The Business Forum

"It is impossible for ideas to compete in the marketplace if no forum for
  their presentation is provided or available."         Thomas Mann, 1896

The Business Forum Library

This library is presented in alphabetical order of the organizations that contributed the White Papers included. 

Selecting & Monitoring 401(k) Plans

Authored by: Fred Reish, Esq. & Bruce Ashton, Esq.
Reish, Luftman, Reicher & Cohen
Contributed by: 401(k) Advisors, Inc.

The 401(k) market sometimes ignores the central social and legal purpose of these plans: to provide retirement benefits to employees. Sponsoring a plan is not primarily about providing investments, even sound investments (though that is certainly important); instead it is about the adequacy and quality of benefits that participating employees are accumulating for retirement. Fiduciaries in participant-directed 401(k) plans are responsible for managing that process in a careful, skillful, knowledgeable and prudent manner.

Investment Due Diligence - 401(k) Plans

Author: Vince Giovinazzo
Contributed by: 401(k) Advisors, Inc.

Fiduciaries of qualified plans are required “to act with the care, skill, prudence and diligence under the prevailing circumstances that a prudent person acting in a like capacity and familiar with such matters would use.”  Over time this has evolved to become known as the “prudent expert” rule.  Fiduciaries lacking this type of knowledge (conceivably making them an “expert”) are directed by the regulations to hire one.  Unbeknownst to them, this is where many fiduciaries have failed to meet the mark, due to the widely held acceptance that registered representatives and/or registered investment advisors (RIA’s), are “experts”, when, in fact, the standards they must meet are minimal in scope and content.

A Primer on Electronic Document Security

Contributed by Adobe Systems, Inc.

As organizations move more business processes online, protecting the confidentiality and privacy of information used during these processes, as well as providing authenticity and integrity, are essential. Because many automated processes rely on electronic documents that contain sensitive information, organizations must properly protect these documents. Many information security solutions attempt to protect electronic documents only at their storage location or during transmission. However, these solutions do not provide protection for the entire lifecycle of an electronic document. When the document reaches the recipient, the protection is lost, and the document can be intentionally or unintentionally forwarded to and viewed by unauthorized recipients. A significantly more effective solution is to protect a document by assigning security parameters that travel with it.

Off-shoring and Outsourcing

Contributed by: Agile360, Inc.

There are numerous new outsourcing and off-shoring issues that need to be recognized and dealt with before a company jumps on either practice’s bandwagon. “Company executives are always looking for ways to lower costs and increase services delivered,” says Al Solorzano, practice manager in Application Delivery Infrastructure at Agile360. “Outsourcing and off shoring are ways to increase efficiencies, however, the shift to globalization is not without pitfalls.”

Technology Roadmaps

Contributed by: Agile360, Inc.

Sometimes you have to give to get something back.  When businesses need to get things done, it’s expected that to accomplish these missions their IT organizations must spend at least some money on technology infrastructure.  But is everyone on the same page concerning that spending?  You have got to spend money to get solutions or products to keep things up to date, but do you have a roadmap to ensure that the IT organization’s solutions are in lock step with the business requirements?

Disaster Recovery Begins With Having a Plan

Author:  Charlie Turner
Contributed by  Alliance Integration Inc.

In reaction to recent events, it would be very easy for the average manager going about his or her day-to-day activities to become swept up in a frenzy of disaster recovery planning. But before their knowledge of the organization is put to work, it is worth remembering that for many of us there are always a number of questions are left hanging as we set about the task of creating and implementing a complete and successful Business Continuity Plan.

Money Across Generations Study

Contributed by Ameriprise Financial

After mapping the stages of retirement with the New Retirement Mindscape SM study, new research from Ameriprise Financial uncovers the family financial ties that bind boomers to their parents and their children: the Ameriprise Financial Money Across Generations study.  This breaks new ground by looking across three generations from the central vantage point of baby boomers — from their parents to their adult children — to gain a deeper understanding of how each generation perceives, talks about and deals with issues surrounding money and finances.

SSL VPN Embraced by Large Enterprises

Contributed by Array Networks, Inc.

Virtual Private Networks or VPNs allow corporate enterprises to extend access to their internal networks to external employees and partners over standard Internet public networks. The primary reason VPNs came to be was the immensely expensive lease line solutions. An enterprise had to have a physically closed network connection between its partners and remote employees, either through dial-up RAS (Remote Access Server) solutions into the enterprise network, or lease fractional T1 type connections between remote offices and partners.

A Multi-Layer Approach to Security

Contributed by Array Networks, Inc.

Array employs a defense in-depth approach to security with a multi-layer SSL firewall built on Array’s proprietary SpeedStackTM which is a networking architecture where every single flow (associated stream of packets) is inspected in both directions. Inspection of packets is done at multiple layers of the OSI stack. However, the beauty of the architecture lies in the underlying implementation where no data is ever copied or otherwise moved around, and all duplication of work is eliminated. If a certain piece of work has already been done at a certain layer and the information is required for a subsequent piece of work at a different layer, the information is made available without the second layer needing to repeat the same work.

Remote Access for Business Continuity

Contributed by Array Networks, Inc.

Business disruptions take many shapes and forms, from hurricanes and earthquakes to man-made problems such as transit strikes. No matter the nature of the disaster, they all have the potential to prevent employees from getting to their place of work — if not to render that place of work uninhabitable.

Internet Protocol Security

Contributed by Array Networks, Inc.

Virtual Private Networks or VPNs allow corporate enterprises to extend access to their internal networks to external employees and partners over standard Internet public networks. The primary reason VPNs came to be was the immensely expensive lease line solutions. An enterprise had to have a physically closed network connection between its partners and remote employees, either through dial-up RAS (Remote Access Server) solutions into the enterprise network, or lease fractional T1 type connections between remote offices and partners.

End Point Security

Contributed by Array Networks, Inc.

Today’s enterprises have evolved into open network environments where corporate data are accessed from third-party owned devices by a combination of employees, business partners, contractors, and customers. Many applications and services, such as email, virtual private networking (VPN), customer relationship management (CRM), enterprise resource planning (ERP), financial applications, and human resource applications, have transitioned from client-server to Web-enabled architectures. The security implications of this fundamental shift have changed the way employees, business partners, customers, and suppliers access and utilize corporate information. In this environment, enterprises have little or no control over the security of the end point accessing the Web application and the data that are transmitted to them. The results are high levels of exposure of corporate data and the associated risks to the enterprise.

Secure Remote Access

Contributed by Array Networks, Inc.

Secure Remote Access enables mobile employees, home workers, extranet partners, customers and other authorized users to access business critical applications and resources - thereby increasing productivity. Secure remote access is also an ideal business continuity solution with which to prepare for emergencies, when employees cannot make it into the office.  With an increasingly mobile workforce, and more users using more applications across a broader mix of devices, it is important to select a secure remote access solution that fully addresses several key considerations:

The New Pay
Innovations in Employee Compensation

Author: Martin Kenny
Contributed by  Baker, Thomsen Associates

This paper discusses the developments in compensation practices that have culminated in the new paradigms in use today, with suggestions for new formulae to hire and retain key employees.

Paperless Benefits Administration
Communicating Employee Service over the Internet

Author: Paul Mead
Contributed by  Baker, Thomsen Associates

World Wide Web applications are being utilized to enhance and simplify every area of business, and the administration of employee benefits is not immune to this innovation. By using web sites and "intranets" it is now possible to achieve an almost paperless benefits administration that is effective, efficient and economical.

Weblication Technology

Author: Hitesh Bhatnagar
Contributed by  Baton Rouge International, Inc.

Weblication technology allows the management of confidential information that comes from anywhere within an organization (such as: legacy systems, desktops, OLTP and others). This includes the publication and access managed retrieval of dispersed information formats and facilitates user access to all information from anywhere within the organization across an intranet utilizing weblication technology.

Bitkoo’s SecureWithin™ - How does it work?

Author:  Doron Grinstein
Contributed by Bitkoo

SecureWithin™ enables organizations to securely expose firewall-protected internal network resources to Internet clients.  The focus is on organizations that wish to expose various services without requiring clients to use VPN software or hardware. Especially in cases of web services, web applications, FTP or similar services.  Clients in this context may mean humans using applications such as web browsers or email applications; or machines consuming web services, or other network technologies to obtain services from other machines.  Network resources range from SOAP based web services to intranet-hosted web applications or Exchange Servers and everything in between that relies on TCP/IP.

Security Monitoring

Author: Bill Rudolfsky, CISSP
Contributed by: Blue Lance, Inc.

This paper discusses the importance of including security monitoring within a company’s best security practices and explains the difference between “state” and “event” monitoring.  Guidance is offered to deal with process and organizational issues that could impact the ability to get a security practice operational.  Finally, the capabilities within LT Auditor+, Blue Lance’s security monitoring solution, is reviewed to promote awareness of the role technology plays in contributing to the effectiveness of a security monitoring practice.

Addressing Regulatory Compliance Issues

Author: Bill Rudolfsky, CISSP
Contributed by: Blue Lance, Inc.

In today’s business environments, computers and information systems have become critical tools in conducting business. The trustworthiness of these systems that a business depends on is vital and will increasingly be of interest to regulators. Relevant regulatory pressures depend on a number of factors, including industry type, size of the business, the degree of non-public information that the business processes, and the criticality of the business to the economic well being of the United States. This paper explores the regulatory landscape that influences the demand for information security and specifically focuses on the role of security event monitoring within an information security practice.

California SB 1386 Compliance

Author: Bill Rudolfsky, CISSP
Contributed by: Blue Lance, Inc.

On July 1, 2003, Senate Bill (SB) 1386 became effective in the State of California, requiring government agencies and businesses operating in California to publicly disclose computer security breaches, whenever it is reasonable to believe that a security breach may have compromised personal data belonging to a resident of California and that the compromise could lead to an incident of identity theft. Covered entities include government agencies in California and any entity (individual or company) conducting business in California where the business involves collecting personal data belonging to a resident of California.

IT Regulatory Compliance & Risk Management

Author:  David Lacey
Contributed by Brabeion Software, Inc.

Organizations today are waking up to the realities of managing a fast-moving business in a permanent regime of complex regulatory compliance. SOX, HIPAA, Basel II and a myriad of other regulations are driving companies to implement sophisticated compliance frameworks in record timescales and with unprecedented levels of budget and resource. Compliance functions are on a steep learning curve to design cost-efficient processes that can be easily repeated across a changing business and technology landscape. Organizations are asking the question.  How can we reduce the ongoing cost and complexity of compliance? The answer is: By taking a smarter approach that draws on established best practices and exploits the tools and knowledge base that already exists.. This paper sets out the principles and pointers to enable organizations to develop an efficient, long-lasting and adaptable compliance framework that will mitigate risks, reduce the costs of incidents, and meet the requirements of the most demanding auditors.

Easing the IT Audit

Contributed by Brabeion Software, Inc.

Easing the IT Audit - Part II

Contributed by Brabeion Software, Inc.

The Perfect Exit Strategy
for Owners of Closely Held Businesses

The $1.82 Story

Author: Guy Baker
Contributed by  BTA Advisory Group

How many business owners will transition their business ownership in the next 10 years? Based on the tsunami of Baby Boomers - quite a few. Baby boomers have dramatically impacted markets as they have aged. First it was baby gear, then overcrowding of schools. There was an impact on housing, the stock market and ultimately, consumer spending which is keeping the economy afloat.  As these Boomers near retirement, this tidal wave of humanity is going to impact social security, health care and retirement homes. What impact will they have on the sale of a business?

401(k) Plans - Update
Business Strategies for Improving your 401(k) Plan

Author: Guy Baker
Contributed by  BTA Advisory Group

How do you ensure that your 401(k) Plan is being efficiently managed? How do you know if you are receiving the full benefit from your investments? When you understand that it is the cost of administration which changes your income from a 401(k), it is important to discover how such costs are established and charged. This paper describes the benefits and pitfalls just understanding how such costs are established can bring you.

Business Resumption Planning

Author: Dr. Paul Rosenthal
Contributed by
California State University, Los Angeles

Modern organizations have a large variety of operational and managerial functions whose continuous operations are critical to the organizations continuing viability. Business Resumption Planning (BRP) involves arranging for emergency operations of these critical business functions and for resource recovery planning of these functions following a natural or man-made disaster. Business Resumption Plans are needed for all such organizational units, including data centers, information systems (IS) supported functions, and those organizational functions which are performed manually.

Business Continuity Management

by Paul H. Rosenthal - L. Jane Park - Jan I. Weissman
Contributed by
California State University, Los Angeles

Modern organizations have a large variety of operational and managerial functions whose continuous operations are critical to the organizations continuing viability. Business Continuity Management (BCM) involves arranging for emergency operations of these critical business functions and for resource recovery planning of these functions following a natural or man-made disaster. Business Continuity Management Plans are needed for all such organizational units, including data centers, information systems (IS) supported functions, and those organizational functions which are performed manually.

Exercising the Disaster Management Team

Author: Professor Paul H. Rosenthal, PhD
Contributed by California State University, Los Angeles

Disaster simulation exercises are used to test the staffing, management, and decision making of both the computer and non-computer related aspects of an organization's business continuity and life-safety plans.  Special simulation methods must be used to exercise the Disaster Management Team and their Emergency Operations Center.  A proven approach to designing and conducting this type of simulation is presented, including a full script from an actual simulation exercise.

An Outsourcing Internal Control Methodology
for Information Systems

Author: L. Jane Park Ph.D., CPA., Professor of Accounting
and Paul H. Rosenthal, PhD, Professor of Information Systems
Contributed by California State University, Los Angeles

Industry and government has a long tradition of purchasing and subcontracting for products and services.  This type of purchasing and subcontracting is currently called sourcing or outsourcing. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulations in the health care industry and the Sarbanes-Oxley Act’s Section 404, requires the management assessment and audit of all public companies Internal Controls as an integrated part of their financial audit [AICPA and HIPAA].  Following from these regulations, the AICPA’s Professional Ethics Executive Committee is exploring issues surrounding outsourcing to third-party providers.  Outsourcing control methodologies are therefore becoming an essential element of organizations required internal controls.

This paper presents a proven outsourcing internal control methodology that has been used for decades in the information technology arena, since the primary functions of a modern Information Systems organization, except for strategic planning, can be either performed in-house or outsourced to development, processing, networking or consulting providers/vendors.  The evaluation of these providers/vendors is usually based on some type of cost-value analysis to rank and select providers.  A basic method for such cost-value analysis is the computation of a worth index.

Physical Level Systems Design:
The ignored component of Systems Analysis & Design Training

Authors: L. Jane Park Ph.D., CPA., Professor of Accounting
and Paul H. Rosenthal, PhD, Professor of Information Systems
Contributed by California State University, Los Angeles

This paper presents a recommended information system physical level design theory and charting methodology for use in System Analysis and Design training that is designed for student comprehension and rapid programmer implementation.  It also includes a discussion of Transaction Processing Systems applications (TPS) which make up the majority of administration oriented multi-million dollar projects, but are given little attention in systems analysis and design training perhaps due to their complexity. 

Where to in the New Economy?

Author: Robert Burlin
Contributed by 
Cambridge Management Consultants

A new economic order is evolving. Technology, in particular the Internet, has become a strategic business weapon. Business cycles are shrinking and whole industries are being turned upside down. Customers are in the driver's seat like never before, triggering a shift in power away from business. Intellectual Capital is now the prime currency. This paper deals with the changes already upon us. . . and what we may expect in the future.

Enabling your Enterprise to deliver IT Service Excellence

Contributed by Candle Corporation

This business white-paper examines why it is essential for organizations to achieve Information Technology (IT) service excellence, and describes the challenges faced both in the construction and delivery of IT services.

Best Practices for Better WebSphere Performance

Contributed by Candle Corporation 

There is no one solution for all organizations. Currently, the industry doesn't have the knowledge required to build a single architecture that satisfies all business requirements, and perhaps never will. Why? Because corporations are different, choose to operate differently, and have a vast array of business requirements. And, as any good architect will inform you, business requirements drive technology.

Attack Trees: It's a Jungle out there.

Author: Michael S. Pallos
Contributed by:
Candle Corporation

Computer security is an important aspect of any IT architecture. The requirement for security vigilance is especially critical, given the widespread availability of technology that potentially enables novice hackers to penetrate corporate IT defenses simply by using a tool available on the Internet.

WebSphere Application Server &
Database Performance Tuning

Author: Michael S. Pallos
Contributed by:
Candle Corporation

Optimization of the production runtime environment boosts the performance of WebSphere Application Server applications, allowing organizations to harness the full potential of their hardware and software investments. Performance tuning of the network and database interfaces are two of the most important elements of the optimization process. This white paper explores best practices for performance tuning as it relates to the persistence layer of WebSphere Application Server and a database management system (DBMS).  

WebSphere - Creating a Framework

Authors: Lloyd Hagemo & Ravi Kalidindi
Contributed by:
Candle Corporation

Many patterns have been published for J2EE applications. By developing and connecting multiple patterns, developers can create a framework that improves the stability, performance, and scalability of their J2EE application architectures. Because the number of patterns continues to expand, it can be difficult for developers to select the best combination of patterns to create frameworks that optimize J2EE applications and fulfill specific IT or business requirements.

Cisco Threat Defense System Guide
How to Provide Effective Worm Mitigation

Contributed by Cisco Systems, Inc.

The network today is a critical business asset. It not only allows the smooth running of business applications, it also enables the easy delivery of data, voice, and video. As a result, companies are increasingly concerned with keeping their network running and applications online while protecting one of their most critical assets — their information. In order to protect your business, you need to protect your network.  In recent years, not only has the number of network and computer attacks been on the rise, but also the level of complexity and sophistication with which they strike. The most commonplace and perhaps most damaging of these attacks are called “worms.”

Technology Best Practices for Endpoint Security

Contributed by Cisco Systems, Inc.

As technologies such as high-speed networks, switching, and end-to-end encryption are more widely adopted, providing desired security at the network level becomes a major challenge. One important place to enforce security is at the endpoint, where data resides and the potential for damage is greatest. Today, businesses are confronted with the availability of several point products, each attempting to solve a part of the endpoint security problem. These include distributed personal firewalls for protection against network-borne threats, antivirus scanners for detection of file-based threats, and audit or integrity products for detection of malicious configuration activity. These technologies do not address new attacks that are carried over existing protocols to attack applications, or new content-based attacks that attack systems before vendors are able to release and distribute signatures and other responses. This document outlines the technology best practices for endpoint security solutions, to help organizations make informed decisions when choosing endpoint security products.

Network Admission Control

Contributed by Cisco Systems, Inc.

Network Admission Control (NAC), an industry initiative Contributed by Cisco Systems, uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources, thereby limiting damage from viruses and worms.  Using NAC, organizations can provide network access to endpoint devices such as PCs, PDAs, and servers that are verified to be fully compliant with established security policy. NAC can also identify noncompliant devices and deny them access, place them in a quarantined area, or give them restricted access to computing resources.  NAC is part of the Cisco Self-Defending Network. Its goal is to create greater intelligence in the network to automatically identify, prevent, and adapt to security threats.

Intrusion Protection for Remote Corporate Users

Contributed by Cisco Systems, Inc.

Increasingly, employees are working remotely from corporate offices. Some of these users are mobile workers accessing corporate applications like e-mail from hotel rooms, airports, or customer offices. Others are tele-workers working from home. Often, these users access the corporate network through the Internet instead of using a dialup modem. All of these users are exposed to probes or attacks from the Internet, and none are protected by the central corporate firewall. Remote users whose computers are compromised provide attackers with a point of entry into the corporate network.

A Security Blueprint for Enterprise Networks

Contributed by Cisco Systems, Inc.

The SAFE Blueprint from Cisco Systems is a secure blueprint for enterprise networks. Its principle goal is to provide best practices information on designing and implementing secure networks. SAFE takes a defense-in-depth approach to network security design, serving as a guide to network designers considering the security requirements of their networks. This type of design focuses on expected threats and their methods of mitigation, resulting in a layered approach to security where the failure of one security system is not likely to lead to the compromise of the rest of the network. Although this white paper is a product-agnostic document, the SAFE proof-of-concept lab is based on products from Cisco and its partners.

This document begins with an overview of the blueprint’s architecture, and then details the specific modules that make up the actual network design. When discussing each module, the first three sections describe the traffic flows, primary devices, and expected threats, with basic mitigation diagrams. Detailed technical analysis of the design follows, along with more detailed threat mitigation techniques and strategies.

Sales and Operations Planning
A Key Element of Supply Chain Success

Contributed by: Computer Sciences Corporation

In spite of the fact that most of us are very active and busy these days, we sometimes find ourselves searching for something of value that can be added to our business efforts.  When you find yourself in that position, consider a tested and proven technique that can bring significant new value to your firm’s supply chain effort. Consider discussing how a planning tool can improve forecast accuracy, better match supply with demand, and greatly reduce dependence on inventory.  That tool is sales and operations planning (S&OP). 

S&OP has become a major tool for supply chain leaders tired of accepting the inherent problems with poor sales forecast accuracy, complications with planning and scheduling due to changing customer demand, and the need to build safety stocks into inventory for the inevitable problems introduced by vagaries in the marketplace.  This paper addresses the ideas behind S&OP and discusses techniques that have been successfully applied.

Contemporary Logistics
From Pre-Manufacturing to Acceptable Delivery

Contributed by: Computer Sciences Corporation

As a business analyzes its costs of operations, logistics typically appears as the second largest element, following the cost of purchased goods and service. Most companies have been pursuing improvement in this critical element of cost for half a century or more, often with very credible results. Many organizations continue the pursuit of logistics excellence with the aid of trusted partners or external constituents, including those companies interested in assuming the responsibility for some or all of the process steps.

From a modern perspective, these costs are now considered as part of an end-to-end supply chain network, and businesses pursue together the means to optimize those costs across the extended enterprise. Some extremely impressive gains have been recorded as these efforts move forward. The purpose of this paper will be to briefly explore this contemporary approach to a fairly standard and stable business practice, that of packaging, loading, storing and transferring goods across an extended supply chain.

Reverse Logistics
A Supply Chain Opportunity

Contributed by: Computer Sciences Corporation

Most practitioners have their own understanding of the fundamental processes involved in an extended supply chain network.  The novice will tell you it starts upstream with suppliers supplying suppliers, moves through manufacturing and production and goes downstream through distributors or direct to the business customers. An improvement effort starts within the four walls of a business by drawing a process map and working on product, information and financial flows to improve the key steps in the linkage that will save time, money and use of assets.
 The journeyman will go further and explain that a supply chain continues externally, until products and services have been delivered to the end consumer. System improvement involves order management, planning and distribution, inventory management and effective customer satisfaction. This counselor knows that supply chain is about bringing the key process steps to best practice and optimized conditions, while receiving high satisfaction ratings from the customers and consumers.

Forensics Data Handling

Author: Ty Gast
Contributed by: Cybertrust, Inc.

Computer forensics involves the complex task of accurately investigating events or activities on computer systems without adversely affecting the integrity of the data contained on those systems. This is a difficult task to perform properly, requiring expert handling and care. A forensics investigator is asked to answer fundamental questions surrounding an event: who did what, when did they do it, and how was it accomplished?

At the same time, they are expected to take precautions that ensure the integrity of the original data is maintained. To that end, investigators follow precise procedures to safeguard the data while allowing the investigation to proceed. These procedures include maintaining a chain of custody for all evidence material, maintaining the integrity of the data source media, and creating accurate mirror images of data sources. Only after these important steps are taken can an investigator begin the forensics analysis of mirrored data.

Identity, Identifiers and Identity Fraud

Author: William H. Murray, CISSP
Contributed by: Cybertrust, Inc.

Recently the press and the public policy makers have begun to speak of “Identity Theft” as though it was a novel concept requiring severe new legislation. These laws are likely to put significant new burdens on business. While most identity theft problems originate via plain old “snail mail,” the discussion these days is all about the Internet. The sponsors of the legislation point to exponential growth in the problem as justification for these laws.

This paper suggests that the “growth” actually comes from redefining traditional fraud, not from the growth of the Internet. It begins with a discussion of the concept of identity and ends with recommendations for individuals, fiduciaries and merchants to safeguard themselves.

The Joy of Sarbanes-Oxley

Author: Marne E. Gordan
Contributed by: Cybertrust, Inc.

In 2002, the US Congress passed into law the Public Company Accounting Reform and Investor Protection Act (PL 170-204), also known as the Sarbanes-Oxley Act (SOX). Its purpose was to stabilize the US markets in the wake of the enormous corporate scandals—Enron, WorldCom, HealthSouth, and the like—that cost investors millions of dollars and had a devastating impact on the US economy. Congress designed the Act to revise corporate governance procedures for publicly-traded companies, particularly the verification of the accuracy of earnings information and the disclosure of financial reporting. It also established the personal responsibility of CEOs, CFOs and other senior directors and officers of these organizations for the accuracy of this information. This will raise consumer confidence and allow them to make reasoned decisions when investing. Sarbanes-Oxley affects all publicly-traded companies in the US, and foreign filers in US markets. It is a fairly broad and far reaching regulation, containing a variety of fraud protection provisions, including requirements for auditor independence, the rotation of public accountant partners every five years, appropriate uses of non-GAAP financial measures, and protection for corporate whistleblowers, but the provisions that most companies are concerned with are under sections 302 and 404.

Encryption Technology

Author: Jasper Rose
Contributed by Cylink Corporation.

As Government and business leaders come to terms with the implications of the events of 2001, people are worried by terrorist threats directed at air travel and paper-based mail leading to a definite movement for less face-to-face meetings and less reliance on traditional mail.  Insurance premiums are also rising steeply, thereby forcing organizations to consider distributed operations. The result is a change in the way we conduct business and a much greater use and dependence on electronic communications and networks.

Digital Signatures: The Foundation for E-commerce

Author: Dr. Charles Williams
Contributed by Cylink Corporation

Business and technology have driven each other since recorded history. We see business changing to exploit the efficiencies afforded by new technologies. Also, we see technologies developed to satisfy the demands of new business practices. We see new technologies opening new business possibilities, and just as often we see new technologies decimating entire industries. We are at the beginning of yet another cycle of technology and business: this is the technology of cryptography enabling a revolutionary business paradigm, e-commerce. Digital signatures represent the key (yes, pun intended) technology for e-commerce. This paper addresses introduces technology of digital signatures and the role of digital signatures in e-commerce. This paper was written for the uninitiated (some would argue uncontaminated), so you should not be concerned if you can't spell "cryptography", yet alone understand it.

Who Goes There?
Authentication in the On-Line World

Author: Dr. Charles Williams, Chief Scientist
Contributed by  Cylink Corporation

The Internet is changing the way we make and spend our money. Consumers will spend $20 billion this year and business-to-business transactions could top $100 billion for the first time. One of the main concerns consumers, merchants and business have about e-business is how do we identify our customer or partner over an electronic network. This paper discusses the latest technologies that address this issue.

Complying to the Gramm-Leach-Bliley Act

Author: Charles Baumert
Contributed by Cylink Corporation

A recent NetworkWorld survey reported that in 2002, 66% of IT managers increased their spending on IT security.   Recent world events have certainly played a part in raising awareness of the importance of IT security and encouraging investment in this area.  At the same time government and industry regulators worldwide have been working steadily to put into place measurable and enforceable standards to ensure that business can be carried out in an environment of trust.

How to use Collaborative Commerce
to Manage an Extended Enterprise.

Contributed by Deloitte Consulting

When a company and its key value chain work together to meet customer needs, they are operating in an Extended Enterprise model—and virtually all large organizations today are already doing just that. Yet most fail to realize the full potential of the Extended Enterprise due to the self-imposed walls that isolate them from their trade partners. Companies that are better able to manage the process dynamics of this complex ecosystem can derive significant advantage. Collaborative commerce breaks the walls down, transforming cross-enterprise business processes and information flows, and gives companies the methods and tools to work effectively across enterprise boundaries.  

Integrating Systems, Customers & Suppliers

Author: Michael Klotz
Contributed by eBI Solutions LLC

In this paper, the author attempts to shed some light on the realities of Enterprise Integration projects, which, not unlike many big ERP and CRM implementations have a high failure rate or do not deliver the benefits originally anticipated. After examining the common misconceptions and mistakes made before, during and after an integration project, a set of guidelines that will all but guarantee that such projects are successful and deliver on their promise.

Is Web Service Technology a Good Fit for My Organization?

Author: Jay Lee
Contributed by eBI Solutions LLC

Unfortunately, there is no complete correct answer to this question. Though the growth and adoption of Web Services in business hinges upon the convergence of a “generally accepted” set of industry standards, today’s myriad of overlapping, and sometimes divergent, standards do not help this cause.   The goal of this paper will be to help place your organization at the beginning of a roadmap to successful adoption of Web Services as part of your application integration strategy.

Guarding the Information Infrastructure

Contributed by the Federal Bureau of Investigation (1998)

The National InfraGard Program began as a pilot project in 1996, when the Cleveland FBI Field Office asked local computer security professionals to assist the FBI in determining how to better protect critical information systems in the public and private sectors. From this new partnership, the first InfraGard Chapter was formed to address both cyber and physical threats.

Protecting Enterprise Messaging Systems
From Spam, Viruses, and Other Threats

Contributed by FrontBridge Technologies Inc.

This white paper explores the threats to business email and considers the various methods for protecting enterprise messaging systems. Businesses that do not sufficiently protect their networks and email systems are confronted with the fallout from uncontrolled content - such as unsolicited email (Spam) and malicious code and viruses - flowing into and out of their corporate networks via email.

New Incident Response Best Practices

Author: John Patzakis
Contributed by: Guidance Software, Inc.

Information security technology traditionally focuses on protecting the perimeter to keep the bad guys and the bad code out of the enterprise. But as every CIO knows, information security breaches in large enterprises are inevitable. Hackers will penetrate the network, or — in what many believe are more frequent occurrences — insiders will compromise customer and company data. With such compromises a certainty, enterprises are left scrambling to manage these proliferating incidents.

Internal Computer Investigations under Sarbanes-Oxley

By John Patzakis and Victor Limongelli
Contributed by Guidance Software Inc.

In response to a wave of high-profile corporate crime such as the Enron debacle, Congress passed the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”), and President Bush signed the act into law on July 30, 2002.  Sarbanes-Oxley was enacted to protect investors by combating corporate crime and improving corporate governance.  As many commentators have noted, Sarbanes-Oxley requires companies to implement extensive corporate governance policies to prevent and timely respond to fraudulent activity within the company.

TPBroker for C++ & TPBroker for Java Architecture

Contributed by: Hitachi Computer Products (America) Inc.

TPBroker enables you to build new systems using existing system resources as building blocks, and simply adding interfaces to the distributed object environment. TPBroker also allows you to develop distributed object-oriented applications using the Common Object Request Broker Architecture (CORBA) ORB function. This allows the reuse of system components and localization of program modifications that help reduce costs of system development and management.

The Extended EAI Solution

Author: Masato Saito
Contributed by  Hitachi Computer Products (America) Inc.

This white paper describes the Hitachi's Enterprise Application Integration (EAI) and extensions of EAI technology that Hitachi thinks important for the real mission critical e-business system. All Hitachi Software products are planned, developed, implemented and marketed, based on the ideas that are written in this white paper.

Addressing the Key Implications of Sarbanes-Oxley

Contributed by IBM - Tivoli Group

The Sarbanes-Oxley Act of 2002 (SOX) introduced significant changes to financial practice and corporate management regulation. Passed in the wake of numerous corporate scandals, SOX is a complex piece of legislation that requires companies to make major changes to bring their organizations into compliance. The act holds top executives personally responsible for the accuracy and timeliness of their company’s financial data — under threat of criminal prosecution. Thus, SOX compliance has become a top priority for
publicly traded companies.

The act also sets deadlines for compliance, all of which will take effect during the next two years. Of the sections already in effect, the most publicized has been Section 302, implemented in August 2002, which requires CEOs and CFOs to personally certify quarterly and annual financial statements. The first indictment of a CEO for failure to comply with the act occurred in 2003. This is just the tip of the iceberg — violating SOX can bring fines up to $5 million or 20 years in prison.

Security Management Solutions

Contributed by IBM - Tivoli Group

Organizations of all sizes, across all industries, are realizing that the complexity of today’s IT security demands a robust solution. A solution that manages the growing variety of users who now require access to your IT resources. One that enables your organization to comply with regulations and audit requirements. One that does more even as it reduces costs.  The solution lies in managing identities. Identity management establishes centralized control to enable consistent execution of your security policies across the breadth of your organization. But it facilitates administration in a decentralized mode, giving the right amount of responsibility to the right individuals and groups — wherever they are. Choosing to implement identity management is one thing. Figuring out how to get started toward the identity management solution that’s right for your organization is another. It can be intimidating to identify what kind of software you initially need to invest in, let alone to choose the best vendor in the area you select — a vendor that can support you throughout the process of implementing your total solution.

Security Solutions - Executive Brief

Contributed by IBM - Tivoli Group

Ever-increasing numbers of users are getting “connected.” That’s good for communication and for commerce. However, the convenience, ease-of-use and sheer numerical acceleration of these connections lead to daily increases in the security, privacy and auditing challenges faced by IT managers.

Federated Identity Management

Contributed by IBM - Tivoli Group

Identity management has become a hot topic with many organizations. From business-unit executives to CIOs to IT administrators, the focus is on improving the integrity of identity-driven transactions, increasing efficiency and lowering IT costs.

With increased corporate governance and regulatory hurdles, the management of these identities and account data introduces new business compliance issues and security exposures. Taking on identity management means dealing with these privacy, compliance, legal and regulatory issues.

Manage Users and Devices to Maximize Security.

Contributed by IBM - Tivoli Group & Cisco Systems, Inc.

To address today’s competitive "On Demand" Business challenges, organizations leverage their IT investments in networks, systems and applications to efficiently connect with customers, suppliers and partners. While enabling more users and organizations to connect to many parts of the IT infrastructure drives immense benefits, it also can yield corresponding risks. The recent spate of viruses, worms and Internet attacks caused significant IT infrastructure damage and a massive loss of productivity within enterprises. Businesses have been forced to spend more to combat these evolving threats, yet their security capabilities often have not risen to meet these challenges. In addition to tackling electronic threats, enterprises now must comply with a variety of industry and governmental regulations, including the Sarbanes-Oxley Act (SOX) of 2002, the Health Insurance Portability and Accountability Act (HIPAA) and the Basel II Accord. Additionally, some organizations also use compliance initiatives to streamline and optimize the quality of existing IT operations by automating key processes.

Software Testing as a Strategic Business Advantage

Contributed by IBM - Rational Software

Developer testing, user testing, outsourced testing, ad-hoc testing. However it works in your organization, testing plays a crucial role in the successful delivery of today’s complex, heterogeneous, business-critical software systems. As software development is becoming more sophisticated, companies are discovering that when armed with the right tools, processes, and people - testing teams add tremendous value in solving the complex problem of delivering high quality enterprise software systems.

This realization comes at a critical time - when IT organizations and development teams are being asked to address a new set of challenges. Predicting the ability of software systems to be self-managing and self-healing, rapid assembling and testing of services-based applications, managing outsourced testing projects, and using test and validation processes to support regulatory compliance audits; these are all new challenges that even the most savvy IT organizations struggle with. Faced with these new challenges, the focus on processes and tools to improve quality, customer satisfaction, and company agility has never been higher.

IBM Tivoli Security Compliance Manager

Contributed by IBM - Tivoli Group

The number of security incidents enterprises face are increasing daily. Additionally, enterprises need to address compliance with an increasing number of government and corporate security policies, standards and regulations.  IBM Tivoli Security Compliance Manager is a new security policy compliance product that acts as an early warning system by identifying security vulnerabilities and security policy violations for small, medium and large businesses. Tivoli Security Compliance Manager helps organizations define consistent security policies and monitor compliance of these defined security policies. Security policies can be based on both internal security requirements and industry-standard security policies.

Software Quality Management from IBM:

Contributed by IBM - Rational Software

Quality software delivery is entering a new era. For years, chief information officers (CIOs) have indicated that one of their top priorities is aligning IT with business objectives. Faced with pressure to innovate, grow and change with marketplace demands, businesses are now committed to acting on this priority. According to a 2006 IBM survey,1 65 percent of the world’s top corporate chief executive officers (CEOs) declared that they plan to radically change their companies in the next two years in response to pressures from competitive and marketplace forces. Therefore, today’s IT imperative is to deliver, as quickly as possible and within a fixed budget, quality business-critical software and systems that can support business initiatives addressing the new challenges.

Enhanced Partnerships for Global Humanitarian Relief
and Diplomacy

Contributed by IBM Global Services
IBM Business Resilience & Continuity Services

Today, millions of dollars of donated humanitarian relief funds, supplies and resources, along with thousands of hours of volunteer time, are sometimes ineffectively utilized in the responses to global crisis events. Duplication of effort, lack of direction, poor communications, limited cooperation and a need for diplomacy are among the factors that contribute to this dilemma.  A public and private sector global partnership that is embraced by major corporations, the United Nations (UN) and non-governmental organizations (NGOs) could provide a unique opportunity to combine individual skills, resources and knowledge in a manner that would significantly improve the way disaster relief is delivered globally. Such enhanced partnerships can help reduce redundancy and effectively match crisis needs against available resources while maximizing the benefits of donations, accelerating recovery and reducing suffering.

The SAHANA Disaster Management System

Contributed by IBM Global Services
IBM Business Resilience & Continuity Services

The year was 1999 and members of our IBM Crisis Response Team (CRT) had arrived in Istanbul, Turkey to support the government in responding to a massive earthquake that had struck near the town of Izmir.  The Minister of Health had requested assistance in setting up, organizing, and managing eight (8) warehouse and distribution centers for the receipt, tracking, and shipping of medical supplies and drugs.  Donations were coming in from 67 countries in 23 languages.  The challenges were significant.  We needed to gain a rapid understanding of the needs of the field hospitals and find a way to logically track, organize, and manage the operation.  One of our requirements was to implement a computerized logistics management system that could catalog over 10K drugs in 27 major categories (set by the World Health Organization).  In just a few days, and an amazing programming effort led by Mark Prutsalis (a member of the CRT), we had a fully functional logistics management system running in Turkish and English.  The project was a major success and many thousands of disaster victims were helped.

Testing SOA Applications

Contributed by: IBM - Rational Software

Service-oriented architecture (SOA) makes IT applications into composite applications, which are no longer monolithic. Instead, composite applications are composed of many services often developed and deployed independently by separate development teams on different schedules. Development of new composite applications is made easier by the possibility of reusing existing services, thereby avoiding costly application redevelopment or integration. However, this comes with some unique challenges to ensuring a high level of quality throughout the development cycle.

Indeed, SOA quality management is an important aspect of service lifecycle management—one that reflects the need to address multiple aspects of service quality across multiple SOA service implementations. IBM is focused on delivering end-to-end SOA quality management—from the model phase through the assemble, deploy and manage phases. SOA quality management concerns far more than just conventional software development and testing. It encompasses all the ways in which business and IT organizations collaborate on services, as well as the lifecycle from the conception of services and composite business applications to the retirement of those assets.

When am I done testing?

Contributed by IBM - Rational Software

A new barometer for measuring the risk of releasing new software versus the cost of continued testing.

The authors of this white paper are Murray Cantor, distinguished engineer, Rational software, IBM Software Group, Michael Lundblad, program manager, quality management, Rational software, IBM Software Group. Avik Sinha, research scientist, test automation, software measurement and estimation, IBM Research and Clay Williams, manager, governance science research, IBM Research.

Understanding Web Application Security Challenges
Contributed by IBM Corporation

As businesses grow increasingly dependent upon Web applications, these complex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority of attacks are on applications themselves - and these technologies cannot prevent them.

This paper explains what you can do to help protect your organization, and it discusses an approach for improving your organization's Web application security.

Posted January 2009

Architecture for Federated Portals

Author: Randy Eckel
Contributed by  InfoImage Inc.

This paper discusses the difficulties in implementing enterprise portals for larger organizations and describes the business and technical advantages of using federated portal architecture to build an enterprise portal.

Total Cost of Ownership in the Open Source
Database Community

Author:  Chris Twyman
Contributed by Ingres - Business Open Source

Implementing an Enterprise-Wide
Background Screening Solution

Contributed by: InfoMart, Inc.

Once primarily the tool of the federal government for hiring operatives and other high security personnel, background screening is now prevalent in an array of industries among companies who recognize the value of getting the whole story about a prospective employee. In a world of falsified resumes, employee crime, security risks, ineffective employees and negligent hiring lawsuits, pre-employment background screening should be considered a best practices rule of the hiring process, rather than an exception to it. The risks to companies today are too high to allow even one bad hire. A thorough background screen is one of the only ways to avoid making a costly mistake and to know for certain whether that ideal applicant has a phony or a criminal lurking within.

Wireless LAN (WLAN)
End to End Guidelines for Enterprises & Public Hotspot Service Providers

Contributed by Intel Corporation

Wireless LAN (WLAN or also known as Wi-Fi*) is a high speed data networking technology that is being widely deployed in residential, enterprise and public areas all around the world. Wi-Fi* brings the Internet to users with mobile computers and/or PDAs and soon even cell phones regardless of where they are - home, corporate campus, or a public hotspot.

This paper describes the market environment and the challenges for deployments in enterprises and public hotspots. It is intended for enterprise IT managers, public WLAN operators and WLAN equipment and software vendors who are involved in planning, deploying or supporting WLAN networks.

SIM Based WLAN Authentication for Open Platforms

Contributed by Intel Corporation

This paper discusses approaches to authenticating users with open platforms, such as notebook PCs, for WLAN access using SIM cards. Using SIM cards to authenticate WLAN access is desirable by wireless operators as this approach minimizes additional infrastructure investments since the existing authentication processes and equipment are re-used. This paper starts with an overview of the authentication methodology in today’s GSM networks. Applying the GSM authentication methodology in a WLAN environment is then discussed. Enabling use of open platforms in WLANs requires consideration of potential security threats to authentication data due to the presence of open pathways. These open pathways are illustrated and possible mitigation techniques are discussed. With the appropriate mitigation approaches, SIM based user authentication can be easily extended to the WLAN environment.

Manageable Identities

By: Vijay Auluck, Business - Shelagh Callahan and Abhay Dharmadhikari
Contributed by: Intel Corporation

As the world around us grows increasingly digital, so do the identities we use for each other, as well as the identities of devices, processes, and organizations. Most of us have digital identities associated with multiple devices, networks, services and organizations. What we lack is a good way to manage these identities, including the credentials used to access our devices and services, and the policies controlling where and how we expose our identities. This white paper explores a client-based approach to this problem: Intel’s Manageable Identities. Manageable Identities (MID) technology is intended to complement infrastructure-based identity management solutions under development - in standards like the Liberty Alliance and products like Tivoli Identity Manager and others. By providing a consistent, user-focused view, Intel’s Manageable Identities facilitate the ways people interact with the devices, networks and services they use every day.

Network Security Manager

Contributed by Intellitactics, Inc.

Network Security Manager is the holistic integrated threat management platform for Security Operations Centers of Global 1000 companies, governmental organizations, and Managed Security Service Providers (MSSPs) who need to deliver more effective information security management at a lower cost.

Enterprise Security Management

Contributed by Intellitactics, Inc.

Information Security is a key component of modern planning and management, given the integral role of information technology (IT) in today’s enterprises. The entrenchment of security is also driven by the increasing growth of electronic transactions. Fueled by the Internet, electronic commerce proliferates with the growth of networks. As enterprise boundaries are blurred, enterprise level security becomes more challenging.

Enterprise Project Management

Author: John Dohm
Contributed by Intellos Systems, Inc.

Enterprise Project Management is a term broadly applied to the systemic ability to match organizational capacity with organizational demand to maximize value.  EPM is a mechanism by which one develops a “projectized” organization.  At first glance, the process seems quite straightforward; understandprioritize your projects, know the skills and competency levels of your resources, then schedule and track performance.  In reality however, linking activities to strategies is a complex and difficult task.  Because of the inherent challenges in making EPM work, most organizations have taken baby steps toward becoming project focused, but few maintain the motivation to see the process through.  This Forum will explore a set of the catalysts that will hasten the pace at which organizations can adopt EPM concepts and techniques.

Achieving Business Intelligence through Project Intelligence

Author: John Dohm
Contributed by Intellos Systems, Inc.

Conventional wisdom, or at least conventional wisdom as proposed by many consultants and a variety of organizations, is that change is driven by a combination of people, process, and technology.   This is nonsense.  People neither change because of increased awareness or education, nor do they change because a better process is developed and communicated.  They change, and will invest in changing, only under three conditions:

  1. The change has a tremendous upside;

  2. The change helps to avoid a tremendous downside;

  3. Change is easy and natural.

Since projects are the primary vehicle for change within organizations, projects that are undertaken must meet one or more of the above conditions if the output of the project is to deliver substantive value.  Ensuring that projects are linked to one or more of the above conditions defines the practice of Project Intelligence.  The aggregation and visualization of information associated with project performance and value delivery is Business Intelligence.  If you have Project Intelligence, getting Business Intelligence is straightforward.  As such, this paper will focus almost entirely on the requirements for Project Intelligence, both from a business value perspective and a planning and execution point of view.

Sophisticated Tools or Afterburners on a Mule?

Author: John Dohm
Contributed by Intellos Systems, Inc.

The software industry has produced a large number of tools to provide corporate performance management (e.g., balanced scorecards), organizational alignment (commonly referred to as work intelligence), portfolio management, and collaboration/brainstorming.  These tools are seldom integrated with each other, often are overly complex, and many simply do not get used.  This paper investigates how far the software industry has gotten ahead of the mainstream need for software solutions.  While the particular focus is organizational effectiveness - primarily as it relates to projects - most of the commentary is applicable more broadly.

People Issues that Cause eCommerce Projects to Fail
How People Management Can Cause Corporate Failure

Author: Carmen Robinson
Contributed by  Interaction Associates

In today’s fast-paced business environment, organizations are rushing to keep pace with rapid changes in technology.  Many companies spend tremendous amounts of time and money analyzing and refining technology strategies, but don’t give sufficient thought and attention to how they can best execute that strategy. 

Conflict Resolution Management

Author: Barry Allen
Contributed by  International Fieldworks Inc.

Unlike arbitration where a third-party imposes decisions on the disputing parties, mediation permits each side to retain control of the outcome while consenting only to being assisted in managing the conflict resolution. It is much more akin to a negotiation than to arbitration or litigation and more often than either it can deliver on the desired goals, for employee and employer alike.

The User Interface
Control Panel Design & Manufacture

Author: Hemant Mistry
Contributed by  Jayco Interface Technology Inc.

Look at any electronic device, whether it is a stereo amplifier, photo-copier, or laboratory or test equipment and aside from it's overall form, what first strikes you is the control panel or user interface. Most people react on first viewing with "I like it" or "I don't like it". You have immediately either "sold" your customer or "turned them away". This paper deals with the importance of control panel design and function in today's marketplace.

Personal Health Information

By Dr. Kenneth Johnson, SMD, SND, OMD, Ph.D.
Therapeutic Orthomolecular Nutritionist

Excessive stress from ever-increasing pollutants in our environment wreaks havoc on human potential long before any serious illness emerges. Various states of diminished well being from stress overload overtax, and to some degree block, the body's biological energy systems. These systems act as the body's life preserving, regulating mechanism and control the organism's defenses and its self-healing powers. As a result, there are more and more people acutely ill with weakened vitality and lowered immunity. These individuals have exceeded their level of tolerance in regard to the accumulation of toxins and have depleted vital enzymes and nutrients to the point where the functional activity of various organs and glands is not adequate for optimal health. Many people can regain their health again if those toxins are excreted and vital nutrients are supplemented within the individual’s tolerance level. When natural regulatory patterns are restored by balancing the body's energy systems, it is possible for individuals to rid themselves of a multitude of symptoms and illnesses.  

Preparing and Fine-Tuning Your Crisis Plan
A Workable Methodology

Author: Larry Kamer  
Contributed by Kamer Consulting Group

A survey conducted in January by PRWeek, an industry trade magazine, and Burson-Marsteller, one of the world’s largest public relations firms, revealed that just 19 percent of CEOs believe their companies had appropriate crisis protocols in place at the time of the September 11th  attacks.   That’s a pretty shocking revelation, and a cause for real concern.  Gartner, Inc. estimates that 40 percent of companies that are hit by disaster go out of business within five years.

Managing Risk Without Precedent
Terror Attacks at Domestic Chemical Facilities

Author: Larry Kamer  
Contributed by Kamer Consulting Group

The stage is set for industry to distinguish itself in a world of changing perceptions and not cede the moral high ground to its traditional critics. The question remains: will the owners and managers of America’s industrial infrastructure acknowledge the new realities of risk and use it as a platform for leadership? Or will industry consign itself to a supporting and reactive role that will make the RMP program look like a warm-up act for what’s to come?

Enterprise Portals
The Convergence of Information, Application & Technology 

Author: Corey Smith
Contributed by  Kanbay Incorporated

The Enterprise Portal is the desktop for a new age, the information age.  It is a single window onto the combined knowledge and processing power of the enterprise.  To enhance the experience of customers, employees, suppliers and partners the Enterprise Portal must provide a convergence of information, application and technology.  This convergence differentiates the Enterprise Portal from a collection of web sites by offering universal access to information, role-based personalization, cross-application workflow, common content management, centralized user management and a framework for future application development.

The Case for the Full-Function Project Office

Authors: Scott S. Perry and Louis Leatham
Contributed by  Kanbay Incorporated

In the United States we spend more than $250 billion each year on IT application development for approximately 175,000 major projects. Many of these projects will fail! Software development projects are in jeopardy and we can no longer ignore the need for greater project discipline and best practice sharing. This paper discusses best practice project management in detail.

Modeling the Business Environment

Author: Dean Clark
Contributed by  Kanbay Incorporated

From the knowledge gained from Y2K efforts, dramatic improvement of the business model is possible. Through a process called Strategic Business Modeling valuable information can be organized for the move from legacy business functions to a new infrastructure, allowing for ease of integration which in turn provides an improved return upon investment, speed to market and ease of maintenance.

Software-Aided Performance Management

Contributed by KnowledgePoint, Inc.

With the current forces of concerns about talent retention, productivity and profitability, organizational survival hinges on a business’ ability to manage resources, move quickly, and remain competitive in a continually changing market. In this environment, regularly evaluating and improving employee performance and productivity has become more than an administrative detail - it’s now a key business strategy!

XML Trends and eCommerce

Author: LeRoy Denny
Contributed by  M1 Software Corporation

The implication XML has for electronic commerce is substantial. If we agree to define eCommerce as the use of technology to facilitate business, then the need to deliver an identical result to users of either Netscape or Microsoft browsers becomes a business essential. This paper deals in depth with this essential component of the new economy.

Electronic Commerce Explained

Contributed by  Microsoft Corporation

All businesses will be affected by the global move to electronic commerce. Business operations will change, and new processes will be created. Companies that start learning now in this new environment, will undoubtedly be leaders in the future.

Bringing the Balanced Scorecard to Life
The Microsoft Balanced Scorecard Framework

Contributed by Microsoft Corporation

This paper describes the Microsoft approach to developing and implementing a Balanced Scorecard for enterprise performance management. It presents basic information on the Balanced Scorecard performance management methodology, and identifies key business issues that must be addressed in developing and deploying a balanced scorecard. The paper then presents the Microsoft Balanced Scorecard Framework (BSCF) a comprehensive set of techniques, tools, and best practices to speed scorecard implementation using toolsets with which organizations are familiar.

Enterprises must make Business Intelligence an Imperative.

By Howard Dresner  
Contributed by Microsoft Corporation

Doing business is information-intensive. Enterprises are being pushed to share information with increasingly more audiences. The business intelligence imperative insists we elevate BI to a strategic initiative now, or risk disaster! Ignorance is the greatest threat to modern business. The risk of not knowing is immense. And, incomplete information can be even more harmful than no information, because we proceed and make decisions and act with conviction, falsely believing we know the true nature of the situation.


Contributed by Microsoft Corporation

HRWeb is an integrated suite of three portal products that provide human resources (HR) information to Microsoft employees. These secure, audience‑based portals provide one-click access to pertinent HR information, transactional tools, and personalized employee data in a single, integrated user interface. HRWeb increases employee productivity and maximizes the effectiveness of the HR organization.

Business Intelligence Within Reach

Contributed by Microsoft Corporation

At no time in the past have organizations had the capability to gather and store such vast amounts of data: customer information and operational data from multiple sources flow into the enterprise with ever-increasing volume and speed. More than ever, organizations are turning to business intelligence as the means to derive value from the incredible volumes of data now collected and warehoused in enterprise systems.

The Antivirus Defense-in-Depth Guide

Contributed by Microsoft Corporation

The Antivirus Defense-in-Depth Guide provides an easy to understand overview of different types of malware, or malicious software, including information about the risks they pose, malware characteristics, means of replication, and payloads. The guide details considerations for planning and implementing a comprehensive antivirus defense for your organization, and provides information on defense-in-depth planning and related tools that you can use to help reduce your risk of infection. The final chapter of the guide provides a comprehensive methodology to help you quickly and effectively respond to and recover from malware outbreaks or incidents.

Responding to IT Security Incidents

Contributed by Microsoft Corporation

How prepared is your information technology (IT) department or administrator to handle security incidents? Many organizations learn how to respond to security incidents only after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy.

There are clearly direct benefits in responding to security incidents. However, there might also be indirect financial benefits. For example, your insurance company might offer discounts if you can demonstrate that your organization is able to quickly and cost-effectively handle attacks. Or, if you are a service provider, a formal incident response plan might help win business, because it shows that you take seriously the process of good information security.

Architecture & Design Review for Security

Contributed by Microsoft Corporation

You need an appropriate architecture and design to build a secure Web application. The cost and effort of retrofitting security after development is too high. An architecture and design review helps you to validate the security-related design features of your application before you start the development phase. This enables you to identify and fix potential vulnerabilities before they can be exploited, and before the fix requires a substantial reengineering effort.

The imperative to really teach and be memorable

Author: Dr. Mark Baker
Contributed by MindAtlas Pty. Ltd.

In this day and age of competing educational methods, and highly-sought training dollars, professionals faced with workplace training decisions must be convinced of the efficacy of their delivery methods.  Many traditional training and e-learning organizations claim to deliver effective training, not as many actually do so. Sitting for hours in a crowded room watching the clock tick by, or reams of attached files and black text on white screen do not an effective learning experience make.

Understanding Network Access Control

Contributed by: Mirage Networks, Inc.

Today’s technology environment is defined by mobility. It is a productivity enhancement few organizations can be without - but the gain in productivity is causing an explosion of network security concerns. Consider the dramatic increase in the number and capabilities of mobile devices: according to Gartner, the dominant trend in computer buying has shifted to notebooks, which now make up 29% of computers sold in the US and 31% of those sold worldwide. And not only are laptops becoming the computer of choice for many corporate employees, more and more IP-enabled devices are coming into the mix - PDAs, mobile phones, and gaming systems, to name a few, each bringing new security vulnerabilities onto the network. Further enhancing productivity - and jeopardizing network security - is the ubiquity of access. Whether at home, in a hotel, at a Starbucks, or even on a park bench, users require and expect access to corporate networks at a data rate that enables full productivity. The widespread adoption of broadband wireless networking has made mobile computing the standard, not the exception.  This has created great challenges for IT and security professionals. Controlling the devices accessing the network has become increasingly problematic as these devices move in and out of protected corporate networks, and as the line between office and personal computer blurs or even disappears. And now, it’s easier than ever for unmanaged IP devices to make their way into corporate networks.

Pre-Admission Network Access Control

Contributed by: Mirage Networks, Inc.

As you may recall from Part 1, the three main NAC standards (Cisco NAC, Microsoft NAP, TCG TNC) concern themselves with pre-admission (a.k.a. on-entry) NAC. Pre-admission checks are critical, but assuming that clean devices cannot become infected or hacked once ON the network could well be considered myopic. Post admission infection is addressed later in this document.

For a NAC solution to be effective, it must deliver two essential pre-admission capabilities. First, it must be able to identify a new device connecting to the network. Second, it must be able to test the endpoint for adherence to security policy and restrict access for those devices that do not meet defined entry criteria. Together, these capabilities should provide data that can be used to compare a device’s current security state against established security policy criteria, to determine how much or how little access that device is allowed.

Women in the Corporate World

Access to Information Technology


Author: Shaila H. Mistry

Originally presented in The House of Commons, British Parliament. London England

Fighting High Technology Theft with High Technology Solutions

Contributed by: New Momentum, Inc.

Each year the United States  Customs and Border Patrol confiscates millions of dollars in counterfeit goods. In 2006 alone, products seized by United States officials totaled more than $155 million. Unfortunately, even as the agency sees significant growth in the amount of counterfeit products detained from year to year — 2006 marked an 83% increase from 2005 — efforts to sniff out unauthentic goods through customs and border patrols are only capturing a small fraction of a multi-billion dollar problem.

The United States Chamber of Commerce estimates American companies lose $250 billion in sales every year as a direct result of counterfeiting and piracy. Even in the face of rising awareness among consumers and collaborative efforts among government organizations, the Chamber says the problem is continuing to grow at an alarming rate.

Resourceful Revenue Recovery

Author:  Robert A. Malone
Editor,; Author: Chain Reaction; Columnist, Managing Automation and Inbound Logistics
Contributed by:
New Momentum, Inc.

Today’s emphasis on globalization and outsourcing offers many cost reduction benefits to enterprises that manufacturer or use electronic components. But this business is not a just a bed of roses - there is a significant proliferation of counterfeits and sales through unauthorized channels. As enterprises expand their operations globally, quality issues can begin to appear in customers’ products. Research into these problems can show that remarked or counterfeit parts were used. This problem can lead to a serious loss of both reputation and revenues. Companies have identified it as a significant problem but in many cases they don’t have the data they need to determine the extent of how counterfeiting is affecting their business.

Back to the Future
A Balanced Approach to Long-Tern Incentives

Contributed by  Nextera Inc.

HR Directors need to get the attention of the CEO and CFO of their organization to recognize the value of IDM is now paramount, especially since the economy is now experiencing an obvious downturn.  If we cannot manage our most valuable resource "our employees", then all corporate goals and profits are jeopardized.  Human Resources professionals have talked about it for years, but we are not always able to convincingly "prove" that IDM works to those who control the purse strings.

Insider Attack Detection Using Cyber Sensor Fusion

Author: Dennis H. McCallam
Contributed by  Northrop Grumman Information Technology

By any way you want to measure it, the number one threat for any information system is the insider attack.  Cited across the board, from government to military to businesses to warfare attacks for any system, military or otherwise, is the insider attack.  

ROI as it applies to eCommerce or IT Projects
Connecting IT Projects to making & saving money.

Author: Tim Rohde
Contributed by  One Inc.

Using the word “strategy” could have shortened the title of this article.  Unfortunately, the word started with several meanings and now, thanks to its constant misapplication, has none.   If you want your IT projects to sell up the chain easily and to achieve measurable business results, you’re going to have to hear the word “strategy” more often than your own name.  Here is a definition of strategy that will cut through miles of dust for anyone in a for-profit business:

Making Sense of eCRM
Electronic Customer Relationship Management

Author: Glen Petersen
Contributed by  One Inc.

In today's world of business and technology we are constantly barraged with a never-ending series of acronyms; a relative recent addition is eCRM.  Like many of its predecessors, eCRM which stands for electronic customer relationship management, is a term that is tied to a great deal of hype and confusing messages, this article will attempt to provide a framework for understanding but moreover also establish a framework for success.

Antivirus Solutions are one step behind Viruses

Contributed by Panda Software (USA), Inc.

In order to detect and eliminate new viruses, antivirus solutions usually take a reactive approach: they wait for it to appear, infecting its first computers and then they are updated to combat it as soon as possible.  Until now, antivirus protection responded quickly enough to head off new viruses before they could spread widely. For example, Panda's antivirus solutions are updated automatically via the Internet, at least once a day.  However, new viruses and intruders have recently emerged with the capacity to infect thousands of computers in a few hours, before antivirus protection can be updated to combat them. Sasser, Netsky, Mydoom or Sobig are good examples of these new generation viruses, which use new means of propagation and exploit vulnerabilities in operating systems and the most widely used software.

Dedicated Perimeter Protection Strategy

Contributed by Panda Software (USA), Inc.

Latest data indicates that one in every 204 e-mail messages contains a virus, and that 99 percent of viruses enter companies via SMTP mail or HTTP web-browsing. And its not just viruses that cause problems. In January 2003, the SQL Slammer worm hit thousands of servers around the world, exploiting a buffer overflow vulnerability and causing denial of services in SQL servers which resulted in losses estimated, according to Computer Economics, at 705 million euros.

What’s more, employee productivity is being increasingly degraded not only due to the time they spend classifying and eliminating the large number of spam messages that reach their inboxes, but also due to the time they spend accessing inappropriate or unauthorized web content, which, if distributed, can damage the corporate image.

Enterprise Security

Contributed by: Panda Software (USA), Inc.

With the non-stop permanent protection incorporated in Panda EnterpriSecure Antivirus, updates are automatically distributed across the network at least once a day. This is achieved through a mechanism that is transparent to the user, resulting in increased productivity, as administrators can concentrate on other tasks. Panda EnterpriSecure Antivirus is a high-performance and scalable antivirus solution that facilitates the deployment and updating of the protection in all the computers across the network: workstations, file servers, Exchange and Domino mail servers, SMTP gateways and perimeter servers.

TruPrevent Technologies: Technical Overview

Contributed by: Panda Software (USA), Inc.

Current antivirus technologies are extremely effective for detecting and disinfecting known malware (any that is found in their databases of signatures), however, from the moment that a new malicious code appears until the antivirus solutions are capable of detecting it and disinfecting it, the following events must arise:

  • A new malicious code appears

  • It starts to spread

  • The manufacturer of the antivirus obtains a sample.

  •  It is analyzed in its laboratory

  • The manufacturer creates a identifier for the new malware

  • The update is prepared and it is uploaded onto Internet

  • The clients update according to the conditions established

Result: from the moment that a new malware appears until the users are protected anything from a few hours up to several days may pass by, depending on the haste with which the manufacturer producing the antivirus reacts before the appearance of the new threat.

Perimeter Protection Strategy

Contributed by: Panda Software (USA), Inc.

Latest data indicates that one in every 204 e-mail messages contains a virus, and that 99 percent of viruses enter companies via SMTP mail or HTTP web-browsing.  And its not just viruses that cause problems. For example, the SQL Slammer worm hit thousands of servers around the world, exploiting buffer overflow vulnerability and causing denial of services in SQL servers which resulted in losses estimated, according to Computer Economics, at 705 million euros.  Due to the increasing sophistication of Internet-borne threats, Panda Software proposes a layered protection strategy in which the Internet gateway plays a vital role, as is the strategic network point used to send and receive e-mails, all type of content... and 99 percent of viruses.

Web Content Filtering in the Corporate Network Perimeter

Contributed by Panda Software (USA), Inc.

The Internet is the source of information most widely used by companies worldwide. Two in three employees use it as a work tool. However, the Internet also offers a wide range of non work related content, such as leisure services, online shopping and a large list of etceteras, which employees with Internet access could also access during work hours. For this reason, it is vital for companies to be able to control Internet content that their employees can access, and ensure beneficial use of this technology and avoid loss of productivity.

Build Good Leaders and Diversity Will Follow
An Intelligent Approach to Diversity Training

By Karl A. Schmidt
Contributed by  Parker, Milliken, Clark, O’Hara & Samuelian

Many supervisors and managers fail to make a similar effort to determine the underlying skills, abilities and traits of their subordinates.  Such superiors see their charges as “all of a type” and only seek an “adequate” level of performance from most of them, never considering the possibility of untapped talents and underutilized productivity.

Workers' Compensation White Paper

By Karl A. Schmidt
Chairman, Labor & Employment Law Department  
Contributed by  Parker, Milliken, Clark, O’Hara & Samuelian

In recent months much deserved criticism has been heaped on the California Workers’ Compensation system and much newspaper and newsletter space has been devoted to analysis of its ills and the need for reform. 

Maximizing HR Contributions To Company Success

Authors: Paul Kirincich and Paul Minton
Contributed by Pinnacle Strategy Group

The authors are management consultants who specialize in guiding businesses through the process of strategic planning.  Their work has spanned several industries, and has led to large operating improvements, turnarounds and new financing for their clients.

Information Services Amid Change and Uncertainty

Authors: Paul Kirincich and Paul Minton
Contributed by Pinnacle Strategy Group

The authors are management consultants who specialize in guiding businesses through the process of strategic planning.  Their work has spanned several industries, and has led to large operating improvements, turnarounds and new financing for their clients.

Globalization of Human Resources

By Richard Polak
Contributed by Polak International Consultants Inc.

International human resources is a complex paradigm -- like a puzzle where all the pieces are intertwined and all placement of the piece in hand decisions impact the total picture.  However, in many organizations international human resources managers are forced to spend most of their time "fighting fires” kindled by the magnitude of issues arising from international growth and expansion, rather than being given the time to concentrate on the greater, and far more important strategic management issues, which could well avert future fires from breaking out at all.  Furthermore, the "solution" that puts out one fire can easily become the fuel for the next fire to be ignited, leaving few resources and little energy to take the considered global view necessary for IHR to be a strategic partner to the business as a whole. 

Doing Business in International Markets
A Human Resources Perspective

Author: Richard Polak
Contributed by Polak International Consultants Inc.

When your company sets sail for new markets, strategic human resource planning can be instrumental in safeguarding ventures to dry land into working condition.  Too often though, when companies expand they leave human resources stranded at the dock, and it isn’t just the niceties that have been left behind.   Studies indicate that active management of human resources directly impacts the bottom line by increasing shareholder value and sales per employee and lowering employee turnover. 

International Human Resource Management

Author: Richard Polak
Contributed by  Polak International Consultants Inc.

It is difficult to put a jigsaw puzzle together without the picture to work from.  In the same way, the traditional international human resources paradigm of "piece by piece" management without a clear picture of the objective is inefficient and costly and therefore, as many Human Resources professionals have come to realize, can be considered to be obsolete.

For CEO's Only
Creating a New Company for a New Economy

Author: Janet Conn
Contributed by Polak International Consultants Inc.

This is a challenging time for executives.  Companies are now finding that they need to reinvent themselves to keep up with the demands of global expansion, changing technologies, and attracting and retaining employees.  Amidst these pressures, a CEO’s objective is to increase profits by expanding markets, decreasing costs and ensuring long-term growth. 

Increasing Network Productivity

Author: Ronald S. Wilner
Contributed by  Progressive Network Solutions, Inc./Data General Corp.

The single most critical element of corporate information technology is to provide services, support and applications to the users. IT Departments entire infrastructure, staffing and assets are committed to the timely deployment of applications and data to the users. The latest technology being placed to deal with this need is called Server Based Computing. This white paper will be invaluable to those facing this responsibility for their organization.

Wireless Security

Author: Brad Beutlich
Contributed by: Rainbow Technologies Inc.

As more and more "Hot Spot" wireless 802.11b networks are materializing and the cost of wireless access cards for laptops is decreasing, many corporate employees, with cards supplied by their company or with ones purchased on their own, are using these networks to check their e-mail or download a document while getting their morning cup of coffee at their local coffee shop or while waiting at the gate for an airplane. Unlike the secured wireless network that might exist within the corporate walls, the road warrior wireless access is an IT Director’s nightmare.

Security in a World of Electronic Commerce

Author: Bernie Cowens, CISSP  
Contributed by Rainbow Spectria Inc.

Electronic commerce is an inescapable fact of life these days. Connecting businesses, granting your partners and customers wider access to your data and systems, and the need to leverage the Internet to gain and keep competitive advantages are all commonplace facets of today’s business environment. We rely more and more on information systems, inter-connected business models, and on leveraging the Internet to do business. We take advantage of Internet technology in general and World Wide Web systems in particular to empower customers. In this sense, customers are not limited to the traditional retail variety that would ordinarily visit your store or purchase goods from a catalog. Instead, if you consider the interrelationships between businesses today, customers include in many cases your partners, your suppliers, and even your competition. How you use the Internet to take advantage of those relationships determines your success in today’s marketplace. Using the Internet without a clear security plan is fraught with real peril and is certain to fail.

Remote Access for Healthcare

Author: Cynthia Kawamura
Contributed by Rainbow Technologies, Inc.

One of the biggest challenges that the healthcare industry face today is improving patient care with new technologies while maintaining patient confidentiality, streamlining operations, and reducing costs. As more industries need to remotely access their applications to improve efficiencies, the healthcare industry is finally following suit and looking at secure remote access solutions as well. A rapidly increasing number of healthcare professionals are beginning to believe in wireless technology - that it will provide improved data accuracy, reduce errors, and result in an overall improvement of patient care.

Secure Authentication & Access to Critical Resources

Author: Jeff Laubhan
Contributed by Rainbow Technologies, Inc.  

Every day thousands of people type "SSL VPN" into Google to search for relevant material on this new technology.  SSL VPN is one of the fastest growing remote access categories, yet most organizations are not really familiar with the value, history, or what this new type of remote access product really can deliver. Key questions like: All this hype around SSL VPNs, is it warranted? What is an SSL VPN and why do I need one ? Will it make me a savior to management and the end users or will it end my career?

Trends in US Corporations
How are they affecting Cyberattacks?

Author: Alison Jacknowitz
Contributed by  RAND Corporation

Because the incidence of cyber attacks has increased and the consequences of the attacks are significant, it is important to examine the trends that could influence the frequency of cyberattacks now and in the future.  This paper will identify and discuss two distinct categories of trends that are potentially influencing cyberattacks against American corporations.

Connectivity & Integration
for the Corporate Benefits Department

A Case Study

Author: Lynne Halverson
Contributed by RemoteNet Corporation

The purpose of this case study is to provide a review of the solutions provided by RemoteNet Corporation to the client in support of the client’s stated vision and objectives in regards to the delivery and administration of employee benefits via a corporate benefits and administration services department.

Becoming a Zero Waste to Landfill Facility

Contributed by Ricoh Electronics, Inc.

Disposing of waste in landfills is detrimental to the natural environment; water bodies, and the air. Conservation of natural resources is important for all future generations. It is estimated that over 390 million tons of waste was disposed into United States landfills in 1999.  The situation is likely to get much worse.

Secure Identity Management
A Better Solution for Secure High-Volume Key Management

Contributed by SafeNet Corporation

From VPNs (Virtual Private Networks) protecting corporate communications to the widespread adoption of digital signatures validating electronic transactions, the demand for secure electronic transactions has grown in step with an increasingly wired world. Traditionally, Public Key Infrastructure (PKI) based applications have provided the building blocks for many security solutions. With flexible capabilities ranging from encryption to digital signatures used to prove identity. PKI-based solutions have demonstrated that the technology can work successfully for thousands of users.

Encrypting ATM Firewalls

Contributed by SafeNet Corporation

This paper explores the mechanics and policies that are necessary to protect information transmitted over an untrusted high speed wide area ATM network. The network model assumes a set of local area networks that are physically secure, interconnected by an untrusted wide area network. The threat model assumes an outsider threat such that security demands strong encryption of the data as well as access control between the untrusted wide area network and trusted local area networks. This paper details the security assumptions and requirements for this type of network. The paper then presents a set of reference networks and discusses the cryptographic requirements necessary to achieve a high level of information privacy, provide access control, scale efficiently as the network grows in size and speed, and operate transparently to the end user.

Seven Keys to Internet Selling Success

Contributed by  Selectica, Inc.

As e-commerce gained prominence, many companies moved beyond trying to define e-Commerce.  Instead, they are now looking at how to make e-Commerce work for their specific business needs.  Early e-Commerce success stories were about selling relatively simple products. However, the larger opportunity is in selling complex products and services over the Internet. Consequently, a business-to-business commerce revolution is now occurring.

Cognitix Reflective & Collection Methods

Author:  Dennis Bustamante
Contributed by Sientifix Corporation

The world is focused on the concept of knowledge management.  Most of the people who think about these things have first to define what knowledge really is and then, supposedly, it will let itself be tamed into being managed. The challenge is perhaps greater than that presented by the taming of the West Wind.  There are two very daunting challenges that confront those who would manage knowledge.  The first is to find the solution of how to replicate the human brain and its relationship with human sentiment.  The second is how to move the reality that has been defined as knowledge for business purposes from the static phase of past experience to the dynamic phase of present and future action. 

Sientifix Corporation has introduced a method of capturing, collecting, relating and patterning data that produces interpreted cumulative results of the day to day activities of a business.  The end result is a knowledge management system based on the DATA, INFORMATION, KNOWLEDGE, WISDOM theory that not only preserves information but makes the knowledge derived from it dictate future action in a duplicate or closely similar set of business circumstances.

Security in Information Systems

Contributed by Sierra Systems Inc.

Security starts with the mundane. Loss prevention, damage control, and prevention of liability are the initial targets of security planning. However, security in the context of information technology (IT) is not just the prevention of loss or damage. It is a business enabler that is increasing in prominence, especially with companies for whom communication and collaboration lead to increased functionality and revenue. Even for older organizations with well-established business practices, good information security allows safe and profitable ventures into activities that would have been foolish not long ago. 

Getting the Most from Manufacturing Cells
Through Focused Factory Engineering

Author: Kenneth W. Harrison
Contributed by  SMW Systems, Inc.

In traditional factories, the equipment is arranged with similar machines located together, i.e., all of the lathes are in one line, all of the mills are in another line, the welders are in the weld shop and the assembly line is over in the assembly building.  With cellular manufacturing, all of the equipment to make a complete part is together.  A cellular manufacturing process is designed to efficiently make a specific part or a family of parts.  A typical manufacturing cell could contain the raw material, the band saw to cut the raw material, the lathe to machine it and an assembly/inspection bench.

Better Management for Network Security

Contributed by Solsoft, Inc.

Today, information security is one of the highest priorities on the IT agenda. Along with firewalls and anti-virus software, sophisticated technologies are being introduced to monitor network events and inform administrators in real-time about what is going on in their network. Despite all these investments and growing awareness, the number of network security breaches continues to soar.

From Disappearing Boundaries to Security Governance

Author: Philippe Langlois
Contributed by Solsoft, Inc.

Two seemingly contradictory movements have recently appeared on the IT landscape. On the one hand, several major corporations are collaborating in an attempt to remove business barriers like superfluous firewalls between them. An example is the Jericho Forum , under the auspices of the UK-based Open Group. Companies such as BP, Royal Mail, and ICI bring together the latest thinking on user-driven approaches to security: radical externalization, boundary less network security, and de-parameterization. On the other hand, many large corporations have begun to implement strict internal partitioning and segmentation, using appliances such as InterSpect from Check Point and the NetScreen firewall product line. The main objective of this latter trend is to prevent internal worm outbreaks due to "network bouncing" from external DMZ networks to critical innermost network segments. Though they appear to be heading in different directions, these two movements actually share the same goal: refining the granularity of network zone definition in the enterprise network. There is no external and internal, no black and white, there is only a spectrum of grays that you now must control much more tightly.

Process Before Technology

Author: Joe Cupano
Contributed by Solsoft, Inc. 

There has been much criticism over the value of Intrusion Detection (IDS) since Gartner's report on the subject last summer. Much of the criticism has focused on management overhead in tuning these systems to yield valuable data, with some recommending Intrusion Protection Systems (IPS) as alternative technology people should gravitate to. Reciprocally, there have been many who praise IDS systems as integral tools in their overall perimeter security solutions. Which school of thought is one to follow?

Enterprise Policy Management for Security & Compliance

Contributed by Solsoft, Inc.

In recent years, the nature of network security has undergone a dramatic change. It was not that long ago that efforts focused primarily on securing a perimeter around the trusted network. Security policy was implemented by control points that filtered traffic passing between trusted and untrusted networks. These control points typically focused on packet filtering via a firewall, a router access control list, or a combination of both. The advantage of this approach was the ease of administration afforded by the centralization of controls, assuring the enforcement of a security policy on traffic moving between zones of trust.

Today, that picture has become far more complex. The variety of ways to connect to IT networks and the mobility of modern systems have rendered the traditional view of the perimeter obsolete. At the same time, the increasing capabilities of applications — for the enterprise as well as for personal systems — expose today’s networks to vulnerabilities unknown only a few years ago. The direct integration of enterprise systems with those of partners, suppliers, and customers has made the definition and enforcement of security policy a multidimensional challenge.

National Security Concerns

Author:  Jim Prohaska, Vice President, Government Systems
Contributed by SSP-Litronic, Inc.

Achieving robust and useable security requires careful selection of not only the right technology and products, but also the right processes and policies to ensure the integrity and privacy of enterprise-based assets and the ability to effectively operate in the current electronic world.  September 11th, 2001 redefined the national view on security. Up to that date, major portions of the government and most corporations have allowed a security facade to protect critical national or corporate information.

The Marriage of Physical and Logical Access

Contributed by:  SSP-Litronic , Inc.

There is a two-tiered approach to security that all businesses must consider in order to fully protect their assets: physical security, which denotes real property such as buildings and facilities; and information security, which encompasses the data and intellectual property that resides on computer networks. It is vital that any business take both into consideration when implementing an overall security strategy. Whether you’re a small business or a large enterprise, the consequences of a security breach can be drastic. Managing access to resources is one of the most proactive ways to safeguard both physical and intellectual property.

Personal Wireless Devices

Author: Mike Ellsworth
Contributed by  Stratvantage Consulting, LLC

This paper offers an introduction to personal wireless devices and wireless computing and general information about the wireless trend. This white paper is already obsolete.  That’s how fast wireless technology is moving today. Each day, almost each hour of each day, brings a new announcement of a wireless feature or capability.

HIPAA - Final Security Rule
Information Security Reference Guide

Author: Gary Swindon
Contributed by Sygate Technologies, Inc.

The HIPAA Final Security Rule is divided into three broad categories of safeguards; administrative, physical, and technical and contains 42 security specifications. This reference guide lists the requirements of the Final Security Rule in point format with the action that needs to be taken in order to achieve compliance for Healthcare Operations by April 21, 2005, the final compliance date. More to the point it provides explanations for each specification in plain English.

Metric of Network Integrity

Author: Kevin Soo Hoo
Contributed by Sygate Technologies, Inc.

The spate of network worms has focused attention upon information security, particularly network security. After more than a quarter century of corporate computing, business managers and technologists alike can do little more to articulate the state of their network security than give qualitative descriptions of their "gut feel" about it. Why is this the case? Certainly, the lack of concrete metrics may confer a certain degree of job security for some, but they, alone, cannot account fully for the absence. A more plausible root cause may rest in the fast pace of innovation in network technology and the inherent difficulties associated with measuring security itself.

Examining the Sarbanes-Oxley Act

Author: Robert P. Abbott
Contributed by Sygate Technologies, Inc.

This paper briefly describes sections of the Sarbanes-Oxley Act (SOX)1 that are relevant to Information Technology (IT). The subjects of Controls and Control Objectives are introduced enroute to identifying the properties of Sygate products beneficial to complying with SOX. The bulk of the paper identifies specific control objectives wherein Sygate products provide audit evidence of compliance. A number of control objectives are also put forth as state-of-the-art contributions to the overall need for IT controls and for the automated monitoring of those controls.

Network Access Control Technologies

By Richard Langston
Contributed by Sygate Technologies, Inc.

Today, businesses must face the very real threat of their systems being compromised by misuse, misconfiguration and malicious access. In fact, Gartner estimates that 20 percent of managed systems are already compromised. Add to that their estimate that 20 percent of systems on corporate networks are entirely unmanaged and it becomes clear that most enterprises are vulnerable to loss of productivity, leakage of confidential information, and other expensive (and potentially embarrassing) abuse.

e-Commerce Components for the Internet

Author: Alan Brown
Contributed by  Sterling Software Inc. (1999) (now: Computer Associates)

The Internet is changing how customers, suppliers and companies interact, do business, communicate and collaborate. It is creating huge opportunities and enabling the creating of completely new businesses. Understanding the change this brings is important to everyone today - this paper deals with this change and what is necessary to keep up with all the changing facets of e-Commerce at this time.

Simplifying & Protecting Access to Web-based Applications

Contributed by TriCipher, Inc.

Businesses of all sizes are adopting web-based, hosted applications provided by Software-as-a-Service (SaaS) vendors such as, WebEx and Google. By using SaaS, businesses benefit from consistent and predictable costs, rapid deployment, and reduced management costs.  But using SaaS introduces data theft and privacy concerns. Users connect over the Internet to vital business applications; the theft of usernames and passwords puts business data at risk. Recently, widely-publicized phishing attacks against customers illustrated the potential problem. As SaaS deployments increase, so will the phishing attacks targeting them.

For compliance purposes, businesses need to demonstrate the policies protecting access to vital applications. Yet users frustrated with managing multiple password policies may inadvertently defeat security measures and put business data at risk. Strong authentication and application credential management solutions help, but deploying these systems is a major undertaking that erodes the cost/simplicity benefits of SaaS adoption. myOneLogin™ addresses the essential challenge of enhancing security and compliance while simplifying password complexity. A hosted service, myOneLogin combines strong authentication with a single login to multiple web-based applications. Business users connect to the myOneLogin portal using strong authentication, and from there can connect to multiple web-based applications and the enterprise SSL VPN, all with a single, secure login.

Securing and Managing Access to Web Applications

Contributed by TriCipher, Inc.


Enterprise IT boundaries are stretching as businesses increasingly rely on web-based applications for essential functions. Corporate data is spread outside the enterprise, and internal controls do not always apply. Mobile employees may use web applications without even accessing your enterprise network.  In this web-based environment, protecting online identities and access to applications is vital. Most businesses rely on their users to observe corporate password policies, setting and changing strong passwords regularly.  Putting the burden of security on the business users is unwise. Many users are already struggling to track and maintain dozens of different accounts for their daily lives. For the sake of convenience, many use easy-to-remember passwords, write down passwords, or set the same passwords across many accounts - defeating password policies.

New Strategies in Risk Management

Authors: Chauncey Bell and Gerald Adams
Contributed by VISION Consulting Inc.

September 11 will change forever how we view risk and how we respond to it. When previously unpredictable events are more likely to occur, then the value of traditional preparations and predictions declines, and the value of our capacity to respond increases. Fire prevention, while still important, becomes less important, relatively, than fire fighting, for example.

e-Business System Requirements

Author: Jessica Repa
Contributed by  Webridge Inc. (2000) 
(Still one of our most requested papers)

The Internet is creating a new economy where business must be won on price and service at every interaction.  To compete effectively on the Web, each business must determine for itself how it will be an "Internet company" - how it will leverage its unique practices, processes, and expertise to add new value through digital commerce.  Successful eBusiness also requires a new kind of commerce system that adapts to changing business conditions between one transaction  and the next.  The available information must be reinvented at each encounter, uniquely suited to the needs of the customer and the business situation.

Getting more from Server Virtualization

Contributed by: Zeus Technology, Inc.

An Adaptive Computing design uses virtualization, monitoring and traffic management together to build a new environment for your applications - an environment that works with the applications to ensure that they meet the needs of your business.  Server Virtualization has dramatically changed the landscape in the datacenter. Organizations are consolidating workloads from underutilized servers and are seeing large reductions in datacenter space, power, cooling and administration.  However, server consolidation is just the beginning of what can be achieved using virtualization technologies. Virtualization unleashes applications and compute workloads, breaking the ties that hold them to physical servers. This new-found freedom makes possible an entirely new datacenter architecture where the hardware serves the applications and the applications serve the business, rather than the other way round.

Accelerating Web Applications with ZXTM

Contributed by: Zeus Technology, Inc.

Zeus Extensible Traffic Manager (ZXTM) is a software load balancer for networked and web-enabled applications. It improves the performance, reliability and security of these applications, and reduces operational costs across complex, multi-tiered and fragile infrastructures.

Many common web application platforms suffer severe performance problems. Their workload gives them a range of tasks they are not optimized for; they scale poorly when handling large numbers of clients; they under-perform with connections over slow, high latency networks. These problems are particularly common with thread- or process-based server applications, such as the Apache Web Server, and many Java-based application servers.  They are exacerbated further by software virtualizations such as VMware and Xen that add additional networking layers.

Scaling your services with ZXTM Global Load Balancer

Contributed by: Zeus Technology, Inc.

"The average multinational corporation loses more than 1 million hours of productivity because of applications failure. Depending on the industry, each hour of downtime can cost businesses 3 million or more"

"Each hour of application downtime costs Fortune 1000 companies in excess of $300,000, according to nearly one-third of respondents at companies that track the business cost and impact"

However you measure it, the cost of application downtime can be very high for many organizations. For organizations that provide applications and services over the Internet, the probability of downtime is even higher.  There are two commonly used techniques to minimize the chance of a failure causing downtime in network-based applications. These are Server Load Balancing and Global Server Load Balancing.

Editorial Policy We publish white papers, articles, essays, opinion pieces, columns and other writings we believe will be of interest to both our members and other decision makers in the global business community.  All of the material contained here was accepted  for publication without editing by us and as it was received from the author.  Nothing published here should ever be construed to be the opinion of, or condoned by, or advice from, The Business Forum, its staff, officers, members, directors, sponsors or shareholders. We pass no opinion whatsoever upon the content of what we publish, nor do we accept any responsibility for the claims, or any of the statements made, within anything published herein.  We merely aim to provide an academic forum for the benefit of the business community of the Pacific States of America and global business, government and academic decision makers.  Readers must determine for themselves exactly where the comments and advice published herein are gained from and act, or not act, upon what we publish entirely and always at their own risk.  We accept absolutely no liability whatsoever, nor do we take any responsibility at all, for what anyone does based upon what is published on this site.                                                                  Please refer to our:   legal disclaimer


The Business Forum, its Officers, partners, and all other
parties with which it deals, or is associated with, accept
absolutely no responsibility whatsoever, nor any liability,
for what is published on this web site.    Please refer to:

legal description

The Business Forum
Beverly Hills, California, United States of America

Email:  [email protected]
Graphics by DawsonDesign

   Copyright The Business Forum Institute - 1982 - 2015  ** All rights reserved.
 The Business Forum Institute is not responsible for  the content of external sites.

Read more