Country/region [change]      Terms of use
Home      Products      Services & solutions      Support & downloads      My account

IBM Research Journals Home Systems Journal Current Issue Recent Issues Papers in Progress Search Journal Archives Subscribe/Order Description Author's Guide Journal of Research and Development Staff Contact Us Finish Shopping Related links IBM Middleware: Regulatory Compliance OCEG Information Systems Audit and Control Association OMG Compliance GRID

Compliance Management Volume 46, Number 2, 2007 Click to enlarge Businesses currently expend significant resources to comply with regulatory mandates or adopt new standards for business practices. Eight of the 10 papers in this issue describe new technologies and tools that help businesses manage their compliance requirements, including a system for tracking the originality of source code, a visualization tool that supports compliance with the Sarbanes-Oxley Act, a middleware component for accessing a database that enforces compliance with security and privacy regulations, and a technology for managing audit data that has been incorporated in several IBM products. A survey of static analysis methods for identifying security vulnerabilities in software systems and an article on the use of WORM (write once read many) devices for trustworthy record keeping complete the issue. Table of Contents Papers in:        Order No. G321-0165-00 Introduction Charles W. Lickel, Vice President, Software, IBM Research Division   Preface John J. Ritsko and Alex Birman p. 203 Risk management Seeing is believing: Designing visualizations for managing risk and compliance R. K. E. Bellamy, T. Erickson, B. Fuller, W. A. Kellogg, R. Rosenbaum, J. C. Thomas, and T. Vetting Wolf p. 205 Optimized enterprise risk management C. Abrams, J. von Känel, S. Müller, B. Pfitzmann, and S. Ruschka-Taylor p. 219 Privacy and data protection Best practices and tools for personal information compliance management M. Kudo, Y. Araki, H. Nomiyama, S. Saito, and Y. Sohda p. 235 Compliance with data protection laws using Hippocratic Database active enforcement and auditing C. M. Johnson and T. W. A. Grandison p. 255 Development A survey of static analysis methods for identifying security vulnerabilities in software systems M. Pistoia, S. Chandra, S. J. Fink, and E. Yahav p. 265 Ariadne: An Eclipse-based system for tracking originality of source code L. Luo, D. M. Hao, Z. Tian, Y. B. Dang, B. Hou, P. Malkin, and S. X. Yang p. 289 Auditing and reporting Role of an auditing and reporting service in compliance management J. Ramanathan, R. J. Cohen, E. Plassmann, and K. Ramamoorthy p. 305 Addressing the data aspects of compliance with industry models M. Delbaere and R. Ferreira p. 319 A static compliance-checking framework for business process models Y. Liu, S. Müller, and K. Xu p. 335 Technical Forum WORM storage is not enough W. W. Hsu and S. Ong p. 363

About IBM      Privacy      Contact