Role Model - Information Security Magazine: "...Dynamic separation of duties: Deter fraud/conflicts of interest by constraining the combination of privileges that can be activated in the same session (See Figure 1). For example, if I am in the groups cashier and cashier supervisor, I only have the access rights and work within the security context of the particular role I log in under. I do not have the aggregate privileges of both roles during one session..."
Musings on personal and enterprise technology (of potential interest to professional technoids and others)
Wednesday, December 26, 2007
Avoiding aggregated privileges in a single session - "Role Model" - Information Security Magazine, 5/07
Role Model - Information Security Magazine: "...Dynamic separation of duties: Deter fraud/conflicts of interest by constraining the combination of privileges that can be activated in the same session (See Figure 1). For example, if I am in the groups cashier and cashier supervisor, I only have the access rights and work within the security context of the particular role I log in under. I do not have the aggregate privileges of both roles during one session..."
Posted by dgftest at 11:31 AM 0 comments
Labels: authentication, RBAC, security, Workflow
Tuesday, December 18, 2007
Re: "New Cooling Technologies Tackle Data Center Heat", InformationWeek 9/06
As is well known, for all their benefits, blades introduce major additional heat into your server rack... And although cooling requirements can be addressed in a number of ways, not everyone is keen on the idea of introducing water into a mission-critical data-center :-)
"...Georgia Institute of Technology is using new technology that moves cooling systems closer to the source of the heat to save about $160,000 annually in utility bills. Jeffrey Skolnick, director for the university's Center for the Study of Systems Biology, oversaw the installation of an $8.5 million supercomputer where space and power considerations were crucial. It includes a 1,000-node cluster of servers in 12 racks using IBM's BladeCenter system; IBM's rear-door heat eXchanger, which places chilled water directly behind servers, does the cooling.
IBM's eXchanger, introduced last year, solves several problems in the 1,300-square-foot center. It needed only half the air conditioning expected--80 tons instead of 160 tons--and reduced airflow lowered noise. With four more racks to fill in the coming months, Skolnick is looking at chip-level cooling to cut power costs further. 'At the time, [the heat eXchanger] was the most viable technology,' he says. 'Every time you do an upgrade, the rules change, and you have to look and see what's available.'
The idea of introducing water or other liquids into a data center scares some IT managers because water can damage computer components and cause short circuits. Imagine a burst water pipe or a liquid sprayer gone awry. But there may not be a good alternative, says Leonard Ruff, an associate principal at Callison, a data center design firm. Callison, which has been testing the SprayCool M-Series, thinks direct chip cooling is so effective that a business can double the amount of electricity used to power computers and boost the number of servers in a rack without overheating a data center, resulting in a 285% increase in processing capability. Callison now markets the system to its customers.
More companies will adopt water-cooled technology even though there is "an almost unreasonable" resistance to water among data center managers, predicts Gartner analyst Carl Claunch. He recommends that businesses include infrastructure for water cooling when building new data centers even if there are no immediate plans for implementing such equipment. They'll eventually need to pipe in water because it's so efficient at cooling, he reasons...."
Posted by dgftest at 6:12 PM 0 comments
Labels: environment, green-computing, Infrastructure
Thursday, December 13, 2007
A new spin on voice mail - Financial Post 2007/12/12
An interesting form of cellphone-centric unified messaging... What a nice way to avoid wasting time listening to my latest voicemail message from unsolicited vendor number 361 received so far this month ;-)
Some interesting potential benefits from storing and searching the transcribed voice messages... (also implicitly raising the generic issues about storage / capacity / archiving etc. relevant for any unified messaging architecture, and clearly part of the overall ROI)...
IMHO the service sounds good, subject to a couple of caveats... But the price still seems a bit steep(?)
A new spin on voice mail: "...Rogers Wireless is looking to make returning calls slightly faster and easier, with a new voice-to-text messaging service the company unveiled yesterday.
For the price of $15 per month, Rogers will be able to take any English or French phone message you might have missed and process it using automated software powered by SpinVox, a U.K.-based firm, that transcribes it to a text message and sends it to your cellphone or other wireless device.
Irv Witte, Rogers Wireless vice-president of business marketing, says the service is aimed at the mobile user who experiences anywhere between 60 to 100 voice mails each month. He also tried to put aside fears about how accurate the service may be, citing that SpinVox is able to convert upwards of 90% of all speech into legible text.
'We've had several hundred people testing this out and have had no complaints about accuracy at all,' Mr. Witte said. 'It's almost frightening how good it is at translating.' The service is available in only seven provinces right away, but Rogers plans to launch the service in Alberta, Saskatchewan and Manitoba early next year. A potential drawback is not getting the entire message. According to an IBM-funded research study, the average voice mail lasts about 31 seconds, longer than the 18 seconds maximum for the SpinVox service.
That may leave the door open for New York-based Simulscribe Inc. to make its own splash in the Canadian market. James Siminoff, chief executive, says Simulscribe will be launching its own voice-to-data service today with a competing plan that offers Canadians on any cellphone plan unlimited message transcriptions regardless of how long as the voice mail lasts for $30 per month.
'Rich, poor, no matter who you are in the workforce, everybody needs to have voice mail', Mr. Siminoff said.
As Eamon Hoey, senior partner at Hoey Associates Management Consultants Inc., puts it, voice mail is just another technology whose innovation is driven by the need for more time..."
Posted by dgftest at 12:00 AM 0 comments
Labels: ILM, Records Management, Search, storage, unified-messaging, wireless
Wednesday, December 12, 2007
software? hardware? TRAINING! "Securing the Laptop: Mission Impossible?" eWeek 11/07
Some relevant vendor products listed here, to help prevent data and/or hardware loss or theft:
Securing the Laptop: Mission Impossible?: Page 2: "...make the USB drive itself the trusted device. RedCannon's KeyPoint Alchemy, for example, encrypts USB devices and implements policy management rules for their use. Similarly, VMware's ACE 2 implements a virtual PC, with security policies, on a USB drive. 'The USB drive is a manageable asset,' Gartner's Girard said. 'It will cost you some money, but you can do it.' The epidemic of laptop thefts has spurred other, more novel approaches. Absolute Software's Computrace LoJack for Laptops works much the same as the LoJack automobile anti-theft device. When a stolen system is connected to the Internet, it sends out a signal that enables it to be traced. The signaling works even if the hard drive is removed and installed in another system..."
However, the huge grain of salt is that "user education and training is a not-to-be-neglected component of any laptop security program.
A recent study by the Computing Technology Industry Association found that only 42 percent of companies had either completed or planned a mobile computing user security education program. Perhaps that reticence has something to do with the difficulty of implementing an effective program.
'How do you communicate to businesspeople in a manner they can understand and relate to?' said Eric Litt, chief information security officer at General Motors. 'That's the skill. It may be more art than science. You have to build credibility.'"
NOTE: A somewhat old but still IMHO highly relevant resource from the US National Institute of Standards and Technology, including suggested topics for security awareness training:
Building an Information Technology Security Awareness and Training Program
Posted by dgftest at 12:26 AM 0 comments
Labels: Infrastructure, mobile-storage, policies, security, training