Implementation

Warnibbling or looking for Bluetooth networks will gain much higher popularity than looking for infrared connections and might one day compete with wardriving in popularity. The tools for Bluetooth network discovery such as Redfang from @Stake and a graphical user interface (GUI) for it (Bluesniff, Shmoo Group) are already available to grab and use and more tools will no doubt follow suit.

Three factors limit the spread of Bluetooth hacking. One is the still limited use of this technology, but that is very likely to change in a few years. Another factor is the limited (if compared to 802.11 LANs) coverage zone. However, Class 1 Bluetooth devices (output transmission power up to 100 mW) such as Bluetooth-enabled laptops and access points can cover a 100-meter radius or greater if high-gain antennas are used. Such networks are de facto WLANs and can be suitable targets for remote cracking. The third factor is the security mechanisms protecting Bluetooth PANs against both snooping and unauthorized connections. So far there are no known attacks circumventing the E0 streaming cipher used to encrypt data on Bluetooth PANs.

The ITIL implementation is one of the hottest topics in IT today. In order to gain a good understanding of the value of configuration management, we must clearly understand what ITIL is and what it is not. Fundamentally, ITIL is exactly what its name implies—a collection of books. The common theme of the library is that all of the books provide guidelines that can help organizations implement the best practices that have been learned the hard way by the pioneering few. There is a volume about security, one about planning, one about software assets, and one about managing applications. The library continues to grow as more successful techniques are documented and guidelines established for what can make others successful.

The latest information on ITIL comes from the UK Office of Government Commerce (OGC) through its web site at http://www.best-management-practice.com/. Be sure to visit the “Terms and Conditions” link at the bottom of the page for the appropriate uses of that web site.

As IT has gotten more involved in business processes, IT has become closer to the politics in the organization. In the past many IT groups fell under finance or accounting. Some have said that because of this, many accountants and heads of finance became CEOs — through the use of the information and capabilities of IT.

Today, IT cannot avoid political involvement. How a new system and process are implemented affects the power structure of the winners and losers. Politics sometimes generates new project ideas. Projects can be started and then later killed for political reasons. For example, manager A starts a project. It appears useful, but manager A moves on and is replaced by manager B. Manager B then either changes or kills the project. The new manager is “putting her stamp” on the work.

The SDLC is designed to produce high-quality software in a structured way that minimizes risk. The traditional approach to SDLC is the waterfall model, which contain 6 step of implementation. ISACA uses a modified model that has five primary phases and the post implementation phase.

Phase 1: Feasibility
In this step, the feasibility of the project is considered. The cost of the project must be discussed, as well as the potential benefits that it will bring to the system’s users. A payback analysis must be performed to determine how long the project will take to pay for itself. In other words, the payback analysis determines how much time will lapse before accrued benefits will overtake accrued and continuing costs. If it is determined that the project will move forward, the team will want to develop a preliminary timeline. During the feasibility phase, everyone gets a chance to meet and understand the goals of the project.

Phase 2: Requirements Definition

Although this is not a step in the SDLC, an organization might decide to buy a product instead of building it. The decision typically comes down to time, cost, and availability of a predesigned substitute.

Before moving forward with the option to buy, the project team should develop a request for proposal (RFP) to solicit bids from vendors. Vendor responses should be closely examined to find the vendor that best meets the project team’s requirements. Some of the questions that should be asked include these:
. Does the vendor have a software product that will work as is?
. Will the vendor have to modify the software product to meet our needs?
. Will the vendor have to create a new, nonexistent software product for us?

Information systems (IS), or information technology (IT), have been around for over 50 years. The goal of most IS or IT efforts has been to effect change and improvement in business processes and management information. People have been working at this for thousands of years. With all of this experience, we might think that IT work and projects would be very successful if completed on time and within budget.

Too bad. This is still not the case. In the 1980s people were writing that over half (50%) of IT efforts fail. Moreover, among those that are successfully completed, even fewer have resulted in change and improvement. Some recent surveys and one by the authors point to a percentage here of about 30-35% that resulted in tangible, measurable benefits. This is not very good. One disaster story in 2003 was that of a major Japanese bank that had undertaken a major IT project. It was a colossal failure - US$110 million was written off. No salvage. There appears to be little improvement. IT efforts fail often for the following reasons.

1. Issues are detected too late. Management and staff may not be aware of issues or be looking at the glass as “half full.” Here is a lesson learned. Always look at the work as “half empty” — you will achieve more success.

2. Issues are not managed well. Typically, issues are managed in an unsystematic, ad hoc manner. Moreover, different managers and leaders may deal with the same issues in different ways. Inconsistency leads to more problems.

3. Issues are not tracked using the same measurements of both IT in general and IT project management in particular.

Healthcare industry is one of industry that has a large implementation of security device and methodology. Here are 7 samples of security implementation available in market nowadays. Actually the list could be getting longer due to invention and rapidly changes of technology, so here is the sample:

1. Bio-Metric Access Control

Biometric access control using fingerprint, iris or facial is increased in healthcare industry. Many companies realize the importance to implemented good biometric access control.

2. Asset Tracking

Asset tracking is used to monitor asset in healthcare industry. From medicine to ward asset to healthcare devices. Security control for several sensitive healthcare devices should be implemented. Drug database and information is another version of asset tracking.

3. Patient/Resident Wandering

Patient/Resident Management is one of most important security feature should be

1. Do Project Management Processes exist for planning, organizing, monitoring and controlling all aspects of the project?
2. Is there a clear definition of responsibilities for monitoring the realization of the sub-process / phase objectives and related risks?
3. Which project management processes exist (documented or not) within the organisation e.g. cost, resource and time related processes to ensure the project is managed efficiently and effectively?
4. Do Project Management guidelines and processes exist within the organisation / project organisation to ensure quality?
5. Have customer and stakeholder needs been clearly understood to ensure that all project-related processes focus on meeting their needs?
6. Is there a clear division of responsibility versus authority between the organisation, project team, customers and stakeholders?

Merger and Acquisition is part of today business competition, no matter small or big. And in current business environment, IT plays very important role during the M&A. IT Due Diligence is part of due diligence, especially in IT area. Most of the process between Due Diligence and IT Due Diligence is quite same, however IT Due Diligence has a unique character since it’s a technology matter which always changing frequently.

During the IT Due Diligence, below several checklist that should be a priority to be watched.

1. Environment
1.1 Application: ERP, CRM
1.2 Platform: Unix, Intel
1.3 Operating System: Windows, Unix
1.4 Database: Oracle, SQL Server
1.5 Vendor: Microsoft, Custom, Internal Development
1.6 Connect to internet: Yes/No

2. Organization
2.1 Organization Structure
2.2 Job Roles & Responsibility

3. Expenses
3.1 Staff
3.2 Infrastructure
3.3 Operation
3.4 Development

4. IT Risks
4.1 Business Continuity

As quoted in Dutchhasterdam,
"..Amsterdam’s Schiphol Airport is the first airport in the world to deploy full-body scanning machines.."

Amsterdam’s Schiphol airport has begun using a new body-scanning machines at security checkpoints, the first major airport to use the technology to find metals and explosives hidden under clothing. Schiphol also is one of the world’s most modern airports, with flat-panel screens, airport-wide Web access, and iris-scanners already on offer to those who want to bypass passport lines.

And become populer discussion through slashdot.org,
T-Ray Camera Sees Through Clothes, Preserves Privacy

"...that are claimed to use Terahertz radiation ("T-rays") to detect foreign objects under clothing, without revealing body details, from a distance of 25 meters and while the subject is in motion.."

So how should we design security procedures in airport, is still a challenge for security related auditor