docDownloading - Pliroforiki
download 
Reclamo Transcript
Downloading - Pliroforiki
ISSUE 22 | JANUARY 2012 | www.pliroforiki.org GOVERNANCE OF INFORMATION SECURITY & OTHER INITIATIVES p.14 SAFE COMPUTING IN AN INCREASINGLY HOSTILE WORLD: SECURITY 2.0 p.19 THE FUTURE OF INFORMATION SECURITY: NEW PRIORITIES, NEW SKILLS AND NEW TECHNOLOGIES p.24 ŒÎ‰ÔÛË ÙÔ˘ ∫˘ÚÈ·ÎÔ‡ ™‡Ó‰ÂÛÌÔ˘ ¶ÏËÚÔÊÔÚÈ΋˜ Publication of the Cyprus Computer Society ISSN 1450-152X ΠΕΡΙΕΧΟΜΕΝΑ CONTENTS ISSUE 22 - JANUARY 2012 Δ∂ÀÃ√™ 22 - IANOÀ∞ƒπ√™ 2012 π‰ÈÔÎÙ‹Ù˘ ∫˘ÚÈ·Îfi˜ ™‡Ó‰ÂÛÌÔ˜ ¶ÏËÚÔÊÔÚÈ΋˜ N¤· ‰È‡ı˘ÓÛË: ºÏˆÚ›Ó˘ 11, City Forum, 3Ô˜ fiÚÔÊÔ˜, °Ú. 303, 1065 §Â˘ÎˆÛ›· Δ£ 27038 1641 §Â˘ÎˆÛ›· ∫‡ÚÔ˜ ΔËÏ.: 22 460680 º·Í: 22 767349 [email protected] www.ccs.org.cy ™˘ÓÙ·ÎÙÈ΋ ∂ÈÙÚÔ‹ °È¿ÓÓÔ˜ ∞ÏÂÙÚ¿Ú˘ ∫˘ÚÈ¿ÎÔ˜ E. °ÂˆÚÁ›Ô˘ ∫ˆÓÛÙ·ÓÙ›ÓÔ˜ ∑ÂÚ‚›‰Ë˜ ∫ˆÓÛÙ·ÓÙ›ÓÔ˜ º·ÓÔ˘Ú›Ô˘ ª›Óˆ˜ °ÂˆÚÁ¿Î˘ ¶·Ó›ÎÔ˜ ª·ÛÔ‡Ú·˜ º›ÏÈÔ˜ ¶ÂÏÂÙȤ˜ ÀÔ‚ÔϤ˜ ÕÚıÚˆÓ www.pliroforiki.org ∂È̤ÏÂÈ· - ¢È·ÊËÌ›ÛÂȘ ÃÚÈÛÙ›Ó· ¶··ÌÈÏÙÈ¿‰Ô˘ ΔËÏ.: 22 460680 [email protected] ∂È̤ÏÂÈ· - ™ÂÏ›‰ˆÛË - ∂ÍÒÊ˘ÏÏÔ GRA.DES [email protected] www.gra-des.com ∫˘ÚÈ·Îfi˜ ™‡Ó‰ÂÛÌÔ˜ ¶ÏËÚÔÊÔÚÈ΋˜ ISSN 1450-152X 02 06 09 11 ªH¡Àª∞ ™À¡Δ∞∫Δπ∫H™ ∂¶πΔƒ√¶H™ Δ∞ ¡E∞ ª∞™ Dr EUGENE SCHULTZ (1946 – 2011) Yiannos Aletraris ISACA CYPRUS CHAPTER ∫À¶ƒπ∞∫O π¡™ΔπΔ√YΔ√ ∂§E°Ã√À ™À™Δ∏ªAΔø¡ ¶§∏ƒ√º√ƒπ∫H™ ¶·Û¯¿Ï˘ ¶ÈÛÛ·Ú›‰Ë˜ 14 GOVERNANCE OF INFORMATION SECURITY & OTHER INITIATIVES Vernon Poole 19 SAFE COMPUTING IN AN INCREASINGLY HOSTILE WORLD: SECURITY 2.0 Dr Andrew Jones 24 THE FUTURE OF INFORMATION SECURITY: NEW PRIORITIES, NEW SKILLS AND NEW TECHNOLOGIES David Lacey 28 33 TO WHAT EXTEND IS THE TURING TEST STILL IMPORTANT? Christos Papademetriou 44 DO YOU KNOW THIS MAN? Dr Philippos Peleties THE ROLE OF EFFECTIVE PROJECT MANAGEMENT IN PROJECT SUCCESS: IDENTIFYING SUCCESS CRITERIA & THE CRITICAL SUCCESS FACTORS Andreas Solomou, Kyriakos E. Georgiou www.pliroforiki.org | 1 ªH¡Àª∞ ™À¡Δ∞∫Δπ∫H™ ∂¶πΔƒ√¶H™ π·ÓÔ˘¿ÚÈÔ˜ 2012 Στὸν κόσµο τῆς Κύπρου, Μνήµη καὶ Ἀγάπη ... Κύπρον, οὗ µ᾿ ἐθέσπισεν... «Κύριε, βόηθα νὰ θυµόµαστε πῶς ἔγινε τοῦτο τὸ φονικὸτὴν ἁρπαγὴ τὸ δόλο τὴν ἰδιοτέλεια, τὸ στέγνωµα τῆς ἀγάπηςΚύριε, βόηθα νὰ τὰ ξεριζώσουµε...i». Γίωργος Σεφέρης Σαλαµίνα της Κύπρου, Ἡµερολόγιο Καταστρώµατος Γ´ ∞Á·ËÙÔ› Ê›ÏÔÈ Î·È Ê›Ï˜, ∂π™∞°ø°∏ To ·ÚfiÓ Ì‹Ó˘Ì· ¿Ú¯ÈÛ ӷ ÁÚ¿ÊÂÙ·È Û¯Â‰fiÓ ·Ú¿ÏÏËÏ· Ì ÙÔ ÚÔËÁÔ‡ÌÂÓÔ ª‹Ó˘Ì· Ù˘ ™˘ÓÙ·ÎÙÈ΋˜ ∂ÈÙÚÔ‹˜ Ù˘ ¤Î‰ÔÛ˘ ÙÔ˘ πÔ˘Ó›Ô˘ 2011 ÁÈ·Ù› ÔÈ Û˘Ó¤ÂȘ Ù˘ ΔÚ·Áˆ‰›·˜ Ù˘ 11˘ πÔ˘Ï›Ô˘ 2011 ÂÈ‚¿Ú˘Ó·Ó ¤Ó· ‰‡ÛÎÔÏÔ ‰ÈÂıÓ¤˜ ÂÚÈ‚¿ÏÏÔÓ Î·È Â¤ÊÂÚ·Ó ‰Ú·Ì·ÙÈΤ˜ Î·È ÚÈ˙ÈΤ˜ ·ÏÏ·Á¤˜ Û fiϘ ÙȘ ÂÎÊ¿ÓÛÂȘ ÙÔ˘ ‰ËÌfiÛÈÔ˘ Î·È È‰ÈˆÙÈÎÔ‡ ‚›Ô˘. √ ÏfiÁÔ˜ ÙÔ˘ ÔÈËÙ‹ fiˆ˜ ¿ÓÙ· ÚÔÊËÙÈÎfi˜ Î·È Â› Ù˘ Ô˘Û›·˜. Δ· ·ÚÓËÙÈο Û˘Ó·ÈÛı‹Ì·Ù· Ù˘ ·fiÁÓˆÛ˘, Ù˘ ÓÙÚÔ‹˜, Ù˘ χ˘, Ù˘ ·‰˘Ó·Ì›·˜, ÙÔ˘ ı˘ÌÔ‡ Î·È Ù˘ ·Á·Ó¿ÎÙËÛ˘ Ô˘ ‚ÈÒÛ·ÌÂ, ÙfiÙÂ, ¤¯Ô˘Ó ÂÓ Ì¤ÚÂÈ ·ÓÙÈηٷÛÙ·ı› ·fi ÌÈ· ¢ڇÙÂÚË ·ÁˆÓ›· ÁÈ· ÙÔ Ì¤ÏÏÔÓ, ÙË Ê˘ÛÈ΋ ÂÈ‚›ˆÛË Î·È ÙË ‰È·Ù‹ÚËÛË ÙÔ˘ ÂȤ‰Ô˘ ˙ˆ‹˜ Ô˘ ¤¯Ô˘ÌÂ Û˘ÓËı›ÛÂÈ. °È· ÙËÓ ¤ÁÓÔÈ· Ì‹ˆ˜ Ë ÂÚ›Ô‰Ô˜ Ù˘ Â˘Ì¿ÚÂÈ·˜ Î·È Ù˘ ·ÛÊ¿ÏÂÈ·˜ ¤¯ÂÈ ·Ú¤ÏıÂÈ ÔÚÈÛÙÈο Î·È Ë ÂfiÌÂÓË ÂÚ›Ô‰Ô˜ ı· Â›Ó·È ÈÔ ‰‡ÛÎÔÏË Î·È ·‚¤‚·ÈË. ∏ Úfi‚ÏÂ„Ë ÁÈ· ÙËÓ ·Ú·ÙÂٷ̤ÓË ÂÚ›Ô‰Ô ÎÚ›Û˘ Î·È ·ÛÙ¿ıÂÈ·˜ Û fiÏ· Ù· ›‰· ¤¯ÂÈ, ‰˘ÛÙ˘¯Ò˜, ·ÏËı¢ı›. ƒÂ·ÏÈÛÙÈο ÔÌÈÏÔ‡ÓÙ˜ Ù· ‰ËÌÔÛÈÔÓÔÌÈο ‰Â‰Ô̤ӷ Ù˘ ∫‡ÚÔ˘ ‰ÂÓ Â›Ó·È ÛÂ Â›Â‰Ô Ô˘ Ó· ‰ÈηÈÔÏÔÁÔ‡Ó ÙËÓ ˘ÊÈÛÙ¿ÌÂÓË Î·ÙËÁÔÚÈÔÔ›ËÛË ÙˆÓ ‰ÈÂıÓÒÓ ÂÙ·ÈÚÂÈÒÓ ·ÍÈÔÏfiÁËÛ˘ Î·È Î·Ù’ ¤ÎÙ·ÛË ÙËÓ ·‰˘Ó·Ì›· ÙÔ˘ ÎÚ¿ÙÔ˘˜ Ó· ·Â˘ı˘Óı› ÛÙȘ ‰ÈÂıÓ›˜ ·ÁÔÚ¤˜ ÁÈ· ‰·ÓÂÈÛÌfi. √È ·ÔÊ¿ÛÂȘ Î·È Ù· ‰Ú·ÎfiÓÙÂÈ· ÔÈÎÔÓÔÌÈο ̤ÙÚ· Ù˘ ÔÏÈÙÈ΋˜ ËÁÂÛ›·˜ ¤¯Ô˘Ó ‰ÚÔÌÔÏÔÁËı› ÙfiÛÔ ·fi ÙËÓ ÎÚ›ÛË ÙÔ˘ ∂˘ÚÒ Ô˘ Ù·Ï·Ó›˙ÂÈ ÙËÓ ∂˘ÚÒË fiÛÔ Î·È ·fi ÙËÓ ·ÒÏÂÈ· ÂÌÈÛÙÔÛ‡Ó˘ ÙˆÓ ·ÁÔÚÒÓ ÛÙË ‰˘Ó·ÙfiÙËÙ· Ù˘ ∫‡ÚÔ˘ Ó· ‰È·¯ÂÈÚÈÛı› Ù· ÙÔ˘ Ô›ÎÔ˘ Ù˘ Û ÌÈ· ‰‡ÛÎÔÏË ÔÈÎÔÓÔÌÈ΋ Û˘Á΢ڛ·. ∞˘Ù¤˜ ÔÈ ÂÍÂÏ›ÍÂȘ ÂÍ·Ó¤ÌÈÛ·Ó ÙȘ fiÔȘ ·Ì˘‰Ú¤˜ ÂÏ›‰Â˜ ÁÈ· ·Ó¿Î·Ì„Ë Ù˘ ÔÈÎÔÓÔÌ›·˜ ÙÔ 2012 Î·È ÙËÓ Ô‰ËÁÔ‡Ó ›Ûˆ ÛÙËÓ ‡ÊÂÛË ( recession) ·Ó fi¯È Î·È ÙËÓ ‚·ıÈ¿ Î·È ·Ú·ÙÂٷ̤ÓË ‡ÊÂÛË (depression). Δ· ÂÓ ÔÏÏÔ›˜ ·Ó·Áη›·, ‰Ú·ÎfiÓÙÂÈ· ̤ÙÚ· Ì›ˆÛ˘ ÙÔ˘ ÌÈÛıÔÏÔÁ›Ô˘ ÙÔ˘ ¢ڇÙÂÚÔ˘ ÎÚ·ÙÈÎÔ‡ ÙÔ̤· ÁÈ· Ù· ÂfiÌÂÓ· ‰‡Ô ¤ÙË ı· Û˘ÓÙ›ÓÔ˘Ó ÛÙË Ì›ˆÛË ÙÔ˘ ÂÏÏ›ÌÌ·ÙÔ˜ ÙÔ˘ ÚÔ¸ÔÏÔÁÈÛÌÔ‡. ∏ ·Ï‹ıÂÈ· Â›Ó·È fiÙÈ ÙÔ ÌÈÛıÔÏfiÁÈÔ ÛÙÔÓ Â˘Ú‡ÙÂÚÔ ‰ËÌfiÛÈÔ ÙÔ̤· ·˘Í·ÓfiÙ·Ó Ù· ÚÔËÁÔ‡ÌÂÓ· ¯ÚfiÓÈ· ηٿ 10% Û ÂÙ‹ÛÈ· ‚¿ÛË. ∞˘Ù‹ Ë ·‡ÍËÛË Â›Ó·È ÔÏÏ·Ï¿ÛÈ· Ù˘ ‚ÂÏÙ›ˆÛ˘ Ù˘ ·Ú·ÁˆÁÈÎfiÙËÙ·˜ Î·È Î·Ù’ ¤ÎÙ·ÛË ÌË ‚ÈÒÛÈÌË. ∞ÓÙ›ıÂÙ· Ë ·‡ÍËÛË ÙÔ˘ º¶∞ ·fi ÙÔ ª¿ÚÙÈÔ ÙÔ˘ 2012 ‰ÂÓ Â›Ó·È Û›ÁÔ˘ÚÔ fiÙÈ ı· ·˘Í‹ÛÂÈ Ù· ¤ÛÔ‰· ÙÔ˘ ÎÚ¿ÙÔ˘˜. À¿Ú¯ÂÈ ÌÈ· ηϋ Èı·ÓfiÙËÙ· Ô Û˘Ó‰˘·ÛÌfi˜ ÙˆÓ ‰‡Ô ·˘ÙÒÓ Ì¤ÙÚˆÓ Ì·˙› Ì ÙËÓ ·ÔÚÚfiÊËÛË ·fi ÙÔ ∫Ú¿ÙÔ˜ Ù˘ fiÔÈ·˜ ‰È·ı¤ÛÈÌ˘ ÙÔÈ΋˜ Ú¢ÛÙfiÙËÙ·˜ ˘fi ÙË ÌÔÚÊ‹ ‰·ÓÂÈÛÌÔ‡ Ó· Ô‰ËÁ‹ÛÂÈ ÛÙË Ì›ˆÛË Ù˘ ‰È·ı¤ÛÈÌ˘ Ú¢ÛÙfiÙËÙ·˜ Î·È ÛÙË Ì›ˆÛË Ù˘ ˙‹ÙËÛ˘ ÛÙËÓ ·ÁÔÚ¿, fiˆ˜ ¤¯ÂÈ Û˘Ì‚Â› Î·È ÛÙËÓ ∂ÏÏ¿‰·, Ô˘ ı· ¤¯ÂÈ Ôχ ·ÚÓËÙÈΤ˜ ÂÈÙÒÛÂȘ ÛÙ· ¤ÛÔ‰· ÙÔ˘ ∫Ú¿ÙÔ˘˜ Î·È ÛÙËÓ ·Ó¿Ù˘ÍË ÁÈ· ÙÔ 2012 Î·È Ù· ÂfiÌÂÓ· ¤ÙË. ∞fi ÙËÓ ¿ÏÏË Ë i. √È ÛÙÔ›¯ÔÈ Â›Ó·È ÂχıÂÚË ·fi‰ÔÛË ÌÈ·˜ ÚÔÛ¢¯‹˜ Ô˘ ›¯Â ÊÙÈ¿ÍÂÈ ÁÈ· ÙÔ Î·Ú¿‚È ÙÔ˘ Ô ·ÓÙÈÏÔ›·Ú¯Ô˜ Lord Hugh Beresoft Î·È Ô ÔÔ›Ô˜ ¤ÂÛ ÛÙË ª¿¯Ë Ù˘ ∫Ú‹Ù˘ ÙÔÓ ∞Ú›ÏÈÔ ÙÔ˘ 1941. ∏ ÚÔÛ¢¯‹ ›¯Â ‰ËÌÔÛÈ¢ı› Û ÌÈ· ÓÔÙÈÔ·ÊÚÈηÓÈ΋ ÂÊËÌÂÚ›‰· ÙÔ ™Â٤̂ÚÈÔ ÙÔ˘ 1941. 2 | www.pliroforiki.org ¶ÔÏÈÙ›· Ôχ Ï›Á· ¤¯ÂÈ Î¿ÓÂÈ ÁÈ· ÙËÓ ·Ó¿Ù˘ÍË Ù˘ ÔÈÎÔÓÔÌ›·˜ Î·È Ù˘ ··Û¯fiÏËÛ˘. HARRY S. TRUMAN (1884 – 1972) THE BUCK STOPS HERE √ Harry S. Truman ˘ËÚ¤ÙËÛ ˆ˜ Ô 33Ô˜ ¶Úfi‰ÚÔ˜ ÙˆÓ ∏ÓˆÌ¤ÓˆÓ ¶ÔÏÈÙÂÈÒÓ (1945–1953) Û ‰È·‰Ô¯‹ ÙÔ˘ Franklin D. Roosevelt, fiÙ·Ó ·˘Ùfi˜ ·Â‚›ˆÛ ÙÚ›˜ ÌfiÓÔ Ì‹Ó˜ ÌÂÙ¿ ·ÊÔ‡ ¿Ú¯ÈÛ ÙËÓ ÈÛÙÔÚÈ΋ 4Ë ¶ÚÔ‰ڛ· ÙÔ˘. O Harry S. Truman ÚÔ¤Ú¯ÔÓÙ·Ó ·fi ÙÔ ªÈÛÔ‡ÚÈ, ‹Ù·Ó Ù·ÂÈÓ‹˜ ηٷÁˆÁ‹˜, ‰ÂÓ ‹Ù·Ó ·fiÊÔÈÙÔ˜ ¶·ÓÂÈÛÙËÌ›Ô˘ Î·È fiÙ·Ó ¤Ê˘Á ·fi ÙËÓ ¶ÚÔ‰ڛ· ÙÔ 1953 ÙÔ ÌfiÓÔ ÙÔ˘ ÂÈÛfi‰ËÌ· ‹Ù·Ó Ë Û‡ÓÙ·ÍË ÙÔ˘ §Ô¯·ÁÔ‡ ·fi ÙËÓ ˘ËÚÂÛ›· ÙÔ˘ ÛÙÔ ÛÙÚ·Ùfi ηٿ ÙË ‰È¿ÚÎÂÈ· ÙÔ˘ 1Ô˘ ¶·ÁÎÔÛÌ›Ô˘ ¶ÔϤÌÔ˘. ∞ÚÓ‹ıËΠӷ ‰Â¯Ù› ‚Ô‹ıÂÈ· ‹ ÂÚÁ·Û›· ÁÈ· Ó· ÌËÓ ÂÎı¤ÛÂÈ ÙÔ ıÂÛÌfi Ù˘ ¶ÚÔ‰ڛ·˜. ∞ÚÁfiÙÂÚ· fiÙ·Ó Û˘ÓÂȉËÙÔÔÈ‹ıËÎÂ Ë ¤Ó‰˘· ÙÔ˘ Î·È fiÙÈ ·Ó·ÁοÛÙËΠӷ ˙ËÙ‹ÛÂÈ ‰¿ÓÂÈÔ ÁÈ· Ó· ˙‹ÛÂÈ Ë ¶ÔÏÈÙ›· „‹ÊÈÛ ÓfiÌÔ ÁÈ· ÙË Û˘ÓÙ·ÍÈÔ‰fiÙËÛË ÙˆÓ ¶ÚÔ¤‰ÚˆÓ. ∫·Ù¿ ÙË ‰È¿ÚÎÂÈ· Ù˘ ¶ÚÔ‰ڛ·˜ ÙÔ˘ ·Ó·ÁοÛÙËΠӷ ¿ÚÂÈ ‰‡ÛÎÔϘ ·ÔÊ¿ÛÂȘ fiˆ˜ Ë Ú›„Ë ÙˆÓ ‰‡Ô ˘ÚËÓÈÎÒÓ ‚ÔÌ‚ÒÓ ÛÙËÓ π·ˆÓ›·, Ë ·fiÏ˘ÛË ÙÔ˘ ‰ËÌÔÊÈÏÔ‡˜ ÛÙÚ·ÙËÁÔ‡ MacArthur, Ô fiÏÂÌÔ˜ Ù˘ ∫ÔÚ¤·˜, Ë ·Ó·ÁÓÒÚÈÛË ÙÔ˘ ÎÚ¿ÙÔ˘˜ ÙÔ˘ πÛÚ·‹Ï, Ë ·fiÊ·ÛË Ó· ÛÙËÚȯı› ÔÈÎÔÓÔÌÈο Ë ¢˘ÙÈ΋ ∂˘ÚÒË Î·È ÙÔ Û¯¤‰ÈÔ Marshal. ø˜ ·ÔÙ¤ÏÂÛÌ· Ë ‰ËÌÔÙÈÎfiÙËÙ· ÙÔ˘ ʇÁÔÓÙ·˜ ·fi ÙÔÓ §Â˘Îfi √›ÎÔ ‹Ù·Ó ¯·ÌËÏfiÙÂÚË Î·È ·fi ·˘Ù‹Ó ÙÔ˘ Richard Nixon (1968 -1974) o ÔÔ›Ô˜ ·Ó·ÁοÛÙËΠӷ ·Ú·ÈÙËı› ÏfiÁˆ ÙÔ˘ ÛηӉ¿ÏÔ˘ Watergate. ∞ÚÁfiÙÂÚ· Ì ÙÔ ¤Ú·ÛÌ· ÙÔ˘ ¯ÚfiÓÔ˘ Î·È ÙË Û˘ÓÂȉËÙÔÔ›ËÛË Ù˘ Û˘ÓÂÈÛÊÔÚ¿˜ ÙÔ˘ Ë ¿Ô„Ë ÁÈ· ÙÔ ¤ÚÁÔ ÙÔ˘ ·ÓÙÈÛÙÚ¿ÊËΠÛÙÔ ÛËÌÂ›Ô Ô˘ Ó· ıˆÚÂ›Ù·È ÌÂٷ͇ ÙˆÓ ÂȉÈÎÒÓ ·ÏÏ¿ ÙˆÓ ÔÏÈÙÒÓ ˆ˜ ¤Ó·˜ Ôχ ηÏfi˜ Úfi‰ÚÔ˜ Î·È Ó· ·ÍÈÔÏÔÁÂ›Ù·È ÌÂٷ͇ ÙˆÓ ‰¤Î· Î·Ï˘Ù¤ÚˆÓ. ΔÔ ÁÚ·ÊÂ›Ô ÙÔ˘, Oval Office, ÎÔÛÌÔ‡Û ÌÈ· ͇ÏÈÓË ÂÈÁÚ·Ê‹ Ë ÔÔ›· ·fi ÌÚÔÛÙ¿ ¤ÁÚ·Ê "The buck stops here" Î·È ·fi ›Ûˆ “I am from Missouri”. ∏ ÂÈÁÚ·Ê‹ ·Ú¤ÌÂÈÓ ÛÙÔ Oval Office ÙÔ˘Ï¿¯ÈÛÙÔÓ Ì¤¯ÚÈ ÙËÓ ¶ÚÔ‰ڛ· ÙÔ˘ Jimmy Carter (1976 – 1980). ∏ ¤ÎÊÚ·ÛË "The buck stops here" Û’ ·˘Ùfi ÙÔ Ï·›ÛÈÔ ·ÊÔÚ¿ ÛÙËÓ Ú·ÁÌ·ÙÈÎfiÙËÙ· ÙÔ˘ ·ÍÈÒÌ·ÙÔ˜. √ ¶Úfi‰ÚÔ˜ ı· Ú¤ÂÈ Ó· ·›ÚÓÂÈ ·ÔÊ¿ÛÂȘ Î·È Ê˘ÛÈο Ó· Ï·Ì‚¿ÓÂÈ ÙËÓ ÙÂÏÈ΋ ¢ı‡ÓË ÁÈ· ÙȘ ·ÔÊ¿ÛÂȘ ÙÔ˘. ¢ÂÓ ˘¿Ú¯ÂÈ ÂÚÈıÒÚÈÔ Ó· ÂÚ¿ÛÂÈ ÙËÓ Â˘ı‡ÓË (buck) ÁÈ· ÙËÓ ·fiÊ·ÛË Û’ ¿ÏÏÔ˘˜ Ô‡ÙÂ Î·È Ó· ·ÔÔÈËı› ÙˆÓ Â˘ıËÓÒÓ ÙÔ˘. ∏ ÙÂÏÈ΋ ¢ı‡ÓË Â›Ó·È ‰È΋ ÙÔ˘. Δ√ ¡∂º√™ (CLOUD) ∫∞π ∏ ∫À¶ƒ√™ Δ√À 2011: ∞™Àªμ∞Δ∂™ ∂¡¡√π∂™; ΔÔ ¡¤ÊÔ˜ (Cloud) Â›Ó·È ÌÈ· ¤ÓÓÔÈ· Î·È ÂÊ·ÚÌÔÁ‹ Ù¯ÓÔÏÔÁ›·˜ Ô˘ Ù›ÓÂÈ Ó· ʤÚÂÈ Â·Ó¿ÛÙ·ÛË ÛÙÔ ÙÚfiÔ Ô˘ ηٷÓÔÔ‡ÌÂ Î·È ·ÍÈÔÔÈԇ̠ÙËÓ Ù¯ÓÔÏÔÁ›·, ÙËÓ ÏËÚÔÊÔÚ›· Î·È ÙË ÁÓÒÛË. ΔÔ ÂÚÒÙËÌ· fï˜ ·Ó ÙÔ Ó¤ÊÔ˜ ·ÔÙÂÏ› fiÓÙˆ˜ ·ÏÏ·Á‹ ˘Ô‰Â›ÁÌ·ÙÔ˜ ‹ ·Ï¿ Â›Ó·È ÌÈ· ÛÂÈÚ¿ ·fi Ù¯ÓÔÏÔÁ›Â˜ ÛÙȘ Ôԛ˜ ¤¯ÂÈ ·Ô‰Ôı› ¤Ó· ·˘ÍË̤ÓÔ ÔÛÔÛÙfi ˘ÂÚ‚ÔÏ‹˜ Ô˘ Û¯ÂÙ›˙ÂÙ·È Ì ÙËÓ ·Ó¿ÁÎË ·‡ÍËÛ˘ ÙˆÓ ˆÏ‹ÛÂˆÓ ·Ú·Ì¤ÓÂÈ. ÕÏψÛÙ ÔÈ ÌÂÁ¿Ï˜ ÂÙ·ÈÚ›˜ ÙÔ˘ ÎÏ¿‰Ô˘ ‰›‰Ô˘Ó ÂÚÈÛÛfiÙÂÚË ÛËÌ·Û›· ÛÙÔÓ ÙÔ̤· ˆÏ‹ÛÂˆÓ ·Ú¿ ÛÙÔÓ ÙÔ̤· ·Ú·ÁˆÁ‹˜ ‹ ÈηÓÔÔ›ËÛ˘ ÙˆÓ ·Ó·ÁÎÒÓ ÙˆÓ ÂÏ·ÙÒÓ / ¯ÚËÛÙÒÓ. ÿÛˆ˜ Ë ·Ï‹ıÂÈ· ÛÙÔ ÈÔ ¿Óˆ ÂÚÒÙËÌ· Ó· Â›Ó·È Î¿Ô˘ ÛÙË Ì¤ÛË ÌÂٷ͇ ÙˆÓ ‰‡Ô ·ÎÚ·›ˆÓ ı¤ÛˆÓ. ™Â ¤Ó· ·Ú·‰ÔÛÈ·Îfi Û‡ÛÙËÌ· ËÏÂÎÙÚÔÓÈÎÔ‡ ˘ÔÏÔÁÈÛÙ‹ Ù· Ì˯·Ó‹Ì·Ù·, Ù· ÏÔÁÈÛÌÈο Î·È ÔÈ ÏËÚÔÊÔڛ˜ ‚Ú›ÛÎÔÓÙ·Ó ÛÙÔ ›‰ÈÔ Ê˘ÛÈÎfi ¯ÒÚÔ. √ ¯ÒÚÔ˜ ÌÔÚÔ‡Û ӷ Â›Ó·È ¤Ó· ÎÙ‹ÚÈÔ ‹ Î·È ¤Ó· ‰ˆÌ¿ÙÈÔ ·fi Ô‡ ÙÔ ·Ú·‰ÔÛÈ·Îfi Û‡ÛÙËÌ· ‰ÂÓ ÌÔÚÔ‡Û ӷ ÌÂÙ·ÎÈÓËı› Ì ¤Ó· ‡ÎÔÏÔ ÙÚfiÔ. ™Ù·‰È·Î¿ Ù· Û˘ÛÙ‹Ì·Ù· ¤ÁÈÓ·Ó ÌÈÎÚfiÙÂÚ· Û ̤ÁÂıÔ˜, ÈÛ¯˘ÚfiÙÂÚ· Û ˘ÔÏÔÁÈÛÙÈ΋ ‰‡Ó·ÌË Î·È ¯ÒÚÔ ·Ôı‹Î¢Û˘ › Ù˘ Ô˘Û›·˜ ÌÂÙ·ÊÂÚfiÌÂÓ· Î·È ·˘ÙfiÓÔÌ·. ™’ ·˘Ù‹Ó ÙËÓ ÂͤÏÈÍË ¤¯ÂÈ ÚÔÛÙÂı› Ë ÌÂÁ¿ÏË Â·Ó¿ÛÙ·ÛË ÙÔ˘ ‰È·‰ÈÎÙ‡Ô˘ Ô˘ Ô‰ËÁ› Û ʷÈÓfiÌÂÓ· fiÔ˘ Ë Ê˘ÛÈ΋ ·ÚÔ˘Û›· ÙˆÓ Û˘ÓÙÂÏÂÛÙÒÓ ÂÂÍÂÚÁ·Û›·˜ Ù˘ ÏËÚÔÊÔÚ›·˜ (Ì˯·Ó‹Ì·Ù·, ÏÂÈÙÔ˘ÚÁÈÎfi Û‡ÛÙËÌ·, ÏÔÁÈÛÌÈÎfi, ‰›ÎÙ˘Ô, ÂÊ·ÚÌÔÁ‹, ‰Â‰Ô̤ӷ) ‰ÂÓ Â›Ó·È ÛËÌ·ÓÙÈο ÛÙË ÏÂÈÙÔ˘ÚÁ›· Î·È ÂÂÍÂÚÁ·Û›· Ù˘ ÏËÚÔÊÔÚ›·˜ Î·È ÛÙË ‰ÈÂÍ·ÁˆÁ‹ Ù˘ ÂÚÁ·Û›·˜. ∞˘Ùfi ‚‚·›ˆ˜ ÌÂÙ·ÌÔÚÊÒÓÂÈ ÙÔÓ ÙÚfiÔ ÏÂÈÙÔ˘ÚÁ›·˜ ÙˆÓ ÔÚÁ·ÓÈÛÌÒÓ Î·È ÙË ÌÔÚÊ‹ Î·È ÙÚfiÔ ÂÚÁ·Û›·˜ Î·È ‰ËÌÈÔ˘ÚÁ› Ӥ˜ ¢ηÈڛ˜ Î·È ÚÔÎÏ‹ÛÂȘ. °È· ·Ú¿‰ÂÈÁÌ· ·ÂÏ¢ıÂÚÒÓÂÈ ÙÔÓ ¯Ú‹ÛÙË ¯ˆÚÈο Î·È ¯ÚÔÓÈο Î·È ·fi ÙËÓ ·Ó¿ÁÎË ÁÈ· ·ÎÚÈ‚fi Î·È ÌÂÁ¿ÏÔ ÚÔÛˆÈÎfi Û‡ÛÙËÌ· Î·È ÙÔ˘ ÂÈÙÚ¤ÂÈ Ó· ÂÚÁ¿˙ÂÙ·È fiÔ˘ Î·È Ó· ‚Ú›ÛÎÂÙ·È ÊÙ¿ÓÂÈ Ó· ˘¿Ú¯ÂÈ Â·Ú΋˜ Î·È ·ÛÊ·Ï‹˜ ÚfiÛ‚·ÛË ÛÙÔ ‰È·‰›ÎÙ˘Ô. ΔÔ ÚÔÛˆÈÎfi Û‡ÛÙËÌ· ÌÔÚ› Ó· ¤¯ÂÈ ÔÏϤ˜ ÌÔÚʤ˜ ÌÔÚ› Ó· Â›Ó·È ¤Ó·˜ ÛÙ·ıÂÚfi˜ ÛÙ·ıÌfi˜ ÂÚÁ·Û›·˜, ¤Ó·˜ ÂÈÁÔÓ¿ÙÈÔ˜ ˘ÔÏÔÁÈÛÙ‹˜, ÌÈ· Ù·ÌϤٷ Ù‡Ô˘ ipod, ipad ‹ Î·È Kindle ‹ ·ÎfiÌË Î·È ¤Ó· Â˘Ê˘¤˜ ÙËϤʈÓÔ Ù‡Ô˘ iphone, blackberry, Nokia Î.·.. ∞˘Ù‹ Ë ÂͤÏÈÍË ·ÂÏ¢ıÂÚÒÓÂÈ ÙÔÓ ¯Ú‹ÛÙË ·fi ÙÔ˘˜ ¯ˆÚÈÎÔ‡˜ Î·È ¯ÚÔÓÈÎÔ‡˜ ÂÚÈÔÚÈÛÌÔ‡˜ Ù˘ ÂÚÁ·Û›·˜ Î·È ÙÔ˘ ÂÈÙÚ¤ÂÈ Ó· ¤¯ÂÈ ÌÂÁ·Ï‡ÙÂÚË Â˘ÂÏÈÍ›· Î·È ÂÏ¢ıÂÚ›· ÛÙË ‰ÈÂÎÂÚ·›ˆÛË Ù˘. μ‚·›ˆ˜ Ë Î·Ù¿¯ÚËÛË ·˘Ù‹˜ Ù˘ ·ÂÏ¢ı¤ÚˆÛ˘ Ô‰ËÁ› Û ÌÈ· Ó¤·˜ ÌÔÚÊ‹˜ ·˘Ùfi‚Ô˘ÏÔ˘ ÂÚÈÔÚÈÛÌÔ‡ fiÔ˘ Ù· fiÚÈ· ÌÂٷ͇ ÂÚÁ·Û›·˜ Î·È È‰ÈˆÙÈ΋˜ ˙ˆ‹˜ ‰ÂÓ ¤¯Ô˘Ó Û·Ê‹ fiÚÈ· Î·È Ô ÂÚÁ·˙fiÌÂÓÔ˜ Ù›ÓÂÈ Ó· ÂÚÁ¿˙ÂÙ·È fiϘ Ù˘ ÒÚ˜ Ù˘ Ë̤ڷ˜ Î·È Ù˘ Ó‡ÎÙ·˜ Î·È ·ÓÙÔ‡. www.pliroforiki.org | 3 ∏ ÏÂÈÙÔ˘ÚÁ›· ÂÓfi˜ Ù¤ÙÔÈÔ˘ Û˘ÛÙ‹Ì·ÙÔ˜ ¿Óˆ ·fi fiÏ· ÚÔ¸Ôı¤ÙÂÈ ÌÈ· ÈÛ¯˘Ú‹ Î·È ·ÛÊ·Ï‹ ˘Ô‰ÔÌ‹ (Û˘Ó¯‹ ËÏÂÎÙÚÔ‰fiÙËÛË Î·È ÁÚ‹ÁÔÚÔ ‰È·‰›ÎÙ˘Ô) Ô˘ ı· ‰È·ÛÊ·Ï›˙ÂÈ ÙËÓ Û˘Ó¯‹ Î·È ÁÚ‹ÁÔÚË ÚfiÛ‚·ÛË ÛÙÔ ‰È·‰›ÎÙ˘Ô Î·È ÛÙ· Ì˯·Ó‹Ì·Ù·, ÏÔÁÈÛÌÈÎfi Î·È ‰Â‰Ô̤ӷ ÙÔ˘ ¯Ú‹ÛÙË ÒÛÙ ӷ ÌÔÚ› Ó· ÂÎÙÂÏ› ÙËÓ ÂÚÁ·Û›· ÙÔ˘ ·ÓÂÌfi‰ÈÛÙ·. ªÂÙ¿ ÙÔÓ πÔ‡ÏÈÔ ÙÔ˘ 2011 Î·È ÁÈ· ‰‡Ô ÂÚ›Ô˘ Ì‹Ó˜ Ù· ·˘ÙÔÓfiËÙ· ·˘Ù¿ ·ÔÙÂÏÔ‡Û·Ó ·ÛÙ¿ıÌËÙÔ˘˜ ·Ú¿ÁÔÓÙ˜ ÛÙËÓ ∫‡ÚÔ ÌÈ· Î·È Ë ·Ú·ÁfiÌÂÓË ËÏÂÎÙÚÈ΋ ÂÓ¤ÚÁÂÈ· ‰ÂÓ Â·ÚÎÔ‡Û ÁÈ· ÙȘ ·Ó¿ÁΘ Ù˘ ¯ÒÚ·˜. ¶ÔÏϤ˜ ÂÚÁ·ÙÔÒÚ˜ ›¯·Ó ¯·ı› ÂΛÓË ÙËÓ ÂÚ›Ô‰Ô Î·È ÔÏÏÔ› ¯Ú‹ÛÙ˜ ¤ÊÙ·Û·Ó ÛÙÔ ¯Â›ÏÔ˜ Ù˘ ·fiÁÓˆÛ˘ fiÙ·Ó Ë ·ÒÏÂÈ· Ù˘ ËÏÂÎÙÚÈ΋˜ ÂÓ¤ÚÁÂÈ·˜ Û˘ÓÙÂÏÔ‡Û ÛÙËÓ ·ÒÏÂÈ· Ù˘ ÂÚÁ·Û›·˜ Î·È ÙˆÓ ‰Â‰ÔÌ¤ÓˆÓ Ô˘ ‚ÚÈÛÎfiÓÙÔ˘Û·Ó ˘fi ÂÂÍÂÚÁ·Û›·. ΔËÓ ÂÔ¯‹ ÂΛÓË ÔÈ ÂÙ·ÈÚ›˜ ÙÔ˘ ÎÏ¿‰Ô˘ ‹Ù·Ó ÛÂ Û˘Ó¯‹ ÂÈÊ˘Ï·Î‹ ÁÈ· Ó· Â͢ËÚÂÙÔ‡Ó ÂÏ¿Ù˜ Û ·fiÁÓˆÛË Î·È Ó· ÚÔÌËıÂ‡Ô˘Ó ÂÙ·ÈÚ›˜ Ì Ì˯·Ó¤˜ ·Ú·ÁˆÁ‹˜ ËÏÂÎÙÚÈ΋˜ ÂÓ¤ÚÁÂÈ·˜ Î·È Û˘ÛÙ‹Ì·Ù· ·‰È¿ÏÂÈÙ˘ ·ÚÔ¯‹˜ ËÏÂÎÙÚÈ΋˜ ÂÓ¤ÚÁÂÈ·˜ (UPS). ∏ ÂÎÙ›ÌËÛË ÁÈ· ÙÔ ÂÂÚ¯fiÌÂÓÔ Î·ÏÔη›ÚÈ Î·È ÙËÓ ·˘Í·ÓfiÌÂÓË ·Ó¿ÁÎË Û ËÏÂÎÙÚÈÛÌfi Â›Ó·È Ì¿ÏÏÔÓ ·ÚÓËÙÈ΋ ÁÈ·Ù› Ë Â¿ÚÎÂÈ· ÂÍ·ÎÔÏÔ˘ı› Ó· Â›Ó·È ÂÈÛÊ·Ï‹˜. μ‚·›ˆ˜ ÙÔ ‰›ÏËÌÌ· ˆ˜ ÚÔ˜ ÙÔ ÙÈ Â›Ó·È ÚÔÙÈÌËÙ¤Ô ¤Ó· ·˘ÙÔ‰‡Ó·ÌÔ ÂÙ·ÈÚÈÎfi ‹ Î·È ÚÔÛˆÈÎfi Û‡ÛÙËÌ· Ì ÂÚÈÔÚÈṲ̂ÓË ·Ó¿ÁÎË ÁÈ· ÚfiÛ‚·ÛË ÛÙÔ ‰È·‰›ÎÙ˘Ô ‹ ¤Ó· Û‡ÛÙËÌ· ÌÂ Û˘Ó¯‹ ÚfiÛ‚·ÛË ÛÙÔ ‰È·‰›ÎÙ˘Ô Î·È ·ÓÂÌfi‰ÈÛÙË ·ÍÈÔÔ›ËÛË ÏÔÁÈÛÌÈÎÔ‡ Î·È ‰Â‰ÔÌ¤ÓˆÓ Â›Ó·È Â› Ù˘ Ô˘Û›·˜ „¢‰Ô‰›ÏÏËÌ· ÁÈ·Ù› Ë ÛˆÛÙ‹ ·¿ÓÙËÛË ¤¯ÂÈ Ó· οÓÂÈ Ì ÙÔ ÙÈ Â͢ËÚÂÙ› ηχÙÂÚ·, ·ÛʷϤÛÙÂÚ· Î·È ÔÈÎÔÓÔÌÈÎfiÙÂÚ· ÙȘ ÂÙ·ÈÚÈΤ˜ Î·È ÚÔÛˆÈΤ˜ ·Ó¿ÁΘ. μ‚·›ˆ˜ Ë Ù¿ÛË Â›Ó·È ÁÈ· ÌÈÎÚ¿ ÌÂÙ·ÊÂÚfiÌÂÓ· Û˘ÛÙ‹Ì·Ù· Ì ÌÂȈ̤ÓË ˘ÔÏÔÁÈÛÙÈ΋ ‰‡Ó·ÌË Î·È ·ÔıË΢ÙÈÎfi ¯ÒÚÔ ·ÏÏ¿ ·˘ÍË̤ÓË ·˘ÙfiÓÔÌË ÏÂÈÙÔ˘ÚÁ›· ¯ˆÚ›˜ ·Ó¿ÁÎË ·ÚÔ¯‹ ËÏÂÎÙÚÈ΋˜ ÂÓ¤ÚÁÂÈ·˜ ·ÏÏ¿ Ì ÚfiÛ‚·ÛË ÛÙÔ ‰È·‰›ÎÙ˘Ô. CYPRUS INFOSEC WEEK 2011 ΔÔÓ ÂÚ·Ṳ̂ÓÔ √ÎÙÒ‚ÚÈÔ Ô ™‡Ó‰ÂÛÌÔ˜ ÛÂ Û˘ÓÂÚÁ·Û›· Ì ÙÔ ¶·ÓÂÈÛÙ‹ÌÈÔ §Â˘ÎˆÛ›·˜ ÔÚÁ¿ÓˆÛ·Ó ÙËÓ Â‚‰ÔÌ¿‰· Cyprus Infosec 2011 Ë ÔÔ›· ÂÚÈÂÏ¿Ì‚·Ó ·ÁÁÂÏÌ·ÙÈο ÛÂÌÈÓ¿ÚÈ· Î·È ÙÔ Î·ıÈÂڈ̤ÓÔ ÌÔÓÔ‹ÌÂÚÔ Û˘Ó¤‰ÚÈÔ. ∏ ‚‰ÔÌ¿‰· ÚÔÛ¤ÊÂÚ ¤Ó· ÏÔ‡ÛÈÔ ÚfiÁÚ·ÌÌ· Ì ÔÏÏ¿ Î·È ‰È·ÊÔÚÂÙÈο ı¤Ì·Ù· ÂÚÈÏ·Ì‚·ÓÔ̤ÓÔ˘ Î·È ÙÔ˘ “η˘ÙÔ‡” ı¤Ì·ÙÔ˜ ·ÛÊ¿ÏÂÈ·˜ ÛÙÔ “cloud”. ¶·ÚfiÏÔ ÙÔ ‰‡ÛÎÔÏÔ ÔÈÎÔÓÔÌÈÎfi ÂÚÈ‚¿ÏÏÔÓ Ë Â‚‰ÔÌ¿‰· ·ÏÈÛ ÔÌ·Ï¿ Î·È ‹Ù·Ó ÂÈÙ˘¯‹˜. ™Ù· Ï·›ÛÈ· ÙÔ˘ Û˘Ó‰ڛԢ ¤ÁÈÓ ÁÈ· ÚÒÙË ÊÔÚ¿ ·ÚÔ˘Û›·ÛË Ì¤Ûˆ ÙËωȿÛ΄˘, ηٿ ÙËÓ ÔÔ›· Ô “ÁÎÔ˘ÚÔ‡” Mr. Winn Schwartau Ì›ÏËÛ ·fi ÙȘ ∏¶∞ ÁÈ· Ù· ÊϤÁÔÓÙ· ı¤Ì·Ù· ÛÙÔÓ ÙÔ̤· ·ÛÊ¿ÏÂÈ·˜ Ô˘ ÙÔÓ ÎÚ·ÙÔ‡Ó “͇ÓÈÔ Ù· ‚Ú¿‰È·”. ™Ù· ‰˘Û¿ÚÂÛÙ· ÙÔ˘ Cyprus Infosec 2011 Û˘ÌÂÚÈÏ·Ì‚¿ÓÂÙ·È Ô ·‰fiÎËÙÔ˜ ¯·Ìfi˜ ÙÔ˘ Ì·ÎÚÔ¯ÚfiÓÈÔ˘ Û˘ÓÂÚÁ¿ÙË ÙÔ˘ £ÂÛÌÔ‡ 4 | www.pliroforiki.org Cyprus Infosec Î·È ÙÔ˘ ÂÚÈÔ‰ÈÎÔ‡ ÙÔ˘ ™˘Ó‰¤ÛÌÔ˘, Dr Eugene Shultz. ø˜ ÂÎ ÙÔ‡ÙÔ˘ Ë Â‚‰ÔÌ¿‰· ‹Ù·Ó ·ÊÈÂڈ̤ÓË ÛÙË ÌÓ‹ÌË ÙÔ˘. √ °È¿ÓÓÔ˜ ∞ÏÂÙÚ¿Ú˘ ÂΠ̤ÚÔ˘˜ ÙÔ˘ ¢ÈÔÈÎËÙÈÎÔ‡ ™˘Ì‚Ô˘Ï›Ô˘ ·Ô¯·ÈÚÂÙ¿ ÙÔ Gene Ì ¤Ó· Û‡ÓÙÔÌÔ ·ÊȤڈ̷ ÛÙËÓ ·ÚÔ‡Û· ¤Î‰ÔÛË. £∂ª∞Δ√§√°π∞ ™ÙËÓ ™˘ÓÙ·ÎÙÈ΋ ∂ÈÙÚÔ‹ ÙÔ˘ ÂÚÈÔ‰ÈÎÔ‡ ¤¯ÂÈ ÚÔÛÙÂı› ¤Ó· ·ÎfiÌË Ì¤ÏÔ˜ Ô ¢Ú. ∫ˆÓÛÙ·ÓÙ›ÓÔ˜ ∑ÂÚ‚›‰Ë˜, Ô ÔÔ›Ô˜ ÚfiÛÊ·Ù· ‰ÈÔÚ›ÛÙËΠÛÙÔ ΔÌ‹Ì· ∂ÈıÂÒÚËÛ˘ ∂ÚÁ·Û›·˜, ∫Ï¿‰Ô˜ ∞ÎÙÈÓÔÚÔÛÙ·Û›·˜ ÙÔ˘ ÀÔ˘ÚÁ›Ԣ ∂ÚÁ·Û›·˜ Î·È ∫ÔÈÓˆÓÈÎÒÓ ∞ÛʷϛۈÓ. ΔÔÓ Î·ÏˆÛÔÚ›˙Ô˘Ì ÛÙËÓ ÔÌ¿‰· Ì·˜. H ıÂÌ·ÙÔÏÔÁ›· Ù˘ ¤Î‰ÔÛ˘ ÂÚÈÏ·Ì‚¿ÓÂÈ ÌÈ· ÛÂÈÚ¿ ·fi ÂӉȷʤÚÔÓÙ· Î·È ÔÈΛϷ ¿ÚıÚ· Ô˘ ηχÙÔ˘Ó ¤Ó· ¢ڇ Ê¿ÛÌ· ıÂÌ¿ÙˆÓ Ì ÂÈΤÓÙÚˆÛË fï˜ ÛÙËÓ ·ÛÊ¿ÏÂÈ· Ù˘ ÏËÚÔÊÔÚ›·˜ ÌÈ·, ˆ˜ ·ÔÙ¤ÏÂÛÌ· Ù˘ ‚‰ÔÌ¿‰·˜ Infosec2011, Î·È ÂÚÈÏ·Ì‚¿ÓÂÈ Ù· ·ÎfiÏÔ˘ı· ΛÌÂÓ·: ∫·Ù’ ·Ú¯‹Ó Ô °È¿ÓÓÔ˜ ∞ÏÂÙÚ¿Ú˘ ·ÚÔ˘ÛÈ¿˙ÂÈ ÙË ÓÂÎÚÔÏÔÁ›· ÁÈ· ÙÔ Ì·ÎÚÔ¯ÚfiÓÈÔ Ê›ÏÔ ÙÔ˘ ™˘Ó‰¤ÛÌÔ˘ Î·È Ù·ÎÙÈÎfi Û˘ÓÂÚÁ¿ÙË ÙÔ˘ Cyprus Infosec ÙÔÓ Dr Eugene Shultz. √ ¶·Û¯¿Ï˘ ¶ÈÛÛ·Ú›‰Ë˜, ¶Úfi‰ÚÔ˜ ÙÔ˘ ∫˘ÚÈ·ÎÔ‡ πÓÛÙÈÙÔ‡ÙÔ˘ ∂ϤÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ (ISACA Cyprus Chapter) ÁÚ¿ÊÂÈ ÁÈ· ÙËÓ ›‰Ú˘ÛË Î·È ÏÂÈÙÔ˘ÚÁ›· ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ Î·È ÙË ÛËÌ·ÓÙÈ΋ ·ÔÛÙÔÏ‹ ÙÔ˘ ÛÙËÓ ·ÓÙÈÌÂÙÒÈÛË ÙˆÓ ·˘Í·ÓfiÌÂÓˆÓ ÎÈÓ‰‡ÓˆÓ, ÙˆÓ ÂϤÁ¯ˆÓ ÈÛÙÔÔ›ËÛ˘ Ù˘ ·ÛÊ¿ÏÂÈ·˜ Î·È Ù˘ ÔÚı‹˜ ‰È·Î˘‚¤ÚÓËÛ˘ ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜, Î·È ÁÂÓÈÎfiÙÂÚ· Ù˘ ÚÔÛÙ·Û›·˜ Ù˘ ÏËÚÔÊÔÚ›·˜. √ Vernon Poole, ¤Ó·˜ Ù·ÎÙÈÎfi˜ Û˘ÓÂÚÁ¿Ù˘ ÛÙ· Ï·›ÛÈ· ÙÔ˘ Infosec Î·È ÙÔ˘ ÂÚÈÔ‰ÈÎÔ‡, ‰›ÓÂÈ Û˘Ì‚Ô˘Ï¤˜ ÛÙȘ ‰È¢ı‡ÓÛÂȘ Î·È ‰ÈÔÈ΋ÛÂȘ ÙˆÓ ÔÚÁ·ÓÈÛÌÒÓ Ò˜ Ó· ¯ÂÈÚÈÛÙÔ‡Ó ÙÔ˘˜ ÚfiÏÔ˘˜ ÙÔ˘˜ Û ۯ¤ÛË Ì ÙËÓ ‰È·¯Â›ÚÈÛË Ù˘ ·ÛÊ¿ÏÂÈ·˜ Ù˘ ÏËÚÔÊÔÚ›·˜ Ì ÙÔ ¿ÚıÚÔ ÙÔ˘ “Governance of Information Security & Other Initiatives”. O Dr Andrew Jones ÁÚ¿ÊÂÈ ÛÙÔ ¿ÚıÚÔ Ì ٛÙÏÔ “Safe Computing in an Increasingly Hostile World: Security 2.0” ÁÈ· ÙËÓ ·˘ÍË̤ÓË ·Ó¿ÁÎË ·ÓÙÈÌÂÙÒÈÛ˘ Ù˘ ·ÛÊ¿ÏÂÈ·˜ Ù˘ ÏËÚÔÊÔÚ›·˜ ̤۷ ·fi ÙÔ Û¯Â‰È·ÛÌfi ‰ÈÎÙ‡ˆÓ Î·È ÂÊ·ÚÌÔÁÒÓ fiÔ˘ Ë ·ÛÊ¿ÏÂÈ· Â›Ó·È ÌÂٷ͇ ÙˆÓ Û¯Â‰È·ÛÙÈÎÒÓ ÎÚÈÙËÚ›ˆÓ √ David Lacey ÛÙÔ ¿ÚıÚÔ ÙÔ˘ “The Future of Information Security: New Priorities, New Skills and New Technologies” ÁÚ¿ÊÂÈ ÁÈ· ÙÔÓ ·Ó·‰˘fiÌÂÓÔ ÎfiÛÌÔ fiÔ˘ Ù· fiÚÈ· ÌÂٷ͇ ÙÔ˘ ·ÁÁÂÏÌ·ÙÈÎÔ‡ Î·È ÙÔ˘ ÚÔÛˆÈÎÔ‡ ÂÚÈ‚¿ÏÏÔÓÙÔ˜ ηٷÚÁÔ‡ÓÙ·È Î·È fiÔ˘ fiÏÔÈ Î·È fiÏ· ‚Ú›ÛÎÔÓÙ·È ÛÙÔ ‰È·‰›ÎÙ˘Ô Î·È ÙȘ ·ÁÁÂÏÌ·ÙÈΤ˜ ÚÔÎÏ‹ÛÂȘ Ô˘ ·˘Ù‹ Ë ÂͤÏÈÍË ‰ËÌÈÔ˘ÚÁ›. √ ˘Ô„‹ÊÈÔ˜ ‰È‰¿ÎÙˆÚ ÃÚ›ÛÙÔ˜ ¶··‰ËÌËÙÚ›Ô˘ ·ÚÔ˘ÛÈ¿˙ÂÈ ¤Ó· ÂӉȷʤÚÔÓ ¿ÚıÚÔ ÁÈ· ÙËÓ Ù¯ÓËÙ‹ ÓÔËÌÔÛ‡ÓË Ì ÙÔ ¿ÚıÚÔ ÙÔ˘ “To What Extend is the Turing Test Still Important?” ÛÙÔ ÔÔ›Ô ·ÚÔ˘ÛÈ¿˙ÂÈ Î·È ·Ó·Ï‡ÂÈ ¤Ó· ÓÔËÙÈÎfi ›ڷ̷ ÙÔ˘ Alan Turing ÂÓfi˜ ÚˆÙÔfiÚÔ˘ ÛÙÔ ¯ÒÚÔ. √ ∞Ó‰Ú¤·˜ ™ÔÏÔÌÔ‡ Î·È Ô ∫˘ÚÈ¿ÎÔ˜ °ÂˆÚÁ›Ô˘, ÂÎ ÙˆÓ ÌÂÏÒÓ Ù˘ Û˘ÓÙ·ÎÙÈ΋˜ ÂÈÙÚÔ‹˜, ÛÙÔ ¿ÚıÚÔ ÙÔ˘˜ “The Role of Effective Project Management in Project Success: Identifying Success Criteria and Critical Success Factors” ¶ÂÚÈÁÚ¿ÊÔ˘Ó ÙȘ ÚÔÎÏ‹ÛÂȘ ÛÙË ‰È·¯Â›ÚÈÛË ¤ÚÁˆÓ ÏËÚÔÊÔÚÈ΋˜ Î·È ÙÔ˘˜ ÎÚ›ÛÈÌÔ˘˜ ·Ú¿ÁÔÓÙ˜ Ô˘ ηıÔÚ›˙Ô˘Ó ÙËÓ ÂÈÙ˘¯›· ÂÓfi˜ ¤ÚÁÔ˘. ∏ ¤Î‰ÔÛË Û˘ÌÏËÚÒÓÂÙ·È Ì ÙË ÌfiÓÈÌË ÛÙ‹ÏË ÙÔ˘ ¢Ú·. º›ÏÈÔ˘ ¶ÂÏÂÙȤ “Do you know this Man”, Ì ̛· ÂÍ·ÈÚÂÙÈ΋ ÓÂÎÚÔÏÔÁ›· ·ÊÈÂڈ̤ÓË ÛÙÔÓ ÙÔ˘ Steven Jobs, π‰Ú˘Ù‹ Î·È ¢È¢ı‡ÓÔÓÙ· ™‡Ì‚Ô˘ÏÔ Ù˘ Apple. ∂¶π§√°√™ ∫·ıËÌÂÚÈÓ¿ ÁÈÓfiÌ·ÛÙ ̿ÚÙ˘Ú˜ ÛÙËÓ ∫‡ÚÔ Î·È ÛÙËÓ ∂ÏÏ¿‰· ÚˆÙfiÁÓˆÚˆÓ ÎÔÈÓˆÓÈÎÒÓ Î·Ù·ÛÙ¿ÛÂˆÓ Î·È Ê·ÈÓÔÌ¤ÓˆÓ ¤Ó‰ÂÈ·˜ Î·È ÂÍ·ıÏ›ˆÛ˘ Ô˘ ‰ÂÓ ¤¯Ô˘Ì ˙‹ÛÂÈ Ô‡Ù ÙËÓ ÂÚ›Ô‰Ô Ù˘ ΔÔ˘ÚÎÈ΋˜ ∂ÈÛ‚ÔÏ‹˜ ÙÔ Î·ÏÔη›ÚÈ ÙÔ˘ 1974. ∞ÎfiÌË ˙ԇ̠ÌÈ· ¤Í·ÚÛË ÙÔ˘ ÂÁÎÏ‹Ì·ÙÔ˜ ·ÚÈ· ˘fi ÙË ÌÔÚÊ‹ ÎÏÔÒÓ, ÏËÛÙÂÈÒÓ Î·È ‰È·ÚÚ‹ÍÂˆÓ ·fi ·ÓıÚÒÔ˘˜ Ô˘ ‰ÂÓ ¤¯Ô˘Ó Ù· ÛÙÔȯÂÈÒ‰Ë Î·È ÚÔÛ·ıÔ‡Ó Ì ·Ú¿ÓÔÌÔ˘˜ ÙÚfiÔ˘˜ Ó· ηχ„Ô˘Ó ÙȘ ·Ó¿ÁΘ ÙˆÓ ÔÈÎÔÁÂÓÂÈÒÓ ÙÔ˘˜. ∏ ‰˘Ó·ÙfiÙËÙ· ÙÔ˘ ÎÚ¿ÙÔ˘˜ Î·È Ù˘ ÎÔÈÓˆÓ›·˜, ÂÓ Á¤ÓÂÈ, Ó· ·ÓÙÈÌÂÙˆ›ÛÔ˘Ó ·˘Ù¿ Ù· Ê·ÈÓfiÌÂÓ· Ê·›ÓÂÙ·È Ó· Â›Ó·È ÂÚÈÔÚÈṲ̂ÓË Î·È ·Ó›Î·ÓË Ó· ·ÓÙÈÌÂÙˆ›ÛÂÈ Ì ¿ÚÎÂÈ· ÙȘ ÛÙÔȯÂÈÒ‰ÂȘ ·Ó¿ÁΘ ÙˆÓ Û˘Ó·ÓıÚÒˆÓ Ì·˜. ¶ÔÏÏ¿ ı· Ú¤ÂÈ Ó· Á›ÓÔ˘Ó Î‡ÚÈ· ·fi ÏÂ˘Ú¿˜ ËÌÒÓ ÙˆÓ ÔÏÈÙÒÓ Ô˘ ¤¯Ô˘Ì ÙË ‰˘Ó·ÙfiÙËÙ· Î·È ı· Ú¤ÂÈ Ó· ÛÙ·ıԇ̠·ÚˆÁÔ› ÛÙÔ˘˜ Û˘Ó·ÓıÚÒÔ˘˜ Ì·˜ Ô˘ ‚Ú›ÛÎÔÓÙ·È Á‡Úˆ Ì·˜, ÛÙË ÁÂÈÙÔÓÈ¿ Ì·˜ ÛÙËÓ ÎÔÈÓfiÙËÙ· Ì·˜ ÛÙÔ ‰ÈÏ·Ófi Ì·˜ Û›ÙÈ. ı· Ú¤ÂÈ Ó· οÓÔ˘Ì ÙËÓ ÊÈÏ·ÓıÚˆ›· ÚÔÙÂÚ·ÈfiÙËÙ·. ∫·È fiÙ·Ó ÓÔÈÒıÂÙ ¤ÓÙÔÓ· ¤Ó· ·›ÛıËÌ· ·fiÁÓˆÛ˘ Î·È ·‰ÈÂÍfi‰Ô˘ ÁÈ· ÙËÓ ·ıÏÈfiÙËÙ· Î·È ÙËÓ ¤Ó‰ÂÈ· Ô˘ Ì·˜ ÂÚÈ‚¿ÏÏÂÈ Ó· ʤÚÓÂÙ ÛÙÔ ÓÔ˘Ó ÙÔ˘˜ ÛÙ›¯Ô˘˜ ÙÔ˘ ÌÂÁ¿ÏÔ˘ ÔÈËÙ‹ ∫ˆÛÙ‹ ¶·Ï·Ì¿ (¶¿ÙÚ·, 13 π·ÓÔ˘·Ú›Ô˘ 1859 - ∞ı‹Ó·, 27 ºÂ‚ÚÔ˘·Ú›Ô˘ 1943) ÛÙÔ ¢ˆ‰ÂοÏÔÁÔ ÙÔ˘ °‡ÊÙÔ˘. ∫È ·Ó ¤Û·Ì Û ¤ÛÈÌÔ ÚˆÙ¿ÎÔ˘ÛÙÔ Î·È Û ÁÎÚÂÌfi ηÙÚ·Î˘Ï‹Û·Ì Ԣ ÈÔ ‚·ı‡ ηÌÈ¿ Ê˘Ï‹ ‰ÂÓ Â›‰Â ˆ˜ ÙÒÚ·, Â›Ó·È ÁÈ·Ù› ÌÂ ÙˆÓ Î·ÈÚÒÓ ÙÔ Ï‹ÚˆÌ· fiÌÔÈ· ‚·ı‡ ÂÓ' ·Ó¤‚·ÛÌ· Ì·˜ ̤ÏÏÂÙ·È ÚÔ˜ ‡„Ë Ô˘Ú·ÓÔÊfiÚ·! ¢π∞º∏ªπ™Δ∂πΔ∂ ™Δ∏¡ ¶§∏ƒ√º√ƒπ∫∏! ¢È·ÊËÌ›˙ÔÓÙ·˜ ÛÙÔ ÂÚÈÔ‰ÈÎfi ¶ÏËÚÔÊÔÚÈ΋ ÚÔˆı›Ù ÙȘ ˘ËÚÂۛ˜ Î·È Ù· ÚÔÈfiÓÙ· Û·˜ Û ÂÚÈÛÛfiÙÂÚÔ˘˜ ·fi 1000 ·Ó·ÁÓÒÛÙ˜, ·ÁÁÂÏ̷ٛ˜, ÂȉÈÎÔ› Î·È Ê›ÏÔÈ ÙÔ˘ ÙÔ̤· ¶ÏËÚÔÊÔÚÈ΋˜, Δ¯ÓÔÏÔÁ›·˜ Î·È ∂ÈÎÔÈÓˆÓÈÒÓ ÛÙËÓ ∫‡ÚÔ! °È· ÏËÚÔÊÔڛ˜ Û¯ÂÙÈο Ì ÙÈ̤˜ Î·È ÎÚ·Ù‹ÛÂȘ ÁÈ· Ù· ÂfiÌÂÓ· Ì·˜ Ù‡¯Ë, ÂÈÎÔÈÓˆÓ‹ÛÙ Ì ÙËÓ À‡ı˘ÓË ¢ËÌÔÛ›ˆÓ ™¯¤ÛÂˆÓ ÙÔ˘ ∫˘ÚÈ·ÎÔ‡ ™˘Ó‰¤ÛÌÔ˘ ¶ÏËÚÔÊÔÚÈ΋˜ ÃÚÈÛÙ›Ó· ¶··ÌÈÏÙÈ¿‰Ô˘ ÙËÏ. 22460680 email: [email protected] . ADVERTISE IN PLIROFORIKI! By advertising in Pliroforiki you are promoting your services and products to more than 1000 readers, professionals, specialists and friends of Computers, Information, Technology and Communications Industry in Cyprus! For information regarding prices and reservations you can contact the Cyprus Computer Society Public Relations Officer Christina Papamiltiadou at tel. 22460680, email: [email protected] . www.pliroforiki.org | 5 Δ∞ ¡∂∞ ª∞™ ∂∫¢∏§ø™∂π™ CCS CALL OF THE WHITE ∫·È ·˘Ù‹ ÙË ¯ÚÔÓÈ¿ ÙÔ √ ™‡Ó‰ÂÛÌÔ˜ ¿ÓÙÔÙ ÛÙËÚ›˙ÂÈ ·ÓıÚÒÔ˘˜ Î·È Ú¿ÍÂȘ Ô˘ ÂȉÂÈÎÓ‡Ô˘Ó ÙfiÏÌË, ÚˆÙÔÔÚ›·, „˘¯È΋ ‰‡Ó·ÌË Î·È ı¿ÚÚÔ˜. ŒÙÛÈ, ÁÈ· ‰Â‡ÙÂÚË ÊÔÚ¿ Ù›ÌËÛ ÙËÓ ÚÒÙË ∫‡ÚÈ· Ô˘ η٤ÎÙËÛ ÙÔ ¡fiÙÈÔ ¶fiÏÔ Î·È ÙÔ ÛËÌ·ÓÙÈÎfi ›Ù¢ÁÌ· Ù˘, ‰ÈÔÚÁ·ÓÒÓÔÓÙ·˜ ÂΉ‹ÏˆÛË Ì ı¤Ì· ÙËÓ ∞ÔÛÙÔÏ‹ Ù˘ ∫ÔÈÓÔÔÏÈÙ›·˜ ÛÙËÓ ∞ÓÙ·ÚÎÙÈ΋ (Kaspersky Lab Commonwealth Antarctic Expedition) fiÔ˘ Û˘ÌÌÂÙ›¯Â Ë ›‰È· Ì ¿ÏϘ 7 Á˘Ó·›Î˜ Ù˘ ∫ÔÈÓÔÔÏÈÙ›·˜. ™ÙËÓ ÂÓ ÏfiÁˆ ÂΉ‹ÏˆÛË Ô˘ Ú·ÁÌ·ÙÔÔÈ‹ıËΠÛÙȘ 13 √ÎÙˆ‚Ú›Ô˘ ÙÔ˘ 2011, ÙÔ CCS ÛÂ Û˘ÓÂÚÁ·Û›· Ì ÙÔ ¶·ÓÂÈÛÙ‹ÌÈÔ §Â˘ÎˆÛ›·˜, ·ÚÔ˘Û›·Û ÙËÓ ·ÁÎfiÛÌÈ· ÚÂÌȤڷ ÙÔ˘ ÓÙÔÎÈÌ·ÓÙ¤Ú ÁÈ· ·˘Ù‹ ÙËÓ ·ÔÛÙÔÏ‹ «CALL OF THE WHITE».∂ȉÈο ÁÈ· ÙËÓ ÂΉ‹ÏˆÛË ‹Úı ÛÙËÓ ∫‡ÚÔ Ë ·Ú¯ËÁfi˜ Ù˘ ·ÔÛÙÔÏ‹˜ Felicity Aston, Ë fiÔÈ· ¤¯ÂÈ Û˘ÁÁÚ¿„ÂÈ ÙÔ ÔÌÒÓ˘ÌÔ ‚È‚Ï›Ô Î·È Ë Û˘ÌÌÂÙ¤¯Ô˘Û· ·fi ÙË ™ÈÁηԇÚË Sophia Pang. ªÂÙ¿ ÙËÓ ÚÔ‚ÔÏ‹ Ù˘ Ù·ÈÓ›·˜, Ë Felicity, Ë Sophia Î·È Ë ∫‡ÚÈ· ™Ù¤Ê·ÓË, Ì›ÏËÛ·Ó ÁÈ· ÙȘ ÂÌÂÈڛ˜ ÙÔ˘˜ Î·È ·¿ÓÙËÛ·Ó Û ÂÚˆÙ‹ÛÂȘ ·fi ÙÔ ÎÔÈÓfi. ¶¤Ú·Ó ÙˆÓ 150 ·Ú¢ÚÈÛÎÔÌ¤ÓˆÓ ÂÓÙ˘ˆÛÈ¿ÛÙËÎ·Ó ·fi ÙËÓ ÙÂÚ¿ÛÙÈ· ÚÔÛ¿ıÂÈ· ÙˆÓ 8 Á˘Ó·ÈÎÒÓ Ô˘ ‰È¤Ó˘Û·Ó 900 ¯ÈÏÈfiÌÂÙÚ· Û ·ÓÙ›ÍÔ˜ Û˘Óı‹Î˜ ÒÛÙ ӷ ηٷÎÙ‹ÛÔ˘Ó ÙÔ ÓÔÙÈfiÙÂÚÔ ¿ÎÚÔ ÙÔ˘ Ï·Ó‹ÙË. AGM ™ÙȘ 24 ¡ÔÂÌ‚Ú›Ô˘, ÛÙÔ ÍÂÓÔ‰Ô¯Â›Ô ∫ÏÂÔ¿ÙÚ· Ú·ÁÌ·ÙÔÔÈ‹ıËÎÂ Ë ∂Ù‹ÛÈ· °ÂÓÈ΋ ™˘Ó¤Ï¢ÛË ÙÔ˘ ™˘Ó‰¤ÛÌÔ˘ ÁÈ· ÙÔ 2011. √ ¶Úfi‰ÚÔ˜ ÙÔ˘ ¢.™. ÎÔ˜ ∫ÒÛÙ·˜ ∞ÁÚfiÙ˘ Ì›ÏËÛ ÁÈ· ÙÔÓ ·ÔÏÔÁÈÛÌfi Î·È Ë Δ·Ì›·˜ ÁÈ· ÙËÓ ÔÈÎÔÓÔÌÈ΋ ηٿÛÙ·ÛË ÙÔ˘ ÚÔËÁÔ‡ÌÂÓÔ˘ ¤ÙÔ˘˜ 2010, ÂÓÒ fiÏ· Ù· ̤ÏË ÙÔ˘ ¢.™. Û˘˙‹ÙËÛ·Ó Ì ÙÔ˘˜ 50 ·Ú¢ÚÈÛÎÔ̤ÓÔ˘˜ ÁÈ· ÙÚ¤¯ÔÓÙ· ˙ËÙ‹Ì·Ù· Î·È ‰Ú·ÛÙËÚÈfiÙËÙ˜. 6 | www.pliroforiki.org INFOSEC ªÂ ·fiÏ˘ÙË ÂÈÙ˘¯›· ÛÙ¤ÊıËΠÙÔ 8Ô ¢ÈÂıÓ¤˜ ™˘Ó¤‰ÚÈÔ Ì ı¤Ì· ÙËÓ «∞ÛÊ¿ÏÂÈ· Ù˘ ¶ÏËÚÔÊÔÚ›·˜» INFOSEC 2011 Ô˘ ‰ÈÔÚÁ·ÓÒıËΠ·fi ÙÔÓ ∫˘ÚÈ·Îfi ™‡Ó‰ÂÛÌÔ ¶ÏËÚÔÊÔÚÈ΋˜ ÙÔ ¡Ô¤Ì‚ÚÈÔ 2011, ÛÙÔ ¶·ÓÂÈÛÙ‹ÌÈÔ §Â˘ÎˆÛ›·˜. ™ÙÔ Û˘Ó¤‰ÚÈÔ, ÙÔ ÔÔ›Ô Ê¤ÙÔ˜ ›¯Â Ù›ÙÏÔ «Information Security: The Cloud And Beyond», ‰È·ÎÂÎÚÈ̤ÓÔÈ ÂÈÛÙ‹ÌÔÓ˜ Î·È ÂÈÛËÁËÙ¤˜ ·fi fiÏÔ ÙÔÓ ÎfiÛÌÔ ·Ú›¯·Ó ·ÚÔ˘ÛÈ¿ÛÂȘ Î·È ÂÚÁ·ÛÙ‹ÚÈ· ÁÈ· ÙȘ ÙÂÏÂ˘Ù·›Â˜ ‰ÈÂıÓ›˜ ÂÍÂÏ›ÍÂȘ ÛÙÔÓ ÙÔ̤· Ù˘ ∞ÛÊ¿ÏÂÈ·˜ ÙˆÓ ¶ÏËÚÔÊÔÚÈÒÓ. ø˜ ÂÎ ÙÔ‡ÙÔ˘, ¿Óˆ ·fi 100 Û˘ÌÌÂÙ¤¯ÔÓÙ˜, ·ÁÁÂÏ̷ٛ˜ ÏËÚÔÊÔÚÈ΋˜ Î·È ÂȯÂÈÚËÌ·ÙÈο ÛÙÂϤ¯Ë ›¯·Ó ÙËÓ Â˘Î·ÈÚ›· Ó· ÂÓËÌÂÚˆıÔ‡Ó ÁÈ· ÙȘ ÎÚ›ÛÈ̘ ·Ú·Ì¤ÙÚÔ˘˜ Ù˘ ·ÛÊ¿ÏÂÈ·˜ Î·È ÁÈ· ÙȘ ‚¤ÏÙÈÛÙ˜ Ú·ÎÙÈΤ˜ ÚÔÛÙ·Û›·˜. √ ∫˘ÚÈ·Îfi˜ ™‡Ó‰ÂÛÌÔ˜ ¶ÏËÚÔÊÔÚÈ΋˜ ¢¯·ÚÈÛÙ› fiÛÔ˘˜ Û˘Ó¤‚·Ï·Ó ÛÙËÓ ·ÔÙÂÏÂÛÌ·ÙÈ΋ ˘ÏÔÔ›ËÛË Ù˘ ‰ÈÔÚÁ¿ÓˆÛ˘ (CEPIS, ¶·ÓÂÈÛÙ‹ÌÈÔ §Â˘ÎˆÛ›·˜, ECDL, ™∂Δ∏§, Cyta, IBM, Microsoft & Powersoft) Î·È ˘fiÛ¯ÂÙ·È ÁÈ· ÙË Û˘Ó¤¯ÂÈ· ÙÔ˘ ıÂÛÌÔ‡ INFOSEC ÛÙÔ Ì¤ÏÏÔÓ. ™Àªª∂Δ√Ã∂™ ECDL/CCS ŒÎıÂÛË ™Ù·‰ÈÔ‰ÚÔÌ›·˜ °È· ¿ÏÏË ÌÈ· ¯ÚÔÓÈ¿ Ô ∫˘ÚÈ·Îfi˜ ™‡Ó‰ÂÛÌÔ˜ ¶ÏËÚÔÊÔÚÈ΋˜ ¤Ï·‚ ̤ÚÔ˜ ÛÙËÓ ŒÎıÂÛË ™Ù·‰ÈÔ‰ÚÔÌ›·˜ Ô˘ ‰ÈÔÚÁ·ÓÒıËΠ·fi ÙÔÓ ∫˘ÚÈ·Îfi ™‡Ó‰ÂÛÌÔ˜ ∫·ıËÁËÙÒÓ ™˘Ì‚Ô˘Ï¢ÙÈ΋˜ Î·È ∂·ÁÁÂÏÌ·ÙÈ΋˜ ∞ÁˆÁ‹˜ (√∂§ª∂∫) Î·È ÙÔ Û˘ÁÎÚfiÙËÌ· Ù˘ ΔÚ¿Â˙·˜ ∫‡ÚÔ˘ ÛÙȘ 19 Î·È 20 ¡ÔÂÌ‚Ú›Ô˘. ™Ù· ·È‰È¿ Ô˘ ÂӉȷʤÚÔÓÙ·È Ó· ·ÎÔÏÔ˘ı‹ÛÔ˘Ó ÙÔ Â¿ÁÁÂÏÌ· Ù˘ ¶ÏËÚÔÊÔÚÈ΋˜ ÂÎÙfi˜ ·fi ÙȘ ·Ó¿ÏÔÁ˜ Û˘Ì‚Ô˘Ï¤˜ ÚÔÛʤÚıËÎÂ Î·È ¤ÓÙ˘Ô ˘ÏÈÎfi Ì ÂÂÍ‹ÁËÛË ÙˆÓ Â·ÁÁÂÏÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜. ∫˘Ó‹ÁÈ £ËÛ·˘ÚÔ‡ °È· ‰¤Î·ÙË Û˘Ó¯‹ ¯ÚÔÓÈ¿ ‰ÈÔÚÁ·ÓÒıËΠÙÔ ƒ¿ÏÏ˘ ∫˘Ó‹ÁÈ £ËÛ·˘ÚÔ‡, ‰È·ÙËÚÒÓÙ·˜ ÙËÓ Î·Ï‹ ÙÔ˘ Ê‹ÌË ˆ˜ ÌÈ· ·fi ÙȘ ÈÔ “cool” ÂΉËÏÒÛÂȘ ÙÔ˘ ƒ·‰ÈÔÌ·Ú·ıˆÓ›Ô˘. ΔÔ ECDL Î·È ÙÔ CCS ˘ÔÛÙ‹ÚÈÍ·Ó Î·È Ê¤ÙÔ˜ ÙËÓ ÔÚÁ¿ÓˆÛË Ë ÔÔ›· Ú·ÁÌ·ÙÔÔÈ‹ıËΠÛÙȘ 4 ¢ÂÎÂÌ‚Ú›Ô˘, Î·È Â›¯Â ÚÂÎfiÚ Û˘ÌÌÂÙÔ¯ÒÓ (75 Û˘ÌÌÂÙ¤¯ÔÓÙ· ·˘ÙÔΛÓËÙ· -·fi 4 ÂÚ›Ô˘ ¿ÙÔÌ· ÛÙÔ Î¿ı ¤Ó·) ηıÒ˜ Î·È ÂÈÛÚ¿ÍÂˆÓ Ô˘ ·ÊÔÚÔ‡Û·Ó ÛÙË ÛÙ‹ÚÈÍË ÙˆÓ ·ÙfiÌˆÓ Ì ÂȉÈΤ˜ ·Ó¿ÁΘ. www.pliroforiki.org | 7 ∏ÌÂÚ›‰· ÁÈ· ÙË æËÊȷ΋ ∞Ù˙¤ÓÙ· Ù˘ ∂˘ÚÒ˘ √ ∫˘.™˘.¶. Û˘ÌÌÂÙ›¯Â ÛÙËÓ ∏ÌÂÚ›‰· Ì ٛÙÏÔ «Going Local II – A digital Agenda for Europe and Cyprus» Ô˘ ‰ÈÔÚÁ·ÓÒıËΠÛÙȘ 25 ¡ÔÂÌ‚Ú›Ô˘ ·fi ÙÔ ΔÌ‹Ì· ∏ÏÂÎÙÚÔÓÈÎÒÓ ∂ÈÎÔÈÓˆÓÈÒÓ ÙÔ˘ ÀÔ˘ÚÁ›Ԣ ™˘ÁÎÔÈÓˆÓÈÒÓ Î·È ŒÚÁˆÓ ÛÂ Û˘ÓÂÚÁ·Û›· Ì ÙË °ÂÓÈ΋ ¢È‡ı˘ÓÛË ÁÈ· ÙËÓ ∫ÔÈÓˆÓ›· Ù˘ ¶ÏËÚÔÊÔÚ›·˜ Î·È Ù· ªª∂ Ù˘ ∂˘Úˆ·˚΋˜ ∂ÈÙÚÔ‹˜. ™ÙËÓ ∏ÌÂÚ›‰·, ÂΠ̤ÚÔ˘˜ ÙÔ˘ ™˘Ó‰¤ÛÌÔ˘ Ì›ÏËÛÂ Ô ÎÔ˜ ¡Ù›ÓÔ˜ ∫ÔÓ‹˜ Ô˘ Î¿Ï˘„ ÙÔ ı¤Ì· ÙˆÓ ∏ÏÂÎÙÚÔÓÈÎÒÓ ¢ÂÍÈÔÙ‹ÙˆÓ – eSkills ·ÚÔ˘ÛÈ¿˙ÔÓÙ·˜ ÙËÓ Î˘Úȷ΋ Ú·ÁÌ·ÙÈÎfiÙËÙ· Û ۯ¤ÛË Ì ÙÔ Â›Â‰Ô ÙˆÓ e-‰ÂÍÈÔÙ‹ÙˆÓ ÛÙȘ ÂȯÂÈÚ‹ÛÂȘ, ηıÒ˜ Î·È ÙȘ ÂÓ¤ÚÁÂȘ Ù˘ ∂˘Úˆ·˚΋˜ ∂ÈÙÚÔ‹˜ ÁÈ· Ó· ‚ÔËı‹ÛÂÈ fiÏÔ˘˜ ÙÔ˘˜ ∂˘Úˆ·›Ô˘˜ Ó· Û˘ÌÌÂÙ¤¯Ô˘Ó ÛÙË „ËÊȷ΋ ÎÔÈÓˆÓ›·. ∏ÌÂÚ›‰· ÁÈ· ¡¤Â˜ Δ¯ÓÔÏÔÁ›Â˜ ÛÙËÓ ∂η›‰Â˘ÛË ΔÔ ÿ‰Ú˘Ì· ¢È·¯Â›ÚÈÛ˘ ∂˘Úˆ·˚ÎÒÓ ¶ÚÔÁÚ·ÌÌ¿ÙˆÓ ¢È· μ›Ô˘ ª¿ıËÛ˘ ‰ÈÔÚÁ¿ÓˆÛ ∏ÌÂÚ›‰· Ì ٛÙÏÔ «ÃÚ‹ÛË ¡¤ˆÓ Δ¯ÓÔÏÔÁÈÒÓ ÛÙËÓ ∂η›‰Â˘ÛË Î·È ÙËÓ ∫·Ù¿ÚÙÈÛË – ∏ÏÂÎÙÚÔÓÈ΋ ª¿ıËÛË». ™Ù· Ï·›ÛÈ· Ù˘ ÂΉ‹ÏˆÛ˘ ÏÂÈÙÔ‡ÚÁËÛ ŒÎıÂÛË Û˘ÌÌÂÙ¯fiÓÙˆÓ Û ¶ÚÔÁÚ¿ÌÌ·Ù· ¢È· μ›Ô˘ ª¿ıËÛ˘, fiÔ˘ ¤Ï·‚ ̤ÚÔ˜ ÙÔ CCS Î·È ÙÔ ECDL ·ÚÔ˘ÛÈ¿˙ÔÓÙ·˜ ÙË Û˘ÌÌÂÙÔ¯‹ ÙÔ˘ ™˘Ó‰¤ÛÌÔ˘ ÛÙÔ Leonardo Da- Vinci – ‰Ú¿ÛË ÎÈÓËÙÈÎfiÙËÙ·, Ì ÛÙfi¯Ô ÙËÓ ÂÓË̤ڈÛË ÁÈ· ÙÔ ÚfiÁÚ·ÌÌ· e-guardian Ô˘ ·Ó¤Ù˘Í·Ó ÔÈ §ÈıÔ˘·ÓÔ› ÂÙ·›ÚÔÈ Ì·˜ ÛÙ· Ï·›ÛÈ· ÙÔ˘ ECDL. ∂Ή‹ÏˆÛË CCS ÁÈ· ÙËÓ ∫Ô‹ Ù˘ μ·ÛÈÏfiÈÙÙ·˜. ªÂÁ¿ÏË ÂÈÙ˘¯›· ›¯Â Ë ÂΉ‹ÏˆÛË ÙÔ˘ CCS ÁÈ· ÙÔÓ ÂÔÚÙ·ÛÌfi ÙÔ˘ Ó¤Ô˘ ¤ÙÔ˘˜! ™ÙÔ Î·ıÈÂڈ̤ÓÔ ‰Â›ÓÔ ÁÈ· Ù· ̤ÏË ÙÔ˘ ™˘Ó‰¤ÛÌÔ˘ Ì ÙËÓ ÎÔ‹ Ù˘ ‚·ÛÈÏfiÈÙÙ·˜, ·˘Ù‹ ÙË ¯ÚÔÓÈ¿ ÙÔ ¢ÈÔÈÎËÙÈÎfi ™˘Ì‚Ô‡ÏÈÔ ÂÙԛ̷Û ÌÈ· ¢¯¿ÚÈÛÙË ¤ÎÏËÍË ÁÈ· fiÏÔ˘˜: ªÂ ÙËÓ ˘ÔÛÙ‹ÚÈÍË Ù˘ ÂÙ·ÈÚ›·˜ ‰ÈÔÚÁ¿ÓˆÛ˘ ÂΉËÏÒÛÂˆÓ Amaaze.com ‰ÈÔÚÁ·ÓÒıËÎ·Ó ·È¯Ó›‰È· η˙›ÓÔ (Poker, Black Jack, Roulette) Î·È Bingo (ÙfiÌÔÏ·), ÁÂÁÔÓfi˜ Ô˘ ÚÔÛ¤ÊÂÚ ‰È·ÛΤ‰·ÛË ÁÈ· ÙÔ˘˜ ·Ú¢ÚÈÛÎÔ̤ÓÔ˘˜ ·ÏÏ¿ Î·È ÏÔ‡ÛÈ· ‰ÒÚ· ÁÈ· ÙÔ˘˜ ÓÈÎËÙ¤˜ Ù˘ ‚Ú·‰˘¿˜! Δ· ·È¯Ó›‰È· ·˘Ù¿ ÂÓıÔ˘ÛÈ¿Û·Ó ¿Óˆ ·fi 115 ¿ÙÔÌ· Ô˘ ·Ú¢ڤıËÎ·Ó ÛÙËÓ ÂΉ‹ÏˆÛË, ÛÙȘ 13 π·ÓÔ˘·Ú›Ô˘, ÛÙÔÓ ¶ÔÏ˘¯ÒÚÔ Mondo. √ ∫˘ÚÈ·Îfi˜ ™‡Ó‰ÂÛÌÔ˜ ¶ÏËÚÔÊÔÚÈ΋˜ ı· ‹ıÂÏ ӷ ¢¯·ÚÈÛÙ‹ÛÂÈ ÙÔ˘˜ ¯ÔÚËÁÔ‡˜ Ô˘ ÚÔÛ¤ÊÂÚ·Ó Ù· ‰ÒÚ·, ·ÏÏ¿ Î·È Ù· ̤ÏË Ô˘ Ì ÙËÓ ·ÚÔ˘Û›· Î·È ÙË Û˘ÌÌÂÙÔ¯‹ ÙÔ˘˜ ÛÙ· ·È¯Ó›‰È· ÙÔ˘˜ Û˘Ó¤‚·Ï·Ó ÛÙËÓ ÙÂÚ¿ÛÙÈ· ÂÈÙ˘¯›· Ù˘ ÂΉ‹ÏˆÛ˘. 8 | www.pliroforiki.org Dr EUGENE SCHULTZ (1946 – 2011) Yiannos Aletraris Dr Eugene Schultz, a valued associate and dear friend passed away on Sunday, 2nd October 2011. I came to know Gene, as he preferred to be called, back in 2004 when he accepted our invitation to be a presenter at the Cyprus Infosec conference. We had heard so much about him, and were pleasantly surprised that such a renown and respected information security guru would show so much interest in travelling all the way from the United States to visit our small island and enlighten us with his knowledge and wisdom. Getting to know him in person was an even greater surprise, with his humble character, his wit and delightful humour. The feedback we received from the conference audience as well as the participants at his workshop completely confirmed his high reputation, and fellow members started asking for more follow-on workshops from him. Gene’s wife, Cathy, had escorted him on that 2004 trip, and I remember her commenting that she came all the way from the United States to a small island in the Mediterranean only to find out she would stay 40 kilometres away from the beach!. That innocent comment led to Cyprus Infosec 2005 being organised in Limassol, but unfortunately Gene could not make it due to other commitments. He did however manage to be with us in 2007 and in 2009, and Cyprus Infosec was always pencilled-in in his yearly plans. 2009 was to become the last time Gene participated in Cyprus Infosec. He contacted us in early 2010 to agree on the 2011 dates, and he even suggested other information security presenters that he admired. He had come to consider himself as part of the team, and cherished the time he spent in Cyprus with us. This year he planned to talk about Cloud Security and present a newly developed 2-day workshop on the subject. However, in September, his close associate Paul Underwood sent us a worrying email telling us that Gene would not be able to participate due to a serious illness. A blog was set up to inform his friends and colleagues on his health status, and through that, his wife Cathy finally informed us of his passing away. As a tribute to Gene, the Cyprus Infosec 2011 conference was held on November 2nd 2011 in his memory. Yiannos Aletraris Member of the Cyprus Infosec Organising Committee www.pliroforiki.org | 9 DR EUGENE SCHULTZ IN BRIEF Gene was born September 10, 1946, in Chicago to E. Eugene Sr. and Elizabeth Schultz. He graduated from UCLA, and earned his MS and PhD (in Cognitive Science, 1977) at Purdue University in Indiana. While at Purdue University, Gene met and married Cathy Brown. They were married for 36 years, and raised three daughters: Sarah, Rachel and Leah. Gene was an active member of Cornerstone Fellowship, and belonged to a men’s Bible study. His many interests included family, going to his mountain home in Twain Harte, model trains, music, travelling, the outdoors, history, reading and sports. Gene was one of the more notable and accomplished figures in computing security over the last few decades. During the course of his career, Gene was professor of computer science at several universities, including the University of California at Davis and Purdue University, and retired from the University of California at Berkeley. He consulted for a wide range of clients, including U.S. and foreign governments and the banking, petroleum, and pharmaceutical industries. He also managed several information security practices and served as chief technology officer for two companies. Gene formed and managed the Computer Incident Advisory Capability (CIAC) — an incident response team for the U.S. Department of Energy — from 1986–1992. This was the first formal incident response team, predating the CERT/CC by several years. He also was instrumental in the founding of FIRST — the Forum of Incident Response & Security Teams. 10 | www.pliroforiki.org During his 30 years of work in security, Gene authored or coauthored over 120 papers, and five books. He was manager of the I4 program at SRI from 1994–1998. From 2002–2007, he was the Editor-in-Chief of Computers and Security — the oldest journal in computing security — and continued to serve on its editorial board. Gene was also an associate editor of Network Security. He was a member of the accreditation board of the Institute of Information Security Professionals (IISP). Gene testified as an expert several times before both Senate and House Congressional Committees. He also served as an expert advisor to a number of companies and agencies. Gene was a certified SANS instructor, instructor for ISACA, senior SANS analyst, member of the SANS NewsBites editorial board, and co-author of the 2005 and 2006 Certified Information Security Manager preparation materials. Dr Schultz was honored numerous times for his research, service, and teaching. Among his many notable awards, Gene received the NASA Technical Excellence Award, Department of Energy Excellence Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award and the National Information Systems Security Conference Best Paper Award. One of only a few Distinguished Fellows of the Information Systems Security Association (ISSA), he was also named to the ISSA Hall of Fame and received ISSA's Professional Achievement and Honor Roll Awards. At the time of his death, Dr Schultz was the CTO of Emagined Security, an information security consultancy based in San Carlos, California. He held certifications as a CISM, CISSP, and GSLC. E. Eugene Schultz, Jr., 10/9/46–2/10/11. Rest in Peace. ISACA CYPRUS CHAPTER ∫À¶ƒπ∞∫O π¡™ΔπΔ√YΔ√ ∂§E°Ã√À ™À™Δ∏ªAΔø¡ ¶§∏ƒ√º√ƒπ∫H™ ¶·Û¯¿Ï˘ ¶ÈÛÛ·Úȉ˘ ™Â Ì›· ÂÔ¯‹ fiÔ˘ Ù· ı¤Ì·Ù· Ù˘ ÚÔÛÙ·Û›·˜, Ù˘ ·ÓÙÈÌÂÙÒÈÛ˘ ÙˆÓ ·˘Í·ÓfiÌÂÓˆÓ ÎÈÓ‰‡ÓˆÓ, ÙˆÓ ÂϤÁ¯ˆÓ ÈÛÙÔÔ›ËÛ˘ Ù˘ ·ÛÊ¿ÏÂÈ·˜ Î·È Ù˘ ÔÚı‹˜ ‰È·Î˘‚¤ÚÓËÛ˘ ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜, Î·È ÁÂÓÈÎfiÙÂÚ· Ù˘ ÚÔÛÙ·Û›·˜ Ù˘ ÏËÚÔÊÔÚ›·˜ Â›Ó·È Î·ıËÌÂÚÈÓ¿ ÛÙËÓ ÂÈηÈÚfiÙËÙ· Î·È ·Ó·‰ÂÈÎÓ‡ÔÓÙ·È ˆ˜ ÛËÌ·ÓÙÈÎfiÙ·ÙÔÈ ˘ÏÒÓ˜ ÁÈ· ÙËÓ ÔÈÎÔÓÔÌÈ΋ Â˘ÚˆÛÙ›· Î·È ÙËÓ Â›Ù¢ÍË ÙˆÓ ÛÙÚ·ÙËÁÈÎÒÓ Î·È ÂȯÂÈÚËÌ·ÙÈÎÒÓ ÛÙfi¯ˆÓ οı ÔÚÁ·ÓÈÛÌÔ‡, ÎÚ›ÓÂÙ·È ˆ˜ ·Ó·ÁηÈfiÙËÙ· Ë ÂÓ›Û¯˘ÛË Î·È ıÂÛÌÔı¤ÙËÛË Ù˘ ÚÔÛÙ·Û›·˜ Î·È ÙÔ˘ ÂϤÁ¯Ô˘ ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜. ∏ ›‰Ú˘ÛË Î·È ÏÂÈÙÔ˘ÚÁ›· ÙÔ˘ «∫˘ÚÈ·ÎÔ‡ πÓÛÙÈÙÔ‡ÙÔ˘ ∂ϤÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜» ÛÙËÓ ∫‡ÚÔ ‰ÂÓ ı· ÌÔÚÔ‡Û ӷ ‰ËÌÈÔ˘ÚÁËı› Û ÈÔ Î·Ù¿ÏÏËÏË ÂÔ¯‹ Î·È ¤Ú¯ÂÙ·È Ó· Û˘ÌÏËÚÒÛÂÈ ¤Ó· ÎÂÓfi Ô˘ ˘‹Ú¯Â ÛÙÔÓ ÂȯÂÈÚËÌ·ÙÈÎfi ÎfiÛÌÔ, ·˘Ùfi Ù˘ ıÂÛÌÔı¤ÙËÛ˘ ÙÔ˘ ÂϤÁ¯Ô˘ Î·È Ù˘ ÔÚı‹˜ ‰È·Î˘‚¤ÚÓËÛ˘ ÙˆÓ Û˘ÛÙËÌ¿ÙˆÓ ÏËÚÔÊÔÚÈ΋˜. √È ÚÔÛ¿ıÂȘ Ù˘ √ÚÁ·ÓˆÙÈ΋˜ ∂ÈÙÚÔ‹˜ ÛÙ¤ÊıËÎ·Ó Ì ÂÈÙ˘¯›· ÛÙȘ 16 πÔ˘Ó›Ô˘ 2010 fiÙ·Ó ÙÔ ¢ÈÔÈÎËÙÈÎfi ™˘Ì‚Ô‡ÏÈÔ ÙÔ˘ ‰ÈÂıÓÔ‡˜ πÓÛÙÈÙÔ‡ÙÔ˘ «ISACA» (Information Systems Audit & Control Association), Ô˘ ‰Ú‡ÂÈ ÛÙÔ ™ÈοÁÔ ÙˆÓ ∏.¶.∞. ¤‰ˆÛ ÙËÓ Â›ÛËÌË ¤ÁÎÚÈÛË ÙÔ˘ ÁÈ· ÙËÓ ·Ô‰Ô¯‹ ÙÔ˘ ISACA Cyprus Chapter Û·Ó Ï‹Ú˜ Î·È ·Ó·ÁÓˆÚÈṲ̂ÓÔ Ì¤ÏÔ˜ ÙÔ˘ Ì ¤‰Ú· ÙË §Â˘ÎˆÛ›·. ™ÙȘ 20 √ÎÙˆ‚Ú›Ô˘ ÙÔ˘ 2011, ÙÔ ISACA Cyprus Chapter ‹ÚÂ Î·È ÈÛÙÔÔÈËÙÈÎfi ÂÁÁÚ·Ê‹˜ Î·È ÏÂÈÙÔ˘ÚÁ›·˜ Û·Ó ™ˆÌ·ÙÂ›Ô Û‡Ìʈӷ Ì ÙÔÓ ÂÚ› ™ˆÌ·Ù›ˆÓ Î·È π‰Ú˘Ì¿ÙˆÓ ¡fiÌÔ Ì ÙËÓ ÂˆÓ˘Ì›· «∫˘ÚÈ·Îfi πÓÛÙÈÙÔ‡ÙÔ ∂ϤÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜». ΔÔ ‰ÈÂıÓ¤˜ πÓÛÙÈÙÔ‡ÙÔ «ISACA» ‰ËÌÈÔ˘ÚÁ‹ıËΠÛÙȘ ∏.¶.∞. ÙÔ 1969 Î·È ÏÂÈÙÔ˘ÚÁ› Û·Ó ÎÂÓÙÚÈÎfi˜ ÊÔÚ¤·˜ ÏËÚÔÊfiÚËÛ˘ Î·È Î·ıÔ‰‹ÁËÛ˘ Û¯ÂÙÈ˙fiÌÂÓÔ˜ Ì ÙÔÓ ¤ÏÂÁ¯Ô ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜. ŒÎÙÔÙ ÙÔ «ISACA» ÂÍÂÏ›¯ıËΠ۠¤Ó· ‰ÈÂıÓ‹ Î·È Î·Ù·ÍȈ̤ÓÔ ÔÚÁ·ÓÈÛÌfi Ì ·ÚÔ˘Û›· Û ÂÚÈÛÛfiÙÂÚ˜ ·fi 160 ¯ÒÚ˜ Î·È ¤Ú·Ó ÙˆÓ 86,000 ÌÂÏÒÓ Ô˘ ·Û¯ÔÏÔ‡ÓÙ·È Â·ÁÁÂÏÌ·ÙÈο Ì ÙËÓ ÚÔÛÙ·Û›·, ÙÔÓ ¤ÏÂÁ¯Ô, Î·È ÙËÓ ‰È·Î˘‚¤ÚÓËÛË ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜. ™‹ÌÂÚ· ÙÔ «ISACA» Ù˘Á¯¿ÓÂÈ ·ÁÎfiÛÌÈ·˜ ·Ó·ÁÓÒÚÈÛ˘ Û·Ó Ô Î·ÙÂÍÔ¯‹Ó ÔÚÁ·ÓÈÛÌfi˜ Ô˘ ÂȉÈ·ÂÙ·È Û ı¤Ì·Ù· ·ÓÙÈÌÂÙÒÈÛ˘ ÎÈÓ‰‡ÓˆÓ, ÚÔÛÙ·Û›·˜, ÂϤÁ¯Ô˘, Î·È ÔÚı‹˜ ‰È·Î˘‚¤ÚÓËÛ˘ ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ ÚÔˆıÒÓÙ·˜ ÌÂٷ͇ ¿ÏÏˆÓ ÙË ÁÓÒÛË Î·È ÙËÓ Âη›‰Â˘ÛË Ì¤Û· ·fi ‰ÈÂıÓÒ˜ ·Ó·ÁÓˆÚÈṲ̂ӷ ÚfiÙ˘·, ‰ÈÂıÓ‹ Û˘Ó¤‰ÚÈ·, ÛÂÌÈÓ¿ÚÈ·, ¤ÓÙ˘· ‰È·ÊÒÙÈÛ˘, Î·È Â·ÁÁÂÏÌ·ÙÈο ¤ÓıÂÙ·. ΔÔ ∫˘ÚÈ·Îfi πÓÛÙÈÙÔ‡ÙÔ ∂ϤÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ ·fi ÙË ÚÒÙË ÛÙÈÁÌ‹ Ù˘ ‰ËÌÈÔ˘ÚÁ›·˜ ÙÔ˘ ¤¯ÂÈ Âȉ›ÍÂÈ Ì›· ÌÔÓ·‰È΋ ‰˘Ó·ÌÈ΋, ÁÂÁÔÓfi˜ Ô˘ ·Ô‰ÂÈÎÓ‡ÂÙ·È ·fi ÙËÓ ¤Ó‰ÂÈÍË ÌÂÁ¿ÏÔ˘ ÂӉȷʤÚÔÓÙÔ˜ ÁÈ· Û˘ÌÌÂÙÔ¯‹ ÛÙÔ πÓÛÙÈÙÔ‡ÙÔ ÙÔ ÔÔ›Ô Ì¤Û· Û ϛÁÔ˘˜ Ì‹Ó˜ ·fi Ù˘ ȉڇÛˆ˜ ÙÔ˘ ¤ÊÙ·Û ӷ ·ÚÈıÌ› 68 ̤ÏË. ∏ ·‰‹ÚÈÙË ·Ó¿ÁÎË ÁÈ· ÙË ‰ËÌÈÔ˘ÚÁ›· ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ ‰ڷÈÒÓÂÙ·È Î·È ·fi ÙÔ ÁÂÁÔÓfi˜ fiÙÈ Ô ÚfiÏÔ˜ ÙˆÓ ÂȉÈÎÒÓ ÛÙÔÓ ÎÏ¿‰Ô ÙÔ˘ ÂϤÁ¯Ô˘ Î·È Ù˘ ÚÔÛÙ·Û›·˜ ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ ·ÔÎÙ¿ ÔÏÔ¤Ó· Î·È ÌÂÁ·Ï‡ÙÂÚË ‚·Ú‡ÙËÙ· ÛÙȘ ÏÂÈÙÔ˘ÚÁ›Â˜ ÙfiÛÔ ÙÔ˘ ‰ËÌfiÛÈÔ˘ fiÛÔ Î·È ÙÔ˘ ȉȈÙÈÎÔ‡ ÙÔ̤·. ™ÙȘ 5 ¡ÔÂÌ‚Ú›Ô˘, 2009 ‰ÈÂÍ‹¯ıË Ë 1Ë ¶·Á·ÚÈ· π‰Ú˘ÙÈ΋ °ÂÓÈ΋ ™˘Ó¤Ï¢ÛË ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ ÛÙË ‰È¿ÚÎÂÈ· Ù˘ ÔÔ›·˜ www.pliroforiki.org | 11 ÂÍÂϤÁË Î·È ÙÔ ÂÓÈ·ÌÂϤ˜ ¢ÈÔÈÎËÙÈÎfi ™˘Ì‚Ô‡ÏÈÔ. ΔÔ ¢ÈÔÈÎËÙÈÎfi ™˘Ì‚Ô‡ÏÈÔ ÂȉÈÒÎÂÈ Ì¤Û· ·fi ÙȘ ‰Ú·ÛÙËÚÈfiÙËÙ˜ ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ ÙËÓ ÂÎÏ‹ÚˆÛË ÙˆÓ ·ÎÔÏÔ‡ıˆÓ ÛÙfi¯ˆÓ: ñ ÙËÓ Âη›‰Â˘ÛË Î·È ÙËÓ ‰È¿¯˘ÛË ÁÓÒÛÂˆÓ ÛÙÔ˘˜ ÙÔÌ›˜ Ù˘ ÂÈıÂÒÚËÛ˘, Ù˘ ÚÔÛÙ·Û›·˜ Î·È ÙÔ˘ ÂϤÁ¯Ô˘ ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜, ñ ÙËÓ ˘ÈÔı¤ÙËÛË, ÂÂÍÂÚÁ·Û›· Î·È ‰ËÌÔÛÈÔÔ›ËÛË ÁÂÓÈÎÒÓ ·Ú¯ÒÓ Î·ıÒ˜ Î·È ÚÔÒıËÛË Ù¯ÓÈÎÒÓ Û¯ÂÙÈÎÒÓ Ì ÙËÓ ÔÚı‹ Ú·ÎÙÈ΋ ÛÙÔ˘˜ ÙÔÌ›˜ ÙÔ˘ ÎÏ¿‰Ô˘, ñ ÙËÓ ÚÔÒıËÛË Î·È ÂÓ›Û¯˘ÛË Ù˘ ¤Ú¢ӷ˜, ÛÔ˘‰‹˜ Î·È ÁÓÒÛ˘ Ô˘ ·ÊÔÚÔ‡Ó ÙÔ˘˜ ÙÔÌ›˜ ÙÔ˘ ÎÏ¿‰Ô˘ ·ÏÏ¿ Î·È ÙËÓ ˘ÔÛÙ‹ÚÈÍË ÙˆÓ ÌÂÏÒÓ ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ Ì ÙËÓ ··Ú·›ÙËÙË Ù¯ÓÔÁÓˆÛ›· Î·È ÁÂÓÈÎfiÙÂÚ· ÙËÓ Â˘Ú‡ÙÂÚË ÂÈÌfiÚʈÛË ÙˆÓ ÛÙÂϯÒÓ ÙÔ˘ ÎÏ¿‰Ô˘, ñ ÙËÓ ÂÓË̤ڈÛË, ˘ÔÛÙ‹ÚÈÍË Î·È ·ÚÔ¯‹ οı ‰˘Ó·Ù‹˜ ‚Ô‹ıÂÈ·˜ ÛÙ· ̤ÏË ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ ÁÈ· ÙËÓ ·fiÎÙËÛË ÙˆÓ Â·ÁÁÂÏÌ·ÙÈÎÒÓ ÈÛÙÔÔÈ‹ÛÂˆÓ ÔÈ Ôԛ˜ ·Ú¤¯ÔÓÙ·È ·fi ÙÔÓ ISACA: * CISA (Certified Information Systems Auditor) Ì ¤Ú·Ó ÙˆÓ 70,000 ÈÛÙÔÔÈËÌ¤ÓˆÓ ÌÂÏÒÓ ·fi ÙËÓ ¤Ó·ÚÍË Ù˘ ÈÛÙÔÔ›ËÛ˘ ÙÔ 1978 * CISM (Certified Information Security Manager) Ì ¤Ú·Ó ÙˆÓ 10,000 ÈÛÙÔÔÈËÌ¤ÓˆÓ ÌÂÏÒÓ ·fi ÙËÓ ¤Ó·ÚÍË Ù˘ ÈÛÙÔÔ›ËÛ˘ ÙÔ 2002 * CGEIT (Certified in the Governance of Enterprise IT) Ì ¤Ú·Ó ÙˆÓ 3,000 ÈÛÙÔÔÈËÌ¤ÓˆÓ ÌÂÏÒÓ ·fi ÙËÓ ¤Ó·ÚÍË Ù˘ ÈÛÙÔÔ›ËÛ˘ ÙÔ 2008 Î·È * CRISC (Certified in Risk and Information Systems Control) Ì ¤Ú·Ó ÙˆÓ 1,000 ÈÛÙÔÔÈËÌ¤ÓˆÓ ÌÂÏÒÓ ·fi ÙËÓ ¤Ó·ÚÍË Ù˘ ÈÛÙÔÔ›ËÛ˘ ÛÙȘ ·Ú¯¤˜ ÙÔ˘ 2010 ∏ Ú·Á‰·›· ·Ó¿Ù˘ÍË ÙˆÓ Û˘Ó·ÏÏ·ÁÒÓ Ì¤Ûˆ ÙÔ˘ ‰È·‰ÈÎÙ‡Ô˘ ·ÏÏ¿ Î·È ÙÔ ÁÂÁÔÓfi˜ fiÙÈ ˙ԇ̠ۋÌÂÚ· ÛÙËÓ «∫ÔÈÓˆÓ›· Ù˘ ¶ÏËÚÔÊÔÚ›·˜» Ë ÔÔ›· ‰ËÌÈÔ˘ÚÁ› Ó¤· ‰Â‰Ô̤ӷ Î·È Ó¤Â˜ ¢ηÈڛ˜ ÁÈ· ·Ó¿Ù˘ÍË Ë ÔÔ›· ‚·Û›˙ÂÙ·È ¿ÌÂÛ· ÛÙË Ú·Á‰·›· ÂͤÏÈÍË ÙˆÓ Ù¯ÓÔÏÔÁÈÒÓ ÏËÚÔÊÔÚ›·˜ Î·È ÂÈÎÔÈÓˆÓ›·˜ Ô˘ ·ÔÙÂÏÔ‡Ó Ô˘ÛÈ·ÛÙÈÎfi ÂÚÁ·ÏÂ›Ô ÁÈ· ÈÔ ·ÓÔȯً Î·È ·ÔÙÂÏÂÛÌ·ÙÈ΋ ‰È·Î˘‚¤ÚÓËÛË Î·ıÒ˜ Î·È ÁÈ· ÙË ‚ÂÏÙ›ˆÛË Ù˘ ·ÓÙ·ÁˆÓÈÛÙÈÎfiÙËÙ·˜ ÙˆÓ ÂȯÂÈÚ‹ÛÂˆÓ ÚÔÛ‰›‰Ô˘Ó ȉȷ›ÙÂÚË ÛËÌ·Û›· ÛÙȘ ·Ó¿ÁΘ ÙˆÓ ÂȯÂÈÚ‹ÛÂˆÓ ÁÈ· ÙËÓ ÚÔÛÙ·Û›· Î·È ÙÔÓ ·ÔÙÂÏÂÛÌ·ÙÈÎfi ¤ÏÂÁ¯Ô ÙˆÓ Ù¯ÓÔÏÔÁÈÒÓ ÏËÚÔÊÔÚ›·˜ Î·È ÂÈÎÔÈÓˆÓ›·˜ Î·È ÙËÓ ·ÔÙÂÏÂÛÌ·ÙÈ΋ ‰È·¯Â›ÚÈÛË ÙˆÓ ÎÈÓ‰‡ÓˆÓ. ΔÔ ∫˘ÚÈ·Îfi πÓÛÙÈÙÔ‡ÙÔ ∂ϤÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ Ì ÙÔ˘˜ ÛÙfi¯Ô˘˜ Ô˘ ¤¯ÂÈ ı¤ÛÂÈ ÁÈ· ÂÓ›Û¯˘ÛË Î·È ÚÔÒıËÛË Ù˘ ¤Ú¢ӷ˜, ÙËÓ ‰ÈÔÚÁ¿ÓˆÛË ÂÈÛÙËÌÔÓÈÎÒÓ ËÌÂÚ›‰ˆÓ Î·È Û˘Ó‰ڛˆÓ Î·È ÙËÓ ÚÔÒıËÛË ‰ÈÂıÓÒÓ ÚÔÙ‡ˆÓ Î·È 12 | www.pliroforiki.org ‰È·‰ÈηÛÈÒÓ Û ۯ¤ÛË Ì ÙËÓ ÚÔÛÙ·Û›· Î·È ÙÔÓ ¤ÏÂÁ¯Ô Û˘ÛÙËÌ¿ÙˆÓ ÏËÚÔÊÔÚÈ΋˜, ı· Û˘Ì‚¿ÏÂÈ ÙfiÛÔ ÛÙËÓ Û˘Ó¯‹ Âη›‰Â˘ÛË, ·Ó·‚¿ıÌÈÛË, Î·È ÂÓ‰˘Ó¿ÌˆÛË ÙÔ˘ ·ÓıÚÒÈÓÔ˘ ‰˘Ó·ÌÈÎÔ‡ Ô˘ ··Û¯ÔÏÂ›Ù·È ÛÙÔÓ ÙÔ̤· Ù˘ ‰È·¯Â›ÚÈÛ˘ ÎÈÓ‰‡ÓˆÓ fiÛÔ Î·È ÛÙËÓ ÂÊ·ÚÌÔÁ‹ ηٿÏÏËÏˆÓ Ì˯·ÓÈÛÌÒÓ ÂϤÁ¯Ô˘ Î·È ÚÔÛÙ·Û›·˜ ÙˆÓ Û˘ÛÙËÌ¿ÙˆÓ ÏËÚÔÊÔÚÈ΋˜, ÁÂÁÔÓfi˜ Ô˘ ı· ÂÓÈÛ¯‡ÛÂÈ ÙËÓ ·ÓÙ·ÁˆÓÈÛÙÈÎfiÙËÙ· Î·È ÙËÓ ·ÍÈÔÈÛÙ›· ÙˆÓ ÂȯÂÈÚ‹ÛˆÓ. ∫·Ù¿ ÙËÓ ‰È¿ÚÎÂÈ· ÙÔ˘ 2011 ÙÔ πÓÛÙÈÙÔ‡ÙÔ ‰ÈÔÚÁ¿ÓˆÛ Ì ÂÈÙ˘¯›· ‰È·Ï¤ÍÂȘ Î·È ÂÎ·È‰Â˘ÙÈο ÛÂÌÈÓ¿ÚÈ· Ì ¤ÌÂÈÚÔ˘˜ ÔÌÈÏËÙ¤˜ Û ÛÙÔ¯Â˘Ì¤Ó· ı¤Ì·Ù· ÂӉȷʤÚÔÓÙÔ˜ ÁÈ· ÙËÓ Î·Ï‡ÙÂÚË ÂÓË̤ڈÛË Î·È Î·Ù¿ÚÙÈÛË ÙˆÓ ÌÂÏÒÓ ÙÔ˘ πÓÛÙÈÙÔ‡ÙÔ˘ fiˆ˜: ñ Continuous Auditing & Continuous Monitoring: Using Technology to Drive Value by managing Risk & Monitoring Performance ñ Introduction to Computer Forensics ñ Identity & Access Management – Key Concepts and Implementation methodology ñ Identity & Access Management – A practical Implementation ñ A Risk Based Approach to Data Protection ñ GSM Threads & Vulnerabilities ΔÔ πÓÛÙÈÙÔ‡ÙÔ ÛÂ Û˘ÓÂÚÁ·Û›· Ì ÙÔÓ ∫˘ÚÈ·Îfi ™‡Ó‰ÂÛÌÔ ¶ÏËÚÔÊÔÚÈ΋˜ Ú·ÁÌ·ÙÔÔ›ËÛ ™ÂÌÈÓ¿ÚÈÔ Ì ı¤Ì· «Computer Forensics» ̤۷ ÛÙ· Ï·›ÛÈ· ÙÔ˘ Infosec 2011 Conference Ô˘ Ú·ÁÌ·ÙÔÔÈ‹ıËΠÛÙÔ University of Nicosia ÛÙȘ ·Ú¯¤˜ ¡ÔÂÌ‚Ú›Ô˘. ∂›Û˘ ‰ÈÔÚÁ·ÓÒıËΠÂÎ·È‰Â˘ÙÈÎfi ÛÂÌÈÓ¿ÚÈÔ ÛÂ Û˘ÓÂÚÁ·Û›· Ì ÙËÓ ∫˘Úȷ΋ ∂Ù·ÈÚ›· ¶ÈÛÙÔÔ›ËÛ˘ ÁÈ· ÙËÓ ÚÔÂÙÔÈÌ·Û›· ˘Ô„ËÊ›ˆÓ ÁÈ· ÙË ‰ÈÂıÓ‹ ÂͤٷÛË ÙÔ˘ ¢ÂÎÂÌ‚Ú›Ô˘ ÚÔ˜ ·fiÎÙËÛË Ù˘ ·ÁÁÂÏÌ·ÙÈ΋˜ ÈÛÙÔÔ›ËÛ˘ CISA (Certified Information Systems Auditor). ∂˘ÂÏÈÛÙԇ̠fiÙÈ Ì¤Û· ·fi ÙË Û˘ÓÂÚÁ·Û›· Ì·˜ Ì ÙÔÓ ∫˘ÚÈ·Îfi ™‡Ó‰ÂÛÌÔ ¶ÏËÚÔÊÔÚÈ΋˜, ÙËÓ ∫˘Úȷ΋ ∂Ù·ÈÚ›· ¶ÈÛÙÔÔ›ËÛ˘ Î·È ÌÂÏÏÔÓÙÈο Ì ¿ÏÏÔ˘˜ Û˘Ó·Ê›˜ ·ÁÁÂÏÌ·ÙÈÎÔ‡˜ Û˘Ó‰¤ÛÌÔ˘˜ fiˆ˜ ÙÔ Cyprus Institute of Internal Auditors Î·È ÙÔ Institute of Certified Public Accountants of Cyprus ı· ηٷÛÙ› ‰˘Ó·Ù‹ Ë ·ÓÙ·ÏÏ·Á‹ ÂÌÂÈÚ›·˜ Î·È ÁÓÒÛ˘ ̤۷ ·fi ÙËÓ ·fi ÎÔÈÓÔ‡ ‰ÈÔÚÁ¿ÓˆÛË ÂΉËÏÒÛÂˆÓ Î·È ¿ÏÏˆÓ ‰Ú·ÛÙËÚÈÔًوÓ. ™Â Ì›· ÂÔ¯‹, ÏÔÈfiÓ, Ô˘ ÔÈ ÔÚÁ·ÓÈÛÌÔ› ı¤ÙÔ˘Ó ˆ˜ ·fiÏ˘ÙË ÚÔÙÂÚ·ÈfiÙËÙ· ÙËÓ ÔÚıÔÏÔÁÈÛÙÈ΋ ‰È·¯Â›ÚÈÛË ÙÔ˘ Ú›ÛÎÔ˘ Î·È ÙËÓ ·ÛÊ·Ï‹ ‰È·¯Â›ÚÈÛË Î·È ‰È·Î˘‚¤ÚÓËÛË ÙˆÓ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ ÙÔ˘˜, ÙÔ ∫˘ÚÈ·Îfi πÓÛÙÈÙÔ‡ÙÔ ∂ϤÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ Î·È Ù· ̤ÏË ÙÔ˘ ¤¯Ô˘Ó Ó· ÂÈÙÂϤÛÔ˘Ó ÛËÌ·ÓÙÈÎfiÙ·ÙÔ ¤ÚÁÔ ÒÛÙ ӷ ‰È·¯‡ÛÔ˘Ó ÛÙËÓ ∫˘Úȷ΋ ∫ÔÈÓˆÓ›· Ù˘ ¶ÏËÚÔÊÔÚ›·˜ Î·È ÙȘ ÂȯÂÈÚ‹ÛÂȘ Û˘ÛÙËÌ·ÙÔÔÈË̤ÓË ÁÓÒÛË Î·È ÔÚı¤˜ Ú·ÎÙÈΤ˜. ™À°°ƒ∞º∂A™ O ¶·Û¯¿Ï˘ ¶ÈÛÛ·Ú›‰Ë˜ ÂÚÁ¿˙ÂÙ·È ÛÙÔ ΔÌ‹Ì· ∞ÛÊ¿ÏÂÈ·˜ ¶ÏËÚÔÊÔÚÈÒÓ Ù˘ Marfin Laiki ΔÚ¿Â˙·˜ ·fi ÙÔ 1997. ¶ÚÔËÁÔ˘Ì¤Óˆ˜ ÂÚÁ¿ÛÙËΠÁÈ· ÂÚ›Ô‰Ô 8 ÂÙÒÓ ÛÙËÓ ı¤ÛË ÙÔ˘ ∞ÓÒÙÂÚÔ˘ ∂ÛˆÙÂÚÈÎÔ‡ ∂ÏÂÁÎÙ‹ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜ Û ÌÂÁ¿ÏÔ ¯ÚËÌ·ÙÔÔÈÎÔÓÔÌÈÎfi ÔÚÁ·ÓÈÛÌfi ÛÙȘ ∏ӈ̤Ó˜ ¶ÔÏÈÙ›˜ ∞ÌÂÚÈ΋˜. √ ¶·Û¯¿Ï˘ ¤¯ÂÈ ÂÈÎÔÛ·ÂÙ‹ ·ÁÁÂÏÌ·ÙÈ΋ Âȉ›Î¢ÛË Î·È ÂÌÂÈÚ›· ÛÙÔ ¯ÒÚÔ Ù˘ ∞ÛÊ¿ÏÂÈ·˜, ¢È·Î˘‚¤ÚÓËÛ˘ Î·È ŒÏÂÁ¯Ô˘ ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜. ∫·Ù¤¯ÂÈ ÙȘ ·ÁÁÂÏÌ·ÙÈΤ˜ ÈÛÙÔÔÈ‹ÛÂȘ CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CPA (Certified Public Accountant) Î·È CFE (Certified Fraud Examiner). ∂›Ó·È ÂÓÂÚÁfi ̤ÏÔ˜ ÙÔ˘ ‰ÈÂıÓÔ‡˜ ÔÚÁ·ÓÈÛÌÔ‡ ISACA ·fi ÙÔ 1991. À‹ÚÍ ¶Úfi‰ÚÔ˜ ÙÔ˘ Central Indiana ISACA Chapter ÛÙËÓ ∞ÌÂÚÈ΋ Î·È Â›Ó·È ¶Úfi‰ÚÔ˜ ÙÔ˘ ISACA Chapter ÛÙËÓ ∫‡ÚÔ. ∂›Ó·È ̤ÏÔ˜ Ù˘ √ÚÁ·ÓˆÙÈ΋˜ ∂ÈÙÚÔ‹˜ ÙÔ˘ ∫˘ÚÈ·ÎÔ‡ ™˘Ó‰¤ÛÌÔ˘ ¶ÏËÚÔÊÔÚÈ΋˜ ÁÈ· ÙÔ ¢ÈÂıÓ¤˜ ™˘Ó¤‰ÚÈÔ πNFOSEC. ∫·Ù¤¯ÂÈ Ù˘¯›· ÛÙËÓ §ÔÁÈÛÙÈ΋ Î·È ÙËÓ ¢È·¯Â›ÚÈÛË ™˘ÛÙËÌ¿ÙˆÓ ¶ÏËÚÔÊÔÚÈ΋˜, MBA Ì Âȉ›Î¢ÛË ÛÙ· ¯ÚËÌ·ÙÔÔÈÎÔÓÔÌÈο, Î·È ÌÂÙ·Ù˘¯È·Îfi ÛÙȘ ¶ÔÏÈÙÈΤ˜ ∂ÈÛً̘ ·fi ÙÔ ¶·ÓÂÈÛÙ‹ÌÈÔ Bowling Green ÙÔ˘ √¯¿ÈÔ ∞ÌÂÚÈ΋˜. www.pliroforiki.org | 13 GOVERNANCE OF INFORMATION SECURITY & OTHER INITIATIVES Vernon Poole As information security incidents increase especially cyber security incidents, organisations need to respond to these challenges as a governance issue and define specific tasks that staff at all levels can undertake as part of a management framework. This article will enable executive management and the Board to undertake their roles in Information Security Governance As the global economy depends on the secure flow of information within and across organisations, information security is an issue of vital importance. A secure and trusted environment for information greatly enhances consumer benefits, business performance and productivity, and national security. Conversely, an insecure environment creates the potential for serious damage to governments and organisations that could significantly undermine customers and citizens. For those engaged in the Critical National Infrastructure, the stakes are particularly high. Where do we stand in the effort to bolster information security? If the stakes are so high, why haven’t we made more progress? 14 | www.pliroforiki.org CURRENT POSITION 1. Increasing laws & regulations call for more attention on Information Security – but only a few organisations are actively addressing their information security needs. Information security is important. Companies and individuals want more security; vendors are responding with more secure products; industry and consumers recognise the need for information security – but there is a cost of security and demonstrating return on security investment is sometimes difficult. The good news is that security profession and national governments are actively engaged in addressing the information security challenge. For example, in UK, The Government have developed a Security Policy Framework & in USA they have developed the, California’s Database Security Breach Notification Act, July 2003, which requires companies to notify customers if they believe a systems breach has led to the release of their personal information. (this may become an EU regulation in 18 months time). 2. Information security is often treated as a technology issue, when it should be treated as a governance issue. The Board and executive management must be actively engaged. Businesses today face increased scrutiny when it comes to corporate governance, accountability, and ethics. Sarbanes-Oxley Act of 2002 (SoX) created an obligation at the CEO and board level to pay attention to information security. Implementation of an effective IT security program is ultimately a matter of enlightened organizational self-interest. Companies are taking action to protect their own information and information entrusted to them by customers, suppliers, and other partners. They are establishing responsibility for information security and adopting programs to evaluate and address the vulnerabilities and the internal and external threats. However, within many organizations, two important barriers to effective computer security exist: ñ responsibility is solely to the Chief Information Security Officer (CISO) ñ lack of a framework for action -- how to set priorities, assign tasks, &monitor implementation. 3. There are existing frameworks that outline the actions necessary to remedy the problem. ISO27001 & COBIT are two examples with the emerging BMIS (Business Model on Information Security) & COBIT5 next year offering the best way to address these governance issues. ISO27001 & ISO27002 (Code of Practice on Information Security Management) are the global de-facto standards which enables all organisations to set up an effective Information Security Management System (ISMS). Business Model for Information Security (BMIS) from Information Security Audit and Control Association (ISACA) allows an organisation to understand the driving Organisational requirements in respect of Governance – taking account of People, Process & Technology but also to account for the dynamic interconnections of Culture, Architecture, Emergence, Governance, & Human Factors. COBIT5 from ISACA – to be published in 2012 will be an integrated knowledge base and depending who you are as a stakeholder – CISO; Certified Information Systems Auditor (CISA) or management role – you can establish what you need to do as a Governance contributor. 4. Lack of progress is the failure to adopt such frameworks – they can guide an organisation on implementing practical solutions Governance entails the systematic oversight and execution of information security functions. By themselves, recommended practices – no matter how strong the consensus is for them – are not enough; they must be married with an information security governance framework that assures effective implementation. A governance framework is important because it provides a roadmap for the implementation, evaluation and improvement of information security practices. An organization that builds such a framework can use it to articulate goals and drive ownership of them, evaluate information security over time, and determine the need for additional measures. RECOMMENDATIONS 1. Government and industry should recognize that a significant regulatory regime already exists for information security. Some laws address information security directly; others address it indirectly through such issues as financial governance, privacy, or reporting requirements. Organisations should begin developing programs to comply with them. e.g. SoX; Basel II; Payment Card Industry (PCI) Compliance. 2. We should develop an information security governance framework that organizations can readily adopt. One of the most important features of a governance framework is that it defines the roles of different members of an organisation. By specifying who does what, it allows organizations to assign specific tasks and responsibilities. A common element in almost all security best practices is the need for the support of senior management, www.pliroforiki.org | 15 management functions can fall into four categories – CEO/Board, Executive Management, Steering Committee, and CISO :CEO/Board has responsibility for CISO has responsibility for ñ Developing, maintaining, and ensuring compliance to the security program ñ Designating a security officer with primary duties and training in IT security ñ Oversight and coordination of policies ñ Oversight of business unit compliance ñ Compliance reporting ñ Developing the required policies to support the security program and business user needs ñ Actions to enforce accountability ñ Developing the information use and categorization plan Executive Management has responsibility for ñ Assisting senior managers with their security responsibilities ñ Providing information security protection commensurate with the risk and business impact ñ Conducting security awareness program Components of the Framework ñ Providing security training ñ Developing the controls environment and activities ñ Reporting on effectiveness of policies, procedures and practices Information Security Governance includes elements required to provide management assurance that its direction/intent are reflected in the Information Security regime by utilizing a structured approach to implementing an IS program. 6 basic outcomes are recommended:- Steering Committee has responsibility for ñ Providing security guidance for information and systems 1. Strategic alignment ñ Periodically assessing assets and their associated risks 2. Risk management ñ Assessing appropriate levels of security for the information in their systems 3. Value delivery -optimizing IS investments in support of business objectives ñ Ensuring that policies and procedures cost-effectively reduce risk to acceptable levels 4. Resource management ñ Ensure that security and controls are tested periodically 6. Assurance Integration MANAGEMENT LEVEL Board of Directors Executive Management Steering Committee Chief Information Security Officer STRATEGIC ALIGNMENT Require demonstrable alignment Institute processes to integrate security with business objectives RISK MANAGEMENT Policy of risk managemnet in all activities Ensure regulatory compliance Ensure roles and responsibilities include risk management in all activities Monitor regulatory compliance Identify emerging risks, Review security strategy and integration promote business unit security practises efforts, ensure business owners support Identify compliance integration issues Develop security strategy, oversee security program and initiatives, liaise with business process owners for ongoing alignment 16 | www.pliroforiki.org Ensure risk and business impact assessments, develop risk mitigation strategies Enforce policy and regulatory compliace 5. Performance measurement VALUE DELIVERY PERFOMANCE MEASUREMENT RESOURCE MANAGEMENT PROCESS ASSURANCE Require reporting of security activity costs Require reporting of security effectiveness Policy of knowledge management and resource utilization Policy of assurance process integration Require business case studies of security initiatives Require monitoring and metrics for security activities Ensure processes for knowledge capture and efficiency metrics Provide oversight of all assurance functions and plans for integration Review adequateness of security initiatives ot serve business functions Review and advise vis-à-vis security initiatives meet business objectives Review processes for knowledge capture and dissemination Monitor utilization and effectiveness of security resources Develop and implement monitoring and metrics approaches. Direct and Monitor security activities Develop methods for knowledge capture and dissemination, develop metrics for effectivemess and efficiency Identify critical business processes and assurance providers Direct assurance integration efforts Liaise with other assurance providers Ensure that gaps and overlaps are identified and addressed Interpreting the Framework The framework poses three sets of questions: 1. What am I required to do? 2. How do I accomplish my objectives? 3. How effectively do I achieve my objectives? Because the framework describes proactive actions it not only clarifies roles and responsibilities, but also helps management select a security practice reference (like ISO 27001 or the emerging ISO27014 – still being finalised) that is appropriate for their organisation. 3. The need to create, communicate, implement, endorse, monitor, and enforce security policies 4. The need to make every member of the organization aware of the importance of security and to train them in good security practices. 5. The need for access controls to make certain only identified and authorized users with a legitimate need can access information and system resources. 6. The need to consider security throughout the system life cycle. 7. The need to monitor, audit, and review system activity in a routine and regular function. Consistent with Key Security Practices 8. The need for business continuity plans that are tested regularly. Any Governance Framework must include the following key security requirements: 1. The need for risk assessments. Risks must be understood and acknowledged, and the security measures that are taken must be commensurate with these risks. 2. The need for a security organizational structure. AUTHOR Vernon is Head of Business Consultancy, responsible for Sapphire’s team of consultants who deal with Information Assurance/ Governance and all best practice standards on Information Security Management and associated areas (ISO27000 series; ITIL; COBIT5; RiskIT). He is recognised as one of the thought leaders on Information Security Governance. He now sits on ISACA’s new COBIT5 Taskforce developing ISACA’s new in depth approach to Information Security Governance. He is both CISM/CGEIT qualified. Vernon can be reached at [email protected] www.pliroforiki.org | 17 SAFE COMPUTING IN AN INCREASINGLY HOSTILE WORLD: SECURITY 2.0 Dr Andrew Jones The world in which data lives is always changing. But in the last few years it has changed dramatically and this means that the challenge of protecting networks and data has become even more difficult. Due the proliferation of national labs whose goals is to compromise other networks, attacks have become increasingly sophisticated. The old security solutions will no longer suffice and system architects must design networks with security as a design goal. Security 2.0 means that networks must adhere to a range of fundamental security rules or accept that they will be violated. www.pliroforiki.org | 19 SOVEREIGN HACKING It has long been accepted that some nations have maintained organizations whose purpose is to "monitor" or "spy" on the electronic activities of other countries. In the United States it is widely assumed that the National Security Agency monitors as much electronic communications as possible, both inside the U.S and around the world. This is a natural evolution of efforts to monitor the enemies' communications during various wars. There are lots of famous tales and books on the subject of spy activities and efforts to decode messages or prevent the enemy from breaking your codes. Bletchley Park, located outside of London, was a secret organization whose only purpose was to decode WWII German messages encrypted by the famous Enigma machine. Although Bletchley Park was disbanded after that war, it was only natural that as communications moved to computers, spying in that realm would follow. We call this activity sovereign hacking. Sovereign hacking refers to activities whose purpose is to violate networks in the interest of a sovereign government. It is usually conducted by laboratories with highly trained experts and extensive research, infrastructure and monetary support. Many nations around the world now support such laboratories. Sovereign hacking requires deep knowledge of network architectures, operating systems, and vulnerability vectors. Developing this knowledge and the resulting techniques used to breech well-defended networks requires extensive research. This makes all networks vulnerable and, unavoidably, this knowledge and these techniques migrate out of the secret labs and into the wider world. Hacking has gone far beyond merely gaining access to networks in order to read secret messages or learn specifications of new defense systems. Those are passive activities; hacking has also become active. It is now possible to assume control of a network remotely and have it carry out your bidding. Does this mean hacking has become a weapon? Yes and that surely makes many other weapons systems obsolete. RECENT HACKS Let's look at some recent hacks and see what they can tell us about the current hacking environment. The RSA hack was particularly spectacular since the RSA token is so widely used and often considered the "gold standard" of authentication. The hackers penetrated the algorithm that generates the one-time password from the RSA card serial number. This allowed them (or anyone with this information) to 20 | www.pliroforiki.org effectively bypass the authentication process. As a result the onetime password generation algorithm had to be revamped and literally millions of tokens had to be replaced. A huge hidden cost was the loss of customer confidence that RSA suffered in this event. This hack required subtle "social engineering" to learn the details of the RSA system architecture, and considerable knowledge about the code in the Adobe Flash program to gain remote administration capabilities on a machine inside RSA. This allowed the hackers to carry out a series of attacks to gain further access to the networks and accomplish the multistage penetration. The important lesson to draw from this attack is that hackers are no longer lone dissidents looking for a quick victory. This hack was probably the work of several groups, each of which had expertise in different areas. SONY PLAYSTATION NETWORK This was another high-profile attack that affected millions of people around the world. Like the RSA hack this penetration required extensive knowledge in several areas. The blogosphere suggests that the coalition that accomplished this hack might be from Russia (due to the database knowledge required) and that they were simply after account information that could be sold for ready cash. Perhaps they succeeded beyond their expectations. Before all the doors had been closed, the hackers gained access to the data in over 77 million on-line accounts. It is not clear that they were able to "steal" all that data. Downloading and storing data from 77 million accounts requires a lot of bandwidth and significant storage. But they probably did get a lot of credit card data and surely profited from it. The lesson here is that Sony spent a significant amount of time and resources to implement a database that could handle millions of customer accounts but did not use a trusted operating system (or did not configure those features) that allowed isolation of data and access. This error is easy to understand given the size and sophistication of the Playstation network. Sony had to shutter the on-line gaming service for a period of time to fix the holes and is still fighting demands for various forms of compensation from former customers. BARRACUDA NETWORKS This hack was more amusing than instructional. (It is amusing to us; certainly not to Barracuda Networks.) Still there are a few lessons that can be taken from this. Barracuda Networks is a developer of firewalls, web and spam filters and is generally considered to provide "pretty good" security for its customers. Not surprisingly, Barracuda Networks used its own products to protect its internal networks. Using a well-known "SQL injection" technique, hackers successfully accessed the Barracuda Networks Sales and Marketing Department database which stored sales leads, marketing data and other sensitive information. So the hackers breeched the Barracuda Networks firewall? No, that was not necessary: the firewall was off-line for an upgrade when the network was compromised. So that means the hackers were really lucky and struck at exactly the opportune moment? Or perhaps they had inside knowledge? Of course, either of those situations is possible. But more than likely it was simply the case that hackers were probing the network all the time, continuously. Once the firewall was off-line, the door was open and they were able to access things easily. This simple hack illustrates two important issues: first, with external, perimeter-based security, it is best not to leave the gate unlocked. This might be called single point security and that allows for the possibility of single point failure. Second, hacking is not a "sometime" activity; it is continuous. Many studies have concluded that once a device is placed on-line, hacking probes begin almost immediately and they continue. CITIGROUP Citigroup is one of the largest global banks in the world. As such they are surely a prime target for a wide variety of hackers - after all, that is where the money is. This hack, while extremely successful, was simple and straight-forward. The hack was successful in that the hackers accessed and probably downloaded the information from at least 200,000 accounts. This account data included names, passwords and transaction information - all valuable data if you are looking to sell the information either above ground (to "legitimate" marketing research organizations) or below ground (for identity theft). The hacking team exploited a simple flaw in Java that allowed them once they had access to a single account - to jump from one account to another. It was a brute force method but it was effective. Again, with no internal controls, once the flaw was discovered, all the doors were open. Citigroup has thus far avoided releasing details of the hack. THE F35 JOINT STRIKE FIGHTER This is the hack that illustrates the current state of data hacking. The F35 is a military aircraft that has been developed by a coalition of countries. It employees highly advanced technology and sophisticated computer controls and data gathering. In fact it has been called a "mainframe with a jet engine". It reportedly flies with 7.5 million lines of code aboard. That is one reason that this weapons system is the most expensive development ever undertaken by the U.S. military. Again, this hack required multiple hacking techniques, extensive expertise in several different areas, and the will to devote large amounts of resources to obtain this information. Clearly, this was the work of sovereign hackers rather than rogue programmers looking to sell credit card information. LockheedMartin is the prime contractor although several other contractors and countries are integral to the development. LockheedMartin employed numerous industry-standard security technologies. Still, the data system was hacked and the thieves spies in this case - obtained very specific data on the actual realtime performance, performance specifications, maintenance data, and weapons capabilities. Of course, when the plane is airborne it is not connect to any networks (for the most part; there is communication between the plane and ground stations in several modes). This was not generalized data that was obtained; the data was specific to each aircraft and flight and came from data downloaded after each flight. The hackers apparently had access to this data for at least two years before the breech was discovered. Apparently this hack was accomplished by compromising one of the contractor's networks which had access to the primary data network. LockheedMartin shut down all access to their network but clearly, the damage had already been done. Could the hackers have gained physical control of the aircraft and caused it to attack the wrong target? Could they cause it to simply crash? Neither possibility seems that remote. Simply installing rouge code that executed at the proper time - say once engine RPM exceed a set value - could easily cause some subsystem aboard the plane to malfunction. Clearly, this appears to be an early skirmish in cyber warfare. If you are comfortable in your efforts securing your network, if are able to sleep soundly, confident that all the doors are locked, wake up. If someone can hack a weapon system development such as the F35, which has access to all the most sophisticated security technology, most anything can be hacked. All it takes are the resources and will. www.pliroforiki.org | 21 BASIC SECURITY It is possible to thwart most threats to your system by employing the basic foundations of security. Of course, it would be nice to have a "silver bullet" - a single device or technique that guaranteed your network could not be hacked (at least by ordinary hackers). Since that silver bullet is not yet available we have to return to the basics: authentication, encryption, and a trusted operating system. Authentication means that you know who is at the end of the wire, who is requesting access, who you can trust. Most authentication systems use very simple - and very untrustworthy - techniques for identifying users for convenience. A simple password is easy to hack and Windows will even remember it for you. That often means that physical access to a machine is equivalent to access to the network. A true three factor authentication system is required. Three factors mean that you are identified by something you have (the RSA token for example), and something you are (a fingerprint or iris scan), and something you know (the one-time password). We have seen that with two factor authentication, once the token is hacked, access is easy. So the factors must be very difficult to compromise. For example most fingerprint readers rely on a central database to store the fingerprint signatures. If that database is hacked, a fingerprint reader is useless. Encryption is often touted as the ultimate solution to all data security. In mathematics vernacular we would say that encryption is necessary but not sufficient. Data should be encrypted both while in storage and during transmission. But the data must be decrypted to be useful and encryption does not help prevent hacking. A trusted operating system (a TOS) is the only way to ensure that the damage done by a hacker is controlled or limited. Notice that I did not say that a TOS could not be hacked; any system can be hacked. But a TOS gives you control over a number of things that allow you to limit access to very specific data and prevent data from "migrating" from one sensitivity level to another. It is a powerful tool in the ongoing hacking arms race. The concepts that are embodied in a TOS were developed over 30 years ago and have remained constant and useful since that time. Therefore we will not belabor the features of a TOS here; they are probably already familiar to most system administrators. In summary the advantages of a TOS are due to features that allow fine-grained control of access to resources, and provide compartmentalization, privilege assignment, and role assignment. Implementing and configuring a TOS is a complex and difficult task. It also imposes additional overhead - sometimes significant 22 | www.pliroforiki.org overhead - on normal administrative tasks. Hence, many administrators avoid dealing with a TOS, apparently hoping that combinations of other security technologies will be sufficient. The evidence weighs heavy against that position. CONCLUSIONS Given the above analysis and observations, it is impossible to avoid the conclusion that there is cyber warfare under way between many sovereign hacking groups. Unfortunately, the techniques and sophistication used by theses sovereign hacking groups has migrated out into the old world of hacking for fun and profit - now mostly hacking for profit. This means that everyone is subject to significantly increased risks of their network being violated. It is time to upgrade to Security 2.0. Security 2.0 means that security must be designed into the basic system architecture. It cannot be added on. You must use a trusted operating system that has the capability to isolate compartments and control root privileges. Finally, it means that you are absolutely sure who is accessing your system by using true three factor authentication. In the past it was acceptable to address threats as uncommon events that had atypical signatures or unusual patterns. This allowed security devices to "watch" for these odd occurrences and interdict them or at least protect against them. Security 2.0 must be "holistic" and address the fact that threats are no longer characterized by simple errant signatures; the entire system must be part of the protection mechanism. Security 2.0 must also be agile - it must protect against new attack vectors that were not anticipated when the system was designed. It must also allow for quickly and efficiently adding and removing access or access levels as needs change. Finally, it must be pervasive in that it must address threats from "end to end" of the system. This means that data stored in the network operating center is protected and the data collection and access systems at the "end of the wire" can also be trusted. Viewing your network architecture and security in the Security 2.0 model and implementing these principals has another benefit: it will allow you to once again sleep soundly at night. AUTHOR Dr Jones is the recent Chief Executive Officer and President of Argus Systems Group. Argus Systems Group is the developer of PitBull trusted operating system currently sold by IBM as Trusted AIX. Dr Jones was a founding member of Open Prairie Ventures where he evaluated business plans and potential investments. He was also the lead investor when Open Prairie acquired the assets of Argus. Dr Jones has been the founder and operator of several new technology business and taught technology commercialization and other subjects at the University of Illinois. Dr Jones received his PhD from the University of Alabama in Physics (1975), an MBA from the University of Illinois (1978), and a BS and MS in Physics and Math from the University of Alabama (1965, 1972). www.pliroforiki.org | 23 THE FUTURE OF INFORMATION SECURITY: NEW PRIORITIES, NEW SKILLS AND NEW TECHNOLOGIES David Lacey The business environment of the future will be very different from Today’s. Boundaries between organisations and between personal and business computing will dissolve. Everyone and everything will be linked to the Internet. In order to survive these radical changes, organisations must embrace the uncertainty and the new risks this environment creates. This paper explores the impact of future trends and sets out a new agenda for the priorities, skills and technologies of information security managers. 24 | www.pliroforiki.org CHANGES IN THE BUSINESS AND TECHNOLOGY LANDSCAPES Digital networks are transforming organisations. This is a long term trend, as enterprises slowly evolve from a relatively static, mechanistic form demanded by the Industrial Age, to a more dynamic, adaptable style encouraged by the Information Age. Amongst other changes, there will be major differences in the nature of corporate governance and the location of business. Horizontal, peer-to-peer information flows will displace traditional, vertical, command-and-control flows, opening up new possibilities for external partnerships and virtual supply chains, but at the same time undermining the influence and authority of corporate policy and standards. The nature of wealth will also evolve as intellectual assets, such as ideas, know how, relationships and reputation become more valuable, requiring security to extend its traditional scope from safeguarding physical assets and data to protecting concepts, ability and transactions. Dynamic information flows will become more significant than static stocks of data as a generator of wealth, challenging the traditional role of security as a barrier to physical and electronic flows. At the same time, corporate boundaries will shift or dissolve, both between organisations and between personal and business computing. The increasing business use of mobile devices coupled with the introduction of cloud computing is already creating an environment in which the users have already left the building and the applications are following. In response, the focus of security management needs to change from securing private infrastructure towards influencing behaviour and managing external relationships. Virtualization is also transforming both the problem and solution spaces, changing the nature of the target and its attack vectors, and introducing new possibilities for security features. Examples of such technologies include servers that continuously refresh operating system software and client devices that enable the ringfenced use of multiple user personae. Cyberspace itself presents a different environment from a security perspective, as it creates a world that blends fact and fantasy, in which people feel anonymous and concealed, encouraging them to relax and feel less inhibition to explore dark, unacceptable subjects (such as pornography), or to be unusually hostile, rude and angry. Users can commit acts or reveal information that go beyond anything that might be contemplated in the physical world. And there are no disapproving glances in cyberspace to discourage inappropriate behaviour. TRENDS IN SECURITY THREATS The increasing value of information combined with the greater availability of knowledge and networking tools means that security threats will become increasingly strategic, professional and collaborative. Internal security threats will also increase with the inevitable growth in the reach and power of user access capabilities to corporate databases. Advanced persistent threats, such as those originating from aggressive intelligence services are long-term, sophisticated and well funded. The targets of these threats are likely to become broader and deeper, and they will inevitably progress beyond mere theft of intellectual property towards sabotage of competing commercial or national interests. Modern industrial supervisory control and data acquisition (SCADA) systems used to control industrial plants are powerful enough to destroy a plant, yet many have been built and operated with insufficient attention to security vulnerabilities. Many have external connections to enable remote maintenance. Offensive techniques are many and varied, including resonance, wear and surge attacks. Unfortunately, there are no quick or cheap fixes for vulnerable systems. This exposure will therefore be a growing concern for many years. External sourcing of services, fuelled by lower costs in developing countries, will introduce additional security risks from crime, espionage and corruption. In countries where the rule of law is not fully developed, greater attention to due diligence and relationship management will be necessary to mitigate the risk of deliberate breaches of contract. With less direct control of the supply chain, a greater degree of monitoring will be needed to maintain visibility of events and controls. Information has three major components: confidentiality, integrity and availability. But they are not equally addressed. In particular the integrity component is not sufficiently recognised, creating a growing exposure in a threat landscape that will increasingly seek to manipulate rather than steal corporate secrets. Networks provide opportunities for both accidental and deliberate attempts to distort data, whether through ‘Chinese whispers’ or deliberate. Indeed, the true nature of cyber warfare is more the art of illusion than the science of sabotage. A further challenge for security is the forthcoming “information Tsunami” created by the massive growth in data (up to 60% per year) which enables growing numbers of people to have greater access to even more data. Cloud computing enables much larger volumes of data to be stored and processed, resulting in www.pliroforiki.org | 25 increasing citizen concern about stored data and an inevitable breakdown in manual security practices. events, and by spending less time on specifying security controls and more on persuading other people to address security. In the short and medium term there will also be an enhanced threat of system and infrastructure outages during the next few years as solar activity is forecast to peak massively between 2012 and 2015, potentially threatening electricity supplies and taking out GPS and mobile communications. New or better skills are needed in supply chain leadership, though smarter due diligence, better contract development and more effective relationship management. Further skills are needed to influencing user or customer behaviour, through an appreciation of psychology and marketing techniques, and an ability to influence people across social networks. SHORTCOMINGS WITH EXISTING SECURITY MANAGEMENT METHODS To be fit for the future, information security management needs to begin by recognising and correcting its existing shortcomings. Security thinking and countermeasures have changed little in three decades despite a continuously evolving problem space. The current approach is rooted in industrial age ‘process’ thinking, rather than a real-time, improvisational response. Regulatory compliance discourages innovation, as it promotes established standards and discourages innovative emerging solutions. Security management has become more of a ‘tickbox’ compliance activity than a thoughtful, creative process. Few security managers today have sufficient time or incentive to address emerging risks when they are bogged down in paper trails of evidence to demonstrate compliance against hundreds of mandatory control objectives. Excessive copying of ‘best practices’ is also building a dangerous ‘monoculture’ that favours the attacker. Potential forms of attack can be quickly tested against a small range of standard security products which are likely to compromise the defensive perimeter for most organisations. CHANGES NEEDED TO MEET FUTURE CHALLENGES The future focus of security will be on assets that are external, mobile, global, intellectual, abstract, volatile, accelerating, diverse and complex. These are characteristic that information security management, in its existing form, will struggle to address. Against a stifling background of increasing legal and compliance demands, security practitioners must aim to adopt new priorities, new skills and new technologies to meet the challenges presented by this paradigm shift. Priorities need to change by placing less focus on safeguarding internal infrastructure and more on external supply chains, by focusing less on outstanding audit actions and more on real time 26 | www.pliroforiki.org Better strategic response skills are also required to manage incidents of increasing business impact on abstract intellectual assets such as reputation and legal standing. Practitioners will need to develop strategic crisis management skills, as well as an enhanced intelligence and investigation capability, supported by broader and deeper digital forensic skills. Greater use of technology will be required to support these new priorities and skills. Virtualisation is a powerful technology that transforms both the problem and solution spaces. Whether used at the client or server level it changes the nature of the attack surface and the potential attack vectors, as well as enabling multiple users, personae and operating systems to co-exist on a common platform. Cloud based security services also offer great potential by leveraging a much broader knowledge base of events and threats. Dashboard technology provides a catalyst for centralising previously disparate information feeds of security information, enabling greater intelligence and investigation capabilities to be developed through increased use of data mining, fusion and visualisation technologies. To be resistant to the more sophisticated attacks of the future, platforms and systems also need to be hardened to a much higher level of security. In practice this can be achieved by exploiting established but under-utilised security measures such as Microsoft’s Security Development Lifecycle (SDL) and the trusted computing standards and products developed by the Trusted Computing Group (TCG). Behind the scenes the TCG has been encouraging the roll out of Trusted Platform Modules (TPMs) in more than 500 million professional laptops and servers. This technology can be used for strong device authentication, encryption key management, trusted execution, multi-level security and secure health checking. It also enables control of the client device to be fully or partially transferred from the user to the organisation. Few of the above skills and technologies have been adopted or fully exploited by security practitioners. Partly this is because of ignorance, partly it is due to the absence of incentives to innovate, and partly it is because of a lack of creativity across the global security community. But the consequences of the new security threat landscape are challenging and inescapable. Unless we have the ambition to change the mindset, knowledge and skills of security practitioners the outlook for security will be bleak. AUTHOR Mr. David Lacey is a leading expert on information security and risk with more than 25 years experience of directing corporate policy and programmes for the UK Foreign & Commonwealth Office, Royal Dutch/Shell and the Royal Mail. David is a keen innovator and is responsible for developing many contemporary ideas and techniques. He was the creator of the body of text that is now ISO 27002, and the founder of the Jericho Forum. David is a now an independent researcher, writer and consultant, and the author of the books “Managing the Human Factor for Information Security” and “Managing Security in Outsourced and Offshored Environments”. He is a member of the Infosecurity Europe “Hall of Fame”. www.pliroforiki.org | 27 TO WHAT EXTEND IS THE TURING TEST STILL IMPORTANT? Christos Papademetriou The Turing Test, originally proposed as a simple operational definition of intelligence, has now been around for more than half a century. This paper chronicles some comments on Turing's classic article from its publication to the present. Within this context, the alternative versions of the Turing Test that were proposed in order to assess machine intelligence are discussed. zFinally, the question of whether the Turing Test is still important is considered. The conclusion reached is that the Turing Test has been, and will probably continue to be, a very influential, if controversial, mathematical model. 28 | www.pliroforiki.org INTRODUCTION The short and extraordinary life of the British mathematician Alan Turing identifies with the “beginning” of Artificial Intelligence (AI). In 1950 Alan Turing published his famous paper “Computing Machinery and Intelligence”. Since then, it has been a widely discussed topic. In that paper he described a method for humans to test AI programs. This project will examine to what extent the Turing Test (TT) is still important. In the first section of the project, the TT and some comments on that test will be analysed and the alternative versions of the TT will be discussed. Then, the question of whether the TT is still important is considered. In the final section, a conclusion is reached. The purpose of this paper is to analyse and show why the TT is historically significant and to what extent it is still important today. THE TURING TEST The TT was suggested by Alan Turing in 1950 (Mauldin, 1994). Alan Turing proposed an interactive test to replace the question “Can machines think?” this test has become known as the Turing Test and its validity for determining intelligence or thinking is still in question (Bradford, and Wollowski, 1994). Turing’s aim was to provide a method to assess whether a machine can think or not. He states at the beginning of his paper that the question “Can machines think?” is a highly ambiguous one. He attempts to transform this into a more concrete form by proposing what is called the Imitation Game (IG) (Turing, 1950, p.5). The game is played with a man (A), a woman (B) and an interrogator (C) whose gender is not important. The interrogator stays in the room apart from A and B. The main purpose of the interrogator is to determine which of the other two is the woman while the objective of both the man and the woman is to convince the interrogator that he/she is the woman and the other is not (Hodges, 1997). According to Turing (1950) the new agenda to be discussed, instead of the equivocal “Can machines think”" was “What will happen when a machine takes the part of A in this game? Will the interrogator decides wrongly as often when the game is played like this as he does when the game is played between a man and a woman?” (Turing, 1950, p.p.4-5). As is now generally understood, what the TT really tries to assess is the machine’s ability to imitate a human being, rather than its ability to simulate a woman. Most subsequent remarks on the TT ignore the gender issue and assume that the game is played between a machine (A), a human (B) and an interrogator (C). “In this version, C's aim is to determine which one of the two entities he/she is conversing with is the human” (Saygin, et al., 2000, p.3). If the interrogator is consistently unable to distinguish the person from the machine, the machine will be said to have passed the Test and will be said to be intelligent. SOME COMMENTS ON THE TURING TEST Gunderson (1964) clearly believed that passing the TT would not necessarily be a proof of real machine intelligence. Because of this, the test is based on a behaviouristic construal of thinking. He proposed that thinking is a very broad concept and that a machine passing the Imitation Game is merely exhibiting a single skill, artificial intelligence which is not human but made by human than the all-purpose abilities defined by thinking. Gunderson points out some important issues pertaining to Turing’s replacement question “Can machines think?”. He asks the question “Can rocks imitate?” and continues to describe the “toe-stepping-game” (Gunderson, 1964, p.62) in a way that is identical to the way Turing described his IG (Turing, 1950). Once again, the game is played between a man (A), a woman (B) and an interrogator (C). The interrogator’s aim is to distinguish between the man and the woman by the way his/her toe is stepped on. C stays in a room apart from the other two and cannot see or hear the toe-stepping counterparts. There is a small opening in the wall through which C can place his/her foot. The interrogator has to determine which one of the other two is the woman by the way his/her toe is stepped on. “Will the interrogator decide wrongly as often as when the game is played between a man and a woman?” (Gunderson, 1964, p.p.62-64). Further, Gunderson (Gunderson, 1964) claimed that playing the Imitation Game successfully could well be achieved in ways other than by thinking, without saying precisely what these other ways might be. According to French’s (2000) article, Stevenson (1976) writing a decade later when the difficulties with AI research had become clearer, criticized Gunderson’s single-skill objection, insisting that to play the game would require “a very large range of other properties” (French, 2000, p.5). Whitby (1997) states that the TT has become a distraction and he sees the main source as a mistaken reading of “Computing Machinery and Intelligence” (Turing, 1950). He is of the opinion that “Turing’s paper [has been] interpreted as a closer to an operational test than he himself intended” (Whitby, 1997, p.54) and that “the last thing needed by AI qua science is an operational definition of intelligence involving some sort of comparison with human beings” (Whitby, 1997, p.62). Taking a historical view, Whitby (1997, p.53) describe four phases in evolving interest in the TT: www.pliroforiki.org | 29 “1950 - 1966: A source of inspiration to all concerned with AI. 1966 - 1973: A distraction from some more promising avenues of AI research. 1973 - 1990: By now a source of distraction mainly to philosophers, rather than AI workers. 1990 onwards: Consigned to history”. ALTERNATIVE VERSIONS OF TURING TEST In this section, it is important to summarize some alternatives to the TT that were proposed in order to assess machine intelligence. HARNAD AND THE TTT Stevan Harnad’s main contribution to the TT debate has been the proposal of the Total Turing Test (TTT) an indistinguishability test that requires the machines to respond to all of our inputs rather just verbal ones. Clearly the candidate machine for the TTT is a robot with sensorimotor capabilities (Harnad, 1989; Harnad, 1991). Besides to the TTT, Harnad also mentions a Total Total Turing Test (TTTT) which requires neuromolecular indistinguishability. But, this more stringent version of the TT, will not be necessary, according to Harnad. If we know how to make a robot that can pass the TTT, he says, we will have solved all the problems pertaining to mind-modelling. However, neural data might be used as clues about how to pass the TTT (Harnad, 1991). Harnad, thinks TTTT much as a scientist can ask, for empirical story ends there (Harnad, 2000), but he does not think that we have to “go that far”. THE INVERTED TURING TEST Recently, Stuart Watt has proposed the Inverted Turing Test (ITT) (Watt, 1996). Watts believes that the TT is inseparable from “naive psychology1” because in order to pass the TT, a machine must convince the interrogator of that which is in its mind. He calls naive psychology “the psychological solution to the philosophical problem” (Watt, 1996). Watt’s ITT requires that machine be able to prove its human-ness by exercising naive psychology. In particular, should exhibits that its power discrimination is indistinguishable from that of the human judge in the TT. No doubt, the TT is literally inverted and a system passes [the ITT] if it is itself unable to differentiate between 2 person or among a human and an engine that can pass the standard TT, but which can separate between a human and an engine that can be told apart by a normal TT with a human observer (Watt, 1996). French (1996) uses the technique of a “Human Subcognitive Profile” that, can show that a mindless program using the Profile could pass this variant of the TT. Ford and Hayes (1996) renew their appeal to reject particular test as any kind of meaningful yardstick for AI. Collins (1997) suggests his own type of test, the Editing Test based on the skilful way in which humans ‘repair’ deficiencies in speech, written texts and handwriting, for example, and the breakdown of computers to accomplish the same interpretative competence. Short passages of typed text are quite sensible to reveal interpretative asymmetry, and that’s why a Turing-like test, turning on the differential ability to sub-edit such short passages, is enough to expose whether the profound problem of AI has been solved (Collins, 1997). THE TRULY TOTAL TURING TEST In their article “The Turing Test: 50 Years Later” Saygin, et al. (2000, p.26) mentioned that very recently, Schweizer (1998) proposed the “Truly Total Turing Test” (TRTTT). Schweizer (1998) believes even Hamad’s TTT to be an insufficient test for intelligence. Before he proposes the TRTTT, Schweizer states his own opinions about the adequacy of behavioural criteria. He views such tests as “dealing with evidence for intelligence but not as constitutive or definitional” (Schweizer, 1998, p.264). In the Truly Total Turing Test, robots as a race should be able to invent languages, build a society and achieve results in science, for example, similar to the human race (Schweizer, 1998). LOEBNER PRIZE Will machines ever be able to think of their own will? And will we be able to tell if and when they do? Pondering these questions in 1950, the British mathematician Alan Turing came up with a simple solution of settling the matter. Every year since 1991, computer programmers have competed for the Loebner’s prize of $100,0002 and a gold medal. The winner will be the first program that will pass an unrestricted TT (Shieber, 1994). One of the aims of the Loebner competition, as Loebner states, is to advance the field of artificial intelligence (http://www.loebner.net). Few serious scholars of the TT take this competition seriously and Minsky has even publicly offered $100 1. Basically the term given to the natural human tendency and ability to ascribe mental states to others and to themselves. (Watt, 1996) 2. Now Loebner requires that this program should also be able to process audio/visual input. 30 | www.pliroforiki.org for anyone who can convince Loebner to put an end to the competition (Shieber, 1994). RAY KURZWEIL VERSUS MITCHELL D. KAPOR The Long Bets Foundation, a non-profit group founded by two long-time Silicon Valley gadflies, Stewart Brand and Kevin Kelly, started an online forum in year 2002 for those willing to put their money, and reputations, behind their speculation. (Zipern, 2002). Ray Kurzweil, an artificial intelligence expert, bet Mitchell D. Kapor, the founder of Lotus Development that by 2029 (a computer) or (machine intelligence) will pass the TT, which states that artificial intelligence will be proved when a machine’s conversation can be mistaken for a person’s. Each man wagered $10,000 of his own money (Wired Magazine, 2002). IS TURING TEST STILL IMPORTANT? It is obvious that 60 years after the original paper about TT, this test is still important even now. Asseveration of that, are the Loebner competition and the bet between Ray Kurzweil and Mitchell D. Kapor. Furthermore, in almost all the articles about TT that were written between 1950 and 2003, there is the assertion that over the coming years, the researchers will try to produce a machine capable of in order to passing the TT. We are in the year 2011 but what has really been done of passing the TT? According to Saygin, et al. (2000, p.34) “over the years, many natural language systems have been developed with different purposes, including that of carrying out conversations with human users3. These systems chat with people on the WWW, play MUDs4, give information about specific topics, tell stories, and enter TT competitions. However, none has been able to pass the TT so far”. LIST OF REFERENCES French (2000, p.3) believes that in 300 years’ time people will still be discussing the point of view raised by Turing in his paper. It could even be argued that the TT will take on an even greater importance several centuries in the future when it might provide a moral yardstick in a world where machinery will move around much as we do, will use normal language, and will act together with humans in ways that are almost beyond belief today. In short, one of the questions in front of future generations may well be, To what extent do machines have to act like humans before it becomes immoral to damage or destroy them?- And the very real meaning of the TT is our decision of how well machines act like humans. French’s thesis suggests convincingly why the TT is still valid today. CONCLUSION Alan Turing was a remarkable man. His ideas in computing and machinery have helped developed the world into what it is today. He did much influential break through work in getting people to think about Artificial Intelligence. As a result of the above discussion the general conclusion can be made that after 60 years of the original paper about the TT it is still important. It is possible that the TT will remain important until the time that somebody creates a machine which will pass the TT. A machine that must have the ability to think and react as the human brain does. As a final remark, it is better to agree with the words of French that “The TT will remain important, not only as a landmark in a history of the development of intelligent machines, but also with real relevance of future generations of people living in a world in which the cognitive capacities of machines will be vastly greater than they are now” (French 2000, p.l). French, R.M. (1996a) “The Inverted Turing Test: How a Mindless Program Could Pass It”. Psychology, 7(39). Bradford, P.G. and Wollowski, M. (1994) A Formalisation of the Turing Test, Department of Computer and Science, Indiana University. French, R.M. (2000b) “The Turing Test: The First Fifty Years”, Trends in Cognitive Sciences, 4(3): 115-121. Collins, ∏. M. (1997) “The Editing Test for the Deep Problem of AI”, Psychology. 8(01). Gunderson (1964) “The Imitation Game”, In: Anderson, A.R., ed., Minds and Machines, London: Prentice-Hall, (1964) p.p. 60-71. Ford K.M. and Hayes, P.J. (1996) “The Turing Test is Just as bad When Inverted”, Psychology, 7(43). Harnad, S. (1989) “Minds, Machines and Searle”, Journal of Experimental and Theoretical Artificial Intelligence, (1): 5-25. 3. Such systems are usually called language understanding/generation systems, conversation agents, or simply chatbots. 4. Multi-User-Dungeons. These are games played interactively on the Internet by multiple players. www.pliroforiki.org | 31 Harnad, S. (1991) “Other Bodies, Other Minds: A Machine Incarnation of an Old Philosophical problem”, Minds, and Machines, (1): 43-54. Harnad, S. (2000) “Turing Indistinguishability and the Blind Watchmaker”. In: Fetzer, J. & Mulhauser, G. (eds.) Evolving Consciousness, Amsterdam: John Benjamins (in press) Hodges, A. (1997) Turing, Phoenix: London. Mauidin, M.L. (1994) Chatterbots, Tinymuds, and the Turing Test: Entering the Loebner Prize Competition, Carnegie Mellon University [online]. Available at: <http://www.lazytd.com/lti/pub/aaai94.html> [20 August 2010] Saygin, A.P., Cicekli, I., and Akman, V. (2000) “Turing Test: 50 Years Later”, Minds and Machines, 10(4). Schweizer, P. (1998) “The Truly Total Turing Test”, Minds and Machines, 8: 263-272. Shieber, S.M. (1994) “Lessons from Restricted Turing Test”, Communications of the Association for Computing; Machinery, 37: 70-78. AUTHOR Christos Papademetriou a native of Pafos, teaches at the University of Neapolis in Pafos. He obtained a BSc (Hons) in Accounting and Business (2001) and MA in International Management (2002) from the University of Sunderland and a BSc (Hons) in Computing from the University of Portsmouth. At the moment, he is in the final year of his doctorate in Social Sciences at University of Leicester. 32 | www.pliroforiki.org Stevenson, J. (1976) “On the imitation game”, Philosophia, 6: 131-133 Turing, A. (1950) “Computing Machinery and Intelligence”, In: Anderson, A.R., ed., Minds and Machines, London: Prentice-Hall, (1964) 4-30. Wired Magazine (2002) “A computer will pass the Turing test by 2029”, Wired Magazine, Issue 10.05 Watt, S. (1996) "Naive Psychology and the Inverted Turing Test", Psycoloquy, 7(14). Whitby, B. (1997) “Why The Turing Test is AI's Biggest Blind Alley” 53-63 [online]. Available at: <http://www.cogs.susx.ac.uk/users/blayw/tt.html> [ 24 August 2010] Zipem, A. (2002) “Compressed Data; On a Futurists' Forum, Money Backs Up Predictions”, The New York Times. <http://www.loebner.net > [20 August 2010] <http://www.macrovu.com/CCTMap2DetailPlayers.html> [22 August 2010] <http://www.macrovu.com/CCTMap2.html> [ 18 August 2010] THE ROLE OF EFFECTIVE PROJECT MANAGEMENT IN PROJECT SUCCESS: IDENTIFYING SUCCESS CRITERIA & THE CRITICAL SUCCESS FACTORS Andreas Solomou, Kyriakos E. Georgiou “The use of project and teams has modified the theory and practice of management” (Cleland, Bursic, Puerzer, & Vlasak, 1998, p. ix) as organizations’ strive to achieve excellence through optimal management of their resources. Early research acknow-ledged that Project Management (PM) is the most efficient way of managing complex initiatives as opposed to traditional methods of management (Avots, 1969). PM has evolved over the past forty years through extensive research, has become a discipline and Structured PM Methodologies have been developed to help organisations manage complex projects in volatile environments. However project failure rate re-mains relatively high and actual Project Success appears to be trivial for researchers and academics. This paper, a first of two, contributes to the body of knowledge on PM theory and practice. The objective of the proposed research is to answer specific questions which will help to identify the link between the effective use of project man-agement and project success. Nowadays, it appears that the PM success criteria have moved beyond the “iron triangle” (Atkinson, 1999, p. 338) to include the “soft systems” involved in PM. Furthermore, recent research has identified critical success factors for which limited research has been done (Georgiou K., 2010). These already identified success criteria and factors will provide the basis of the proposed research. www.pliroforiki.org | 33 INTRODUCTION Project Management (PM) is becoming increasingly a strategic competence for organisations. Recent research has identified that a significant number of organisations are changing their structure from the pure functional form towards more projectised or mixed forms. The volatile business environment (Eizenhardt, 1989) and the competing forces require optimal management of resources in order to balance requirements against cost. “Organisations are under pressure to develop and execute innovative business strategies and projects” (Srivannaboon & Milosevic, 2006, p. 493) and “in order to introduce change they need the disciplines inherent in formal PM” (Kay, 2010, p. 14). PM was initially used in military projects and construction engineering. However, PM evolution was swift and today it is widely used not only in “traditional sectors” but also in sectors where the project deliverables are intangible. PM is employed in sectors which have not only high technical requirements but also demand extensive managerial interaction, such as change management (Lehmann, 2010), information management and information systems. The diverse nature and complexity of these projects has rendered the use of PM imperative. Existing research is restricted within mainly the field of project management (Kwak & Anbari, 2009, p. 435). However, recently there is increasing interest to investigate the relationship of PM and project success in diverse disciplines, especially from the management perspective (Kwak & Anbari, 2009, p. 435). During the past forty years the importance of Project Management has been increasingly acknowledged (Kerzner, 2006, p. 35) and PM is now established as an important discipline in business management. Beyond the research regarding successful project management, extensive research exists in relation to Project Management schooling. There is an ongoing debate to identify the knowledge and skills which project managers must possess in order to be able to successfully cope with “the increasing level of complexity, chaos and uncertainty in project environments” (Thomas & Mengel, 2008). Scope Schedule Constrain? Quality Budget Risk Resources Constrain? Constrain? Figure 1: The Project Triangle of Constrains (Adopted from PMI, 2008) 34 | www.pliroforiki.org The extensive use of PM in the organisations let to the need to develop a specific methodology in order to have a “single, common structured method” (McHugh & Hogan, 2010) to manage projects. A PM Methodology is a structured approach for delivering a project and it consists of a set of processes with clearly defined inputs and outputs, tools & techniques, resources and activities (Turner, 2000 cited in McHugh & Hogan, 2010, p.2). Among other objectives of the project management is the use of the existing organisational structure and resources to deliver results without adversely disturbing the routine operations of the company (Munns & Bjeirmi, 1996, p. 81) . A structured methodology assists organisations to minimise impact on the daily activities of the organisation, streamlines project objectives with organisation’s strategy and minimises resistance to change (Kerzner, 2010). Organisations until recently developed their own PM methodologies according to the specific nature and characteristics of each project. However, the increasing number of projects and their diversity forced organisations to acknowledge the importance and versatility of structured PM methodologies. These methodologies are flexible and can be tailored to any project type irrespectively of the nature of its deliverables. According to these methodologies a project is completed in one or more phases which can be sequential, overlapping or iterative and each phase is comprised of processes (Figure 2). Each process has a number of knowledge areas with specific inputs, tools and techniques and outputs (PMI, 2008) upon which the organisation relies at any given point during the project to evaluate the project progress and ultimately its successful implementation. Another important aspect of these methodologies is the “Organisational Assets” (PMI, 2008); A process with which organisations build a database with past projects’ experiences and represents an important point of reference for future projects. A number of PM Methodologies exist (Cook-Davis, 2002, p. 185), however the two most acknowledged are the Projects in Controlled Environments (PRINCE2) developed by the UK Office of Government Commerce and Project Management Body of Knowledge (PMBoK) developed by the Project Management Institute (PMI) in the United States (US). The majority of organisations today are using the above methodologies and require that their project managers are certified by the respective organisations. 1. PRELIMINARY LITERATURE REVIEW The first objective of the literature review will be to define Project Success. Oxford Dictionary defines success as “the gaining of what is aimed” (Hornby, Cowie, & Gimson). Chan & Chan (Key Performance Indicators for Measuring Construction Success, 2004) argue that certain criteria are essential in order to measure project success. Oxford Dictionary defines a criterion as “a standard or principal by which something is measured for value” (Hornby, Cowie, & Gimson). If these terms are combined together, then the criteria of project success can be defined as a “set of principles or standards by which favourable outcomes can be completed within a set specification” (Chan & Chan, 2004, p. 204). It appears that project success has been trivial to researchers. As Tuman (1986, cited in Baccarini, 1999) identified, there is a diverse mix of the stakeholders in a project therefore a much wider range of needs, concerns and issues must be addressed in order to assess a project’s success. Shenhar et al. (1997, p. 5) and Shenhar et al. (2001, p. 702) argue that success of a project is perceived in a different way by each stakeholder. Therefore they suggest a distinction between two different types of projects in order to assess project success: operationally managed projects and strategically managed projects. Similarly to other researchers they perceive project success as a multidimensional concept comprising of three major dimensions as presented in Figure 2. The three dimensions of Project success (Adopted from Shenhar, 2001). Researchers like De Wit (Measuring Project Success, 1988), Nicholas (1989, - cited in Bjeirmi, 1996, p. 83) and (Cook-Davis, 2002) make a distinction between project success and project management success. Cook-Davis (The "Real" Success Factors on Projects, 2002) goes one step further to make another distinction between success criteria and success factors (Figure 4). “Project success is measured against the overall objectives of the project while project management success is measured against the widespread and traditional measures of performance against cost, time and quality” (Cook-Davis, 2002). www.pliroforiki.org | 35 Figure 2: The three dimensions of Project success (Adopted from Shenhar, 2001) Performance Measurments Project Objectives measurments Project Success Project Managment Success Success Factors Success Criteria Measures by which a project or a business will be judged Inputs to management system that lead to success Figure 3: The success components according to Cook-Davis (2002) 36 | www.pliroforiki.org Figure 4: The scope of success in the project life cycle (Munns & Bjeirmi, 1996, p. 85) Figure 4: The scope of success in the project life cycle (Munns & Bjeirmi, 1996, p. 85) Munns & Bjeirmi (1996, p. 82) argue that the outcome of a project (product, service, result) exists for a varying period according to the nature of the project. Therefore the focus of project management is distinct from that of the project because of its short-term use until delivery of the final product as opposed to the product itself that has long-term effects (Figure 5). Baccarini (1999) identifies two distinct components of success, the product success and the PM success and uses the Logical Framework Method (LFM)1 to define Project Success (Figure 6). Each component is further divided into subcomponents and assessed separately. “LFM uses a top-down approach to formulate an hierarchy of project objectives such that, at any given level, the lower objectives are the means to satisfying the next higher level of objectives” (Baccarini, 1999). Yu et al. (2005) did an extensive review of existing literature and have concluded that two different approaches exist in the quest for assessing project success: the product-oriented approach and the value-centred approach. The researchers identified weaknesses in the product oriented approach which emphasises on the traditional criteria of cost, time and quality; therefore they focused on the value-centred approach. This approach consists of two key concepts: Net Project Execution Cost (NPEC) and Net 1. The LFM was developed by the American Aid Association to improve the management of development projects (Baccarini, 1999) www.pliroforiki.org | 37 Product Operation Value (NPOV). The researchers argue that this approach addresses inadequacies of other methods or models used to assess project success. However the NPEC and NPOV concepts are complex, difficult to measure and have not been either evaluated or established yet. Researchers also argue that the definition of project success is directly related to the nature of the project and the success criteria set for the specific project. Furthermore there is a clear distinction between Success Criteria and Critical Success Factors that will be discussed in the next section. However, there is evidently no consensus among researchers on a clear-cut definition of project success and a multitude of definitions exist based on the perspective each researcher adopts. It is suggested that the valuecentred proposition by Maude and Willis (1991, cited in Yu et al., 2005) that “software development projects are be said to fail if, for whatever reason, it would have been more economic not to have run the project at all” is more appropriate for this research which will focus on Information Management and Information Systems. Chan & Chan (2004, p. 204) did an extensive review of the late 1980’ and early 1990’s literature and concluded that the basic criteria to measure project success are time, cost and quality. However, Westervel (2003) argues that “perceiving project success as the compliance with time, cost and quality constraints appears to be a narrow view” in relation to the size, uniqueness and complexity of each project. He developed a “Project Excellence Model” (Figure 7) based on the EFQM-model with the purpose to link Project Success Criteria and Critical Success Factors. “The EFQM Excellence Model (Figure 8) was developed in 1988 and is a non-prescriptive - practical management framework used by over thirty thousand organisations” that enables organisations, irrespectively of their size, structure or maturity, to “develop sustainable excellence” (EFQM, 2011). The researcher argues that Project success criteria are linked with the “Results Areas” and the Critical Success Factors with the “Organisational Areas”. His model suggests a universal clustering of criteria and a definition of six organisational areas where critical success factors can be studied. The assessment of project success is enabled by linking Success Criteria and Critical Success Factors (Westerveld, 2003, p. 415). 1.1. Project Success Criteria and the Critical Success Factors It is important for the purpose of the research to identify and distinguish the Project Success Criteria and Project Critical Success Factors within the existing literature and isolate those which are more frequently mentioned. These will be used within the context of the research. Figure 2 the Project Excellence Model developed by Westervel (The Project Excellence Model: Linking Success Criteria and Critical Success Factors, 2003) 38 | www.pliroforiki.org Figure 3 the Graphical representation of the EFQM-Model of Excellence (EFQM, 2011) The preliminary literature review has revealed that there is extensive research on critical success factors and a plethora of such factors have been already identified. Cook-Davis (2002) uses a different approach from other researchers on the quest for defining project success factors. His research identifies three questions the answer of which will identify the critical factors that lead to successful projects: a) What factors are critical to project management success? b) What factors are critical to success on an individual project? c) What factors lead to consistently successful projects? The specific research identified twelve “real”2 success factors (Table 1) that derived from either hard data or from “softer evidence”. Kanter & Walsh (2004) argue that an “organisation’s ability to develop and implement projects depends on the organisation’s skills and experience, its track record, the management climate and the specific project”. Their research focused on Information Technology organisations and was facilitated through two subsequent workshops, each attended by the same thirty project managers. The research identified five project success factors upon which further study is required (Table 2). Milosevic & Patanakul (2005) drawing on Brown & Eisenhardt’s (1989), Eisenhardt’s (1997) and Lengnick-Hall & Wolff (1999) work on critical success factors in high velocity markets, developed an empirical research to address two questions: 1. What are the major factors in standardised project management efforts on the organisational project management level? 2. What standardised project management factors on the organisational project management level are of interest because they may impact project success? Further to these questions the researchers made a series of hypotheses in relation to standardised project management. However, their research did not focused on the internationallyacknowledged project management methodologies but rather on project management methodologies developed by the organisations under study. One of the most comprehensive researches on critical success factors is that of Fortune & White (2006). The researchers have used the “Formal System Model” across sixty-three publications since the 1960’s and have identified at least twenty-seven factors. These are ranked by the number of citation the author of the publication has received. A list of the more prominent factors is presented in a comprehensive table in Appendix 2 and will be used as a basis for the research. 2. The researcher uses the term “real” as the results of his research derived from an empirical research. www.pliroforiki.org | 39 Q.1: What factors are critical to project management success 1. Adequacy of company-wide education on the concepts of risk management 2. Maturity of an organisation’s processes for assigning ownership of risks 3. Adequacy with which a visible risk register is maintained 4. Adequacy of an up-to-date risk management plan 5. Adequacy of documentation of organisational responsibilities on the project 6. Keep project (or project stage duration) as far below three years as possible (1 year is considered to be better) 7. Allow changes to scope only through a mature scope change control process 8. Maintain the integrity of the performance measurement baseline Q.2: What factors are critical to success on an individual project 9. The existence of an effective benefits delivery and management process that involves the mutual co-operation of project management and line management functions Q.3: What factors lead to consistently successful projects 10. Organisations Portfolio and programme management practices 11. The quality of set of metrics (both for performance and success) used by the organisation 12. An effective means of “learning form experience” Table 1 the twelve “real” success factors on projects (Cook-Davis, 2002) 1. Define and promulgate functional requirements and control changes 2. Develop realistic project schedules 3. Match skills to needs at the proper time 4. Know and respond to the real status of the project 5. Establish and control the performance of the contractors Table 2 the five project success factors that drew consensus in Kanter & Walsh’s (2004) research 40 | www.pliroforiki.org 1.2. The Critical Success Factors of projects within the Cyprus Business & Economic Environment All critical success factors identified in the literature will be surveyed; however more weight will be placed upon those factors that are more relevant to the Cypriot business environment and specifically to the Information Management Sector. The proposed research will take place among professionals that participate in Information Management/Information Management Systems’ related projects. Due to the particularity of the business environment and the influence of culture it appears that there are critical success factors (Georgiou K. , 2011) other than those identified in the preliminary literature review and the research will try to identify them. Cyprus’ economy heavily depends on the services sector and Cyprus is becoming an internationally acknowledged centre offering high quality services, especially banking services. Such services demand the implementation of complex Information Management Systems and there is an increasing need to manage these projects. At the same time though, PM knowledge, skills and experience are practically non-existent and basic project success criteria are neglected. A frequent example of this inexperience is the initiation of Projects without a Project OwnerSponsor or Champion (Georgiou K. , 2011). In a recent research within a large service organisation Georgiou & Georgiou (2010, p. 27) have identified Project Management to be “vital to the implementation success” of an Enterprise Resource Planning System (ERP), but more significantly that “the collection and analysis of the requirements of users to be as a critical success factor for which limited and insignificant research” exists (Georgiou & Georgiou, 2010, p. 28). Additionally, the researchers identified communication and top management support to have a catalytic role in the success of the project. Although the researchers make a clear distinction between these key factors in the specific case study, there is a strong connection between them. According to PMI project “Planning Process Group”, within the “Scope” knowledge area (Appendix 3) the most important process is to “Collect Requirements” (PMI, 2008, p. 43). The predecessor of the specific process in the “Initiating Process Group” is “Identify Stakeholders”. According to PMI (A Guide to the Project Management Body of Knowledge, 2008) “Identify stake-holders” is a process that belongs to the knowledge area of “Communication” (Appendix 3) which is considered one of the most important areas of the specific methodology. Several authors such as Lanning (2001), Loonam & McDonagh, Bhatti (2005) and Mabert, Soni & Vankataramanan (cited in Georgiou & Georgiou, 2010, p.29) have identified “Communication” as a critical success factor in the implementation of such information systems, while Brown (2007, cited in Georgiou & Georgiou. 2010) rank “Communication” as the second most critical area in implementation and especially important in the adoption phase when introducing new information technology in organisations. Several other critical success factors identified by Georgiou & Georgiou (2010) have a direct or indirect relationship with project management and project management methodologies. The proposed research will build on the specific research focusing on “requirements management” through the context of PM methodologies. Recent research reveals that “technical Project Management Tools and Methods are so developed and widely used that now it is time to turn the focus on developing leadership skills” (Hyvari, 2006, p. 223). This is a challenging field where indepth research is required and the propose research will touch. From the preliminary literature review it appears that there is significant research in regards to the Project Success, Project Success Criteria and the Critical Success Factors of Projects. It appears though that there is gap as to the type and impact of project methodologies that organisations are using to manage their projects and to what extent these methodologies are customised to achieve the desired results. Further to the impact of project management methodologies though the proposed research will try to identify those factors that are part of project management methodologies and are the key success factors of projects and are related to the Information Management/Information Systems sector in Cyprus. www.pliroforiki.org | 41 REFERENCES Atkinson, R. (1999). Project Managment: Cost, Time and Quality, Two Best Guesses and a Phenomenon, its Time to Accept other Success Criteria. International Journal of Project Management, 17 (6), 337-342. Avots, I. (1969). Why does Project Management Fails. California Management Review, 12 (1), 77-82. Baccarini, D. (1999). The Logical Framework Method for Defining Project Success. Project Management Journal, 30 (4), 25-32. Chan, A. P., & Chan, A. P. (2004). Key Performance Indicators for Measuring Construction Success. Benchmarking: An International Journal, 11 (2), 203-221. Cleland, D. I., Bursic, K. M., Puerzer, R., & Vlasak, Y. A. (Eds.). (1998). Project Management Case Book. Project Management Institute. Cook-Davis, T. (2002). The "Real" Success Factors on Projects. International Journal of Project Management, 20 (3), 185-190. Cryer, P. (2006). The Research Student's Guide to Success (3rd Edition ed.). Berkshire, United Kingdom: Open University Press & McGraw-Hill Education. Dawkins, R. (1989). Chapter 11 - Memes: the new replicators. In The Selfish Gene (2nd Edition ed., pp. 189-201). New York: Oxford University Press. De Wit, A. (1988). Measuring Project Success. International Journal of Project Management, 6 (3), 164-170. EFQM. (2011). EFQM Excellence Model. Retrieved March 29, 2011, from EFQM: http://www.efqm.org/en/tabid/132/default.aspx Eizenhardt, K. M. (1989). Making Fast Strategic Decisions in HighVelocity Environments. Academy of Management Journal, 32 (3), 543-576. Fortune, J., & White, D. (2006). Framing of Project Critical Success Factors by a Systems Model. International Journal of Project Management, 24, 53-65. Georgiou, K. (2010). Cristical Success Factors for the Implementation of Enterprise Resource Planning. MBA Dissertation, Kingston University, Nicosia. Georgiou, K. (2011). Introduction of Proposal - Enquiry e-mail. Personal Communication [E-mail] Sent on Saturday 30 of June 2011 at 11:46 AM. 42 | www.pliroforiki.org Georgiou, K., & Georgiou, E. K. (2010). Critical Success Factors for the Implementation of an Enterprice Resource Planning System. Information Management (20). HHornby, A., Cowie, A., & Gimson, A. Oxford Advanced Learner's Dictionary of Current Eanglish. Oxford: Oxford University Press. Hyvari, I. (2006). Project Managment Effectiveness in ProjectOriented Business Organisations. International Journal of Project Management, 24, 216-225. Kanter, J., & Walsh, J. (2004, March). Toward More Successful Project Management. Information Systems Management, 16-21. Kay, R. J. (2010). An APMP Primer - PRINCE2 Edition (First ed.). Kerzner, H. (2010). Project Management Best Practices Achieving Global Excellence (Second Edition ed.). New York: John Wiley & Sons Inc. Kerzner, H. (2006). Project Management: A Systems Approach to Planning, Scheduling and Controlling (Ninth ed.). New Jersey: John Wiley and Sons Inc. Kumar, R. (2011). Research Methodology: A Step by Step Guide to Beginners (Third Edition ed.). London: Sage Publications Ltd. Kwak, H. Y., & Anbari, F. T. (2009). Analysing Project Management Research: Perspectives from Top Management Journals. International Jounal of Project Management, 27, 435446. Lehmann, V. (2010). Connecting changes to projects using a historical perspective: Towards some new canvases for researchers. International Journal of Project Management, 28, 328-338. McHugh, O., & Hogan, M. (2010). Investigating the Rationale for Adopting an Internationally-Recognised Project Management Methodology in Ireland: The View of the Project Manager. International Journal of Project Management. Milosevic, D., & Patanakul, P. (2005). Standardised Project Management may Increase Development Project Success. International Journal of Project Management, 23, 181-192. Munns, A. K., & Bjeirmi, B. F. (1996). The Role of Project Management in Achieving Project Success. International Journal of Project Management, 14 (2), 81-87. PMI. (2008). A Guide to the Project Management Body of Knowledge (4th Edition ed.). Pensylvania, United States: Project Management Institude Inc.. Srivannaboon, S., & Milosevic, D. Z. (2006). A two-way influence between business strategy and project management. International Journal of Project Management, 24, 493-505. Rudestam, K. E., & Newton, R. (1992). Surviving your Dissertation Sage. Thomas, J., & Mengel, T. (2008). Preparing project managers to deal with complexity – Advanced project management education. International Journal of Project Management, 26, 304-315. Shenhar, A. J., Dvir, D., Levy, O., & Maltz, A. C. (2001). Project Success: A Multidiamensional Strategic Concept. Long Range Planning, 34, 699-725. Shenhar, A. J., Levy, O., & Dvir, D. (1997). Mapping the Diamensions of Project Success. The Professional Journal of Project Management Institute, 28 (2), 5-13. Westerveld, E. (2003). The Project Excellence Model: Linking Success Criteria and Critical Success Factors. International Journal of Project Management, 21, 411-418. Yu, A. G., Flett, P. D., & Bowers, A. J. (2005). Developing a ValueCentred Proposal for Assessing Project Success. International Journal of Project Management, 23, 428-436. AUTHORS Andreas Solomou is an ECDL Certified Training Professional and has managed several training projects as well as product design and development projects. He is currently studying for a postgraduate degree in Business Administration from Kingston University. He can be reached at [email protected] Kyriakos E. Georgiou is one of the longtime editors of the journal. His professional activities include both academia and the real world of business and banking. He is studying for a DBA from the University of Kingston, London UK and his research include information technology management, business value and productivity from information technology. He can be reached at [email protected] . www.pliroforiki.org | 43 DO YOU KNOW THIS MAN? Dr Philippos Peleties Of course you know this man, unless you’ve been living under a rock for all these years! Steve Jobs, the co-founder of Apple Computers (now Apple Inc), NeXT Inc, and Pixar Animation Studios is looking at us and smiles. 44 | www.pliroforiki.org Photo from Wikipedia, the free encyclopedia A difficult man, a control freak, a man with a binary view of things -- excellent or terrible -- possessing a singular focus on vision and execution, a master of persuasion, the man who created a reality distortion field around him, Steve Jobs has trail blazed through the years creating art that fits the function, simplicity over complexity, but also control over freedom. He didn’t invent anything, but saw the whole when others saw the parts. He didn’t think people knew what they wanted until they were shown what they wanted. “The best way to predict the future is to invent it”. He stayed true to this throughout his life. Love him or hate him, as binary as his view of the world, he has left an indelible mark on our lives and through the use of his creations, the Macintosh, iPod, iPhone, iPad and the rest, a part of his soul has remained with us. Upon graduation from high school, Steve attended Reed College in Oregon. However, after one semester he decided he did not want to be bound by formal requirements so he dropped out. However, he remained on campus auditing classes. One of these was a class in calligraphy. It is this very class that let him insist that the Macintosh has multiple typefaces and proportionally spaced fonts leading to the True Type Fonts that we are all familiar with. Steven Paul Jobs was born out of wedlock on February 24, 1955 in San Fransisco. His parents, American Joanne Carole Schieble and her Syrian university instructor Abdulfattah "John" Jandali met at the University of Wisconsin. Joanne’s father was not in favor of her marrying Abdulfattah, a Mouslim, so when Joanne became pregnant and later gave birth to Steve, she decided to put him up for adoption. Her only stipulation was that the adopting parents would have to be university graduates. In early 1974 Steve took all the money he made working at Atari and left for India to “find his guru”. Despite the amusement of his Atari manager, Steve was serious about it. The journey to India was a spiritual journey in search of his inner self. After spending seven months and visiting countless places he declared that his journey was over and returned home. With a shaved head, Indian cotton robes and a dark chocolate skin from the sun, he was a far cry from the polished Steve Jobs to become. Paul Reinhold Jobs and his wife Clara adopted the newly born and named him Steven Paul Jobs. Even though they were not university graduates, thus not fitting the exact requirements, they promised that they would send Steven, or simply Steve, to university. The mid 70’s ware a time of discovery. Computers were no longer the big machines that only large corporations could afford. The Altair, the first “personal computer” made sure of it, or at least showed the way. Not much of a computer, the personal computer kit sparked a frenzy of interest and development. Homebrew computer clubs sprang around. It is in this setup that Apple Computer was born. Steve Jobs, Stephen Wozniak and Ron Wayne drew up the partnership agreement that made Apple a reality. The name was chosen by Jobs. He was a vegetarian who had spent time tending an apple farm in Oregon. Steve’s childhood was uneventful, a typical late 1950’s and early 1960’s lifestyle. His father, Paul, had a love for the mechanics and cars, so he made sure he transplanted this love to Steve as well. Being a perfectionist, insisting that the “inside should look as good as the outside even though nobody would see it” instilled upon Steve the sense that whatever you do should be beautiful irrespective of who, if any, would see it. This had a profound effect on his development and later career in Apple and elsewhere. Returning home after eighteen months at Reed, Jobs got a work at the up and coming video game powerhouse, Atari. However, he was forced to take the nightshift as his insistence on dieting but not washing forced a small smell rebellion among his daytime coworkers. As a teenager, Steve was involved in the Hewlett-Packard Explorer Club. The Club encouraged its members to do projects, so one day, Steve wanting some electronic parts, he looked up HP’s CEO on the phonebook and gave him a call, asking for the parts. Bill Hewlett not only got him the part but also a summer job at HP. The fledgling company set up shop in Job’s parents’ garage. The scene was quite laughable: Steve in shorts, barefoot, circuit boards littering the place, Wozniak doing his magic with Apple II. It is in this setting that Mike Markkula walked looking for his next venture capital investment. Mike was a young guy, fresh off Intel getting rich with stock options and retiring at the age of thirtyone. Without too much thought he sank a quarter of a million dollars into the fledgling company. Mike was in and so was his involvement with Apple Computers for the next twenty or so years. While at school he met a brilliant kid who even thought was five years older he was emotionally at the same age: Stephen Wozniak. Wozniak’s electronics wizardry was legendary. The two of them got along together and forged a relationship where, later, Wozniak would create and Steve would sell. Apple II was launched in April 1977 in San Francisco at the first West Coast Computer Faire. An overwhelming success, Apple secured attention and customers. A real company, doing real products looking towards the future. A very bright future, indeed. www.pliroforiki.org | 45 was named after Lisa, Job’s daughter out of wedlock. With a radical new design, a 16-bit microprocessor and a load of other new technologies, Lisa was supposed to be the next big thing. It wasn’t and Jobs was more frustrated than ever. He berated his colleagues, a mode of operation that stayed with him for the rest of his life, and said he was tired of it all. Jef Raskin, a former professor and Apple’s Manager of Publications had a vision of creating a simple “computer for the masses”, an “appliance” type of machine. Jef was convinced that a character based interface was certainly not for the masses. As he had access to the Xerox Palo Alto Research Center’s work on Graphical User Interface (GUI), he prompted Jobs to visit the Center. In what perhaps is one of the biggest ironies in the computer industry, the company that invented the GUI, Xerox, was totally eclipsed by the company that copied it, Apple. It wasn’t that Xerox did not try to market the GUI. They were simply ineffective. They had the right vision (GUI workstations communicating via Ethernet in a LAN arrangement and sharing printers and other peripheral devices), but they lacked in execution. In all fairness to Apple, Apple did not simply copy the technology, but greatly improved it. Lisa was an expensive system. With a price tag of $10,000 in 1983 very few, if any, could afford it. It was not the revolution that Jobs had hoped for. It would never be. Raskin’s idea for a computer for the masses was still a small project in need for a bigger idea. The GUI that was invented for Lisa was to become the GUI for this new computer. The name of it: the Macintosh. The Macintosh, or Mac, was named after the McIntosh variety of apples. A major project within Apple, it was directed by Jobs himself. The Macintosh team grew out of the small team Raskin had set for his computer. Image via Wikipedia By 1981 Apple had sold a bit over 200,000 Apple II. This was a success beyond expectation by any measure. Everybody should have been happy. But Steve was not. He was restless looking for the next big thing. He knew that Apple II was Wozniak’s invention and that it would forever be his machine. Steve wanted something of his own, so he started Apple III. After two years of development and countless hour of testing, Apple III hit the market. It was a failure, a flop. Even before the introduction of Apple III, Steve, sensing that the product would not live up to his expectations, started a new project. The “Local Integrated Software Architecture” or “Lisa” project aimed at the next generation personal computer. Even though the “Lisa” acronym was clever, everybody knew that this computer 46 | www.pliroforiki.org As the Mac team grew, and got more “into the Mac”, tensions started to surface between them and the Apple III team. Job’s extreme style of management and overall attitude exacerbated this tension. Calling themselves “the Pirates”: “it’s better to be a pirate than join the army” and guided under the maxims of “don’t compromise” and “real artists ship” Jobs instilled in them a highly competitive spirit. The Macintosh was unveiled through a lot of fanfare on January 24, 1984. The stage, and Job’s performance, was to become his trademark for years to come. The Ridley Scott directed “1984” commercial, showing a running athlete smashing the screen with a big hammer where the “Big Brother” was proclaiming to the mesmerized masses that “we shall prevail!”, played on a big screen. After an equally mesmerizing introduction, the Mac was pulled out of a cloth bag, put on a table and shown for all to admire. Jobs pulled a 3 ó inch floppy diskette, loaded the Mac, and in the theme of Chariots of Fire, the words “MACINTOSH” scrolled on its screen. In an electronic synthesized speech, the Macintosh introduced itself amidst the ensuing pandemonium. History was made and Jobs was at the center of it. The year was 1985. Jobs was flying high after his success with the Macintosh. The Apple III production was coming to an end, and the Lisa and Macintosh divisions were folded into one. But dark clouds started forming on the horizon. Jobs management style became erratic. John Sculley, the Apple CEO who was lured a few years back from Pepsi Cola under the famous “Do you want to sell sugar water for the rest of your life, or do you want to come with me and change the world?” lure by Jobs, was asked by the board to contain Jobs. A power struggle between Jobs and Sculley turned out ugly. In the end Sculley won and Jobs, at 30, was out. For the first time since Apple came to existence Jobs was not part of it. After a short period of desolation, Jobs started NeXT. The main product was the infamous black Cube. NeXT was a powerful workstation featuring a sassy GUI running on top of a UNIX-like kernel and an optical drive. NeXT was unveiled on October 12, 1988 in San Francisco. At a list price of $6000 it would be a hard pill to swallow for most of its target audience: university students. Those were my exact sentiments. After watching a presentation done by one of the many NeXT evangelists, I thought to myself that there was no way, I, a poor graduate student, could afford such a machine. Luckily, the University had bought a few so I was able to admire Steve’s new creation firsthand. In an irony of fate, even though neither the Cube nor its operating system NeXTSTEP would survive for long, both would gain their place in history: the World Wide Web would first start on a CERN NeXT Cube, and the OS X operating system that is currently featured on all Macs would call NeXTSTEP its father. Last but not least the iOS, Apple’s operating system for mobile devices looks at NexTSTEP as its grandfather. A story about Job’s life wouldn’t be complete without some words about Pixar Animation Studios, the third large endeavor in his cache of achievements. Pixar Animation Studios started its life as Lucasfilm’s Computer Division, Jobs bought the division in 1986 and renamed it. A mostly hardware driven establishment owning to the Pixar Image Computer it had a soft spot for computer animation producing short films whenever the occasion arose. Its jovial digital animation group director John Lasseter (still seen as the director of such Pixar blockbusters as Toy Story, Cars and Cars 2) was running the group as a sideline, its main purpose being as a show to the hardware. One of Pixar’s biggest buyers was the Walt Disney Corporation. Through his savvy style Jobs persuaded Disney to do a threepicture animated film deal with Pixar. Toy Story opened to critical success on November 1995, followed by A Bug’s Life and Toy Story 2. As Jobs vied for creative control over his movies, Disney attempted to displace him. In the end, Disney bought Pixar which made Jobs the biggest single shareholder in Walt Disney Corporation and a vital member of its Board of Directors. Sculley’s reign at Apple came to a close in June 1993 after ten years at the helms. He was replaced by Michael Spindler, president of Apple Europe. His stay at Apple was as disastrous as short. He was himself replaced by Jill Amelio in February 1996. Amelio, the ex-National Semiconductors CEO, tried to transform Apple and right all its wrongs, for Apple had become a complacent company with low quality products and no welldefined strategies for the future. One particular strategy that was lacking was that of the operating system. After going through a number of iterations, Apple bought NeXT, and used its NeXTSTEP operating system as the basis for OS X, the current Mac operating system. Amelio, then, asked Jobs to assist Apple as an advisor. Jobs was back at Apple, after eleven years as an outcast. It didn’t take too long before Amelio was voted out by the Board and Jobs was voted in as the interim CEO of Apple. The grand plan was coming to fruition. One of the first things Job did after becoming interim CEO was to focus on revitalizing the aging Macintosh product line: the iMac, with its translucent body and its ease to navigate the Internet it was introduced in May 1998. Apple, with fresh investment money from its archrival Microsoft, with Jobs at the helms looked straight into the future and smiled. The strategy was to focus on four sectors with only four products, professional and consumer, desktop and laptop. The iMac was a resounding success. Job’s strategy seemed to be working. Next, was the introduction of Apple’s own store: the Apple Store. Unparalleled in providing the right customer experience, all stores featured clear glass facades with benches littered with Apple products, and blue T-shirt employees whose enthusiasm was unparalleled (I had the opportunity to visit the Fifth Avenue Apple Store in New York City and I can attest to the feeling and experience firsthand). The Apple Stores were once again a resounding success. Nothing seemed to be stopping Jobs from taking the next big step: come up with a digital audio player capable of holding a thousand songs all in your pocket. The iPod was introduced on October 23, 2001. The rest, as they say, is history. www.pliroforiki.org | 47 The iPod was a revolutionary product. It was easy to use, it had a great capacity, it was “chique”, and it was in. With a lot of help from iTunes, the management software which controlled all updates to iPod, and the large library of easy to buy songs, iPod was taking over the world. Its white earphones, when every competitor was having black earphones on their digital players, gave a distinct signature to its owner. Jobs was, at long last, in heaven. By 2005 twenty million iPod were sold per year, four times as many as the year before. This represented a 45% share of Apple’s yearly revenues! Jobs, a perpetually restless man, was worried that something could mess up this success. He was looking for the next big thing. The next big thing, or so Jobs thought, was a mobile phone. The ROKR was a collaboration among Motorola, Apple, and wireless carrier Cingular. An ugly and difficult phone to use included digital player functionality. Jobs was not happy. The ROKR had neither the elegance of the iPod nor Jobs the control of both software and hardware that he was used to and looked for. Jobs knew that the direction was right but the product was wrong. Enter FingerWorks, a small company in Delaware making a line of multitouch trackpads. The “finger is the stylus” was their style and products like the iGesture pad showed the way. Apple bought the company in early 2005. The race for the iPhone was on. Parallel to the iPhone, Jobs was developing a tablet computer, a touchpad. However, for marketing reasons, he held back its introduction and instead introduced the iPhone bearing the same technologies. The iPad was announced on January 27, 2010 once again in San Francisco. Its success was followed by the iPad2, the second generation device, unveiled on March 2nd, 2011. Jobs, moving along and always looking towards the future, introduced the iCloud, the Apple cloud services, got involved in the design of the new Apple campus with a huge building resembling a UFO, and counted his days. These days were numbered. Steven Paul Jobs passed away on October 5th, 2011 in his home in Palo Alto surrounded by his wife of 20 years Laurene, their three children, his daughter Lisa, and his sister Patty. Six weeks prior to his death he had resigned as CEO of Apple. Cancer, which first struck him in 2003 took him down. Cancer knew no bounds. *** I have never met Steve, but I have followed his path for the past 30 years. I still remember the 1983 issue of Byte magazine with Lisa, the first GUI based computer from Apple, on its front cover. At a time when I was punching cards on a UNIVAC mainframe the sight of a GUI was as refreshing and mesmerizing as the rainbow after the storm. He will be missed. The iPhone was introduced on January 9, 2007 at the Macworld 2007 convention in San Francisco. In one of the best presentations that Jobs ever gave, iPhone was shown to be three devices rolled into one: an iPod, a mobile phone, and an Internet communication device. NOTES My sources for this article were four: Steve Jobs, by Walter Isaacson, Wikipedia, YouTube and “Pirates of Silicon Valley”. The first was the authorized biography of Jobs, who sensing that the end was near gave absolute freedom to Walter Isaacson, the ex-Chairman and CEO of CNN and managing editor of TIME, to write about him. The second was the omnipresent Wikipedia. The third was YouTube with its many clips regarding statements and interviews Steve Jobs gave through the years. Viewing the many product introductions gave me a sense of history in the making. The fourth was Martyn Burke’s 1999 TV movie about Jobs and Gates. The method I used to write this article was to first read the book, make a mental map of Job’s life and look for details in Wikipedia crosschecking them with the book and YouTube. The “Pirates of Silicon Valley” gave an added overall “artistic” view of events. 48 | www.pliroforiki.org 49 | www.pliroforiki.org ∫˘ÚÈ·Îfi˜ ™‡Ó‰ÂÛÌÔ˜ ¶ÏËÚÔÊÔÚÈ΋˜ ºÏˆÚ›Ó˘ 11, City Forum, 3Ô˜ fiÚÔÊÔ˜, °Ú. 303 1065 §Â˘ÎˆÛ›·, ∫‡ÚÔ˜ Δ.£. 27038, 1641 §Â˘ÎˆÛ›·, ∫‡ÚÔ˜ ΔËÏ. +357 22 460 680 º·Í. +357 22 767 349 www.ccs.org.cy [email protected] www.pliroforiki.org Cyprus Computer Society 11, Florinis str., City Forum, 3rd floor, Office 303 1065 Nicosia, Cyprus P.O. Box 27038, 1641 Nicosia, Cyprus Tel. +357 22 460 680 Fax. +357 22 767 349 www.ccs.org.cy [email protected] www.pliroforiki.org
Katerina Neophytou
