Jason Yow

A smart people smack-down is set to start next week where thousands of university computer researchers will pit their brains and machines in a grueling battle of logic, strategy, and mental endurance. Layer 8 Extra: 15 genius algorithms that aren't boring During the competition, ten to twelve problems are attempted in a five hour period. The 34th annual IBM-sponsored Association for Computer Machinery (ACM) International Collegiate Contest (ICPC) pits teams of three university students against eight or more complex, real-world problems, with a nerve-wracking five-hour deadline. The problems are of varying difficulty and flavor.

The goal is that every team solve two problems, that every problem is solved, and that no team solve them all, according to ACM. Contests in the past have included problems that searched for a missing boat at sea, triangulated the location of a faulty transmitter, computed golf handicaps, stacked pipe of varying diameters in a fixed width bin, coded or decoded messages, printed braille, sought an exit to a maze, processed satellite images and solved a math problem. ACM says it wants two problems that could be solved in an hour by a first or second year student, two that could be solved in an hour by a third year student, and two that will likely determine the winners. Problems are presented with no more than a page of text, a helpful illustration, a sample input set with and accepted output set, ACM states. And judging is relentlessly strict, IBM says. Teammates collaborate to rank the difficulty of the problems, deduce the requirements, design test beds, and build smart software systems that solve the problems under the intense scrutiny of expert judges.

The students are given a problem statement, not a requirements document. Each incorrect solution submitted is assessed a time penalty. They are given an example of test data, but they do not have access to the judges' test data and acceptance criteria. The team that solves the most problems in the fewest attempts in the least cumulative time is declared the winner. Some problems require a knowledge and understanding of advanced algorithms.

For a well-versed computer science student, some of the problems require precision only. Still others are simply too hard to solve - except for the world's brightest problem-solvers, according to IBM. The Battle of the Brains is the largest and most prestigious computing competition in the world, with more than tens of thousands of students from universities in approximately 90 countries on six continents participating. Previously, the 2009 ACM-ICPC World Finals took place in Stockholm, Sweden, where a team from St. Petersburg University of Information Technology, Mechanics and Optics in Russia emerged as the world champion for the second year in a row. Since IBM began sponsoring the contest in 1997, participation has grown from 1,100 to more than 7,100 teams. Regional bouts will begin in the United States on October 18 and continue through December, sweeping from continent to continent.

Only 100 three-person teams will advance to the World Finals on February 5, 2010 hosted by Harbin Engineering University in Harbin, China. "The ACM-ICPC affords students the opportunity to showcase their talents and gain exposure among top recruiters," said Dr. Bill Poucher, ICPC Executive Director and Baylor University Professor. "The contest is also a forum for advancing technology in an effort to better accommodate the growing needs of the future."

Among Microsoft's trials and tribulations in the mergers and acquisitions space, a Microsoft official on Tuesday evening cited fear of dealing with the company as an obstacle Microsoft has had to overcome. Brown made the comments at a Churchill Club event in Mountain View, Calif., during a panel discussion on mergers and acquisitions that also featured representatives from Cisco, Google, and Accel Partners. [ Microsoft and Yahoo recently agreed to partner in an effort to better compete with Google. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. ] After the event, Brown said he was referring to a time when he started at the company years ago.  In general, people were just scared of Microsoft, he said. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 "[For a while] there was a fear of dealing with Microsoft and we've worked really hard to try to overcome that," said Marc Brown, managing director of corporate development at Microsoft. This fear existed with both the entrepreneurial and venture capital communities, said Brown. The three technology companies represented on the panel have made waves over the years with their acquisitions.  Cisco is known for numerous purchases, ranging from Scientific Atlanta to Grand Junction Networks; Microsoft has acquired companies such as Great Plains Software and attempted to buy Yahoo, while Google bought YouTube and others.

Panelists discussed their companies' mergers and acquisitions strategies. "The M&A and acquisitions strategy's pretty straightforward," Brown said. "We are a technology buyer. Panel moderator Steve Smith, senior managing partner with Arma Partners, noted Microsoft actually began with an acquisition. "[Founder Bill] Gates bought PC DOS for something under $100,000 and turned it into a thing called Windows and a company called Microsoft," Smith said. Most of our acquisitions are of earlier-stage companies."  Microsoft then leverages sales and distribution channels and processes to bring acquired technologies to the widest audience possible, he said. "What I would say is M&A  is not really the strategy. We start with the idea of what should be our growth strategy," said Carmel. M&A is the tool," said Charles Carmel, vice president of corporate development for Cisco. "The strategy is really about capturing innovation." Cisco realizes it does not have a monopoly on good ideas, he said. "We don't start with the idea of what company we should buy. When pondering an acquisition, Google looks at the caliber of leadership being brought over to the company from the acquired venture, along with factors including time to market and opening of new markets, said David Lawee, Google vice president of corporate development.

Panelists also cited increasing interest in potential overseas acquisitions in places such as China. "There's nothing to prevent us from being as aggressive internationally," Lawee said. The company's acquisition of Urchin resulted in the Google Analytics platform while Keyhole, also bought by Google, became Google Earth, Lawee said. But panelists declined to make any predictions when asked whether the European Union should approve the planned acquisition of Sun Microsystems by Oracle. Tuesday's event was held at Microsoft's Silicon Valley offices. They also would not discuss what impact this acquisition would have on their own businesses. "Everybody's got their own twists and turns to their M&A activities," Carmel said. "No comment," Brown added.

This story, "Fear of Microsoft subsides in mergers and acquisitions arena," was originally published at InfoWorld.com. Follow the latest IT news at InfoWorld.com.    

Standards play a critical role in information assurance. Standards also provide a basis for demonstrating due care and diligence in fulfilling our fiduciary responsibilities to stakeholders. Given the impossibility of defining a deterministic model that includes billions of users, millions of computers, and thousands of programs and protocols potentially interacting with each other unpredictably, we have to rely on human consensus about best practices if we are to progress in our field. In this first of four articles about the latest revision of a landmark Special Publication (SP) from the Joint Task Force Transformation Initiative in the Computer Security Division of the Information Technology Laboratory of the National Institute of Standards and Technology (NIST), Paul J. Brusil reviews the key recommendations and strategic guidance offered in Recommended Security Controls for Federal Information Systems and Organizations, Rev. 3, which has been prepared by a panel of experts drawn from throughout the U.S. government and industry.

Traditionally, the Department of Defense (DoD) and the civilian federal agencies independently develop their own standards. Everything that follows is Brusil's work with minor edits. * * * From the furthest corners of the U.S. Defense and Intelligence communities to every civil office in the U.S. federal government, a single new security standard applies to all government information systems – including national security systems. Harmonizing the security needs of all government agencies has been a long time coming; but, for the first time ever, the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems and Organizations, Rev. 3 dated August 2009 does just that. It is the harbinger of other soon-to-appear, cross-government, security recommendation collaborations in areas including certification and accreditation, risk assessments, security control assessment procedures and others. SP 800-53 provides a unified information security framework that applies across the entire federal government. SP 800-53 is part of an extensive library of guidelines, recommendations and standards NIST publishes and continually updates to help organizations protect their information systems and data.

The SP 800-53 standard, titled "Recommended Security Controls for Federal Information Systems and Organizations", was co-developed by the Computer Security Division of NIST, DoD and the U.S. Intelligence Community, as well as the Industrial Control System community. Protected information systems include all constituent components – local and remote – for processing, storing and transmitting information. It benefited by extensive public review and comments. The purpose of SP800-53 is to achieve information system security and effective risk management, in part, by providing a common information security language for all information systems and by providing consistent and repeatable guidelines for selecting and specifying standard security controls. It represents the best practices and guidance available today, not only for the government but for private enterprises as well.

With the aid of SP 800-53, organizations are able to select appropriate security controls to meet security requirements, to implement the selected controls correctly and to demonstrate the confidence and effectiveness of selected controls in complying with security requirements. Office of Management and Budget (OMB) policies mandate all federal agencies, their contractors and their external service providers use SP 800-53. The existence of SP800-53 as a government regulation has many benefits beyond the stipulation of security best practices. SP 800-53 guides security managers, security service providers, security technology developers, system developers, system implementers and system assessors. For one, it elevates security awareness to senior management. SP800-53 is a living document updated periodically.

Correspondingly, security funding can be positively impacted. The just-released Revision 3 supersedes the previous revision released 18 months earlier. In the next part of this four-part series, Brusil discusses the risk management section of SP 800-53 Rev. 3. * * * Dr Paul J. Brusil, PhD, MD graduated from Harvard University with a joint degree in Engineering and Medicine. It contains or amplifies a risk management framework, a security control catalog, a security control selection process, traceability of security controls to underlying security requirements, assurance requirements for security controls, and extensions for use in communities outside the U.S. government. He has authored more than 100 papers and book chapters in his distinguished career and worked in a wide range of industry and government sectors as a respected security, network management and program management consultant. He is on the editorial boards of several journals including the Journal of Network and Systems Management and is a Lead Instructor for the Master of Science in Information Assurance at Norwich University.

Indian outsourcer Wipro has designed a gateway that uses GSM (Global System for Mobile Communications) wireless technology to collect data remotely from medical devices such as blood pressure monitors, glucose meters, pedometers, and weighing scales available with patients. The design, which will be customized by Wipro for its clients in the medical devices business, has been designed using Intel's Atom processor. In remote areas in India, GSM coverage is better than that of broadband or fixed-line dial-up connections, said R. Manimaran, general manager of the medical devices unit of the Wipro Technologies business of Wipro. Using a standard platform like the Atom platform for embedded applications has helped drive down costs, making the technology affordable in emerging markets, Manimaran said.

Indian outsourcers are increasingly focused on the development of intellectual property (IP) and reference designs that they expect will give them an edge in delivering product design and IT services to customers. The final price of the product will, however, be decided by the vendors, he added. Another Indian services company, MindTree, said in September that it was acquiring the Indian development subsidiary of Kyocera Wireless to do mobile handset design for Kyocera and other clients. It also supports video and audio conferencing for interactions between the patient and the doctor, and between doctors consulting with each other. The medical gateway designed by Wipro allows the transmission of real-time medical data to application servers, physicians' handheld devices, and hospital systems through GSM, broadband and dial-up connections.

In rural areas, where sometimes individual patients may not have the connectivity, they can come to rural health care centers where the information can be collected and communicated to larger hospitals in the city, Manimaran said. Medical devices can connect to the gateway through both wired technologies and wireless technologies such as Bluetooth to provide real time medical data, video and image transfer from a patient to doctor, and in turn from a doctor to doctor, Manimaran said.

Soon businesses that run Check Point security tools will be able to understand how thousands of Web applications and Web 2.0 widgets are used, giving executives better control over what employees do with their computers at work. 12 tips for safe social networking The company is developing a software blade that customers can buy to address use of social Web sites and Web applications. With the blade, due out next year, businesses could see not only that employees use Facebook, but also whether they are participating in Facebook groups or playing games available through the site, for example. Check Point has licensed extensive libraries from FaceTime that identify 4,500 Web applications and more than 50,000 Web 2.0 widgets. Or they could keep an eye on applications that do file transfers, Check Point says.

Initially, Check Point plans to incorporate the libraries in a blade that is just a monitoring tool, but later it will incorporate them in a firewall to create an access-control blade that can enforce restrictions on the use of applications and widgets. Business use of Web 2.0 sites brings its own security concerns and can run afoul of regulations from governmental agencies and business consortiums. Later still, the company says it will incorporate the libraries into IPS and QoS blades. For instance, customers might buy firewall, intrusion-detection system and antispam software blades and run them on a single hardware chassis. Under Check Point's software blade architecture announced earlier this year, customers can buy individual security tools to create packages of custom security features. Before, Check Point sold monolithic multi-function unified threat management platforms that might include more functions than customers wanted.

The libraries support FaceTime's own Unified Security Gateway product.