Microsoft Windows

Dec 22 2008   2:09AM GMT

Has the new Active Directory evolved to meet the needs of the Users - SAS70

Posted by: sas70expert
Active Directory, SAS 70, ActiveDirectory

With the release of Windows 2000, ActiveDirectory fire appeared and is not on its fourth version. New changes with Windows Server 2008 are: 1) a new domain controller model aimed at branches, new object restoration options, ability to take snapshots backups, and more flexible password policies. When performing a SAS 70 audit, many auditors use applicaitons, such as dumpsec, to gather information that is stored in Active Directory, What tools do you use to gather user permissions within your applications?  sas70expert at gmail.com

Nov 27 2008   4:37PM GMT

Have you been Clickjacking lately? SAS70

Posted by: sas70expert
vendors, browsers, internet, internet explorer, SaaS, firefox, Opera, SAS 70, Clickjacking, Safari

 Clickjacking threatens all major internet browsers – internet explorer, Mozilla firefox, Safari and Opera. What is it? Clickjacking is not when your wife takes over the remote control. It is when a browser user puts his mouse on a sign button, but a tag is placed under the button that the user may not see. When the user clicks, he then sends information to an unauthorized source. This could destroy the legitimacy of your web application or you SaaS.

 

There are several possible solutions to this hacker attack, but only with updates by the browser vendors. Firefox has a stop-gap solution in place – “no-script.” It is a technical solution and not for everyone. If you process credit card information, your SAS 70 auditor will look to see what precautions you have taken. What measures do you have in place?  Trackback URL

Jul 11 2008   6:26PM GMT

How do I get to the top without breaking the Bank? SEO (search engine optimation) and SAS70

Posted by: sas70expert
Third-party services, Security, Microsoft Windows, Management, Compliance, Auditing, Data center operations, CIO, CEO, CFO, SAS 70, CSO

When I Google today on SAS70? Wow, I have so many choices. With the rankings of companies - it is confusing and perplexing and that I am not even on the first page. How do I get there without breaking the bank? I have read some on the Google site about it and it has left me wanting more. Just like you, I am searching for ways for companies to recognize me and my site and want to follow the rules so that I can make my site visited. One way is to spend, spend, spend. A SEO consulting firm can get you to the top of the page, but it will take a substantial investment. A beginning company may not want to invest big dollars yet, but their has to be other ways to build brand awareness without selling the computer. Have you hired a SEO consultant? What are your experiences? What are some key things that I should be looking for?

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 30 2008   3:19AM GMT

DataCenters that go Green! – SAS70

Posted by: sas70expert
Third-party services, Networking, Network security, Network monitoring, Strategic Enterprise Management, Microsoft Windows, Management, Database Management Systems, Industry Solutions, Data center operations, Network Management Systems, Blackberry, Data center design, CIO, Mobile, DataCenter, DataManagement, CEO, CFO, storage arrays, cooling systems, Exchange, power systems, SAS 70, CSO, Rack systems

Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?   

Jun 28 2008   1:33AM GMT

Are you ready to make decisions as CSO or CIO? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Networking, Security, Strategic Enterprise Management, Microsoft Windows, Information risk management, Career development, Management, Security Program Management, Compliance, Risk management, human factors, business/IT alignment, Auditing, Monitoring, Financials, Data center operations, CIO, DataCenter, DataManagement, CEO, management software, CFO, Email, Exchange, SAS 70, CSO

As you complete that CISSP or CISA designation and move up the corporate ladder, do you have the right skills to begin making the decisions as CSO or CIO? Even if you have a great understanding of IT operations(networking, disaster recovery, datacenter management), compliance(SAS70, Webtrust, Systrust, SOX), and leadership(Project management, financial budgeting and administration), if you don’t communicate effectively you will not make the list. IT leaders can write, speak until they are red in the face; however, if they are unable to speak general business language, the business audience will not support their IT objectives or provide funding. Some of the more important skills to have as CSO or CIO are:

• Communicate effectively
• Lead during a disaster
• Provide an IT strategy

 What are the important skills that a CSO or CIO must have to be a success? As a team leader? To build Board support? To be an effective information technology project manager/business leader? To build another Google, Microsoft Windows, or Email Exchange?

SAS70ExPERT@gmail.com

 

Jun 19 2008   2:28PM GMT

Which search engine owns you? Identity management is owned by whom? – SAS70

Posted by: sas70expert
Third-party services, Active Directory, Security, Microsoft Windows, Identity & Access Management, Compliance, Auditing, Access, Access control, CIO, DataCenter, DataManagement, Single sign-on, Exchange, SAS 70, CSO

 Is it Yahoo? Or Google? Or? Shouldn’t it be the individual consumer? Every time you register on a website to download a movie or order a box of nuts, that information is being recorded. Some websites don’t keep this information confidential; it becomes entrenched in the search engine optimization techniques used by search engines and your name, address, and phone number may be appearing in random searches by someone in the Antarctic.

 

Without additional privacy legislation and SAS70 audits, your personal information may not be so personal anymore. Currently, if your personal information is leaked to the public, Companies only have to inform you of the data breach, and get you a credit monitoring service. Does this  seem fair? Should you have a single signon that is secure and corruption is preventable?

 

 

 

Jun 17 2008   11:45AM GMT

Networks, laptops and virus in your Starbucks? How much do you want in your coffee? – SAS70

Posted by: sas70expert
Networking, Security, Microsoft Windows, routers, Compliance, Viruses, Auditing, Blackberry, Mobile, DataCenter, router configuration, SAS 70

Wi-fi networks are everywhere…..to keep employees thinking, moving and socializing. Can we just drink coffee at Starbucks? UNTHINKABLE!! As more and more of these networks become prevalent and we become connected to one big network that never ends, what is going to happen if that unthinkable malware or virus infects your network? Will it start on your pda/phone, or on your laptop at 8:05am and then spread to your home computer at 8:07 and then off to your corporate network at 8:15am. Researchers at Indiana University  are predicting that unsecured wireless networks could launch a potential network attack that spreads like wildfire to personal, home, and business networks. How can you combat such an attack? 

First, those wi-fi networks need monitoring and standards – a SAS70 audit to review network controls. Included in a SAS70 audit is a review of your router controls to make sure that you have some insurance in place to prevent network downtime.

 When the routers are taken out of the box and set on the shelf and plugged in, that is not the only installation required. Administrative passwords and SSID’s need to be strengthen and hardened so that Mr Hacker is not able to stop your credit card from being accepted. Use administrative passwords that are not common, require numbers and letters, and are not your mothers name. The same requirements should be used for SSID’s.In addition, turn on encryption, preferably WPA – which is considered almost impossible to crack. What controls/insurance do you have in place?

SAS70ExPERT@gmail.com

 

 

Jun 16 2008   4:46AM GMT

CIO, CEO, CFO’s role in future Information Technology(IT) - SAS70

Posted by: sas70expert
Disaster Recovery, Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

When I was with the big four, we couldn’t just be auditors, we were risk management consultants. Today, it seems that IT job titles and roles are in a similar transition.As a consultant/auditor, I am always discussing with the client the value that I bring to their organization as an experienced SAS70 auditor. Because of my expertise my audit will be much more in-depth, more efficient and effective with their time, resources, and revenue.

According to Computerworld, the below job titles are examples of the kinds you’ll see cropping up in IT in the not-too-distant future. IT job titles with any hint of computers, databases, software development languages or data network will disappear.

· Product Architect

· Chief Delivery Officer

· Chief Process Officer

Why? It’s a direct result of IT becoming integrated into the business strategy and being considered a partner in the business instead of a service provider who has no effect on revenue.

Xcel Energy, a $10 billion electric power and natural gas utility in Minneapolis, is changing the way it looks at IT. The company expects its data managers to be able to look at data and figure out answers to questions, such as where money is being lost. In other words, the company wants someone to put data in a business context.

The outsourcing of ping, power, and pipe is common to third party vendors. Even management of the application is increasing outsourced; however, companies still need IT to manage the flow of data in/out of the application, the relationship with the outsourced vendor, and assist in performing data analysis.

The focus more on life-cycle management, vendor management and data analysis has raised the expertise requirements of IT functions and is requiring more business management decisions to be made by IT. Moving IT management away from technology management doesn’t take them out of the picture, it will make them more critical to the survival of the business and elevate their ability to make a difference within their companies strategic direction.

How do you think your role is changing? Are you being elevated? Or just asked to do more with less?

SAS70ExPERT@gmail. com

Jun 14 2008   6:39AM GMT

CIO - Are you sitting on your DataCenter assets or using them?

Posted by: sas70expert
Networking, Storage, Security, Microsoft Windows, Career development, Compliance, business/IT alignment, Auditing, CIO, DataCenter, DataManagement, CEO, CFO, Email, Exchange, SAS 70, budget, bugeting, CSO

Are you sitting on your DataCenter assets or using them? CIO/SAS70

 

As the economy continues to be unsteady, what are your priorities as CIO? As CEO’s continue to be fired, CIO’s should use the uncertainty to prioritize there IT efforts, strengthen their information security within their DataCenters, and improve communication to the business of IT efforts.

 

IT project funds are shrinking. Are you concentrating in the area that will return results to the bottom line of the business and keep your paycheck coming? Re-evaluate your priorities now – concentrate on those projects that will improve revenue; that will make you a superstar in the eyes of your management, and will solidify your job.

 

Prioritize and communicate to get the most value from all the hard work that you do. According to survey results, only 10% of CIO’s say that they did an excellent job of communicating the value of their IT assets to their bosses. If you performed a SAS70 audit, not only tell your customers, but make your internal management aware of it, as it should strengthen your network security internal controls. CIO’s should form an alliance with CFO’s to communicate the business value of the core IT assets and the projects completed within the year. Make efforts to let the Board, Management and other stakeholders aware of your hardwork and that are critical to survival of the business and quantity the net return that these IT projects bring to the organization. Scorecards work best to quickly identify areas of accomplishments, areas in process, and future plans. I use a similar technique to communicate to the audited the SAS70 audit process, results, issues and deadlines. What other methods do you use? Do you plan on cutting or adding to your IT budget for 2008 an 2009?

 

TAGs: DataCenter, Budgeting, Business/IT alignment, Career development, CIO,