21- 30 [Tech Info] This section introduces the latest ICT technologies related to your fields of interests: project management, network security, application development methodologies, and so forth. OIC - JICA.

21. Beginning of ISO/IEC 27001 Certification
22. Hints for Effective Implementation of EA
23. Windows Vista features and .NET Framework 3.0
24. What Is NGN (Next Generation Network) ?
25.phpDocumentor,the Art of Programming Documentor?
26. "Botnet" and latest information security measures
27. Approach to eHealth in Europe
28. The PHP Data Objects (PDO) with PHP 5.x
29. Introduction of Various Operating Systems
30. Coding Standard for PHP

----------------------------------------------------------------------
21. [Tech Info] Beginning of ISO/IEC 27001 Certification ----------------------------------------------------------------------

ISO/IEC 27001 is the international standard for the information security which defines the system to manage countermeasures for the information security. It gives a favorable blessing of the organization's ISMS. Any kind of governmental organizations and private companies can utilize this standard. ISO/IEC 27001 focuses on not only technical security countermeasures, but also security management by PDCA (Plan-Do-Check-Act) cycle. This standard defines 133 controls as requirements for security management. This is the third-party certificate scheme and the organization who wants to get this certification asks a third-party organization to audit the situation of ISMS.

ISO/IEC 27001 is based on BS7799. BS7799 is the information security standards which England established. "BS" stands for "British Standard" and this is not the international standard. BS 7799 consists of 2 parts; Part 1 is about the code of practice for information security management and now it is standardized internationally as ISO/IEC 17799. ISO/IEC 17799 will be revised as ISO/IEC 27002 and unified into ISO/IEC 27000 series in near future. On the other hand, Part 2 is the standard for reviewing organization's ISMS, and last year (2005) in November, BS7799 Part 2 was standardized international- ly and published as ISO/IEC 27001. The organization which has already had BS7799 certification must migrate to ISO 27001 in the certain period. And the organization which doesn't have a certification will get ISO 27001.

The most important point to get ISO/IEC 27001 certification is that analyzing organization's security risk appropriately and conducting necessary controls as a whole organization based on the risk analysis result. In doing so, it is necessary to establish organization wide security policy, to conduct user training and to implement appropriate network and physical countermeasures.

We would like to suggest you to get ISO/IEC 27001 certification, in order to increase your organization's security level as a whole.

----------------------------------------------------------------------
22. [Tech Info] Hints for Effective Implementation of EA
----------------------------------------------------------------------

In OIC computer training courses, we studied Enterprise Architecture
(EA) which is one of methods for promoting e-Government.

Objective of EA is to realize full optimization of organization from
the view point of businesses and systems to be more customer-centered.

One of the characteristics of EA is "Creation of EA model". We have to
clarify structure of whole organization by using it.

In order to clarify the structure of whole organization, we divide
businesses and systems into four layers (Business, Data, Application,
and Technology), and create many diagrams such as Data Flow Diagram
(DFD), UML Class Diagram, Hardware/ Software/Network configuration
Diagram and so forth.

In planning phase, we investigate current situation (As-is Model) and
design future situation (To-be Model) to create Computerization
Strategy Plan which is final documents for EA establishment.

EA is known as very effective method to improve businesses and
systems, so many public organizations and private companies have tried
to implement it.

In case of Japan, Japan Government established EA guidelines, and not
only central governments but also many local municipalities are now
implementing EA.

However, we have found many difficulties to implement EA recently as
follow.

[Issues for realizing EA]
1. Lack of clear visions and strategies by Top Management
2. Difficulty in reaching an organizational consensus
3. Lack of IT skilled staffs

In order to solve those, we should take various kinds of
countermeasures.

Not only short term plan, but also middle/long term IT strategies and
education for IT staffs are necessary. For realizing it, we have to
think about "IT Governance".

Definition of IT Governance is "Internal control of organization for
IT". In short, it is one of methodologies for establishment and
implementation of IT strategies. Today, it is necessary for Chief
Information Officer (CIO) to study the skills and knowledge of IT
Governance.

The most famous and effective guideline for IT Governance is called
"Control Objectives for Information and related Technology (COBIT)"
which was issued by Information Systems Audit and Control Association
(ISACA).

ISACA defines four necessary domains and 34 necessary processes in
COBIT for internal control.

You can get more information about COBIT by accessing ISACA web site:

http://isaca.org/

-----------------------------------------------------------------------------
23. [Tech Info] Windows Vista features and .NET Framework 3.0
-----------------------------------------------------------------------------

Windows Vista, Microsoft's latest operating system, has been released
worldwide to the general public on January 30, 2007. For business
users, it was released two months earlier.

This new operating system adopts an improved interface and new
security tools and features. One of Vista's major features is "Windows
Aero." In this interface, the separate panes for each program you are
running can be displayed in different ways and in different angles.
Another feature is the sidebar, in which users can run a weather
watching program, keep the calculator visible, and keep an eye on
any feeds they want to monitor.

As a security tool, Windows Vista includes anti-spyware called
"Windows Defender". Vista will also work hard to ensure people keep
their copy of Windows up to date since attackers are getting much
better at exploiting unpatched security holes.

Windows Vista will also impact software development in a positive way.
This new operating system includes ".Net Framework 3.0," formerly
known as WinFX, which aims to make it considerably easier for
developers to write high-quality applications than with traditional
Windows APIs. ".Net Framework 3.0" includes a new set of managed
code APIs that are integral to Windows Vista.

There are no major architectural changes with ".NET Framework 3.0,"
since it includes version 2.0 of the Common Language Runtime (CLR).
Therefore, a .NET Framework 2.0 application should, in theory, work on
a .NET Framework 3.0 system. However, software testing is highly
recommended before attempting to run such an old application on the
new environment. .NET Framework 3.0 is also available for Windows XP
SP2 and Windows Server 2003 as a download.

For building .NET Framework 3.0 applications using existing Visual
Studio 2005, Microsoft provides Visual Studio extensions for .NET
Framework 3.0 and various tools. They are provided as an early preview
of technology to enable early adoption of the .NET Framework 3.0
platform. Users will be expected to upgrade it when commercial version
becomes available.

For more information, visit the MSDN worldwide site at
http://msdn2.microsoft.com/en-us/

----------------------------------------------------------------------
24  [Tech Info] What Is NGN (Next Generation Network)?
----------------------------------------------------------------------

Do you know the term of NGN? NGN is the acronym of Next Generation
Network and it is also the name of the new network service. Now among
Europe, Japan, and other countries, this new network is about to be
introduced. This time we would like to introduce the outline of NGN.

What is the definition of NGN? Some people say NGN is an IP-based
telephone network. Yes, it is correct in a narrow sense. Until few
years ago, when we make a phone call, the traditional non-IP-based
phone lines provided by telephone carriers are used. But nowadays the
situation has been changed. We can use IP-based telephone service like
Skype, and as a result, the number of people who use traditional
telephone lines has decreased drastically. It forces the carriers to
migrate their telephone networks from a non-IP-based one to an
IP-based one. This new IP-based telephone network is called NGN in a
narrow sense.

In a broad sense, however, NGN is a quite different new network. NGN
has a lot of characteristics. NGN is not a part of the Internet but
another IP-based network provided by carriers. The architecture of the
NGN is different from that of the Internet. In the Internet, IPv4
(Internet Protocol version 4) is the base protocol. Over IPv4
infrastructure, applications such as WWW, mail can run freely. On the
other hand, in NGN, in addition to IPv4, IPv6 (Internet Protocol
version 6) will be used as the base protocol, and applications work on
some regulations. These regulations make it easier to keep the voice
grade of IP telephone. One of the regulations is the adaptation of SIP
(Session Initiation Protocol). Under this control, various
applications such as telephone, movie distribution, and access to the
Internet are provided in appropriate quality of services (QoS).

In summery, NGN is expected as a more sophisticated and promising
network. In Japan, NTT East has started the field trial of NGN in
December 2006. In other countries, NGN might start soon.

Pay attention to the trend of NGN.
If you need more information, refer to the following URLs:
- http://en.wikipedia.org/wiki/Next_Generation_Networking
- http://www.ntt.co.jp/ir/library_e/nttis/2006win/


----------------------------------------------------------------------
25.phpDocumentor,the Art of Programming Documentor?
----------------------------------------------------------------------

1. History of Programming Documentation

In the early stage of computer, when main frames were dominating,
different programming languages specific to each main frame were
used. Program documentation had been requisite for communication
among development members.

Nowadays, in object oriented programming, the programming
documentation is still more important, as APIs (Application Program
Interface). When we create a new method, we at first define the
interface, the specification of how to use it. Then, users of the
method can be compliant with its interface.

Java, a well-known object oriented language, has an innovative
tool, JavaDoc, to describe API documents. When we use JavaDoc, we
embed the documentation as a comment in each Java source code, then
JavaDoc automatically generate an API documentation of your codes.

As PHP language started to support object oriented programming from
PHP5.0, PHP users become eager to have such a documentation tool
like JavaDoc. phpDocumentor is thus developed as an open source
project to meet the demand.

2. What is phpDocumentor?

phpDocumentor is the current standard auto-documentation tool for
the PHP. Similar to Javadoc, phpDocumentor can be executed in the
command line to create HTML documentation from PHP source code.

See details at: http://www.phpdoc.org/

3. How to install?

You can obtain zip or tgz file of phpDocumentor from the link
above. This software is platform-independent. You can use similarly
in both Windows and Linux environments.

After decompressing it, please place the PhpDocumentor folder at
the PEAR folder. e.g.:
[Windows] C:\php\PEAR\PhpDocumentor
[Linux] /usr/local/lib/php/PEAR/PhpDocumentor

4. How to use?

Here shows an example of generating documents in Linux environment.

> php /usr/local/lib/php/PEAR/phpDocumentor/phpdoc \
-t /usr/local/apache2/htdocs/doc \
-o HTML:frames:default -d /usr/local/apache2/htdocs/tender \
-pp on -ti 'OIC Framework' -dn 'OIC Framework'

[Frequently Used Options]
-d   --directory       name of a directory to parse
-t   --target          path where to save the generated files
-ti  --title           title of generated documentation.
-pp  --parseprivate    parse private methods/members
-dn  --defaultpackage  name to use for the default package.
-o   --output          output information to use.
                 Format: output:converter:templatedir

5. How to describe?

Descriptions for phpDocumentor should be enclosed with /** and */.
A number of tags which starts with 'at mark' like @package, and
@param is available. Here shows an example of the description.


----------------------------------------------------------------------
26. [Tech Info] "Botnet" and latest information security measures
----------------------------------------------------------------------

Introduction

Have you ever received any information security damage?  Since
Internet has become widespread rapidly and highly-developed,
threats and risks for information security have increased very much
and attack methods have become cleverer.

The Recent Tendency of Attack is "Invisible".

You may receive some damage without knowing it. One Japanese
research agency (IPA="Information-technology Promotion Agency")
reported that the number of reported accidents about unauthorized
access had decreased from last year. One reason for this decrease
is lots of organizations had introduced anti-virus software. But
other reason may be that the damages from "spyware" have not become
obvious.

New Threat to ICT

"Botnet" is the most serious threat among them. "Botnet" is a huge
network of computers which are infected by "Bot" (=a malicious
program by which a hacker can control other computer by remote) .

By using "Botnet", a hacker can control multimillion computers. For
example, "Multimillion infected computers may send junk e-mail at
once", "Multimillion infected computers may intercept a server's
service (DOS attack)". There is a real case that a hacker who
blackmailed an organization by using "Bot" was arrested.  The
problem of the "Bot" is that we cannot confirm the existence of
"Bot". "Bot" can disappear automatically when it is tracked, and
"Bot" can upgrade itself automatically by using network. Thus,
"Bot" hides itself from owners, and spreads infection. One research
said that 2.0-2.5% of computer in Japan is infected by "Bot".

Effort against "Bot": In the Case of Japan

Japanese government starts actual activities against
"Bot". Ministry of Internal Affairs and Communications launched
"Bot control project" in cooperation with Ministry of Economy,
Trade and Industry. And it established "Cyber Clean Center"
(https://www.ccc.go.jp/en_index.html) in cooperation with ISP
(Internet Service Provider). Currently, there are not effective
countermeasures against "Bot".

The purpose of this project is to limit the spread of "Bot" by
decreasing the number of "Bot" infected computers as much as
possible. And this project aims to make hackers recognize that it
seems difficult to make "Botnet" in Japan, because governments take
a proactive stance on problems in "Bot". The role of "Cyber Clean
Center" is to provide a mechanism for cleansing "Bot" absolutely.

The characteristics of the mechanism are;

1) Collect objects of Bot
to examine from bait PC in the Internet and make tools for
cleansing.

2) ISP notices to the users by e-mail that they are infected by
"Bot".

3) Each user who gets a notice from ISP downloads the tools from
the site and cleanses "Bot".  Currently, 30% of noticed users
succeeded cleansing.  The challenge that lies ahead is how to
make other 70% users cleanse "Bot".

Conclusion: Back to Basic = Security Policy and PDCA

Ad hoc measures are not effective in current situation that new
attack methods are appearing in sequence. It is important to
establish Information security policies, and based on them, to
conduct PDCA (Plan-Do-Check-Act) cycle continuously.  And also,
training is important to raise security awareness of staffs.

Nowadays, high security level is essential to continue business.


----------------------------------------------------------------------
27. [Tech Info] Approach to eHealth in Europe
----------------------------------------------------------------------

Today, we introduce you "eHealth" which is one of e-Government
services. This concept is becoming more and more popular all over the
world.  In EU member nations, it is expected as the key of economic
growth and job development.

[What is "eHealth"?]
"eHealth" is an approach which improves our health and medical
services by using new technologies, including the Internet.


[Advantages of "eHealth"]
By using "eHealth", we will be able to get the following advantages;
- To get correct information on health quickly,
- To make medical cost reasonable by improvement of medical
efficiency,
- To improve medical service quality,
- To prevent medical accidents by digital documents.


[Outline of "eHealth" in Europe]
EU has the goal to provide all citizens of EU member nations with
health care without relation to a patient's nationality and address.
However, EU thinks that it is difficult to introduce common
standardized medical and insurance system to whole Europe or
EU member nations.

In order to solve such a problem, EU aims to introduce a smart card
to medical services and make the smart card have the interoperability
among nations.

The smart card is called "EHIC: European Health Insurance Card".

EHIC is introduced to 25 EU member nations, Iceland, Liechtenstein,
Norway and Switzerland. It has a  purpose to enable a traveler with
an EHIC to get medical services during his/her trip.

In order to keep consistency between current medical system and
EHIC system, there are two card faces. One side is for common
function of EHIC, the other side is for each country's own
use. Name, birthday and ID number of a card holder and a code of
his/her country are recorded on a EHIC. Private medical history is
not recorded on a EHIC at this moment.

People with a EHIC can get medical services in foreign countries
by exhibiting the card, and can start refund procedure immediately if
he/she pays the cost for medical services in the country.

Medical workers provide proper medical services considering health
status of the card holder, visit purpose and duration if he/she
presents the EHIC to the medical service provider.


[Future Plan]
Different countries in Europe have different social security
system. In addition, some of European countries have advanced the
introduction of IT for national medical system and have already
introduced a medical smart card with IC (Integrated Circuit) chip.
So, it is expected that EHIC is being introduced with keeping
the consistency with each country's own medical and insurance system.

Also, it is planned that EU will establish interoperability of EHIC
among European countries and operate it as a part of medical system
in the whole Europe in 2008 in order to exchange information and
prevent illegal use.


[Reference website about European Health Insurance Card]
European Commission [English Site]
http://ec.europa.eu/employment_social/healthcard/index_en.htm


----------------------------------------------------------------------
28. [Tech Info] The PHP Data Objects (PDO) with PHP 5.x
----------------------------------------------------------------------

Overview:
The PHP Data Objects (PDO) is shiped with PHP 5.1 or later version,
and is also available as a PECL extension for PHP 5.0.

PDO defines a lightweight, consistent interface for accessing
databases in PHP. It provides a data access abstraction layer,
regardless of the underlying database. That means, it is possible
to use the same functions to issue queries and fetch data even if
you have many kinds of databases.
Previously, such as PEAR::DB, and dbx were used as the data access
abstraction method, but now PDO is highly recommended because of its
advanced features.
e.g. high performance, OO API, Exception handling, and so on.

Supported Databases:
The followings are the drivers and supported databases
that currently implement the PDO interface.
The specific PDO drivers are required to use the various databases.

- PDO_OCI       : Oracle Call Interface
- PDO_PGSQL     : PostgreSQL
- PDO_MYSQL     : MySQL 3.x/4.x/5.x
- PDO_DBLIB     : FreeTDS / Microsoft SQL Server / Sybase
- PDO_IBM       : IBM DB2
- PDO_ODBC      : ODBC v3 (IBM DB2, unixODBC and win32 ODBC)
- PDO_INFORMIX  : IBM Informix Dynamic Server
- PDO_SQLITE    : SQLite 3 and SQLite 2
- PDO_FIREBIRD  : Firebird/Interbase 6

How To Install:
- On Linux/UNIX Platform: PDO and PDO_SQLITE are included in the PHP
5.1 and later distribution.  It is recommended to build PDO, and
PDO driver as shared extensions for the easy updates via PECL.
For example,
  # ./configure --with-zlib --enable-pdo=shared \
    --with-pdo-oci=shared

- On Windows Platform:
PDO and the major drivers ship with PHP 5.1 and later as shared
extensions.

How To Activate:
php.ini file must be edited to load the PDO extension automatically.
It is also needed to enable any database specific drivers too.
For example,
- On Linux/UNIX Platform:
extension=pdo.so
extension=pdo_oci.so

- On Windows Platform:
extension=php_pdo.dll
extension=php_pdo_oci.dll

Sample Source:
setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

} catch (PDOException $e) {
print "PDOException = " . $e->getMessage();
exit(1);
}

try {
// prepare statement
$stmt = $conn->prepare("SELECT * FROM EMP WHERE DEPTNO = ?");

// bind parameters
$deptno = 10;
$stmt->bindParam(1, $deptno);

// execute query
$stmt->execute();

// fetch result set
while($rs = $stmt->fetch()) {
  print_r($rs);
}

// close DB
$conn = null;
} catch (PDOException $e) {
print "PDOException = " . $e->getMessage();
exit(1);
}
?>

For more information, please refer
http://www.php.net/manual/en/

To get the current PHP including PDO, please visit
http://snaps.php.net/

----------------------------------------------------------------------
29. Introduction of Various Operating Systems
----------------------------------------------------------------------
There are many kinds of operating systems other than Microsoft Windows
or Linux in the world.  If you learn those various operating systems,
you will be able to understand ¡Èoperating systems¡É more.  Therefore
I am happy to introduce some of them.


Once University of California at Berkeley developed BSD, which is a
famous version of UNIX. BSD itself is concluded, but there are
successors.
FreeBSD is known for its easiness to use. It is for i386 (PC) mainly.
NetBSD is known by supporting many kind of platforms.
OpenBSD is known as secure and project develops OpenSSL also.
cf. 
   
         


MacOS X is a commercial product of Apple. It is based on a micro
kernel model, and has userland of FreeBSD. (i.e. You can use most of
commands and libraries of FreeBSD on MacOS X along with Macintosh
software) Today, many UNIX users use MacOS X, because they can use
both software like iTunes and power of Unix.
cf. 


Darwin is core part of MacOS X and it is OSS. It has no GUI of
Macintosh.
cf. 


Solaris is a commercial product of Sun Microsystems. It is one of UNIX
System V release 4.0 and is famous for its reliability. Although
Solaris is a commercial product; it is free of charge to use and to
get most of patches. The current version is Solaris 10 which includes
newest file system ZFS.
cf. 


Most of Solaris became OSS. But important parts are not included. The
author of Linux complains that there is no ZFS in Open Solaris,
although he wants it.
cf. URL:http://www.opensolaris.org/os/


----------------------------------------------------------------------
30. [Tech Info] Coding Standard for PHP
----------------------------------------------------------------------

Every real project has its own coding standard. Coding standard is one
of the ideas to make programming source code with good quality and
high maintainability. Commonly, there are some categories in coding
standard such as File Formatting, Naming Conventions, Coding Style and
inline documentation. Rules for Maximum Line Length, Line Termination,
and Encode Type will be set as File Formatting. Coding style means how
to write source code such as declaration of classes, how to write
control statements.

Here we want to introduce an example of Naming Conventions in the
coding standard for ZendFramework issued by Zend, which developes PHP.


[Naming Conventions]
1. Classes
   - Class names may only contain alphanumeric characters.
     Numbers and underscores are permitted in class names but are
     discouraged.
     If a class name is comprised of more than one word, the first
     letter of each new word must be capitalized.

2. Filenames
   - For all other files, only alphanumeric characters and
     underscores are permitted. Spaces are prohibited.
     Any file that contains any PHP code must end with the extension
     ".php".
     Following example shows the acceptable filename for containing
     the class name, "UsecaseController", from the example in the
     section above.

3. Functions and Methods

   - Function and method names may only contain alphanumeric
     characters.
     Underscores are not permitted except for names of constructor
     and destructor method for object-oriented programming.
     Numbers are permitted in function and method names but are
     discouraged.

   - Function and method names must always start with a lowercase
     letter.
     When a function or method name consists of more than one word,
     the first letter of each new word must be capitalized.
     This is commonly called the "camelCaps" method.

Refer to the following website for more information.
http://framework.zend.com/manual/en/coding-standard.html