Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000010121116 | TS160 M93 2007 | Open Access Book | Book | Searching... |
Searching... | 30000010307873 | TS160 M93 2007 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Giving organizations the ability to track, secure, and manage items from the time they are raw materials through the life-cycle of the product, radio frequency identification (RFID) makes internal processes more efficient and improves overall supply chain responsiveness. Helping you bring your organization into the future, RFID in the Supply Chain: A Guide to Selection and Implementation explains RFID technology, its applications in SCM, data storage and retrieval, business processes, operational and implementation problems, risks, security and privacy, facility layout, handling systems and methods, and transportation costs. In short, with its soup-to-nuts coverage, the book ensures that your RFID implementation is successful and that you get the most from your investment.
The book discusses the major paradigm shift in product traceability that began with transitioning to RFID technology from bar code technology. It examines the economic feasibility of rolling out RFID and the challenges in supply chain synchronization, customer privacy, security, operations and IT, logistics, program management, education and training, and implementation, as well as what lessons have been learned. The author addresses the RFID business processes needed to analyze and resolve problems the suppliers face when they deal with multiple customers, each with a different mandate, and with their own set of suppliers.
Going beyond the technology and how it has changed supply chain processes, the book includes selection guidelines and implementation examples, such as speed of tag reads versus quality of computer inputs and optimal tag location. The author discusses the implementation of a business process model and the separate but equal concerns that business and IT executives have about the implementation of RFID applications. The book also covers security, integrated control management linked to the corporate strategy, and laws and regulations.
Table of Contents
Tables | p. xvii |
Figures | p. xix |
Preface | p. xxi |
1 Supply Chain Overview | p. 1 |
1.1 Paradigm Shift in Product Traceability | p. 1 |
1.1.1 Transitioning to RFID Technology | p. 1 |
1.1.2 Tracking Problems | p. 5 |
1.1.3 Supply Chain | p. 9 |
1.2 RFID Markets | p. 12 |
1.3 Economic Feasibility of Rolling Out RFID | p. 15 |
1.3.1 Supply Chain Synchronization | p. 16 |
1.3.2 Customer Privacy Issues | p. 16 |
1.3.3 Security Challenges | p. 17 |
1.3.4 Operational and IT Challenges (Hardware, Software, System Compatibility, People Expertise) | p. 17 |
1.3.5 Logistical Challenges | p. 18 |
1.3.6 Program Management Challenges | p. 19 |
1.3.7 Education and Training | p. 19 |
1.3.8 Standard Implementation Challenges | p. 20 |
1.3.9 Lessons Learned | p. 20 |
1.3.9.1 Iraq: Asset Visibility | p. 20 |
1.3.9.2 Wal-Mart: Implementation Training | p. 23 |
1.3.9.3 International Paper: Business Processes | p. 23 |
1.3.9.4 Procter & Gamble: Docking Loading Throughput | p. 23 |
1.4 RFID Technology Infrastructure | p. 24 |
1.4.1 Open Architecture: Savant Server | p. 24 |
1.4.2 Major Vendor Servers | p. 26 |
1.4.3 Tags | p. 27 |
1.4.4 Antennas | p. 29 |
1.4.5 Readers | p. 30 |
1.4.6 Electronic Product Code | p. 31 |
1.4.7 Object Name Service | p. 33 |
1.4.8 EPC Information Service | p. 34 |
1.4.9 Scenarios | p. 35 |
1.5 Web-Centric Supply Chain Management Challenges | p. 36 |
1.5.1 Combining Web-Centric with RFID Technology | p. 36 |
1.5.2 E-Business Applications | p. 36 |
1.5.3 Advantages and Disadvantages | p. 37 |
References | p. 38 |
2 RFID Technology | p. 39 |
2.1 Primary Drivers | p. 39 |
2.1.1 RFID Technology Deployment | p. 39 |
2.1.2 RFID Technology: Basics, Advantages, and Disadvantages | p. 43 |
2.2 Selection Guidance on Tags, Servers, and Middleware | p. 46 |
2.2.1 EPC Tag Classes | p. 47 |
2.2.2 ISO Standards | p. 48 |
2.2.3 RFID Device Selection Criteria | p. 50 |
2.2.3.1 What Are the Objects to Be Tagged? | p. 50 |
2.2.3.2 What Are the Materials of the Objects and How Do They Affect Reading Ranges? | p. 51 |
2.2.3.3 What Are Chip Antenna Types? | p. 53 |
2.2.3.4 What Readers Can Read Both Passive and Active Tags? | p. 55 |
2.2.3.5 What Are Other Considerations that Could Affect Externally the Optimal Location of Tags? | p. 56 |
2.2.3.6 What Readers Can Read Both RFID Tags and Bar Codes for Easy Transitioning? | p. 56 |
2.2.3.7 How Do Various Entities Organize Frequency Types or Ranges? | p. 57 |
2.2.3.8 What Standards Are the Vendors Using for Their RFID Products? | p. 60 |
2.2.4 Middleware Selection Criteria | p. 60 |
2.2.4.1 RFID Plug-and-Play | p. 61 |
2.2.4.2 RFID Supply Chain Execution Applications | p. 62 |
2.2.4.3 RFID Platform-Dependent Legacy Systems | p. 64 |
2.2.4.4 RFID Integration Hubs | p. 67 |
2.3 RFID Implementation Examples | p. 68 |
References | p. 73 |
3 RFID Applications in Supply Chain Management | p. 75 |
3.1 Logistics | p. 75 |
3.1.1 SCM Logistics Maturity Model | p. 77 |
3.1.2 Logistics: Reactive, Proactive, and RFID | p. 79 |
3.2 Management | p. 82 |
3.2.1 Oracle-PeopleSoft | p. 82 |
3.2.2 Microsoft RFID Council | p. 83 |
3.2.3 IBM | p. 84 |
3.2.4 The METRO Group Future Store | p. 85 |
3.2.4.1 Inventory Management | p. 86 |
3.2.4.2 Information Management | p. 86 |
3.2.4.3 Check-Out | p. 87 |
3.2.5 Chain Pharmacy Operations | p. 88 |
3.2.6 SAP | p. 89 |
3.2.7 Web Services | p. 91 |
3.2.7.1 Object Name Service | p. 93 |
3.2.7.2 EPC Information Service | p. 93 |
3.2.7.3 Electronic Product Code | p. 95 |
3.2.7.4 Savant Servers | p. 96 |
3.2.7.5 EPCglobal and the Auto-ID Center | p. 97 |
References | p. 100 |
4 Storing and Retrieving Data | p. 101 |
4.1 Two Big Questions | p. 101 |
4.1.1 Relationship between Data Storage and Retrieval Issues | p. 101 |
4.1.2 Understanding Risks Associated with RFID/EPC Technologies | p. 102 |
4.2 EPC Technology in Functional Areas | p. 103 |
4.3 Perceptions of Product Benefits | p. 103 |
4.4 Database CD on Local Workstation | p. 105 |
4.5 Remote Database Servers | p. 106 |
4.5.1 How Can We Reduce the Number of Traffic Bottleneck Incidents? | p. 107 |
4.5.2 Why Do We Need to Divide the Database into the Static and Dynamic Partitions? | p. 108 |
4.5.3 What Kind of Database Management Should We Get to Satisfy Our Requirements? | p. 108 |
4.5.4 What Is the Optimal Way of Increasing Throughputs and Operational Efficiency? | p. 109 |
4.5.4.1 Peoplesoft Enterprise Systems | p. 110 |
4.5.4.2 IBM RFID Product | p. 110 |
4.5.5 How Do We Reduce Loading Times Cost Effectively? | p. 111 |
4.5.6 How Do We Migrate a Relational Database Management System to Another? | p. 112 |
4.5.7 How Is Partitioning Emulated and What Are the Partitioning Types? | p. 112 |
4.5.8 How Do You Determine the Number of Partitions for a Database? | p. 115 |
4.5.9 What Are the Factors You Should Consider in Your Migration Planning? | p. 116 |
4.6 Databases in Company Merger Processes | p. 117 |
4.7 Hybrid Databases | p. 117 |
4.8 Web Services | p. 118 |
References | p. 120 |
5 RFID Business Processes | p. 121 |
5.1 Implementation Approaches | p. 122 |
5.1.1 Dual Shipping Faces | p. 123 |
5.1.2 Two Sides of the Mandates | p. 124 |
5.1.3 RFID Implementation Checklist | p. 124 |
5.2 Business Process Reengineering | p. 126 |
5.2.1 Procter & Gamble: Dock Loading Throughput | p. 127 |
5.2.2 Canus: Changing Antenna's Orientation | p. 128 |
5.2.3 Unilever: Changing Tag Placement | p. 128 |
5.2.4 Heinz: Adapting Tag Requirements | p. 128 |
5.2.5 Gillette Scenario: Misplaced Case | p. 129 |
5.2.6 Canus: Adjusting Computer Speed | p. 131 |
5.2.7 Software Checklist | p. 131 |
5.3 Organizational Maturity | p. 132 |
5.4 Basic Multi-Layer RFID Business Process Model | p. 135 |
5.5 Adaptive Multi-Layer RFID Business Process Model | p. 136 |
5.5.1 Adaptive Maturity | p. 137 |
5.5.2 Application Adaptors | p. 138 |
5.5.3 The METRO Group | p. 139 |
5.6 Predictive Multi-Layer Business Process Model | p. 140 |
5.7 RFID Business Processes Strategy | p. 143 |
5.7.1 IBM RFID Strategy | p. 143 |
5.7.2 Heinz RFID Strategy | p. 144 |
5.7.3 Canus RFID Strategy | p. 144 |
5.7.4 International Paper RFID Strategy | p. 145 |
5.7.5 Kayser-Roth RFID Strategy | p. 145 |
5.7.6 Philips Semiconductors RFID Strategy | p. 146 |
5.7.7 Intel RFID Strategy | p. 148 |
5.7.8 Unilever RFID Strategy | p. 149 |
5.7.9 Major Clothier Retailer RFID Strategy | p. 149 |
5.7.10 Marks and Spencer RFID Strategy | p. 149 |
5.8 RFID Enterprise Supply Chain Systems | p. 150 |
5.8.1 Supply Chain Planning | p. 150 |
5.8.2 Supply Chain Execution | p. 151 |
5.8.3 Supply Chain Management | p. 153 |
5.8.3.1 SCM Logistics | p. 153 |
5.8.3.2 SCM Management | p. 155 |
5.9 RFID Business Process Life Cycle | p. 156 |
5.9.1 Older Life-Cycle Models | p. 158 |
5.9.1.1 Waterfall Life Cycle | p. 158 |
5.9.1.2 Incremental Life Cycle | p. 159 |
5.9.1.3 Spiral Life Cycle | p. 161 |
5.9.2 Newer Life-Cycle Models | p. 162 |
5.9.2.1 Adaptive Linear Feedback Life Cycle | p. 162 |
5.9.2.2 Adaptive Dynamic Life Cycle | p. 162 |
References | p. 163 |
6 RFID Security, Privacy, and Risk Assessment | p. 165 |
6.1 Security Policy | p. 165 |
6.1.1 Organizational Policy | p. 166 |
6.1.2 Issue-Specific Policy | p. 166 |
6.1.3 System-Specific Policy | p. 167 |
6.2 Security of RFID Query | p. 168 |
6.2.1 Query Scenario | p. 168 |
6.2.2 Security Problems | p. 169 |
6.3 Attacks on RFID Technology | p. 170 |
6.3.1 War-Walking and Lifting | p. 170 |
6.3.2 Counterfeiting | p. 172 |
6.3.3 Denial-of-Service | p. 173 |
6.3.4 Weak Cryptography | p. 173 |
6.4 Defense in Depth | p. 176 |
6.5 Risk Assessment | p. 177 |
6.5.1 Risk Assessment Profile | p. 178 |
6.5.2 Internal Asset Risk Assessment | p. 178 |
6.5.3 Risk Assessment Service | p. 182 |
References | p. 183 |
Appendix A Passive RFID Technology | p. 185 |
A.1 Avonwood (http://www.avonwood.com) | p. 185 |
A.1.1 Eureka 111 Systems | p. 185 |
A.1.2 Eureka 211 Systems | p. 185 |
A.2 Escort Memory Systems (http://www.ems-rfid.com/) | p. 186 |
A.2.1 HMS Passive Read/Write Systems | p. 186 |
A.2.1.1 HMS100 Series Passive Read/WriteTags | p. 186 |
A.2.1.2 HMS800 Series Passive Reader/Writers | p. 186 |
A.2.1.3 HMS827 Series Passive Reader/Writer | p. 186 |
A.2.1.4 HMS828 Series Passive Reader/Writer | p. 187 |
A.2.1.5 HMS820-04/HMS830-04 Series Passive Conveyor Reader/Writers | p. 187 |
A.2.1.6 HMS820-08/HMS830-08 Series Passive Wide-Plate Reader/Writers | p. 187 |
A.2.1.7 HMS820/HMS830 Passive Reader/Writers | p. 187 |
A.2.1.8 HMS827-04 Passive Conveyor Reader/Writer | p. 188 |
A.2.1.9 HMS827-05 Passive Tubular Reader/Writer | p. 188 |
A.2.1.10 HMS814/HMS816 Portable Reader/Writers | p. 188 |
A.2.2 Passive Read-Only Systems | p. 188 |
A.2.2.1 ES600-Series Read-Only Tags | p. 189 |
A.2.2.2 RS427 Read-Only Reader | p. 189 |
A.2.2.3 RS427-04 Passive Read-Only Conveyor Antenna | p. 189 |
A.3 Intermec (www.intermec.com) | p. 189 |
A.3.1 RFID Tags and Inserts | p. 189 |
A.3.2 RFID Readers | p. 191 |
A.3.3 Intellitag PM4i Printer | p. 194 |
A.3.4 RFID Partners | p. 195 |
A.4 Northern Apex (www.northernapex-rfid.com) | p. 195 |
A.4.1 Inlays and Tags | p. 195 |
A.4.2 Readers and Antennas | p. 197 |
A.4.2.1 900-MHz Readers and Antennas | p. 197 |
A.4.2.2 13.56-MHz Readers and Antennas | p. 198 |
A.5 Philips (www.semiconductors.philips.com) | p. 199 |
A.5.1 I-CODE Transponder ICs | p. 199 |
A.5.2 MIFARE Reader Components | p. 201 |
A.6 SAMSys | p. 201 |
A.7 Symbol Technologies (www.symbol.com; formerly Matrics) | p. 202 |
A.7.1 Tags | p. 202 |
A.7.2 Readers | p. 202 |
A.7.3 Antennas | p. 203 |
A.8 TAGSYS (www.tagsys.com) | p. 204 |
A.8.1 Industry and Logistics Market | p. 204 |
A.8.1.1 RFID Chips | p. 205 |
A.8.1.2 RFID Tags | p. 206 |
A.8.1.3 RFID Readers | p. 207 |
A.8.1.4 RFID Antennas | p. 208 |
A.8.1.5 RFID Kits | p. 209 |
A.8.2 Industry and Logistics Partner Products | p. 210 |
A.8.2.1 Athelia | p. 210 |
A.8.2.2 Blackroc Technology (www.blackroc.com) | p. 213 |
A.8.2.3 DAP Technologies (www.daptech.com) | p. 213 |
A.8.2.4 EIA (www.eia-italia.com) | p. 214 |
A.8.2.5 GIS (www.gis-net.de) | p. 214 |
A.8.2.6 ichain (www.ichain.co-za) | p. 215 |
A.8.2.7 ICS (www.ica.nl) | p. 215 |
A.8.2.8 Microraab (www.microraab.hu) | p. 216 |
A.8.2.9 Minec (www.minec.com) | p. 217 |
A.8.2.10 Nordicid (www.nordicid.com) | p. 218 |
A.8.2.11 Northern Apex (www.northernapex-rfid.com) | p. 218 |
A.8.2.12 System Concepts (www.systemconcepts.com) | p. 219 |
A.8.2.13 Teraoka Seiko (teraoka.digi.co.jp) | p. 220 |
A.8.2.14 Toshiba (www.toshibatec-eu.com) | p. 220 |
A.8.2.15 Touchstar (www.touchpc.com) | p. 220 |
A.8.3 Products for the Library Market | p. 221 |
A.8.4 TAGSYS Partner Products for the Library Market | p. 224 |
A.8.4.1 Blackroc Technology (www.blackroc.com) | p. 225 |
A.8.4.2 Minec (www.minec.com) | p. 225 |
A.8.4.3 Vernon Library Supplies (www.vernlib.com) | p. 225 |
A.8.4.4 Gemsys (www.gemsys.no) | p. 226 |
A.8.4.5 VTLS Inc. (www.vtls.com) | p. 226 |
A.8.4.6 Tech Logic (www.tech-logic.com) | p. 226 |
A.8.4.7 Teraoka Seiko (teraoka.digi.co.jp) | p. 227 |
A.8.4.8 Toshiba (www.toshibatec-eu.com) | p. 227 |
A.8.5 Textile Rental Industry | p. 227 |
A.8.5 TAGSYS Partner Products for Textile Rental Industry | p. 232 |
A.8.5.1 Laundry Computer Technics (www.LCT.nl) | p. 233 |
A.8.5.2 Jensen (www.jensen-group.com) | p. 234 |
A.8.5.3 Positek RFID (www.positekrfid.com) | p. 234 |
A.8.5.4 Metalprogetti (metalpro@tin.il) | p. 235 |
A.9 Texas Instruments-RFID (www.ti-rfid.com) | p. 236 |
A.9.1 13.56-MHz Products | p. 236 |
A.9.2 Low-Frequency Products | p. 237 |
A.9.3 Software | p. 238 |
Appendix B Active RFID Technology | p. 241 |
B.1 Alien Technology (www.alientechnology.com) | p. 241 |
B.2 Axcess Inc. (www.axcessinc.com) | p. 243 |
B.3 Escort Memory Systems | p. 243 |
B.4 Microtec (www.ksw-microtec.de) | p. 246 |
B.5 SAMSys (www.samsys.com) | p. 247 |
B.6 Savi Technology (www.savi.com) | p. 248 |
B.7 WhereNet (www.wherenet.com) | p. 250 |
Appendix C Semi-Passive RFID Technology | p. 253 |
C.1 Alien Technology (www.alientechnology.com) | p. 253 |
C.2 Avonwood | p. 254 |
C.3 KSW Microtec (www.ksw-microtec.com) | p. 255 |
Appendix D RFID Middleware | p. 257 |
D.1 Acsis Inc. (www.acsis.com) | p. 257 |
D.2 Axcess Inc. (www.axcessinc.com) | p. 258 |
D.3 Blue Vector Systems (www.bluevectorsystems.com) | p. 258 |
D.4 ConnecTerra (www.connecterra.com) | p. 259 |
D.5 Data Brokers (www.databrokers.com) | p. 259 |
D.6 EPCglobal (www.epcglobalinc.org) | p. 261 |
D.7 Franwell (www.franwell.com) | p. 261 |
D.8 GlobeRanger (www.globeranger.com) | p. 261 |
D.9 i2 Technologies (www.i2.com) | p. 262 |
D.10 Manhattan Associates (www.manh.com) | p. 262 |
D.11 OATSystems (www.oatsystems.com) | p. 262 |
D.12 Oracle (www.oracle.com) | p. 263 |
D.13 RF Code (www.rfcode.com) | p. 263 |
D.14 Savi Technology (www.savi.com) | p. 264 |
D.15 Sun (www.sun.com) | p. 264 |
D.16 T3Ci (www.t3ci.com) | p. 265 |
D.17 TIBCO (www.tibco.com) | p. 265 |
D.18 VeriSign (www.verisign.com) | p. 265 |
D.19 webMethods (www.webmethods.com) | p. 266 |
Appendix E Network/Server Interfaces | p. 267 |
E.1 Escort Memory Systems (www.ems-rfid.com) | p. 267 |
E.2 WhereNet (www.wherenet.com) | p. 269 |
E.3 Blue Vector Systems (www.bluevectorsystems.com) | p. 271 |
Appendix F Physical Markup Language for RFID Applications | p. 273 |
F.1 XML File Instances | p. 273 |
F.1.1 Instance 1: Multiple Tags with No Data | p. 274 |
F.1.2 Instance 2: Tags with Data | p. 275 |
F.1.3 Instance 3: Memory Tags with Data | p. 276 |
F.1.4 Instance 4: Tags with Mounted Sensors | p. 277 |
F.1.5 Instance 5: Observed Data in Hexbinary Format | p. 278 |
F.2 XML Schemas | p. 279 |
References | p. 287 |
Appendix G Warehouse Management Systems | p. 289 |
G.1 RT-Systems: RT-Locator | p. 289 |
G.2 Robocom | p. 290 |
G.2.1 Management Control | p. 291 |
G.2.2 Inbound | p. 291 |
G.2.3 Inventory Management | p. 291 |
G.2.4 Outbound | p. 291 |
G.2.5 RDT Subsystem | p. 292 |
G.2.6 Other RIMS Modules | p. 292 |
G.3 HighJump | p. 293 |
G.4 KARE Technologies | p. 293 |
G.5 Daly Commerce | p. 294 |
Appendix H Supply Chain Execution Systems | p. 297 |
H.1 HighJump | p. 297 |
H.2 Provia | p. 302 |
H.3 Softeon | p. 302 |
H.4 ClearOrbit | p. 306 |
H.4.1 Pro Series for Any ERP | p. 307 |
H.4.2 Pro Series for Oracle 10.7/11.0/11i | p. 309 |
H.4.3 Pro Series for SAP R/3 | p. 309 |
H.5 Peoplesoft (Formerly JD Edwards, Now Part of Oracle) | p. 311 |
Appendix I Enterprise Intelligence: WebFOCUS | p. 313 |
I.1 Data Sources | p. 313 |
I.2 Reporting Server | p. 313 |
I.3 Data Management | p. 315 |
I.4 Microsoft Integration | p. 317 |
I.5 Portal Integration | p. 317 |
I.6 Reports as Web Services | p. 318 |
I.7 Web Services Adapter | p. 319 |
I.8 Miscellaneous | p. 319 |
Appendix J Enterprise Databases | p. 321 |
J.1 Base/One | p. 321 |
J.1.1 Base/One Foundation Class Library | p. 322 |
J.1.2 Database Command Processor | p. 322 |
J.1.2.1 Common SQL Commands | p. 323 |
J.1.2.2 Built-In Basic Commands | p. 323 |
J.1.2.3 Built-In Commands That Use the Data Dictionary | p. 323 |
J.1.2.4 DOS and WIN Command Lines | p. 324 |
J.1.2.5 Error Suppression Commands | p. 324 |
J.1.2.6 Database Buffer Commands | p. 324 |
J.1.2.7 Database Manager Commands | p. 325 |
J.1.2.8 Custom Commands | p. 325 |
J.1.2.9 Macro Assignment Command Lines | p. 326 |
J.1.3 Database Library | p. 326 |
J.1.4 Systems Requirements | p. 329 |
J.2 CodeBase | p. 330 |
J.2.1 Windows CE 4.0 | p. 330 |
J.2.2 J2ME | p. 331 |
J.2.3 JDBC 3.0 | p. 332 |
J.2.4 UNIX | p. 334 |
J.2.5 Linux | p. 334 |
J.2.6 Bundle for Windows and .NET | p. 335 |
J.2.7 Delphi and Kylix | p. 335 |
J.2.8 SQL 2.0 for Windows | p. 335 |
J.2.9 64-Bit Add-On | p. 335 |
J.2.10 Maximum Limits | p. 336 |
J.2.11 Slow Query Performance | p. 337 |
J.2.11.1 Unique Tag | p. 337 |
J.2.11.2 Filtered Tag | p. 337 |
J.2.11.3 Tag Using General Collating Sequence | p. 339 |
J.2.12 Windows Registry | p. 340 |
J.2.13 Using CodeBase from Microsoft Access | p. 340 |
J.2.14 Running Visual Basic Example | p. 341 |
J.2.15 Running Visual C++ Example | p. 341 |
Appendix K Data Synchronization: GoldenGate | p. 343 |
K.1 Primary Modules | p. 343 |
K.1.1 GoldenGate Capture Core | p. 343 |
K.1.2 GoldenGate Delivery Core | p. 344 |
K.1.3 GoldenGate Manager Core | p. 344 |
K.2 Software Modules | p. 344 |
K.3 Database Replication | p. 345 |
Appendix L Partitioning Large Databases: Oracle | p. 347 |
Listing L.1 Create Table Example | p. 347 |
Listing L.2 Create Table for Coded Unusable Items | p. 350 |
Appendix M Software Engineering Standards | p. 353 |
M.1 IEEE Standards | p. 353 |
M.2 ISO/IEC Standards | p. 356 |
M.3 Related Standards | p. 358 |
Appendix N Business Process Automation: IBM Products | p. 359 |
Appendix O Commercial Assessment Products | p. 363 |
O.1 HackerShield | p. 363 |
O.2 NetRecon | p. 364 |
Appendix P Risk-Related Software | p. 365 |
Appendix Q Sample Security Policy Templates | p. 377 |
Q.1 Acceptable Use Policy | p. 377 |
Q.1.1 Overview | p. 378 |
Q.1.2 Purpose | p. 378 |
Q.1.3 Scope | p. 378 |
Q.1.4 Policy | p. 378 |
Q.1.4.1 General Use and Ownership | p. 378 |
Q.1.4.2 Security and Proprietary Information | p. 379 |
Q.1.4.3 Unacceptable Use | p. 380 |
Q.1.5 Enforcement | p. 382 |
Q.1.6 Definitions | p. 382 |
Q.2 Acquisition Assessment Policy | p. 382 |
Q.2.1 Purpose | p. 382 |
Q.2.2 Scope | p. 382 |
Q.2.3 Policy | p. 382 |
Q.2.3.1 General | p. 382 |
Q.2.3.2 Requirements | p. 383 |
Q.2.4 Enforcement | p. 384 |
Q.3 Audit Vulnerability Scan Policy | p. 384 |
Q.3.1 Purpose | p. 384 |
Q.3.2 Scope | p. 385 |
Q.3.3 Policy | p. 385 |
Q.3.3.1 Network Control | p. 385 |
Q.3.3.2 Service Degradation or Interruption | p. 385 |
Q.3.3.3 Client Point of Contact during the Scanning Period | p. 386 |
Q.3.3.4 Scanning Period | p. 386 |
Q.3.4 Enforcement | p. 386 |
Q.3.5 Revision History | p. 386 |
Q.4 Automatically Forwarded E-Mail Policy | p. 386 |
Q.4.1 Purpose | p. 386 |
Q.4.2 Scope | p. 386 |
Q.4.3 Policy | p. 386 |
Q.4.4 Enforcement | p. 387 |
Q.4.5 Definitions | p. 387 |
Q.5 Database Password Policy | p. 387 |
Q.5.1 Purpose | p. 387 |
Q.5.2 Scope | p. 388 |
Q.5.3 Policy | p. 388 |
Q.5.3.1 General | p. 388 |
Q.5.3.2 Specific Requirements | p. 388 |
Q.5.4 Enforcement | p. 389 |
Q.5.5 Definitions | p. 390 |
Q.6 E-Mail Retention Policy | p. 390 |
Q.6.1 Purpose | p. 390 |
Q.6.2 Scope | p. 391 |
Q.6.3 Policy | p. 391 |
Q.6.3.1 Administrative Correspondence | p. 391 |
Q.6.3.2 Fiscal Correspondence | p. 391 |
Q.6.3.3 General Correspondence | p. 391 |
Q.6.3.4 Ephemeral Correspondence | p. 392 |
Q.6.3.5 Instant Messenger Correspondence | p. 392 |
Q.6.3.6 Encrypted Communications | p. 392 |
Q.6.3.7 Recovering Deleted E-Mail via Backup Media | p. 392 |
Q.6.3.8 Enforcement | p. 392 |
Q.6.3.9 Definitions | p. 392 |
Q.6.3.10 Revision History | p. 393 |
Q.7 Extranet Policy | p. 393 |
Q.7.1 Purpose | p. 393 |
Q.7.2 Scope | p. 393 |
Q.7.3 Policy | p. 394 |
Q.7.3.1 Prerequisites | p. 394 |
Q.7.3.2 Establishing Connectivity | p. 395 |
Q.7.3.3 Modifying or Changing Connectivity and Access | p. 395 |
Q.7.3.4 Terminating Access | p. 395 |
Q.7.4 Enforcement | p. 396 |
Q.7.5 Definitions | p. 396 |
Q.8 Information Sensitivity Policy | p. 396 |
Q.8.1 Purpose | p. 396 |
Q.8.2 Scope | p. 397 |
Q.8.3 Policy | p. 397 |
Q.8.4 Enforcement | p. 400 |
Q.8.5 Definitions | p. 400 |
Q.9 Password Policy | p. 402 |
Q.9.1 Overview | p. 402 |
Q.9.3 Purpose | p. 403 |
Q.9.3 Scope | p. 403 |
Q.9.4 Policy | p. 403 |
Q.9.4.1 General | p. 403 |
Q.9.4.2 Guidelines | p. 404 |
Q.9.5 Enforcement | p. 406 |
Q.9.6 Definitions | p. 406 |
Q.1O Remote Access Policy | p. 407 |
Q.10.1 Purpose | p. 407 |
Q.10.2 Scope | p. 407 |
Q.10.3 Policy | p. 407 |
Q.10.3.1 General | p. 407 |
Q.10.3.2 Requirements | p. 408 |
Q.10.4 Enforcement | p. 409 |
Q.10.5 Definitions | p. 409 |
Q.11 Risk Assessment Policy | p. 411 |
Q.11.1 Purpose | p. 411 |
Q.11.2 Scope | p. 411 |
Q.11.3 Policy | p. 412 |
Q.11.4 Risk Assessment Process | p. 412 |
Q.11.5 Enforcement | p. 412 |
Q.11.6 Definitions | p. 412 |
Q.12 Router Security Policy | p. 412 |
Q.12.1 Purpose | p. 412 |
Q.12.2 Scope | p. 413 |
Q.12.3 Policy | p. 413 |
Q.12.4 Enforcement | p. 413 |
Q.12.5 Definitions | p. 414 |
Q.13 Server Security Policy | p. 414 |
Q.13.1 Purpose | p. 414 |
Q.13.2 Scope | p. 414 |
Q.13.3 Policy | p. 414 |
Q.13.3.1 Ownership and Responsibilities | p. 414 |
Q.13.3.2 General Configuration Guidelines | p. 415 |
Q.13.3.3 Monitoring | p. 416 |
Q.13.3.4 Compliance | p. 416 |
Q.13.4 Enforcement | p. 416 |
Q.13.5 Definitions | p. 416 |
Q.14 Virtual Private Network (VPN) Policy | p. 417 |
Q.14.1 Purpose | p. 417 |
Q.14.2 Scope | p. 417 |
Q.14.3 Policy | p. 417 |
Q.14.4 Enforcement | p. 418 |
Q.14.5 Definitions | p. 418 |
Q.15 Wireless Communication Policy | p. 418 |
Q.15.1 Purpose | p. 418 |
Q.15.2 Scope | p. 419 |
Q.15.3 Policy | p. 419 |
Q.15.3.1 Register Access Points and Cards | p. 419 |
Q.15.3.2 Approved Technology | p. 419 |
Q.15.3.3 VPN Encryption and Authentication | p. 419 |
Q.15.3.4 Setting the SSID | p. 419 |
Q.15.4 Enforcement | p. 419 |
Q.15.5 Definitions | p. 420 |
Q.15.6 Revision History | p. 420 |
Index | p. 421 |