Network monitoring

Sep 14 2008   11:17PM GMT

Encrypting for Security - SAS70

Posted by: sas70expert
Uncategorized, Networking, Network monitoring, Identity & Access Management, routers, Security Program Management, Encryption, Auditing, Development, Network

SAS 70 audits review the not only the security of your networks but of the data that is transported across your networks and on the security of your data that remains on your servers and laptops. Before choosing an encryption vendor, there are factors you consider:

• What administrative actions are required? Can keys be changed and modified by the user or does your network administrator have to take action? What if the key is compromised, can it be changed at will? If the key is changed, how do you remember it?
• What steps are taken to manage keys? Are keys kept in a secure database or are they managed individually? Independent solutions allow you more flexibility, but independent users may not always follow the company standards which may give hackers an opportunity.
• Are multiple keys supported and can you create a master? The more critical and sensitive the data, the tougher the key should be crack. 
• Is there PKI in corporation? Does the encryption product integrate with an existing PKI production ro des it require software in order to function? Any vendor solution should be able too.  Trackback URL

Jul 4 2008   12:30PM GMT

To IM or not to IM is the question? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Network security, Security, Network monitoring, Information risk management, Compliance, Auditing, Access, Network, CIO, DataCenter, CEO, CFO, SAS 70, Intrustion management

Yahoo Messenger, Googletalk, and AIM Messenger instant messaging services are frequently used by employees today for work and social networking. Less than 10% of companies today have policies and those that do have policies do not enforce them. Many SAS70 audits find installation of instant messaging software within corporate environments and that it may cause introduction of malicious coding or cause loss of sensitive data. Therefore, should IM security software be standard installation – whether in the form of email and internet security tools, appliances, or third-party hosted solutions. IM security software would protect against incoming Trojan horses/viruses and detect outgoing data loss by using content filtering; logging and archiving all IM messages, and ensure compliance with company policy. Are you using IM security software protection? If so, which one and is it on a third-party hosted platform? Have you found it to be effective?sas70expert@gmail.com

Jul 1 2008   5:45PM GMT

Do you need the Secret Service to guard your data? – SAS70

Posted by: sas70expert
Security management, Third-party services, Administration, Database issues, Disaster Recovery, Networking, Active Directory, Network security, Storage, Security, Network monitoring, Servers, Microsoft Windows, Information risk management, Management, Security Program Management, Risk management, human factors, Database, Database Management Systems, business/IT alignment, Access, Financials, Access control, Industry Solutions, Data center operations, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Single sign-on, FTP, CFO, cooling systems, Backup & recovery, Exchange, Backup, power systems, SAS 70, budget, bugeting, CSO

It’s election year and security to protect some of our most valuable assets is being discussed more frequently – including politicians and data privacy requirements (proposed Regulation S-P). Does that mean you should be considering the Secret Service to guard your data? I don’t think so; however, you should have a plan to manage risk of data loss. This plan should contain proactive thinking that promotes a culture of prevention. A SAS70 audit will assist you in determining your vulnerabilities and identifying weaknesses in information technology network; however, you must continually assess and evaluate scenarios, and stay informed of the latest and greatest networking threats. Communication and training are key to a data protection plan. What are some of the other characteristics?SAS70expert@gmail.com

 

Jun 30 2008   3:19AM GMT

DataCenters that go Green! – SAS70

Posted by: sas70expert
Third-party services, Networking, Network security, Network monitoring, Strategic Enterprise Management, Microsoft Windows, Management, Database Management Systems, Industry Solutions, Data center operations, Network Management Systems, Blackberry, Data center design, CIO, Mobile, DataCenter, DataManagement, CEO, CFO, storage arrays, cooling systems, Exchange, power systems, SAS 70, CSO, Rack systems

Can we believe all the hype? Is there a green revolution afoot? From cars to energy to datacenters, everyone is going green. Datacenters have become very complex, with so many interactions among processors, rack systems, power and cooling systems, storage arrays, networks, and communications channels - that they can be regarded as unique virtual environments that consume large amounts of energy. Our need to have access to the internet anywhere and everywhere, requires more capacity and increasing speeds of datacenter components. What steps are you taking to become Green?   

Jun 26 2008   4:30AM GMT

What’s your data loss prevention strategy? – SAS70

Posted by: sas70expert
Security management, Third-party services, Database issues, Networking, Network security, Firewalls, Incident response, Security, Network monitoring, Identity & Access Management, Information risk management, routers, Management, Security Program Management, Compliance, Viruses, Database, patching, Configuration, Database Management Systems, business/IT alignment, Auditing, Monitoring, Access, Access control, Network Management Systems, Data center design, Network, CIO, DataCenter, DataManagement, CEO, management software, Security tokens, Patch management, CFO, router configuration, SAS 70, CSO, Intrustion management, TrendMirco

Are you reviewing you firewall rules quarterly? Have you implemented an (IDS) intrusion detection system? Are your routers set up to prevent unauthorized intruders? Do you have the latest and greatest virus protection? Are you performing a SAS70 audit every six months? Database security breaches are increasing daily and costing tremendous amounts of dollars that should have been spent on IT projects. You should at least have an emergency plan in place when data loss occurs. Without an emergency plan in place, the breach could continue and the legal costs could continue to escalate.