www.PenandCamera.com: Writing Samples: 2006 About | Clips | Photography | Photo/Visual | Writing | Updates
Writing Archive: 2006

Writing Archives: 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003

Complete stories by date:

December 2006
Mastering Agile Development Practices
Tired of traditional software development methodologies, command-and-control management styles, and juggling multiple projects at once? Consider agile development, which delivers functionality in rapid iterations — measured in just weeks — and eschews heavily designed projects for frequent communication, development, testing, and delivery. Sound like chaos? Find out if “agile” is right for you.
Dice.com (December 2006)
November 2006

Mastering Web Apps with Ruby on Rails
Ruby on Rails is an open source Web application development framework which can help build applications in days, instead of weeks or months. Is it right for you?
Dice.com (November 2006)

October 2006

Proving Grounds: Securing Test Data in Regulatory Environments
In many companies, developers use live data in unsound, test environments but remain unmindful of the fallout if that data leaks out. Why should your compliance guard be relaxed when developers use test data to design the systems that store and dole out access to such sensitive information? Here are five ways to manage test data in regulated environments.
(October 17, 2006)

Foreign Correspondence: SOX Efficiencies and EU Issuers
As of July 2006, many foreign companies listed on US exchanges must comply with some Sarbanes-Oxley requirements. Can foreign companies learn from the US SOX experience to better meet their own reporting obligations? Can they leverage their native compliance experiences to turn SOX into a competitive advantage? And how will different applications of SOX to foreign issuers impact their ability to attain compliance effectiveness? Experts suggest that less effort might lead to more compliance for EU companies.
(October 10, 2006)

September 2006

Requirements Management to the Rescue
Do you face out-of-control software development projects? Completed software that doesn’t meet users’ needs? Consider requirements management, a discipline which helps deliver on-time and on-budget software which meets users’ real needs.
Dice.com (September 2006)

Wikis at Work
Wikis are collaborative websites or intranets that allow anyone to post, edit, delete, or otherwise modify content, and they’re becoming more popular behind the corporate firewall, especially for sharing knowledge between technology workers. Could wikis work for you?
Dice.com (September 2006)

From Short Stack to Competitive Advantage
IHOP's pursuit of data quality: a business intelligence case study. (Membership required to view.)
Business Intelligence Journal (September 2006)

The mobile phone never forgets
Giving your phone amnesia is not as simple as you may think
The Times (September 7, 2006)

August 2006

Security and SOX: Are CIOs Missing the Boat?
Many CIOs arrived late to Sarbanes-Oxley efforts
Enterprise Systems (August 29, 2006)

Securing Visitors with Guest-Access Controls
A defense contractor turns to admission controls to meet government requirements to secure national security information.
Enterprise Systems (August 22, 2006)

Hot For Vista
Microsoft promises its next-generation operating system will finally begin shipping in November. Most IT professionals in Windows shops, even if they’re not anticipating an immediate upgrade to Vista, are at least planning to look under the hood, and also pencil in a migration timeline. Here’s where to start, what Vista might do for you, and what to look out for.
Dice.com (August 2006)

A Sense of Entitlement: Security, Privilege, and the Need to Know
Up 60 percent of fraud is perpetrated by employees of the victim company, often because the wrong people have access to tempting data. Here are four tips for limiting access to sensitive data and thereby limiting the potential for misuse.
(August 15, 2006)

Q&A: How Security Budgets Determine Compliance Success
New study highlights commonalities between companies with the fewest IT compliance deficiencies.
Enterprise Systems (August 15, 2006)

IT Management 101 For Unrepentant Techies
Are you management material? You know the stereotypes: techies are good with silicon, bad with people. Here are the top 10 aptitudes you’ll need to become a manager.
Dice.com (August 2006)

Two-Factor Authentication: The Single Sign-on Solution?
New online risk-monitoring and strong-authentication technologies are helping banks meet looming FFIEC online authentication deadlines
Enterprise Systems (August 8, 2006)

Filtering Technology Looks Beyond Content
Companies are increasingly deploying filtering technology to address a number of information security threats, ranging from in-bound spyware to unapproved use of VoIP.
Enterprise Systems (August 1, 2006)

July 2006

Q&A: Automating Security Controls for Compliance
Can companies use built-in ERP capabilities to better automate their IT controls?
Enterprise Systems (July 25, 2006)

Case Study: SUNY-Buffalo Health Science Schools Aims for Network-Admission Controls
The challenge: securing an infrastructure you don’t control
Enterprise Systems (July 25, 2006)

Conditioning Your Workforce for Security Compliance
Corporations are realizing that the human element is often overlooked in their quest for compliance. Organizations are helping employees make the right decisions by revamping that age-old risk management tool: the security policy.
(July 18, 2006)

Q&A: Regulations and Security Drive Organizations to Adopt Frameworks
Why organizations are increasingly adopting the IT Infrastructure Library
Enterprise Systems (July 18, 2006)

SIM Software Aims for SMBs
One company blocks real-time attacks, demonstrates compliance, and relays security effectiveness to executives.
Enterprise Systems (July 18, 2006)

Five Tips for Securing VoIP
Thanks to immature standards, competing protocols, and nascent products, keeping VoIP secure isn’t easy. Here’s where to start.
Enterprise Systems (July 11, 2006)

Security Briefs: Breaches Increase, Trojans Displace Worms
Despite increased security spending, the number of security breaches also increases. Plus, how Trojan applications have displaced worms and viruses as top threats—and why.
Enterprise Systems (July 11, 2006)

Phantom of the Operation: Defining and Securing Privacy
Organizations often misidentify their top privacy breach threats and overestimate their level of compliance and integrity. Technical controls alone won't meet privacy requirements, and may even lull companies into a false sense of security. The problem is simple: how do you secure an abstract concept?
(July 5, 2006)

June 2006

Anti-Spyware Gets Rootkit Removal
New anti-spyware functionality highlights the enterprise security question: should you go for best of breed or opt for a security suite?
Enterprise Systems (June 27, 2006)

Beyond Logs: Security Event Management Market Heads For Shakeout (Part 2 of 2)
Experts predict imminent SEM market consolidation. The upside: lower software costs, easier usability, and improved efficiency. Even so, users will be faced with a dizzying array of options.
Enterprise Systems (June 27, 2006)

Adding Ajax to Your Development Arsenal
An emerging technique allows developers to create Web applications that act like desktop applications. Here’s how to master it.
Dice.com (June 22, 2006)

Subpar signatures embolden call for antivirus SLAs
Antivirus signature quality is becoming an increasingly troublesome problem for businesses. There have been several recent incidents in which bad AV updates have caused application compatibility problems, file deletions and even the dreaded "blue screen of death." What can infosec pros do? As Mathew Schwartz explains, many in the industry say service-level agreements (SLAs) are needed to hold vendors accountable when things go wrong.
SearchSecurity.com (June 22, 2006)

Baring the Standard: Ins and Outs of ISO 17799
For companies seeking to comply with a deluge of data management and privacy regulations, ISO 17799 offers both technical best practices and managerial guidance. But the information security standard isn’t a silver bullet for compliance or even a good fit for every company. What are the potential and limitations of ISO 17799 and what do you need to know about certification?
(June 20, 2006)

Beyond Logs: Creating a Log-Management Program (Part 1 of 2)
Regulations are driving companies to audit their security logs. To help collect and analyze all that data, companies can turn to free syslog software and off-the-shelf security event management software. Which approach is right for you?
Enterprise Systems (June 20, 2006)

Security Briefs: JavaScript Worm, IBM DB2 Vulnerability, NIST Performance Metrics
Dealing with an e-mail worm targeting a Web application, and a vulnerability in IBM DB2. Plus, how to create a performance metrics program.
Enterprise Systems (June 20, 2006)

Q&A: The Quest (and Justification) for Trustworthy Code
How to evaluate the security of applications you build or buy, and justify those requirements to senior management.
Enterprise Systems (June 13, 2006)

CA Updates Mainframe Security Tools
Changes target regulatory compliance, auditing, and access controls
Enterprise Systems (June 13, 2006)

Why Ubiquitous Backup-tape Encryption Lags
Despite high-profile data breaches, storage encryption practices won’t change overnight
(June 6, 2006)

How Vista’s Arrival Will Affect the Security Market
Vista’s arrival will shake up the $3.6 billion Windows security market. Here are the implications for IT managers.
Enterprise Systems (June 6, 2006)

Why Colleges Fail the Privacy Test
Most college Web sites lack online privacy policies. What does that say about their ability to secure people’s private information and to avoid data breaches?
Enterprise Systems (June 6, 2006)

May 2006

Beware Active Microsoft Word Vulnerability, Rogue Browser
Microsoft moves to patch a “zero-day” Word vulnerability. Meanwhile in a first, a new worm arrives bearing its own browser—the better to launch drive-by download attacks.
Enterprise Systems (May 30, 2006)

Best Practices for Effective URL Filtering and Monitoring
Employee abuse of an organization’s Internet access -- from running outcall services to illicitly selling a company’s products on eBay -- illustrate URL filtering and monitoring issues. Enterprises cite inappropriate content, productivity concerns, and lost bandwidth as reasons to monitor their employees’ Web use.
Enterprise Systems (May 23, 2006)

CIOs Lack Content Control; Spyware Guns for SMBs
Are content management systems up to SOX compliance? Also, how spyware affects small and medium-size businesses.
Enterprise Systems (May 23, 2006)

Data Breach Damage Control
Your company just suffered a data breach. If you’re wondering what to do next, it’s already too late. An immediate, pre-planned response is vital to keeping your company’s reputation and revenue alive. Prepare yourself with these top tips.
(May 16, 2006)

CA Rolls Out Tape Encryption for Mainframes
Options proliferate for encrypting your z/OS backup tapes
Enterprise Systems (May 16, 2006)

2007 Tech Budgets to Decline; Stealth Malware on the Rise
A projected decrease in next year’s IT budget growth has unclear implications for security spending. Meanwhile, rootkits grow more virulent.
Enterprise Systems (May 16, 2006)

Q&A: Stopping Blended Threats with Multi-Function Security Appliances
Why small and medium-size businesses, and satellite offices, are increasingly adopting multi-function security appliances.
Enterprise Systems (May 9, 2006)

Employees Cause Most Security Breaches, Yet Response Lags
What’s the best way to stop users from inadvertently compromising your company’s information security?
Enterprise Systems (May 9, 2006)

Case Study: Hospitals Find a Cure for Storage Costs
With back-up storage costs stretching the budgets of hospitals attempting to comply with HIPAA, one network of 16 Nevada hospitals found a way to cut storage costs by 80 percent without cutting compliance corners.
(May 2, 2006)

Executives Unhappy with Current Security Metrics
Faced with decreased security spending and executives who decry the state of security reporting, security managers need better report-writing skills.
Enterprise Systems (May 2, 2006)

Web Services Gets SPML 2.0 Boost
New standard specifies XML framework for identity management and provisioning
Enterprise Systems (May 2, 2006)

April 2006

IEEE flags security as software life cycle requirement
The IEEE has approved revisions to the IEEE P1074 standard, giving project leaders methodologies for incorporating security throughout the software development life cycle.
SearchAppSecurity.com (April 26, 2006)

Why Automated Patch Management Remains Elusive
Patching remains a manual, time-intensive process, despite more automated tools.
Enterprise Systems (April 25, 2006)

Security Briefs: Risky IM; Pushing All-In-One Security Management Consoles
With IM use increasing 200 percent per year, unmanaged enterprise IM is a growing security risk. Plus, Check Point pushes one-console management for perimeter, internal, Web, and endpoint security.
Enterprise Systems (April 25, 2006)

Anti-Spyware Shootout
VeriTest, an independent testing lab, pitted three popular anti-spyware products against each other for four months, but such performance results can be problematic.
Enterprise Systems (April 20, 2006)

Case Study: White Lab Coat Security
PDAs with comprehensive, current patient data can help a doctor save a life, but a lack of proper security controls also poses privacy risks. INTEGRIS Health has implemented mobile access restrictions that could also protect critical corporate data.
(April 18, 2006)

Active Directory in Vista: Same Name, Substantial Changes
Don’t let the lack of a name change fool you. Under Vista, Active Directory and Group Policy settings get a substantial makeover, and that has security-policy management, endpoint security, and backwards compatibility implications. Here’s what to expect.
Enterprise Systems (April 18, 2006)

Security Lax with Wireless Routers
Are companies’ current wireless router security practices sufficient? Security policies are too often manually applied, and it shows.
Enterprise Systems (April 18, 2006)

Backup-Tape Security: Enter the “Brown Bag”
Are your backup tapes a security risk? After numerous high-profile tape losses, and the resulting notifications to millions of Americans, many companies still don’t encrypt their backup tapes.
Enterprise Systems (April 11, 2006)

New York Sues Over Alleged Spyware
Speaking a language spyware purveyors understand: fines and jail time
Enterprise Systems (April 11, 2006)

Excess Baggage: Unwanted Inventory Costs Millions
Are your warehouses stuffed with unordered stuff? Companies are suffering huge financial losses due to a lack of effective business controls that check incoming inventory against orders. New software frameworks that tackle this dilemma could save your business millions.
(April 4, 2006)

More Vista Security Details Emerge, But Will Enterprises Bite?
The next-generation Microsoft operating system packs needed security features, but the adoption forecast for Windows-weary enterprises is cloudy.
Enterprise Systems (April 4, 2006)

The Attack from Within: Stopping Malicious Insiders
While many IT managers obsess about hackers and external attackers purloining sensitive company information, studies point to a worse problem: the insider threat.
Enterprise Systems (April 4, 2006)

March 2006

Fodor's Guide to the Da Vinci CodeFodor's Guide to The Da Vinci Code
This fully illustrated guide to the best-selling novel gives you fresh insight into the Da Vinci Code phenomenon. Following the path of the novel's characters, Fodor's Guide to The Da Vinci Code delves into the locations, people, historic events, and symbols involved in the story. (Co-authored.)
Fodor's (Trade Paperback, 256 pages, ISBN 1-4000-1672-X, March 2006)

Building Better Applications: Beyond Secure Coding
While teaching developers “secure coding” techniques is important, experts say far more is needed to actually produce secure applications.
Enterprise Systems (March 28, 2006)

Regulations Spur Adoption of Network Access Control
Regulated companies are increasingly adopting NAC to screen network access, enforce security policies, and block malware outbreaks.
Enterprise Systems (March 28, 2006)

Loss, Litigation, and Hype: The E-mail Retention Enigma
What if a judge demanded all of your archived e-mails from June 21, 2003? Think carefully before you answer. Vendors say you must retain e-messages, but companies will lie to avoid handing over old mail; and judges might fine you whether you do or don't. What's a company to do?
(March 21, 2006)

Q&A: IT in Denial over Spyware
While many small and medium-size companies fear spyware, they don’t think spyware infections can happen to them. Despite highlighting viruses, worms, and spyware as top network security concerns, many don’t actively combat even one of these problems.
Enterprise Systems (March 21, 2006)

Fixes from Microsoft and Adobe, Havoc from McAfee
Microsoft released six critical updates for PC and Mac, and Adobe patched Flash. Grabbing headlines, however, was the file-eradication spree triggered by an update to McAfee's antivirus program, causing users to question automatic patches.
Enterprise Systems (March 21, 2006)

Case Study: Patching the SAFE Federal Credit Union
The need to automate time-consuming, manual patch processes drove one financial institution to adopt patch management software.
Enterprise Systems (March 14, 2006)

Bot Networks Hurl More Trojan Code
Bot networks are behind the rise in malicious code aimed at capturing sensitive information. Also, IM attacks decrease during February.
Enterprise Systems (March 14, 2006)

BNSF Railway On-track with Long-haul Compliance
While BNSF Railway needed to improve its application management processes to meet SOX regulations, it parlayed the effort into an application lifecycle management overhaul.
(March 7, 2006)

Destroy, Shred, Disintegrate: Guidelines for Securely Decommissioning Storage
Thanks to improved corporate information security practices, attackers are seeking new methods for accessing sensitive corporate information, putting storage media more at risk than ever. We offer several recommendations for destroying data.
Enterprise Systems (March 7, 2006)

Forty Million Stolen Identities Later: Learning from CardSystems' Breach
After the largest known compromise of personal information, the FTC details the information security failures that helped caused it.
Enterprise Systems (March 7, 2006)

February 2006

The Push for Federated Identity Management
The growth in Web Services and service-oriented architectures enables businesses to more quickly and automatically trade information and computing resources. Now it’s up to federated identity management to secure it.
Enterprise Systems (February 28, 2006)

Do You Trust Your Storage to Mitigate Mobile-Device Threats?
Increasing numbers of mobile users and poor laptop security management creates a growing risk; a new specification pushes trusted-storage applications
Enterprise Systems (February 28, 2006)

Tangling with Test Data
Do your developers choose their own test data? Since 70 percent of data thefts are inside jobs, you can't assume that any visible information in your company is safe or even private. Companies need a strategy for obscuring—or just faking—sensitive data for use in testing environments.
(February 21, 2006)

Q&A: Balancing E-Mail Security and Compliance
How quickly can you search and retrieve e-mail and instant messages relevant to a regulatory inquiry or court-ordered discovery process?
Enterprise Systems (February 21, 2006)

Microsoft, Lotus Patch “Highly Critical” Problems
Microsoft patches two highly critical vulnerabilities and corrects a dud patch-installation process, while IBM issues patches for six Lotus Notes problems
Enterprise Systems (February 21, 2006)

Crawling the Internet to Find and Stop Spyware
Researchers find spyware lives especially on adult, game, and wallpaper sites. The enterprise security mandate is clear: start blocking those sites.
Enterprise Systems (February 14, 2006)

IM Security: E-mail’s Poor Cousin
Despite the popularity of instant messaging (IM), many organizations don’t regard the communications channel as an enterprise security risk.
Enterprise Systems (February 14, 2006)

Beyond Firewalls and IPS: Monitoring Network Behavior
Large enterprises are deploying network behavior analysis tools to supplement firewalls and IPS to block unknown types of attacks and catch stealthy attacks in progress.
Enterprise Systems (February 7, 2006)

Corporate E-Mail Security: Compliance Swamps IT Staff
IT managers look to better tools, including self-service retrieval for employees
Enterprise Systems (February 7, 2006)

January 2006

The Shape of Endpoint Security to Come
Will 2006 be the year of endpoint security? A number of network-access-control approaches are finally coming to fruition.
Enterprise Systems (January 31, 2006)

Spinning Can-Spam
The FTC says federal anti-spam legislation is effective. Experts disagree.
Enterprise Systems (January 31, 2006)

Computer Forensics: Still in the Stone Age
Despite the popularity of forensic science, automated, digital evidence-gathering and analysis tools lag.
Enterprise Systems (January 24, 2006)

Vulnerability Roundup
Last week, Oracle released a critical patch update for a SQL attack vulnerability that could give local attackers administrator-level privileges, and Apple patched Windows and Apple OS versions of QuickTime. Meanwhile a new report finds online attacks are hitting the bottom line.
Enterprise Systems (January 24, 2006)

Ten Best Intranets of 2006
This 287-page report, with 193 screenshots, reviews the designs and usability of the world's ten best intranets for 2006. This year, we saw increased use of multimedia, e-learning, internal blogs, and mobile access. Winning companies also encouraged consistent design by emphasizing training for content contributors.
Nielsen Norman Group (January 23, 2006)

Handling PCI Hurdles
The PCI standard took effect on June 30, 2005. Is it effective?
(January 17, 2006)

Careers: Strong Demand Continues for Information Security Jobs
With information security increasingly a boardroom-level concern, job prospects continue to be good, according to a new study. Training and certification are becoming increasingly important for candidates and companies alike.
Enterprise Systems (January 17, 2006)

Vulnerability Roundup
It was a busy week for security alerts: more WMF flaws were exposed and two critical Microsoft vulnerabilities were revealed. Meanwhile, a review of 2005 IM threats gives a hint at what to expect this year.
Enterprise Systems (January 17, 2006)

WMF Flaw Provokes Headaches, Workarounds
Security managers race to stem a mass outbreak
Enterprise Systems (January 10, 2006)

Q&A: The 2006 Threat Landscape
Symantec anticipates kernel-level rootkits and more covert channels for siphoning intellectual property
Enterprise Systems (January 10, 2006)

Previous writing archive: 2005

Mathew Schwartz