wave of high-profile corporate crime such as the Enron debacle, Congress passed the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”), and President Bush signed the act into law on July 30, 2002.  Sarbanes-Oxley was enacted to protect investors by combating corporate crime and improving corporate governance.  As many commentators have noted, Sarbanes-Oxley requires companies to implement extensive corporate governance policies to prevent and timely respond to fraudulent activity within the company. TPBroker for C++ & TPBroker for Java Architecture Contributed by: Hitachi Computer Products (America) Inc. TPBroker enables you to build new systems using existing system resources as building blocks, and simply adding interfaces to the distributed object environment. TPBroker also allows you to develop distributed object-oriented applications using the Common Object Request Broker Architecture (CORBA®) ORB function. This allows the reuse of system components and localization of program modifications that help reduce costs of system development and management. The Extended EAI Solution Author: Masato Saito Contributed by  Hitachi Computer Products (America) Inc. This white paper describes the Hitachi's Enterprise Application Integration (EAI) and extensions of EAI technology that Hitachi thinks important for the real mission critical e-business system. All Hitachi Software products are planned, developed, implemented and marketed, based on the ideas that are written in this white paper. Addressing the Key Implications of Sarbanes-Oxley Contributed by IBM - Tivoli Group The Sarbanes-Oxley Act of 2002 (SOX) introduced significant changes to financial practice and corporate management regulation. Passed in the wake of numerous corporate scandals, SOX is a complex piece of legislation that requires companies to make major changes to bring their organizations into compliance. The act holds top executives personally responsible for the accuracy and timeliness of their company’s financial data — under threat of criminal prosecution. Thus, SOX compliance has become a top priority for publicly traded companies. The act also sets deadlines for compliance, all of which will take effect during the next two years. Of the sections already in effect, the most publicized has been Section 302, implemented in August 2002, which requires CEOs and CFOs to personally certify quarterly and annual financial statements. The first indictment of a CEO for failure to comply with the act occurred in 2003. This is just the tip of the iceberg — violating SOX can bring fines up to $5 million or 20 years in prison. Security Management Solutions Contributed by IBM - Tivoli Group Organizations of all sizes, across all industries, are realizing that the complexity of today’s IT security demands a robust solution. A solution that manages the growing variety of users who now require access to your IT resources. One that enables your organization to comply with regulations and audit requirements. One that does more even as it reduces costs.  The solution lies in managing identities. Identity management establishes centralized control to enable consistent execution of your security policies across the breadth of your organization. But it facilitates administration in a decentralized mode, giving the right amount of responsibility to the right individuals and groups — wherever they are. Choosing to implement identity management is one thing. Figuring out how to get started toward the identity management solution that’s right for your organization is another. It can be intimidating to identify what kind of software you initially need to invest in, let alone to choose the best vendor in the area you select — a vendor that can support you throughout the process of implementing your total solution. Security Solutions - Executive Brief Contributed by IBM - Tivoli Group Ever-increasing numbers of users are getting “connected.” That’s good for communication and for commerce. However, the convenience, ease-of-use and sheer numerical acceleration of these connections lead to daily increases in the security, privacy and auditing challenges faced by IT managers. Federated Identity Management Contributed by IBM - Tivoli Group Identity management has become a hot topic with many organizations. From business-unit executives to CIOs to IT administrators, the focus is on improving the integrity of identity-driven transactions, increasing efficiency and lowering IT costs. With increased corporate governance and regulatory hurdles, the management of these identities and account data introduces new business compliance issues and security exposures. Taking on identity management means dealing with these privacy, compliance, legal and regulatory issues. Manage Users and Devices to Maximize Security. Contributed by IBM - Tivoli Group & Cisco Systems, Inc. To address today’s competitive "On Demand" Business challenges, organizations leverage their IT investments in networks, systems and applications to efficiently connect with customers, suppliers and partners. While enabling more users and organizations to connect to many parts of the IT infrastructure drives immense benefits, it also can yield corresponding risks. The recent spate of viruses, worms and Internet attacks caused significant IT infrastructure damage and a massive loss of productivity within enterprises. Businesses have been forced to spend more to combat these evolving threats, yet their security capabilities often have not risen to meet these challenges. In addition to tackling electronic threats, enterprises now must comply with a variety of industry and governmental regulations, including the Sarbanes-Oxley Act (SOX) of 2002, the Health Insurance Portability and Accountability Act (HIPAA) and the Basel II Accord. Additionally, some organizations also use compliance initiatives to streamline and optimize the quality of existing IT operations by automating key processes. Software Testing as a Strategic Business Advantage Contributed by IBM - Rational Software Developer testing, user testing, outsourced testing, ad-hoc testing. However it works in your organization, testing plays a crucial role in the successful delivery of today’s complex, heterogeneous, business-critical software systems. As software development is becoming more sophisticated, companies are discovering that when armed with the right tools, processes, and people - testing teams add tremendous value in solving the complex problem of delivering high quality enterprise software systems. This realization comes at a critical time - when IT organizations and development teams are being asked to address a new set of challenges. Predicting the ability of software systems to be self-managing and self-healing, rapid assembling and testing of services-based applications, managing outsourced testing projects, and using test and validation processes to support regulatory compliance audits; these are all new challenges that even the most savvy IT organizations struggle with. Faced with these new challenges, the focus on processes and tools to improve quality, customer satisfaction, and company agility has never been higher. IBM Tivoli Security Compliance Manager Contributed by IBM - Tivoli Group The number of security incidents enterprises face are increasing daily. Additionally, enterprises need to address compliance with an increasing number of government and corporate security policies, standards and regulations.  IBM Tivoli Security Compliance Manager is a new security policy compliance product that acts as an early warning system by identifying security vulnerabilities and security policy violations for small, medium and large businesses. Tivoli Security Compliance Manager helps organizations define consistent security policies and monitor compliance of these defined security policies. Security policies can be based on both internal security requirements and industry-standard security policies. Software Quality Management from IBM: Contributed by IBM - Rational Software Quality software delivery is entering a new era. For years, chief information officers (CIOs) have indicated that one of their top priorities is aligning IT with business objectives. Faced with pressure to innovate, grow and change with marketplace demands, businesses are now committed to acting on this priority. According to a 2006 IBM survey,1 65 percent of the world’s top corporate chief executive officers (CEOs) declared that they plan to radically change their companies in the next two years in response to pressures from competitive and marketplace forces. Therefore, today’s IT imperative is to deliver, as quickly as possible and within a fixed budget, quality business-critical software and systems that can support business initiatives addressing the new challenges. Enhanced Partnerships for Global Humanitarian Relief and Diplomacy Contributed by IBM Global Services IBM Business Resilience & Continuity Services Today, millions of dollars of donated humanitarian relief funds, supplies and resources, along with thousands of hours of volunteer time, are sometimes ineffectively utilized in the responses to global crisis events. Duplication of effort, lack of direction, poor communications, limited cooperation and a need for diplomacy are among the factors that contribute to this dilemma.  A public and private sector global partnership that is embraced by major corporations, the United Nations (UN) and non-governmental organizations (NGOs) could provide a unique opportunity to combine individual skills, resources and knowledge in a manner that would significantly improve the way disaster relief is delivered globally. Such enhanced partnerships can help reduce redundancy and effectively match crisis needs against available resources while maximizing the benefits of donations, accelerating recovery and reducing suffering. The SAHANA Disaster Management System Contributed by IBM Global Services IBM Business Resilience & Continuity Services Author: Brent Woodworth The year was 1999 and members of our IBM Crisis Response Team (CRT) had arrived in Istanbul, Turkey to support the government in responding to a massive earthquake that had struck near the town of Izmir.  The Minister of Health had requested assistance in setting up, organizing, and managing eight (8) warehouse and distribution centers for the receipt, tracking, and shipping of medical supplies and drugs.  Donations were coming in from 67 countries in 23 languages.  The challenges were significant.  We needed to gain a rapid understanding of the needs of the field hospitals and find a way to logically track, organize, and manage the operation.  One of our requirements was to implement a computerized logistics management system that could catalog over 10K drugs in 27 major categories (set by the World Health Organization).  In just a few days, and an amazing programming effort led by Mark Prutsalis (a member of the CRT), we had a fully functional logistics management system running in Turkish and English.  The project was a major success and many thousands of disaster victims were helped. Testing SOA Applications Contributed by: IBM - Rational Software Service-oriented architecture (SOA) makes IT applications into composite applications, which are no longer monolithic. Instead, composite applications are composed of many services often developed and deployed independently by separate development teams on different schedules. Development of new composite applications is made easier by the possibility of reusing existing services, thereby avoiding costly application redevelopment or integration. However, this comes with some unique challenges to ensuring a high level of quality throughout the development cycle. Indeed, SOA quality management is an important aspect of service lifecycle management—one that reflects the need to address multiple aspects of service quality across multiple SOA service implementations. IBM is focused on delivering end-to-end SOA quality management—from the model phase through the assemble, deploy and manage phases. SOA quality management concerns far more than just conventional software development and testing. It encompasses all the ways in which business and IT organizations collaborate on services, as well as the lifecycle from the conception of services and composite business applications to the retirement of those assets. Architecture for Federated Portals Author: Randy Eckel Contributed by  InfoImage Inc. This paper discusses the difficulties in implementing enterprise portals for larger organizations and describes the business and technical advantages of using federated portal architecture to build an enterprise portal. Total Cost of Ownership in the Open Source Database Community Author:  Chris Twyman Contributed by Ingres - Business Open Source Implementing an Enterprise-Wide Background Screening Solution Contributed by: InfoMart, Inc. Once primarily the tool of the federal government for hiring operatives and other high security personnel, background screening is now prevalent in an array of industries among companies who recognize the value of getting the whole story about a prospective employee. In a world of falsified resumes, employee crime, security risks, ineffective employees and negligent hiring lawsuits, pre-employment background screening should be considered a best practices rule of the hiring process, rather than an exception to it. The risks to companies today are too high to allow even one bad hire. A thorough background screen is one of the only ways to avoid making a costly mistake and to know for certain whether that ideal applicant has a phony or a criminal lurking within. Wireless LAN (WLAN) End to End Guidelines for Enterprises & Public Hotspot Service Providers Contributed by Intel Corporation Wireless LAN (WLAN or also known as Wi-Fi*) is a high speed data networking technology that is being widely deployed in residential, enterprise and public areas all around the world. Wi-Fi* brings the Internet to users with mobile computers and/or PDAs and soon even cell phones regardless of where they are – home, corporate campus, or a public hotspot. This paper describes the market environment and the challenges for deployments in enterprises and public hotspots. It is intended for enterprise IT managers, public WLAN operators and WLAN equipment and software vendors who are involved in planning, deploying or supporting WLAN networks. SIM Based WLAN Authentication for Open Platforms Contributed by Intel Corporation This paper discusses approaches to authenticating users with open platforms, such as notebook PCs, for WLAN access using SIM cards. Using SIM cards to authenticate WLAN access is desirable by wireless operators as this approach minimizes additional infrastructure investments since the existing authentication processes and equipment are re-used. This paper starts with an overview of the authentication methodology in today’s GSM networks. Applying the GSM authentication methodology in a WLAN environment is then discussed. Enabling use of open platforms in WLANs requires consideration of potential security threats to authentication data due to the presence of open pathways. These open pathways are illustrated and possible mitigation techniques are discussed. With the appropriate mitigation approaches, SIM based user authentication can be easily extended to the WLAN environment. Manageable Identities By: Vijay Auluck, Business - Shelagh Callahan and Abhay Dharmadhikari Contributed by: Intel Corporation As the world around us grows increasingly digital, so do the identities we use for each other, as well as the identities of devices, processes, and organizations. Most of us have digital identities associated with multiple devices, networks, services and organizations. What we lack is a good way to manage these identities, including the credentials used to access our devices and services, and the policies controlling where and how we expose our identities. This white paper explores a client-based approach to this problem: Intel’s Manageable Identities. Manageable Identities (MID) technology is intended to complement infrastructure-based identity management solutions under development – in standards like the Liberty Alliance and products like Tivoli Identity Manager and others. By providing a consistent, user-focused view, Intel’s Manageable Identities facilitate the ways people interact with the devices, networks and services they use every day. Network Security Manager Contributed by Intellitactics, Inc. Network Security Manager is the holistic integrated threat management platform for Security Operations Centers of Global 1000 companies, governmental organizations, and Managed Security Service Providers (MSSPs) who need to deliver more effective information security management at a lower cost. Enterprise Security Management Contributed by Intellitactics, Inc. Information Security is a key component of modern planning and management, given the integral role of information technology (IT) in today’s enterprises. The entrenchment of security is also driven by the increasing growth of electronic transactions. Fueled by the Internet, electronic commerce proliferates with the growth of networks. As enterprise boundaries are blurred, enterprise level security becomes more challenging. Enterprise Project Management Author: John Dohm Contributed by Intellos Systems, Inc. Enterprise Project Management is a term broadly applied to the systemic ability to match organizational capacity with organizational demand to maximize value.  EPM is a mechanism by which one develops a “projectized” organization.  At first glance, the process seems quite straightforward; understandprioritize your projects, know the skills and competency levels of your resources, then schedule and track performance.  In reality however, linking activities to strategies is a complex and difficult task.  Because of the inherent challenges in making EPM work, most organizations have taken baby steps toward becoming project focused, but few maintain the motivation to see the process through.  This Forum will explore a set of the catalysts that will hasten the pace at which organizations can adopt EPM concepts and techniques. Achieving Business Intelligence through Project Intelligence Author: John Dohm Contributed by Intellos Systems, Inc. Conventional wisdom, or at least conventional wisdom as proposed by many consultants and a variety of organizations, is that change is driven by a combination of people, process, and technology.   This is nonsense.  People neither change because of increased awareness or education, nor do they change because a better process is developed and communicated.  They change, and will invest in changing, only under three conditions: The change has a tremendous upside; The change helps to avoid a tremendous downside; Change is easy and natural. Since projects are the primary vehicle for change within organizations, projects that are undertaken must meet one or more of the above conditions if the output of the project is to deliver substantive value.  Ensuring that projects are linked to one or more of the above conditions defines the practice of Project Intelligence.  The aggregation and visualization of information associated with project performance and value delivery is Business Intelligence.  If you have Project Intelligence, getting Business Intelligence is straightforward.  As such, this paper will focus almost entirely on the requirements for Project Intelligence, both from a business value perspective and a planning and execution point of view. Sophisticated Tools or Afterburners on a Mule? Author: John Dohm Contributed by Intellos Systems, Inc. The software industry has produced a large number of tools to provide corporate performance management (e.g., balanced scorecards), organizational alignment (commonly referred to as work intelligence), portfolio management, and collaboration/brainstorming.  These tools are seldom integrated with each other, often are overly complex, and many simply do not get used.  This paper investigates how far the software industry has gotten ahead of the mainstream need for software solutions.  While the particular focus is organizational effectiveness – primarily as it relates to projects – most of the commentary is applicable more broadly. People Issues that Cause eCommerce Projects to Fail How People Management Can Cause Corporate Failure Author: Carmen Robinson Contributed by  Interaction Associates In today’s fast-paced business environment, organizations are rushing to keep pace with rapid changes in technology.  Many companies spend tremendous amounts of time and money analyzing and refining technology strategies, but don’t give sufficient thought and attention to how they can best execute that strategy.  Conflict Resolution Management Author: Barry Allen Contributed by  International Fieldworks Inc. Unlike arbitration where a third-party imposes decisions on the disputing parties, mediation permits each side to retain control of the outcome while consenting only to being assisted in managing the conflict resolution. It is much more akin to a negotiation than to arbitration or litigation and more often than either it can deliver on the desired goals, for employee and employer alike. The User Interface Control Panel Design & Manufacture Author: Hemant Mistry Contributed by  Jayco Interface Technology Inc. Look at any electronic device, whether it is a stereo amplifier, photo-copier, or laboratory or test equipment and aside from it's overall form, what first strikes you is the control panel or user interface. Most people react on first viewing with "I like it" or "I don't like it". You have immediately either "sold" your customer or "turned them away". This paper deals with the importance of control panel design and function in today's marketplace. Personal Health Information By Dr. Kenneth Johnson, SMD, SND, OMD, Ph.D. Therapeutic Orthomolecular Nutritionist Excessive stress from ever-increasing pollutants in our environment wreaks havoc on human potential long before any serious illness emerges. Various states of diminished well being from stress overload overtax, and to some degree block, the body's biological energy systems. These systems act as the body's life preserving, regulating mechanism and control the organism's defenses and its self-healing powers. As a result, there are more and more people acutely ill with weakened vitality and lowered immunity. These individuals have exceeded their level of tolerance in regard to the accumulation of toxins and have depleted vital enzymes and nutrients to the point where the functional activity of various organs and glands is not adequate for optimal health. Many people can regain their health again if those toxins are excreted and vital nutrients are supplemented within the individual’s tolerance level. When natural regulatory patterns are restored by balancing the body's energy systems, it is possible for individuals to rid themselves of a multitude of symptoms and illnesses.   Preparing and Fine-Tuning Your Crisis Plan A Workable Methodology Author: Larry Kamer   Contributed by Kamer Consulting Group A survey conducted in January by PRWeek, an industry trade magazine, and Burson-Marsteller, one of the world’s largest public relations firms, revealed that just 19 percent of CEOs believe their companies had appropriate crisis protocols in place at the time of the September 11th  attacks.   That’s a pretty shocking revelation, and a cause for real concern.  Gartner, Inc. estimates that 40 percent of companies that are hit by disaster go out of business within five years. Managing Risk Without Precedent Terror Attacks at Domestic Chemical Facilities Author: Larry Kamer   Contributed by Kamer Consulting Group The stage is set for industry to distinguish itself in a world of changing perceptions and not cede the moral high ground to its traditional critics. The question remains: will the owners and managers of America’s industrial infrastructure acknowledge the new realities of risk and use it as a platform for leadership? Or will industry consign itself to a supporting and reactive role that will make the RMP program look like a warm-up act for what’s to come? Enterprise Portals The Convergence of Information, Application & Technology  Author: Corey Smith Contributed by  Kanbay Incorporated The Enterprise Portal is the desktop for a new age, the information age.  It is a single window onto the combined knowledge and processing power of the enterprise.  To enhance the experience of customers, employees, suppliers and partners the Enterprise Portal must provide a convergence of information, application and technology.  This convergence differentiates the Enterprise Portal from a collection of web sites by offering universal access to information, role-based personalization, cross-application workflow, common content management, centralized user management and a framework for future application development. The Case for the Full-Function Project Office Authors: Scott S. Perry and Louis Leatham Contributed by  Kanbay Incorporated In the United States we spend more than $250 billion each year on IT application development for approximately 175,000 major projects. Many of these projects will fail! Software development projects are in jeopardy and we can no longer ignore the need for greater project discipline and best practice sharing. This paper discusses best practice project management in detail. Modeling the Business Environment Author: Dean Clark Contributed by  Kanbay Incorporated From the knowledge gained from Y2K efforts, dramatic improvement of the business model is possible. Through a process called Strategic Business Modeling valuable information can be organized for the move from legacy business functions to a new infrastructure, allowing for ease of integration which in turn provides an improved return upon investment, speed to market and ease of maintenance. Software-Aided Performance Management Contributed by KnowledgePoint, Inc. With the current forces of concerns about talent retention, productivity and profitability, organizational survival hinges on a business’ ability to manage resources, move quickly, and remain competitive in a continually changing market. In this environment, regularly evaluating and improving employee performance and productivity has become more than an administrative detail – it’s now a key business strategy! XML Trends and eCommerce Author: LeRoy Denny Contributed by  M1 Software Corporation The implication XML has for electronic commerce is substantial. If we agree to define eCommerce as the use of technology to facilitate business, then the need to deliver an identical result to users of either Netscape or Microsoft browsers becomes a business essential. This paper deals in depth with this essential component of the new economy. Electronic Commerce Explained Contributed by  Microsoft Corporation All businesses will be affected by the global move to electronic commerce. Business operations will change, and new processes will be created. Companies that start learning now in this new environment, will undoubtedly be leaders in the future. Bringing the Balanced Scorecard to Life The Microsoft Balanced Scorecard Framework