Latest White papers News

Real and perceived risks in offshore development
posted on 31/05/2007

The last ten years have seen the tremendous growth of the offshore development market. However, many smaller businesses still shy away from offshoring, due to a number of real and perceived risks. Risk mitigation in offshore development is a process that involves a combination of strategies that are employed in all outsourcing engagements and those that are specific to working with a multi-cultural team that is far away. It includes interviewing and engaging the right outsourcing vendor, selecting appropriate initial projects, and developing measurement processes and communication protocols. By exploring the destinction between real and perceived risks, this risks in offshore development white paper provides guidance on how to develop and implement a risk strategy for offshore engagements, so that the experience is mutually beneficial for client and vendor companies of all sizes.... [more]

BS 25999 will have little impact on business resilience unless it becomes embedded in business practices
posted on 22/05/2007

The recent announcement of the BS 25999-1 (code of practice) comes after a number of high profile incidents around the world have raised awareness of what can go wrong. In addition, regulatory, environmental and organisational drivers have all underlined the case for a standard for Business Continuity Management (BCM). There are high expectations for this standard and its potential to support businesses in their business continuity planning. However, a standards driven approach (BS 25999) to business continuity planning will have little impact on business resilience unless it becomes embedded in business practices. The published code of practice (BS 25999-1) and the anticipated publication of the requirements specification (BS 25999-2) later this year is to be welcomed. However, its implementation raises a number of challenges and questions including the following: • The application of the standard needs to build in flexibility, rather than force adherence to a rigid structure. I... [more]

How to successfully plan and implement a Security Event Management System
posted on 08/03/2007

A Security Event Manager is a piece of software which takes as input logs and alerts from a variety of systems, such as Firewalls, Routers, and Servers, and attempts to inform the engineer of unusual occurrences which warrant further investigation. The SEM benefits from having available to it information coming from many systems at both the network and application level, having an understanding of event severity, and may also have access to vulnerability databases which describe common weaknesses and their exploitation. SEM software may also feature tools to aid the analyst charged with investigating events and producing reports. There has been a vendor-fuelled explosion in acronyms around SEM, and you will see them referred to variously as SEM, SIM, CSEM, CIEM, and ESM systems. All of these perform broadly similar functions with differing scalability, utility, user-friendliness, and price. Although vendors may use different terminology or allude to proprietary methods, all conform... [more]

RFID-based contactless ticketing for mass transit
posted on 09/10/2006

Innovision Research & Technology has released a new white paper on smart ticketing for mass transit. Entitled 'Smart ticketing for mass transit – profitable applications for low-cost, RFID-based contactless ticketing', the paper is the follow up to the company’s smart ticketing white paper launched last year at UITP in Rome. While the first one outlined the global opportunities being created by low-cost contactless ticketing for mass transit, the new white paper looks at the key applications in which low-cost smart ticketing will deliver real benefits for travellers, operators, authorities and agencies. The white paper outlines the ‘new tickets to ride’ which will replace traditional magnetic stripe paper tickets and fill the gap between more costly RFID smartcards which are ideal for period and concession passes. With the cost of RFID chips falling below 0.10 Euros, they are commercially viable across virtually any mass ticketing application – including short-period validity t... [more]

How to Calculate the Return on Investment and TCO for Intrusion Prevention Systems (IPS)
posted on 04/10/2006

According to ICSA Labs, the average financial loss as a result of a virus in 2004 was over $130,000. With continually increasing security threats, reactive technologies are no longer adequate. The demand for comprehensive network security is growing at a staggering rate. As a result, the burden of evaluating intrusion prevention products and solutions can be quite overwhelming. This white paper helps you establish methodology for quantifying the Return-on-Investment (ROI) for Intrusion Prevention System (IPS) solutions and assists you in assessing potential purchases. Central with this analysis is establishing a financial measure of each of the total benefits of ownership (TBO). With this white paper, you will discover: * Reactive technologies that help increase your company's ROI * Security solutions that reduce help desk calls and increase productivity * How to reduce security incidents on network devices with enhanced security technologies * And more ... [more]

Other Security news and resources