Having problems with message search?
Hello Everyone,
The Visible Ops
Security book is for sale at Amazon.com. If you are looking to purchase
copies or would like to post a review (which would be much appreciated), please
visit:
The original
Visible Ops Handbook is at Amazon.com as well:
Thank you!
"I
cannot teach anybody anything, I can only make them think”
– Socarates
Top Picks
New Book: Software
Security Engineering: A Guide for Project Managers
“Software
that is developed from the beginning with security in mind will resist,
tolerate, and recover from attacks more effectively than would otherwise be
possible. While there may be no silver bullet for security, there are practices
that project managers will find beneficial. With this management guide, you can
select from a number of sound practices likely to increase the security and
dependability of your software, both during its development and subsequently in
its operation.”
http://www.sei.cmu.edu/publications/books/cert/software-security-engineering.html
http://www.softwaresecurityengineering.com/
http://www.cert.org/podcast/show/20080527allen.html
[
Congratulations Julia!! ]
IT Governance International Standard – ISO/IEC 38500
Under Development
George’s
note, ISO/IEC 38500 will hopefully be published in the next couple of months
finally giving some standards guidance around what “IT Governance”
is. The ISO website doesn’t really have much info yet other than to
say it is under development. When it is published, I will send out links.
As many purists will point out “IT Governance” is really about
management – not necessarily governance per se. True
“governance” is the venue of the Board and senior management.
It will be interesting to see what comes out in the new standard as we look at
the dual mission of IT – to assist with the creation and protection of
value.
Current
ISO Page: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=51639
Good
commentary on it: http://itgov.wordpress.com/2008/05/07/new-iso-standard-for-it-governance-isoiec-38500/
IT Audit / Internal Audit / Compliance
Compliance Programs' New Mantra: Value Preservation And Value
Creation
This is
an interesting interview of Richard H. Girgenti, the National Practice Leader
of KPMG LLP's U.S. Forensic Practice, the Partner in Charge of the Forensic
Practice for the
http://www.metrocorpcounsel.com/current.php?artType=view&artMonth=June&artYear=2008&EntryNo=8400
Getting International Compliance Policies Right
“How
can a global company ensure that it generates a meaningful, international,
compliance policy? Such polices need to be applicable across the corporate
universe but encompass local differences adequately. This might seem to be a
simple question but it often presents a raft of difficulties for compliance
officers.”
http://www.metrocorpcounsel.com/current.php?artType=view&artMonth=June&artYear=2008&EntryNo=8341
IT Process Improvement / Quality Management
Tool
Selector has a link to The Forrester Wave:
Service Desk Management Tools Q2 2008
“In
this research brief, Forrester evaluates the strengths and weaknesses of 13
service desk management tool vendors. The 96-criteria evaluation found that BMC
Software's Remedy IT Service Management, CA, HP, and IBM lead the pack for
large enterprises because of the depth and breadth of their offerings that
integrate the service desk into a complete IT service management
framework.”
http://www.toolselector.com/modules.php?op=modload&name=News&file=article&sid=3054
The Underperformer Paradox
It is
paradoxical that frequently, those most in need of assistance are the last to
see it.
[May
29, 2008, ITSMWatch blog post]
CD Set at Amazon: Beyond the Goal: Eliyahu Goldratt
Speaks on the Theory of Constraints (Your Coach in a Box)
I often
am asked about Dr. Eliyahu Goldratt and his work on the Theory of
Constraints. For those who like to listen to lectures, he released a
fascinating audio CD set in the fall of 2005. As Dr. Goldratt is such a
prolific author, what I like about Beyond the Goal is that it synthesizes many
of his ToC ideas as he is presenting them to a conference of software industry
executives.
6 reasons government IT projects fail
“Failed
government IT projects occur with alarming frequency. In some respects, these
failures share much in common with botched private sector initiatives. For
example, failures in both environments are primarily a function of poor
management rather than bad technology.”
http://blogs.zdnet.com/projectfailures/?p=792&tag=nl.e539
Security and Risk Management
Unifying Governance, Risk and Compliance
“GRC
is not so much a tool or methodology as it is a management philosophy for
bringing these different disciplines together and dealing with them as a
unified whole, both inside and outside of IT functions.”
http://www.ciostrategycenter.com/cio/Reg/law/unifying_governance_risk_compliance/
Sci-Fi Writers: New Tech Will Bring More Security Challenges
“If
IT security professionals think they have challenges now, they should wait
until new technologies such as quantum computing and devices embedded in skin
arrive in the not-so-distant future, three science-fiction writers said
Monday.”
http://www.cio.com/article/377716/Sci_Fi_Writers_New_Tech_Will_Bring_More_Security_Challenges
Bruce Schneier Q&A: The Endless Broadening of Security
“With
this endless broadening of security has come an endless broadening of ambition.
Schneier is launching launch the Workshop on Security and Human
Behavior—an effort to bring together the brightest thinkers from any
number of disciplines: Economists, technologists, psychologists, even poets
will be there. The goal is no less than to launch a new academic
discipline.”
http://www.csoonline.com/article/373414/Bruce_Schneier_Q_A_The_Endless_Broadening_of_Security
Healthcare / Bio-Informatics / Care Delivery Organizations
(CDOs)
Health Care Leaders Gather to Gain New Safety, Risk
Management Insights From Aviation Industry Experts
“As
health care organizations continue to wrestle with better ways to improve
patient safety and communications, they are finding inspiration from the skies
- the aviation industry.”
http://biz.yahoo.com/prnews/080602/clm097.html?.v=62
Medical ID theft can injure finances, endanger lives
“Of
the 8.3 million Americans who were victims of identity theft in 2005, 3
percent, or 249,000, said someone had obtained medical treatment and services
using their personal information, according to the Federal Trade Commission's
2006 Identity Theft Survey Report, the most recent.”
Human Error / Safety / Environment
A chilling global warming forecast
“There's
always a new report about global warming, but the one released by the U.S.
Department of Agriculture, with its charts on optimal temperatures for soybeans
and peanuts, is downright creepy in its detail. This isn't your usual
futuristic fodder, with vague but dire predictions. The USDA report is more frightening
because it states matter-of-factly the practical changes in farming, forestry
and water that are transforming the landscape now and will do so again over the
next few decades.”
http://www.latimes.com/news/opinion/editorials/la-ed-warming2-2008jun02,0,5120050.story
The
report is at: http://www.climatescience.gov/Library/sap/sap4-3/default.php
Mars on the brain? Red Planet pioneers to face cosmic mind
trip
“The
simulated expeditions were made, in part, to research ways to live and work on
the Red Planet. But they also revealed something else: what personality types might
best be suited to make the 35 million-mile journey and who would be better off
watching from Mission Control.”
http://www.cnn.com/2008/TECH/space/06/02/space.psych/index.html
NASCIO behind green IT with strong statement, action plan
“The
National Association of State Chief Information Officers (NASCIO) came out
strongly yesterday on the importance of environmentally sound IT, telling its
CIO members they must play a critical role in reducing their states' carbon
footprints and issuing a 17-page brief on ways to do that”
Global News
Four Play
“Like
other major accounting firms, E&Y is a loose partnership of national firms.
Although they share the same logo and stationery, legal liability and control
remain a country-level affair. E&Y executives say the move to consolidate
its 87 practices is a response to the needs of its increasingly global client
base.”
http://www.cfo.com/article.cfm/11465466?f=alerts
Major Economies Slowing
“Conditions
are getting tougher in some of the world's major economies. Figures out
yesterday suggest that
http://au.biz.yahoo.com/080601/27/1rnr4.html
From the ruins, Chinese begin to rebuild lives
“Fan
Jianping, chief economist for the
http://www.usatoday.com/news/world/2008-06-01-china_N.htm
Economics / Business / Misc.
Americans take 41
million fewer flights, survey shows
“Nearly half of American air
travelers would fly more if it were easier, and more than one-fourth said they
skipped at least one air trip in the past 12 months because of the hassles involved,
according to an industry survey.”
http://www.cnn.com/2008/TRAVEL/05/30/airtravel.decline.ap/index.html
Adobe’s
Acrobat.com could be an Office killer; Will interface matter?
“Adobe has tied together its
online office suite with the beta of Acrobat.com and the user interface is the
big differentiator. What remains to be seen is whether online office users care
about aesthetics.”
http://blogs.zdnet.com/BTL/?p=8969&tag=nl.e539
End Notes
The News is brought to you by
Titles
and links to articles written by me are listed at: http://spaffordconsulting.com/articles.html
and if you have news or feedback you’d like to share, please send an
email to george.spafford@....
To
subscribe, please send an email to:
SGC_Daily_News-subscribe@yahoogroups.com
To
unsubscribe, please send an email to:
SGC_Daily_News-unsubscribe@yahoogroups.com
Archives
of The News newsletter are available at http://www.spaffordconsulting.com/dailynews.html
.
_____________________________________________
Principal Consultant
ITIL Service Manager, TOCICO Jonah,
IPRC, CISA
Pepperweed Consulting, LLC®
Office: 269-556-9597
FAX: 208-978-6295
George.Spafford@...
Send Email