Featured New Articles
Overview of Information Security and Compliance: Seeing the Forest for the Trees
Michael R. Overly
Businesses today are faced with the almost-insurmountable task of complying with a confusing array of laws and regulations relating to data privacy and security. These can come from a variety of sources: local, state, national, and even international lawmakers. Information security standards not only are established through laws and regulations but also may be created by contractual standards such as the Payment Card Industry Data Security Standard (PCI DSS) and even common industry standards for information security published by organizations like the Computer Emergency Response Team (CERT) at Carnegie Mellon, and the families of standards from the International Organization for Standardization (ISO). In many instances, laws and regulations are vague and ambiguous, with little specific guidance regarding compliance. Worse yet, the laws of different jurisdictions may be, and frequently are, conflicting. One state or country may require security measures that are entirely different from those of another state or country. Reconciling all of these legal obligations can be, at best, a full-time job and, at worst, the subject of fines, penalties, and lawsuits.
In response to the growing threat to data security, regulators in literally every jurisdiction have enacted or are in the process of enacting laws and regulations to impose data security and privacy obligations on businesses. Even within a single jurisdiction, a number of government entities may all have authority to take action against a business that fails to comply with applicable standards. That is, a single security breach might subject a business to enforcement actions from a wide range of regulators, not to mention possible claims for damages by customers, business partners, shareholders, and others. The United States, for example, uses a sector-based approach to protect the privacy and security of personal information (e.g., separate federal laws exist relating to health care, financial, credit worthiness, student, and children's personal information). Other approaches, for example in the European Union, provide a unified standard but offer heightened protection for certain types of highly sensitive information (e.g., health care information, sexual orientation, union membership).
Oracle's Agile Product Lifecycle Management (PLM)
Oracle's Agile Product Lifecycle Management (PLM) enables the organization to manage the complete life cycle of a product: from the ideation phase through to recycling and retirement. Most importantly, Agile Product Lifecycle Management focuses on process efficiency, rapid innovation, cross-functional collaboration, closed-loop quality control, risk mitigation, and cost effectiveness. As shown in Figure 1, Oracle's PLM product line consists of four components.
Why Should the IT Helpdesk be Responsible for Authorizations?
People can arrange their personal finance through Internet banking while e-HRM even allows them to manage their days of leave. However, they have no way of managing their network access rights by themselves. This remains the responsibility of the IT helpdesk. How logical is it to have the IT helpdesk decide whether users receive access rights to applications?