IT Answers » Security Program Management

Information Security Awareness

Toyz — Fri, 10 Jun 2011 18:43:26 +0000

We are in the early stages of creating an Information Security program for our new company. I would like to email monthly security tips, tidbits, etc for Security Awareness to all employees. Have you seen anything “catchy”, grab your attention type email subject lines and/or icons, so we can catch people’s attention to these monthly topics?

How Many Information Security Policies Do I Need?

Vper — Mon, 03 Jan 2011 03:49:18 +0000

I need some advice from other security experts. I was
recently hired to work for a small company where our data and infrastructure is
at a managed hosting facility. The hosting service has a SAS 70 that is
regularly audited. My company in the past relied – almost solely – on the
managed service security plans and controls. However, I am wondering if that is
truly enough or if we need to develop our own security plans and policies for
that infrastructure and data or continually reference the hosting company’s
documents?

Microsoft’s Defender management and monitoring

NewnanIT — Mon, 13 Sep 2010 13:31:22 +0000

Can Microsoft’s Defender be managed centrally from a server? Can I review logs across the domain? Is this possible or is there a similar corporate offering from Microsoft?

Open IT Forum: What security-related lessons have you learned?

MelanieYarbrough — Wed, 08 Sep 2010 14:27:50 +0000

What is the hardest or most costly (whether it be time, money or pride) lesson you or your company has learned regarding security?

We want to hear your security-related stories, concerns and blunders in the discussion area. The most entertaining or insightful stories have 200 knowledge points waiting for them.

What do you foresee as your biggest security concerns in the upcoming year?

JennyMack — Tue, 08 Sep 2009 16:43:07 +0000

As you begin planning for next year’s department spending and resource allocation, what do you foresee as your biggest areas of security concern in the upcoming year? Do you think particular areas will require special attention or resources?

IT Security

Davemd — Mon, 16 Jun 2008 14:47:43 +0000

With all the talk about security certifications and working in IT security being hot right now and in the future, I was wondering if it would make more sense to try and get the Security + certification before trying to get another IT certification such as the MCSA (Microsoft Certified Systems Administrator)? I’ve heard that most certifications (other than security) don’t mean that much anymore to employers, and that skills now beat having certifications. Also, I noticed for many other security certifications such as the CISSP, the requirements to take the test are very strict, in that you need to have 5 years of experience working in security. How does one get that experience if they’ve never specifically worked in security? What if someone was more of an IT Generalist, or IT jack-of-all-trades where they worked? I think I want to head in the security direction, but how do I do it? For the past couple of years, I’ve worked for a small firm where I am the only one that does all the IT stuff, and security was really never an everyday issue. My job title probably ties more closely to an IT Administrator or Systems Administrator. I appreciate any help and feedback. Thanks very much.

SAP Security outside in

1112gene — Wed, 02 Apr 2008 15:16:15 +0000

Question,
I came to this company 1yr ago and noticed immediately they had not implemented Security!!! SAP_ALL for everyone in Production!!!
So as my second BIG project I took on, Security. In building the profiles for these people I came across 2 problems which are holding me from rolling out these profiles I built, which are based on the same problem, an outside system coming into SAP.
Since everyone had SAP_ALL or NEW we had no problems but restricting the Authority has shut down the operation and accessibility of these 2 outside systems which are very necessary.

1st problem and biggest is we have a VB frontend to SAP for easy order taking for Custom Service Dept.
I found out the design/programmer used a VB call into SAP via a VB BAPI that will allow MS into SAP.
He did not setup an RFC via SM59 or a Trusted RFC, and has no call for Call Function: for Authority_Check_RFC in the VB program, which prevents the Login and Security check being passed allowing access!

I told them this would not work with out the Call Function: from the VB program as a start and if it doesn’t work we need to do the RFC via SM59 or STV1.

It’s gotten personal and they think I have not setup S_RFC with proper Authorization but in order to do that you need Object Group AAAB, take S_RFC and throw out the rest, but I still don’t see that as a solution w/o the Call Function in the VB program!
What say you?

Selecting an area within security to start

Secmax — Sun, 24 Jun 2007 16:06:15 +0000

Hi,
I’m studying for an MSc in Information Security from Royal Holloway University of London, I have a B.Engg. degree in computers and a PG Diploma in Networking and Communication as well as the CCSA and CCNA. I’m also studying for the CISSP.

Now, with all these qualifications, could you please tell me which would be the best position for me to apply for in order to get a start, and if I try that position what would my options be when I gain some experience.

Thank you!!

Procedures for a new area.

Millan — Wed, 23 May 2007 22:13:31 +0000

We are a company where we have expirience on network remote administration and now we have open a new area, The area of security. Now I need to start to make new procedures like when a new customer come to us and ask if we can handle the security for his network… I need to know if some one can recommend some standard like ISO, COBIT or something like this in order to make new procedures, questionnaires and all those things.

Thanks a Lot!

Compliance to Acts

Rohitmagazine — Fri, 02 Mar 2007 09:55:35 +0000

How can softwares for url/content filtering or mail scanning be made compliant to HIPAA , Sarbanes-oxley act etc. …
What all features are required to be implemented to make them compliant ????