First post published via Flock!

Do you flock today? Wow, download it and try. Let's flock.

BS7799, ISO17799, ISO27000 Series

Refer to the post at 17799.com forum , the following information is summarized "as is":

ISO27001 is to be the replacement for BS7799-2 by the end of year 2005
ISO 17799:2005 will be renamed in year 2006 or 2007 as ISO/IEC 27002

A new standard for BS7799 series:

BS 7799-3:2005 - information security management systems - guidelines for information security risk management" is a new British Standard due for release in December 2005

The new ISO27000 series will have five parts:

ISO 27000 will formally define the specific technical vocabulary used in these standards;
ISO 27001 will be the ISO version of BS 7799-2, the certification standard (due for full release in November 2005, already available as a final draft);
ISO 27002 will be the renamed and updated version of ISO 17799:2005 (to be released in 2006 or 2007);
ISO 27003 will contain guidance for those implementing the ISO 27000-series standards;
ISO 27004 will be a new Information Security Management Metrics and Measurement standard to help measure the effectiveness of information security management system implementations (currently in draft);
ISO 27005 will be the ISO version of BS 7799-3 

See more information about telecom, security and p2p, please go to: http://hi2005.wordpress.com

Ten-year Evolvement of China Telecom Industry

1994 is a special year for telecom enterprises at China. Before that year, telecom is a function of the state government, no commercial services and operations. At that year, China Telecom was split off into an enterprise to provide all-telecom-services to the whole country. And at that year, China Unicom was founded to lead in market competition.

2nd year of milestone is 1997. At that year, China Telecom was further split into two parts: China Posts and China Telecom. And at that year, I graduated from Peking University and began to work for China Telecom, Data Communiction Bureau (DCB).

3rd year worthy of attention is 1999, when China Mobile was spin off to a stand alone company. Telecom industry entered into a new era. (BTW, I left DCB at 2000 to find my fortune).

4th year to be mentioned is 2002, when China Telecom was further splitted into two parts: China Netcom (10 provinces at north china) and China Telecom (21 provinces at South China)

Click to see the diagram to depict the ten-year evolvement of china telecom industry.

Top Ten Concerns to Skype Security

As a security professional, I adopt Skype as my primary IM due to its encryption and firewall bypass. Although firewall bypass is the direct experience, encryption is just claimed by Skype. Nothing more about the encryption mechanism, such as the key generation, management and etc. The following is the Top Ten Questions I want to know about Skype security issues:

0 does Skype company de-encrypt/record my talk/chat?
1 besides the parties of the talk/chat, any body else can read/hear the content?
2 how to process the talk/chat traffic along the internet route?
3 is the talk/chat content stored at somewhere else at the internet?
4 how to negotiate the session-key used to encrypt the traffic?
5 how to encrypt the talk/chat traffic?
6 how to store the public/private key pairs of skype client?
7 is there any means to identify the traffic at network layer? (though Verso has succeeded in it)
8 is there any existing mechanism to account/audit the activities of the skype client, or recommendation from Skype?
9 is there any country agents involved at the key management?

What's yours most of concern questions? want to know from Skype?
Most update version, please click to http://blog.zhaol.cn

Advice for US Companies in China by Kaifu Lee

China economy and IT market are exciting and attrative. It's lucrative to some multi-natioinal companies, while a waterloo to many of them and their SVP/EVP/MD/GMs. Why? A good slides by Kaifu Lee disclose his findings at China. Click to download.

• Build strong government relationships
• Play by China's market rules
• Make a long-term commitment
• The local economy is the top priority
• Nurture local people
• Build trust, not PRUnique power of government
• Relationships required at all levels
• The spirit of the law matters more
• China's culture is built on trust, relationships, mutual respect.
• The concept of "face" is very important.
• Avoid sensitivities and find every opportunity to make China look good
• Negotiations are bottom-up and informal.
• …

Thanks to Dr.Lee's excellent summary. It's very valuable to read.

My Blog at Wordpress.com

Hello, because blogspot.com is not accessible at China, so I moved my blog to: http://hi2005.wordpress.com The topic keeps the same: Telecom, Security and P2P. You can reach that site through my permenant personal domain name: http://blog.zhaol.cn Thanks for visiting and comments.