Search results

Reports on the evaluation of a set of commercial PC‐security products. Argues how, and why, this analysis differs from the kind of security evaluation described in the IT security evaluation criteria published recently by some national security agencies. Draws on an in‐depth examination down to the hardware level, based on the actual executable code and covers even attack scenarios where the attacker can manipulate the hardware of the PC. Summarizes the major findings, pointing out some frequent design faults in PC‐security systems.

This article is an exploration of the history of the regulation of stock futures leading up to the recent regulatory resolution in which the regulators (SEC and CFTC) share responsibilities, thus leading to the trading of single stock futures.

If complaints about an agent’s sale of “ABC” mutual fund are handled by the state securities commissioner… Why should complaints about the same agent’s sale of a variable annuity invested in “ABC” mutual fund be handled exclusively by the state insurance commissioner? Are state laws enacted 35 years ago still relevant today when most agents who sell variable annuities are also licensed to sell mutual funds?

The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific requirements, cost and usability are addressed. The method simplifies and makes the selection process more transparent by identifying issues that are important when selecting products.

The paper used quantitative cost and performance analysis.

The method can be widely applied, allowing the comparison and ranking of an extensive variety of authentication products (passwords, biometrics, tokens). The method can be used for both product selection and the process of product development as supported by the case studies.

This is a work that demonstrates how to compare authentication methods from different categories. A novel ranking method has been developed which allows the comparison of different authentication products in a defined usage scenario.

Nowadays, most of the software development processes still does not provide appropriate support for the development of secure systems. Rational Unified Process (RUP) is a well‐known software engineering process that provides a disciplined approach to assigning tasks and responsibilities; however, it has little support for development of secure systems. This work aims to present a proposal of RUP for the development of secure systems.

In order to obtain the proposed RUP, the authors consider security as a knowledge area (discipline) and they define workflow, activities and roles according to the architecture of process engineering Unified Method Architecture (UMA). A software development was used to assess qualitatively the extended RUP.

Based on the development, the authors find that the proposed process produces security requirements in a more systematic way and results in the definition of better system architecture.

The proposed extension requires specific adaptation if other development processes such as agile process and waterfall are employed.

The extension facilitates, the management of execution, and control of the activities and tasks related to security and the development teams can benefit by constructing better quality software.

The originality of the paper is the proposal of extension to RUP in order to consider security in a disciplined and organized way.

The purpose of this paper is to explore the differences in preferred supplier choice criteria between food purchasing agents who focus on supplier security and those that do not. Specifically, this research determines the relationship between purchasing agents’ supplier security preferences and their preferences for product quality, delivery reliability, price, and supplier location. The influence of international sourcing on demand for increased supplier security is also explored.

Choice-based conjoint analysis with hierarchical Bayes (HB) estimation and t-tests are used to assess and compare the utility food purchasing managers derive from different supplier attributes.

Purchasing managers that place a higher priority on security when choosing suppliers were willing to pay suppliers a higher price and receive lower levels of delivery reliability in return for higher security but placed less emphasis on suppliers’ product quality. Firms that source internationally do not have a significantly greater preference for advanced supplier security. However, purchasing managers that value supplier security were more likely to source internationally, potentially indicating that security allows for global sourcing by mitigating the increased vulnerability inherent to sourcing abroad.

This research was limited by its focus on the food industry and a relatively small sample size.

This work illustrated that food purchasing managers can be segmented by the emphasis they place on security. Food industry managers will find results useful in formulating their future service offerings with respect to security and other supplier choice criteria.

This is one of few works investigating security as a supplier choice criterion and utilizing HB estimation of choice-based conjoint data.

Outlines the Open Security Architecture (OSA). OSA is an architecture which will provide the basis for the selection, design and integration of products providing security and control for a network of desktop personal computers, “mobile” notebook computers, servers and mainframes. States that the purpose of this architecture is to provide an environment where: acceptable and workable controls can be placed on sensitive data; user productivity and existing investments in applications are not negatively impacted by the addition of control and security; data flow around the organization, and the investment that has been put in place to support this capability (e.g. local‐area, wide‐area, and telephonebased networks) can still be used to enhance information exchange between users; and all workstations, regardless of their location, operating system, or capability to connect to a network, can be included and easily administered under this architecture.

The purpose of this paper is to help companies address the problem of ever-increasing cybersecurity investment that does not produce tangible business value – this is achieved by explaining the relationship between cybersecurity and competitive advantage.

The impact of cybersecurity on competitive advantage was explored through a qualitative research study – the authors conducted an extensive literature review and conducted two rounds of semi-structured interviews with executives and security professionals from companies in four countries, from the financial, IT and security industries.

The analysis of the findings enabled the conceptualization of the Cybersecurity Competitive Advantage Model that explains how to build up cybersecurity dynamic capabilities to achieve long-term competitive advantage.

The research presents the theorization of the model based on an extensive literature review, gathered information, insight from qualified respondents and the authors’ experience in the field. While we controlled for saturation and rigorously collected and analyzed the data, the inductive approach followed may limit the generalizability of the findings.

The proposed model helps explain to executives how to differentiate their company in a novel way and how to retain that competitive advantage; security professionals can use the model to organize cybersecurity and communicate to their superiors more effectively.

The presented model differs from existing literature, cybersecurity frameworks and industry standards by presenting a method of avoiding technological bias and for achieving competitive advantage.

Quantifying the efficacy of marketing is an age-old challenge. As John Wanamaker said a century ago, “Half the money I spend on advertising is wasted; the trouble is I don't know which half.” The big difference today, however, is that the Internet enables detailed tracking of marketing campaigns in real time, or near time. Exemplifies how to leverage the Internet to dramatically improve the efficacy of marketing. Centers upon the Microsoft Security Guidance marketing campaign, which was designed to change IT professionals' perception of Microsoft's software product security. The integrated marketing campaign involved print media, analyst relations, and online advertising. The advertising was designed to drive IT professionals to a Web site on security guidance, then sign them up for free in-person security training classes. Illustrates two important best practices for marketing in the Internet age: first, the campaign was designed to be measured, and second, agility was specifically designed into the campaign. In addition to tracking weekly click-through data from the print and online advertising, the campaign also used online pop-up customer perception surveys. Analyzing the click-though data, Microsoft realized it had a problem at the end of the first week of the campaign–there were far fewer signups for the training sessions than anticipated. By the end of the second week the campaign was changed, resulting in a huge improvement in efficacy. Creates a scorecard illustrating the pros and cons of the Microsoft approach compared to a more traditional campaign. Illustrates how, rather than creating big-bang campaigns, high-performing marketing organizations today are continually experimenting. They build flexibility into campaigns and design them to be measured.

To learn how to leverage the Internet in marketing campaigns, analyze click-through data and online survey results acquired in near time, and learn how it is used to fine tune and dramatically improve a campaign. Furthermore, illustrates how nonfinancial metrics can be used to quantify marketing efficacy.

The purpose of this summary is to provide excerpts of selected Financial Industry Regulatory Authority (FINRA) regulatory notices and disciplinary actions issued in July and August 2009 and a sample of disciplinary actions during that period.

The paper provides excerpts from FINRA Regulatory Notice 09‐42, Variable Life Settlement Transactions; 09‐49, Conflicts of Interest; 09‐52, Trade Reporting; and 09‐53, Non‐traditional ETFs.

(09‐42) FINRA is concerned about variable life settlements because they involved materially different factors and raise materially different issues than more widely held securities such as stocks or bonds. (09‐49) Rule 2720 prohibits a member firm with a conflict of interest from participating in a public offering, unless the nature of the conflict is prominently disclosed and certain other specific requirements are met. (09‐52) Effective January 11, 2010, firms that execute OTC trades in equity securities during the hours that a FINRA trade reporting facility is closed must report the trade within 15 minutes of the opening of the facility. (09‐53) Effective December 1, 2009, FINRA is implementing increased customer margin requirements for leveraged ETFs and uncovered options overlaying leveraged ETFs.

These are direct excerpts designed to provide a useful digest for the reader and an indication of regulatory trends. The FINRA staff are aware of this summary but have neither reviewed, nor edited it. For further detail as well as other useful information, the reader should visit www.finra.org.