Leon A. Kappelman
- 1 Cohen, B. Study of~_~ Jns~hts into f~demmlyear-2000 gan e p}an. ITJA's V6Br2OOOOJt/O~2,2 (L~.20,1997), 1-2.Google Scholar
- 2 H al% B., and Sch%k, K. The year2000 ~ So}utJons ~r today., and tan ormm .N ob~ ~racon~=.~noep~ntatJon (9 alias, Tex., June 19,1996), G artnerG ~up, Inc., Sta~ fo~J, Conn.Google Scholar
- 3 Jones, C. G bbaleconQn Jc i~ pacts ofthe year-2000 p~b~m . In Y ear-2000 Probl~m :S~J~and So}uti3ns~ theForbmnel00,L.K appelm an, Ed. IntematJonalThan son P~, B cstmn, 1997, pp. 12-29.Google Scholar
- 4 m appei~ an, L., md. SdvirgtheYe~-2000 ~~ DztePrddenA Guideand Remr~Diret(~y. s~ for Infozm arJon M anage~ ~t IntemarJona}, Y e~r 2000 W ozkJng Gmup, Chimgo, 1996.Google Scholar
- 5 Kappel~ an, L., and Keeling, K. Report on the year-2000 p~b~m :A benchm azks and status study. In Ye~-2000 Prdden 3r,~ejjesand Sdutims fron the F(~tune 100, L. K a#pe~ an, Ed. international T hcr~ son P~, Boston, 1997, pp. 264-278.Google Scholar
- 6 Stmamm ann, P. The~~ CoT~. In~)~ atJon Eooncm Jc P tess, New Canaan, Conn., 1997. Google ScholarDigital Library
- 7 U S. Dept. ofCcmm ~.~3e, Bu~ ofEconcm Jc Ana~sis. ~{/rv~ d Ct/r6~ BuJr~Z6, 8 (1996).Google Scholar
Index Terms
- Calculating the cost of year-2000 compliance
Recommendations
A posteriori compliance control
SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologiesWhile preventative policy enforcement mechanisms can provide theoretical guarantees that policy is correctly enforced, they have limitations in practice. They are inflexible when unanticipated circumstances arise, and most are either inflexible with ...
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
Verifying compliance of trusted programs
SS'08: Proceedings of the 17th conference on Security symposiumIn this paper, we present an approach for verifying that trusted programs correctly enforce system security goals when deployed. A trusted program is trusted to only perform safe operations despite have the authority to perform unsafe operations; for ...
Reviews
Rudolph E. Hirsch
The benefits provided by this paper lie as much in its directions for undertaking global cost studies as they do in the help it provides for individual organizations in predicting the cost of their year 2000 (Y2K) conversions. The global aspects will be of interest to government and academic statisticians, for whom there is a detailed description of how cost surveys can be undertaken. The organization-oriented aspects, as the authors explicitly warn, must be taken with reservations, because the cost forecasts of the global studies done so far vary significantly. They all agree, however, that Y2K compliance is a large and expensive project. Some specifics are provided for organizational compliance. For instance, according to the authors, the two choices for affected software are to fix it or replace it. If the decision is made to fix it, the number of lines of code involved and the number of function points within that code will have a major influence on the cost of the project. Also, there should be little cost difference between fixing software logic only and expanding date fields to four digits. Y2K conversion cost estimates become more accurate as the conversion proceeds, but they also become larger: the final bill will probably be around 35 percent of the total IS budget until conversion is complete. There are some “soft” costs as well: the cost of forgoing opportunities while the IS staff copes with Y2K; and industry-specific costs, such as credit card issuers having to issue credit cards on a two-year cycle, not the usual three- or four-year cycle, because many card readers cannot accept the year “00.” The costs will be highest in information-intensive industries such as banking and insurance. The paper includes a short high-level checklist for organizations and makes one specific recommendation: If your Y2K conversion has not yet begun, it should, and immediately.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments