Archive for January/2007

28
Jan

No limits whatsoever

Written on January 28, 2007 by faparicio in Riesgos y Tecnología

The news about detectives hacking into computers in British Prime Minister Tony Blair’s offices, as they searched for evidence in the probe into alleged party political corruption, has set off all the alarms on the official authorities Internet abuse to breach any privacy, including Prime Minister’s.
According to some British media, there are strong suspicions that Metropolitan Police gave permission to detectives to use all legal means to find out whether anything was being withheld, given the “very slim” pile of documents they received from the political parties.
Obviosly, no court had authorized the hacking or being informed about this illegal activity. Is this British present and our impending future? We’d better be scared….

14
Jan

Data classification blues

Written on January 14, 2007 by faparicio in Riesgos y Tecnología

Although it is one of the pillars of any information security program, most organizations lack the existence of a data classification scheme. This consists in assigning both a level of sensivity and an owner to each document, memo, report, letter, etc of the organization. The main advantage is not only to provide the most critical information of the company with the strongest controls (another practical application of risk analysis) but also defining the security clearance of individual or groups authorized to access the classified information.
Once again, this definition implies management involvement and leadership (so that the CISO efforts don’t go wasted) not to treat all information just the same. We cannot apply the same security measures to every piece of information, which would lead to innecessary restrictions and loss of information security personnel efficiency.
Several methodologies provide the organizations with guidelines to classify information (e.g, Magerit, in Spain), although common sense is enough to single out a few points (secret, confidential, public, etc) to establish a simple data classification set of criteria.
In practice, the development of this shemes faces quite a few challenges: the end user has to be awared of and trained about data classification; if most users are ignorant of basic information security rules, any effort to implement this scheme, all the more since it is an ongoing process, will be a waste of time and money. The employees need to know how and when to classify the information, so that the simplest the data classification scheme is, the better.
Another major factor is the cost: the definition, implementation and training expenses will likely to join the acquisition of a software tool to grant restricted access depending of the sensitivity levels (e.g, DRM tools). As it usually goes with information security, it is not easy for management to justify these efforts as a necessary part of doing business, when they do not directly lead to revenue generation.
Therefore, when will a data classification will be in the pipeline? Most probably the moment it becomes a regulatory compliance issue: in US, healthcare and financial firms are already required by law to classify data. To say, another junction between management commitment, technology and law.

6
Jan

ERP: Desafios para el 2007

Written on January 6, 2007 by José Esteves in Technology Management

empezando el año la pregunta que todos se hacen es: cuales los desafios en el area de ERP para este año…y la respuesta es muy sencilla, aparentemente lo mismo que en 2006, seguir con la tan mencionada y discutida implantación de las arquitecturas SOA y las plataformas middleware, los tres grandes, oracle, sap y microsoft este año esperan concolidar sus plataformas, aunque parece que la que lleva ventaja es sap.
Y a ver como se comporta el crm de microsoft, titan, que puede empezar a ser un jugador importante en este sector dominado por siebel y ahora sap-crm. Otro jugador a tener en cuenta es infor…os aconsejo a mirar las noticias sobre este proveedor que posiblemente podra dar mucho que hablar, lleva 19 acquisiciones en 2 años.

We use both our own and third-party cookies to enhance our services and to offer you the content that most suits your preferences by analysing your browsing habits. Your continued use of the site means that you accept these cookies. You may change your settings and obtain more information here. Accept