Bytware's use of QR Codes on its promotional literature at COMMON challenges the widespread U.S. use of a more primitive barcode technology.

By Chris Smith

Have you ever stood in front of the self-serve checkout scanner in the supermarket trying to get your cookies to be read by the barcode scanner? Personally, I admire the brave souls who take anything more than a small number of items to the self-serve counter. Sometimes you can scan in everything you are buying, and sometimes you can't. Of course, that's why there is an attendant standing in the middle between the rows of scanners: to help. At least, I hope that's why she's there and not because store management thinks people will cheat and skip scanning an item or two.

By Chris Smith

Worried about viruses, worms, hackers, spam, and unwanted Web content? IBM released a new security appliance this week that promises to simplify and fortify small business networks.

The proper management of security starts way before and goes way beyond technical decisions. Technical decisions are extremely important for proper information security management, but they are neither the starting point nor the most important decisions related to effective information security management.

Yet most organizations treat information security as a purely technical issue. This, in my opinion, is why we keep seeing major incidents at large and familiar organizations (e.g., TJX). Not until high-level management understands that security is primarily a business issue and begins to assert its proper role in the security process will the state of affairs in information security begin to change. Only when this happens will it be possible to ensure the appropriate execution of the other roles. The objective of this article is to support this assertion and to describe the security business process needed to make meaningful improvements in the management of information security in the entire industry.