By Topic

IBM Systems Journal

Issue 2 • Date 2007

Filter Results

Displaying Results 1 - 12 of 12
  • Introduction

    Publication Year: 2007 , Page(s): 1
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (47 KB)  

    The regulatory landscape that enterprises face today has been characterized by an unrelenting increase in the number of governmental regulations. Since 1981, more than 118,000 regulations have been introduced in the United States alone. These include the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the well-known Patriot Act of 2001, and the Sarbanes-Oxley Act of 2002. Simi... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Preface

    Publication Year: 2007 , Page(s): 203 - 204
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (36 KB)  

    The current business environment is replete with governmental regulations and standards for best practices. In the United States, for example, the Sarbanes-Oxley Act of 2002 (SOX) contains new regulations for accounting practices of public companies, whereas the Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains regulations concerning access to health care as well as the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Seeing is believing: Designing visualizations for managing risk and compliance

    Publication Year: 2007 , Page(s): 205 - 218
    Cited by:  Papers (3)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (223 KB)  

    This paper explores the design of visualizations that support mandated organizational compliance processes. We draw on the research literature to show how visualizations can operate as effective user interfaces for complex, distributed processes. We argue that visualizations can reduce the complexity of such processes, making them easier to manage, and can facilitate the communication and collabor... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Optimized enterprise risk management

    Publication Year: 2007 , Page(s): 219 - 234
    Cited by:  Papers (11)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (208 KB)  

    As the result of the increasing costs of risk and compliance activities, enterprises are beginning to integrate compliance and risk management into a comprehensive enterprise risk management function and thus proactively address all sorts of risk, including operational risk and the risk of noncompliance. We present the IBM Research enterprise risk management framework, designed to address risk and... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Best practices and tools for personal information compliance management

    Publication Year: 2007 , Page(s): 235 - 253
    Cited by:  Papers (1)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (482 KB)  

    Recent incidents involving the loss of personal information and identity theft have raised concerns worldwide over information privacy. In Japan, the Personal Information Protection Act went into effect in April 2005, requiring every enterprise to manage sensitive personal information on servers, workstations, and personal computers throughout the organization. This paper describes two tools we de... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Compliance with data protection laws using Hippocratic Database active enforcement and auditing

    Publication Year: 2007 , Page(s): 255 - 264
    Cited by:  Papers (3)  |  Patents (2)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (174 KB)  

    Governments worldwide are enacting data protection laws that restrict the disclosure and processing of personal information. These laws impose administrative and financial burdens on companies that manage personal information and may hinder the legitimate and valuable sharing and analysis of this information. In this paper we describe an integrated set of technologies, known as the Hippocratic Dat... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A survey of static analysis methods for identifying security vulnerabilities in software systems

    Publication Year: 2007 , Page(s): 265 - 288
    Cited by:  Papers (9)  |  Patents (2)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (438 KB)  

    In this paper we survey static analysis methods for identifying security vulnerabilities in software systems. We cover three areas that have been associated with sources of security vulnerabilities: access-control, information-flow, and application-programming-interface conformance. Because access control mechanisms fall into two major categories, stack-based access control and role-based access c... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Ariadne: An Eclipse-based system for tracking originality of source code

    Publication Year: 2007 , Page(s): 289 - 303
    Cited by:  Patents (2)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (1287 KB)  

    In this paper we introduce Ariadne, an Eclipse-based system for tracking the originality of source code in collaborative software development environments in which software reuse is a common practice. We describe its architecture within the Eclipse framework, the originality metadata of which it keeps track, and the history clue—the data structure used to implement the tracking mechanism. W... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Role of an auditing and reporting service in compliance management

    Publication Year: 2007 , Page(s): 305 - 318
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (316 KB)  

    Regulatory compliance has become a major focus in today's business environment as companies adapt to comply with regulations such as Sarbanes-Oxley, Basel II, and HIPAA (the Health Insurance Portability and Accountability Act). Runtime audit data that records information such as operational logs represents a key element needed for compliance management. An audit service that manages the life cycle... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Addressing the data aspects of compliance with industry models

    Publication Year: 2007 , Page(s): 319 - 334
    Cited by:  Papers (2)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (1031 KB)  

    A fundamental aspect of compliance involves the capability to produce business reports which constitute adequate audit and control records. This presents two significant challenges. Very often, international and government regulators do not coordinate their policies, creating a great deal of overhead for the implementing organizations, particularly those represented in multiple geographical areas.... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A static compliance-checking framework for business process models

    Publication Year: 2007 , Page(s): 335 - 361
    Cited by:  Papers (20)  |  Patents (2)
    Save to Project icon | Click to expandAbstract | PDF file iconPDF (555 KB)  

    Regulatory compliance of business operations is a critical problem for enterprises. As enterprises increasingly use business process management systems to automate their business processes, technologies to automatically check the compliance of process models against compliance rules are becoming important. In this paper, we present a method to improve the reliability and minimize the risk of failu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • WORM storage is not enough [Technical Forum]

    Publication Year: 2007 , Page(s): 363 - 369
    Save to Project icon | PDF file iconPDF (830 KB)  
    Freely Available from IEEE

Aims & Scope

Throughout its history, the IBM Systems Journal has been devoted to software, software systems, and services, focusing on concepts, architectures, and the uses of software.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
John J. Ritsko
IBM T. J. Watson Research Center5