http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Tue, 05 Aug 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10984.html What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried IT security professionals on the topic, intriguing insight into the effectiveness of security management came to light. This CXO Media whitepaper presents these findings and reviews the delivery of effective security management using the latest technology and automation tools. http://www.compliancehome.com/whitepapers/SOX/abstract10984.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10980.html With the decrease in the total number of viruses, some have theorized that the need for virus protection is becoming less and less necessary. Protecting systems such as servers and workstations is nothing new. In fact, using anti-virus software was the first method enlisted to stop malicious code from infecting and propagating between these systems. However, the sophistication of viruses and malware in recent years has dramatically changed the playing field. The purpose of this paper is to help individuals understand the scope of the problem, and provide specific strategies available to combat this continually changing threat. http://www.compliancehome.com/whitepapers/SOX/abstract10980.html Fri, 01 Aug 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10979.html This white paper contains case studies of companies rededicating themselves to securing customer relationships, including: Charles Schwab -- Headquartered in San Francisco, California, this financial services firm upholds its customer commitment by making security and privacy a cornerstone of its business philosophy. Its latest investment: a new class of authentication, the Extended Validation SSL certificate, which allows online customers to see, at a glance, if the site they are visiting is one they consider trustworthy - or a fraud. http://www.compliancehome.com/whitepapers/SOX/abstract10979.html Mon, 28 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10977.html The Federal Information Security Management Act (FISMA) was created in response to increased awareness at the federal government of risks of cyber-terrorism, and of cyber-security in general. Following in the wake of private sector corporate scandals, FISMA emerged from a similar principle that led to Sarbanes-Oxley Act (SOX) of 2002, unambiguous personal acceptance of risk by a senior management official. In recent years, FISMA has played a crucial role in driving federal agencies to improve their overall security posture, providing a framework and guidance for such efforts. Therefore, compliance with FISMA is critical to keeping agency officials out of legal trouble. http://www.compliancehome.com/whitepapers/SOX/abstract10977.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10976.html Knowing whether your file transfer process complies with regulations and standards can be difficult. Many regulations are based on objectives that must be understood and interpreted before you can design a secure file transfer solution to meet them. The white paper, Automated File Transfer: 10 Steps to Security and Compliance, helps IT and security professionals successfully implement and manage file transfer processes that meet both compliance and security mandates. First, 10 practical steps to secure and automate your file transfers are detailed. Then, the paper outlines how the 10 steps meet the relevant sections of SOX, HIPAA, and PCI DSS mandates. http://www.compliancehome.com/whitepapers/SOX/abstract10976.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10975.html Enterprises around the globe are confronting the reality that regulatory compliance is now a factor of everyday business life. Escalating security and privacy concerns are having a worldwide impact. There are literally dozens of government and industry laws pertaining to security and privacy, forcing companies to adhere to a complex and often overlapping series of controls that impact almost every part of the organization. To ensure adequate controls, organizations must be able to answer the following questions: Am I adequately safeguarding information assets and sensitive data? Can I detect and prevent fraud, misuse, or unauthorized access? Can I safely attest to the adequacy of internal controls? Can I meet and prove compliance? http://www.compliancehome.com/whitepapers/SOX/abstract10975.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10974.html Before embarking on a role management project, take time to consider your business objectives and project scope. The road to role management is littered with stalled or failed projects. Learn to recognize common pitfalls and how best practices can pave the way to solving real business problems http://www.compliancehome.com/whitepapers/SOX/abstract10974.html Thu, 24 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10973.html As you consider the technologies required to meet your IT governance, risk management, and compliance (GRC) requirements, its important to remember that role management is not an end goal in itself, but rather a means to an end. By providing valuable business context and facilitating collaboration between business and technology groups, roles can help your organization move in the direction of stronger accountability, policy alignment, and transparency. However, in and of itself, a role management project will not help you address IT security risk. To effectively manage user access across complex IT environments, role management must work hand-in-glove with automated workflow, policy enforcement, analytics and reporting, and risk management capabilities. This holistic approach helps organizations automate compliance processes, detect and prevent policy violations, remediate and mitigate control weaknesses, and provide auditable evidence of compliance. Think of role management as one http://www.compliancehome.com/whitepapers/SOX/abstract10973.html Thu, 17 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10969.html Its not difficult to understand that a reasonable amount of identity risk is appropriate and necessary in every business, regardless of how many users or sensitive information systems comprise an organization. They key is how well companies manage these risks by implementing strong and consistent controls over who has access to critical applications and data and what they do with it. Savvy companies will seek a cross-disciplinary management approach that involves business, IT and audit groups in the definition of common goals and compliance metrics, leveraging risk-based analytics and a centralized view of identity data to proactively prevent, detect and correct identity risks. http://www.compliancehome.com/whitepapers/SOX/abstract10969.html Mon, 14 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10967.html The volume and sophistication of attacks that threaten business email networks and systems are growing at exponential rates. This growth curve poses significant problems for IT and security groups trying to manage these threats. In this white paper, youll learn about: The current types of email threats Why the exponential growth in email volume poses significant challenges for the corporate network infrastructure How adding a messaging security layer at the network edge addresses these challenges, and significantly scales and strengthens an overall messaging security solution. http://www.compliancehome.com/whitepapers/SOX/abstract10967.html Wed, 09 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10964.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/SOX/abstract10964.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10962.html Ironclad security has become the Holy Grail for companies looking to protect corporate and customer information at large in the modern enterprise. The move toward greater data distribution thanks to growing globalisation and worker mobility is taking this sensitive data well outside the corporate network and creating new vulnerabilities in the process. As corporate data becomes increasingly difficult to protect, security takes top priority for most IT organisations. However, deploying the latest firewall, antivirus or encryption tool cant ward off todays sophisticated intruders. Not just hackers, but organised crime, dishonest insiders and unfortunate mistakes are easily finding their way past these deterrents, especially when critical data lies outside of IT control. Whats more, keeping on top of the threat is stretching IT resources to their limits. Traditional security controls, which demand constant and immediate updates and attention, are just not enough. A new worm attack, http://www.compliancehome.com/whitepapers/SOX/abstract10962.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10961.html Mike Ferguson of Intelligent Business Strategies defines what data governance is and then looks at the requirements that need to be met for full data governance to be implemented. He also discusses how to systematically build re-usable data services to automate the tasks needed to formally govern data on an enterprisewide basis in order to accelerate the time to production and guarantee rock-solid data. http://www.compliancehome.com/whitepapers/SOX/abstract10961.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10960.html This paper provides forward looking thought leadership and recommendations on strategic, operational and tactical activities to help you properly align the people, processes and technology infrastructure to work in harmony and create a cost effective and continuous risk management culture throughout the enterprise. http://www.compliancehome.com/whitepapers/SOX/abstract10960.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10959.html There is much confusion in the marketplace over the definition of email storage management. Many vendors and customers are under the wrong impression that storage management and retention management are the same. This document explores the differences between the two terms in relation to regulations and compliance. http://www.compliancehome.com/whitepapers/SOX/abstract10959.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10958.html Today, the email archiving marketplace is in the throes of a convergence, but the original requirements are so different that legacy archiving solutions designed for one specific market need have not been able to seamlessly extend their primary functionality to cover the other areas. In addition to the change from archiving some to archiving all email, corporations now need additional features that werent part of original archiving requirements, such as audit trails, search and retrieval, pre- and post-review of emails, and extensive corporate retention and management policies. Worse yet, when archiving demands increase exponentially from archiving under 1,000 mailboxes to over 5,000 or 10,000, legacy archiving solutions simply cannot scale to handle those volumes for compliance, legal discovery, or mailbox management, let alone a combination of the three. ZL Technologies, Inc. conducted this survey to determine exactly what is causing the most headaches among corporations that de http://www.compliancehome.com/whitepapers/SOX/abstract10958.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10957.html Several data capture methods have been used to ingest email from mail servers, each with differing advantages and disadvantages. Some methods are useful in small environments but quickly become problematic when large email volumes are encountered. Others are useful only for specific mail servers. Leading email archival applications will utilize multiple methods to support different mail servers and leverage rich archival features for specific mail servers to full data capture and ensure scalability. This document describes the various methods used for data capture and the associated advantages and disadvantages. The methods include: Full MAPI Exchange Transaction Log SMTP Gateway Capture Pull Journaling Push Journaling http://www.compliancehome.com/whitepapers/SOX/abstract10957.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10956.html This document outlines the most commonly asked CCO questions and issues, and the responses to them, as compiled by ZL Technologies, after three years of feedback and insight in the email archival space. The data was collected from over 500 companies in regulated industries, including financial and healthcare. Additional information was also gleaned from compliance officers and SEC personnel at various compliance conferences. http://www.compliancehome.com/whitepapers/SOX/abstract10956.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10955.html Todays market is filled with a variety of email compliance, archival, storage management, knowledge management, and retention management solutions, some old, some new. All claim a wide range of functionality for email, instant messaging, Bloomberg, files, and other data. However, to be a successful enterprise email management solution in todays market, a solution must not only claim comprehensive capabilities but also deliver on several key criteria: Scalability, Flexibility, and Integration. This document provides a definition and overview of the first and most difficult of those three criteria, Scalability. http://www.compliancehome.com/whitepapers/SOX/abstract10955.html Mon, 07 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10949.html Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include: * Implementing more and appropriate IT controls * Reducing control objectives, making it easier to communicate, measure and report * stablishing higher standards for performance objectives * Encouraging a culture of operational excellence in IT * Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks * Allocating more spend to controls automation http://www.compliancehome.com/whitepapers/SOX/abstract10949.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10954.html Data breaches. You've gleaned all you can from the headlines; now you have access to information directly from the investigator's casebook. The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. What valuable insights can your organization earn from them? http://www.compliancehome.com/whitepapers/SOX/abstract10954.html Wed, 02 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10953.html To successfully sustain SOX compliance, organizations must implement best practices to ensure IT systems not only achieve a known and trusted state but they also maintain that state. Management must be more accountable and aware of the need for a continuous and proactive operational risk management environment that recognizes the links between its technology infrastructure, business processes, reputation, compliance, and internal controls. It is vital that Tripwire configuration audit and control solutions are used as an integral element of sustained compliance initiatives. http://www.compliancehome.com/whitepapers/SOX/abstract10953.html Tue, 01 Jul 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10952.html The ISO 27001 standard was published in October 2005 as a replacement to the BS7799-22 standard. It is primarily referred to as the Information Security Management System (IISMS) certification standard. Organizations that seek to implement an ISMS are examined against ISO 27001. The objective of this standard is to As with several global standards,the scope of this standard is far reaching, with several sets of control objectives and guidelines.Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance. ISO 27001 is recognized internationally as a structured methodology for information security.A widely-held opinion is that ISO 27001 is an umbrella over other standards (such as PCI, SOX, GLBA, HIPAA and COBIT). Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security,as there are 11 major contro http://www.compliancehome.com/whitepapers/SOX/abstract10952.html Mon, 30 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10951.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: *Avoid violations of government and industry regulations *Avoid the leakage of intellectual property *Drive down the cost of compliance through integration, consolidation, and automation http://www.compliancehome.com/whitepapers/SOX/abstract10951.html Thu, 26 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10947.html The General Services Administration (GSA) has awarded a supply contract to Industrial Safety Solutions for their SafetyPro line of industrial labeling equipment and supplies. This new federal contract will give government and military agencies better access to compliance and safety labeling, which have been proven to reduce accident injuries in the workplace. Safety labeling is required by regulatory agencies such as OSHA, and is viewed as a top priority in mitigating occupational hazards. It is estimated that as many as 70% of all worksites, including government operated worksites, have insufficient or outdated visual hazard identification. http://www.compliancehome.com/whitepapers/SOX/abstract10947.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10946.html Alfred Sloan, the legendary former CEO of General Motors, popularized financial controls for corporate governance, but financial controls have never before received as much widespread attention as they do today. Thanks to the Sarbanes-Oxley Act of 2002, enterprises must devote significant resources to applying Sloans basic principles in todays e-business world. As businesses seek to implement, document, monitor, and report on the effectiveness of their financial controls for Sarbanes-Oxley compliance, they are also readdressing issues that first rose with Sloans model for financial controls how should businesses balance the tradeoffs between stringent controls, operational efficiency, and acceptable business risk? http://www.compliancehome.com/whitepapers/SOX/abstract10946.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10944.html How concerned are companies about the content of email leaving their organizations? And how do companies manage the legal and financial risks associated with outbound email? To find out, Proofpoint and Forrester Consulting (a division of leading analyst firm Forrester) conducted an online survey of technology decision makers at 424 large companies - in the US, UK, Germany, France and Australia - during March 2008. This report summarizes the findings of Proofpoint's fifth-annual email security and data loss prevention study, including surprising statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, social networking sites, mobile Internet-connected devices and other electronic communications streams. http://www.compliancehome.com/whitepapers/SOX/abstract10944.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10943.html This paper describes how businesses can use F5 Networks BIG IP Global Traffic Manager to leverage all the benefits of their secondary site in an active active configuration to holistically manage their applications across multiple sites.This paper also describes how you can use BIG IP Link Controller to maintain ISP link connectivity and WANJet to accelerate site to site data a replication across the WAN. http://www.compliancehome.com/whitepapers/SOX/abstract10943.html Mon, 23 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10942.html This paper addresses the increased performance needs of a disaster recovery plan, and the common barriers to achieving success. It also addresses the performance gains that can be achieved by combining a F5 WANJet application acceleration solution with Double-Take replication solutions from Double-Take Software. http://www.compliancehome.com/whitepapers/SOX/abstract10942.html Wed, 18 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10940.html Electronic messaging applications are mission-critical for most enterprises, yet securing them from threats and managing them to meet regulatory and compliance requirements have never been more challenging.Microsoft Exchange Hosted Services offers enterprise-class, affordable services that can protect the messaging infrastructure,simplify email management, and reduce risk. http://www.compliancehome.com/whitepapers/SOX/abstract10940.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10939.html In Europe,the level of awareness of I threats is generally very good.Most organisations know how to deal with viruses,spam,key-logging and other Internet threats.IDC believes that the vast majority of organisations are using,at the very least,antivirus or an antispam tools plus additional security features such as VPNs for remote connection backup and recovery for business continuity.However,this provides just basic protection and covers just half the danger. Threats today are agile,silent and very efficient,especially if organisations do not fully understand where the real threat lies.A single question that can help present the current situation is why have there been so few reports of widespread viruses over the past 12 months? Antivirus systems are certainly now quite effective,and the responsiveness and agility of detection systems reacting to large waves of self-reproductive viruses also improved. Furthermore,with the exception of poor security tools management,such as out of date http://www.compliancehome.com/whitepapers/SOX/abstract10939.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10938.html One of the biggest challenges in managing financial service organizations is the complexity of controlling user access to information resources. Some of these organizations have attempted to implement roles-based systems to address these challenges, but real-world experience have shown that unless roles fit into a context that ties together existing entitlements, company policies, regulatory requirements, and current business process realities, they simply don't work. Without this context, the result is a system that can't meet the demands of federal regulations such as the Sarbanes-Oxley Act (SOX) and Gramm-Leach-Bliley (GLB) Act in the U.S. or satisfy global measures such as Basel II/Solvency II capital-adequacy requirements and privacy regulations such as PCI, PIPEDA, CA SB 1386 and EU Data Directive. This paper describes a new roles-based model of access governance that overcomes the challenges ompanies have faced in the past and enables financial organizations to: *Deploy a policy http://www.compliancehome.com/whitepapers/SOX/abstract10938.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10937.html Understanding the trends and patterns of the past is the key to understanding the future, and security is no exception. The following security threat trends for 2008 have been assembled as a result of their frequency during security audits performed last year. These common and fundamental security issues typically arise from the same categorical underlying cause. Most organizations have had enough compliance audits and posses enough intuition of best practices to understand that security controls are necessary to mitigate risk. However, there continues to be significant discrepancy between what management believes the controls are doing and what the controls are -- in fact -- actually doing from a security standpoint. In short, controls have been deployed, but are not configured adequately, and just the mere existence of a control does not imply that the control is functioning adequately. Extremely subtle configuration problems can create critical risk on your network. The commonly hel http://www.compliancehome.com/whitepapers/SOX/abstract10937.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10935.html This paper discusses SAS70 audits and ISO certifications. To strengthen network security within your company, consider implementing combined standards of COBIT and ISO. http://www.compliancehome.com/whitepapers/SOX/abstract10935.html Mon, 16 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10934.html As the economy weakens, Internal Audit Directors, Audit Committee Members, Corporate Executives and General Counsel need to identify and address additional risks. Specifically, as basic necessities such as gas and food become increasingly more expensive, there is additional pressure on employees to misappropriate company assets and cash. If an employee is faced with a possible home foreclosure, corporate ethics and employee loyalty may become very unimportant. The bottom-line is that when food and shelter are threatened, employees may not have to mentally leap very far to rationalize taking company assets and cash. Sarbanes-Oxley (SOX) compliant organizations might be tempted to believe that their compliance efforts will adequately protect them from the increased risks presented by the current economic environment. While Sarbanes-Oxley has helped organizations reduce occupational fraud some, this white paper will demonstrate that there are still great opportunities for improvement. In http://www.compliancehome.com/whitepapers/SOX/abstract10934.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10933.html With Web 2.0 threats rendering today's most popular firewall technology basically obsolete, firewalls need to step up and tackle their task to protect public-facing assets like web applications. No longer are Web sites attacked only for the purposes of defacing the site to gain credibility among hacking peers, today it's about the money to be made for the bad guys in the distribution of malware and spam, and firewalls must be up to the challenge. Regulations like PCI DSS, the OWASP list of web application vulnerabilities and a recent study by Google confirms the need for web application security. http://www.compliancehome.com/whitepapers/SOX/abstract10933.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10932.html Junk postal mail is a nuisance for those who receive it, but it is limited by two important economic factors: a) junk mail costs something to produce and, as a result, b) senders of junk mail must achieve acceptable content-to-customer conversion rates in order to make the sending of their information economically worthwhile. The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. In fact, spammers can also The electronic equivalent of junk postal mail spam however, operates under no such economic constraints. Hundreds of millions of spam messages can be sent for a minimum investment and conversion rates can be extraordinarily low for spammers to turn a sizable profit. http://www.compliancehome.com/whitepapers/SOX/abstract10932.html Wed, 11 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10931.html This white paper explains what makes spam such an unbearable problem and how spamming tactics are evolving daily to beat anti-spam software. In the space of two months, spammers have switched from image spam to using PDF, Excel and ZIP file attachments. By using these attachments to send images instead of embedding them in the body of the email message, spammers have taken the cat-and-mouse game with anti-spam software developers to a new level. http://www.compliancehome.com/whitepapers/SOX/abstract10931.html Mon, 09 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10928.html During the 80s, war dialing and phone phreaking were the attacks that garnered all the headlines. In the 90s it was all about web defacement and the ubiquitous email virus. The last seven years have given rise to identity data theft and privacy concerns. For the past twenty years, organizations have focused on protecting the network; but in the last ten years it has become clear that the core threat is not, nor really ever was, access to the network. The network is just a means to an end. The threat has always been access to the enterprises crown jewels: private data and the applications/ business functions that interact with that data. This is the Achilles heel of the enterprise today. http://www.compliancehome.com/whitepapers/SOX/abstract10928.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10925.html Researchers with the Ponemon Institute found hat 595 of 00 85%)) IT executives and security officers indicated their businesses have experienced at least one known occurrence of a data security breach.Moreover,experts estimate between 70%and 80%of data security breaches are due to internal access to sensitive information. These alarming statistics illustrate that efforts to safeguard data must move beyond network security and data masking or encryption which can be circumvented by clever perpetrators on the inside. In fact, the number of data privacy and security breaches continues to be on the rise, despite growing regulations and software solutio ons that aim to prevent the average user from being able to view sensitive data. http://www.compliancehome.com/whitepapers/SOX/abstract10925.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10924.html The Sarbanes-Oxley Act represents one of the most far-reaching changes in U.S. securities law since the Great Depression. Its implementation and enforcement take place in a technological environment that has changed in ways unimaginable even a few decades ago. Enterprise Resource Planning (ERP) systems, and enterprise application systems in general, have automated manual processes spanning individual departments, locations even whole companies. And while the automation of these systems has increased employee productivity and enabled far-reaching strategic initiatives, the process has resulted in intricate systems that can be difficult to control, monitor and audit. http://www.compliancehome.com/whitepapers/SOX/abstract10924.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10923.html Scene: late 2004. Situation: dire. As part of its preparation for Sarbanes-Oxley Act (SOX) compliance, a large multi-billion dollar high-tech company faced likely citation by its external auditor for having significant material weaknesses in internal controls. The biggest area of exposure was the segregation of duties (SoD) in application roles and user access in and across more than 60 different systems in varying technical environments. The CFO, not willing to risk the companys financial reputation, internally estimated more than $100M in potentially lost market capitalization. The CFO mandated that all SoD violations be fully addressed in a little more than six months so that external auditors could start their testing efforts for 2005. http://www.compliancehome.com/whitepapers/SOX/abstract10923.html Thu, 05 Jun 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10922.html Many production plants are linked to the Internet and utilize standard software, which makes them a potential target for hackers. Siemens is making these systems more secure.Security experts at Siemens Corporate Technology use a model production facility to demonstrate how easy it is to compromise the security of some systems. http://www.compliancehome.com/whitepapers/SOX/abstract10922.html Thu, 29 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10920.html The business risks associated with providing users access to information resources include a broad array of potentially damaging events that are caused or made possible by inadequate governance. Such events range from relatively minor policy and compliance violations to disastrous business losses. The demands of regulatory compliance are among the factors driving corporate IT and security managers to improve their access governance processes, but the issues are broader and deeper than the scope of any regulation. http://www.compliancehome.com/whitepapers/SOX/abstract10920.html Thu, 29 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10919.html The increased demands of regulatory compliance are causing corporate business and IT security managers to review their access governance policies and procedures with an eye toward improving the efficiency and reliability of their systems,while reducing the complexity and cost associated with demonstrating compliance.Within many organizations,however,access governance is not viewed as a strategic issue and regulatory compliance is simply regarded as a sunk cost.This narrow perspective can obscure the true value of investing in technologies that strengthen,automate,and streamline access governance,enabling it to be sustainable. http://www.compliancehome.com/whitepapers/SOX/abstract10919.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10917.html Small and medium-sized enterprises can protect websites against application vulnerabilities with simple, easy-to-use, and affordable service. Firewall, Intrusion prevention and Detection System (IDS/IPS) are not enough to protect your Website against todays application vulnerabilities. http://www.compliancehome.com/whitepapers/SOX/abstract10917.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10916.html Since firms are being held to a higher standard of high availability, the challenge for most is to design server and storage systems that are truly continuous and that guard against unplanned downtime. That means high availability, long associated with application/system uptime, is evolving to include the service of data availability. Aberdeen uses two key performance criteria to distinguish Best in Class (BIC) companies that leverage a high availability strategy: the overall ability to recover critical applications within a short window and year-over-year improvement in ability to recover data. http://www.compliancehome.com/whitepapers/SOX/abstract10916.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10915.html To gain some clarity on the data protection market, Aberdeen group has embarked on a survey of end users, in different job roles and across numerous industry sectors, to gain insight into customer's data protection strategies. About 100 customers were surveyed and the results revealed that disaster recovery, business continuance and traditional backup/restore and legal discovery mandates make up the three top drivers behind customers' data protection strategies, while a whopping of 72% of the respondents surveyed cited a http://www.compliancehome.com/whitepapers/SOX/abstract10915.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10914.html As virus writers create increasingly sophisticated malicious code and find ever more effective methods to propagate,enterprises find themselves scrambling to keep their networks,servers,and end-user computers safe from new threats. Traditional anti-virus applications work by searching the contents of files and looking for a recognized pattern of data (a signature )that is the virus program itself.However,virus writers have come up with various methods to escape detection by changing their programs,making it harder for virus scanners to recognize them as viruses.Today s viruses are either polymophic or metamorphic and can actually change themselves as they propagate. The increasing sophistication of malicious code is therefore making pattern recognition technologies less and less effective. http://www.compliancehome.com/whitepapers/SOX/abstract10914.html Wed, 28 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract10913.html Email has become the dominant form of business communication rivaling, if not exceeding,the importance of voice networks.Indeed,email has had such an extraordinary impact that,like the fax and ATM,it s hard to imagine life before its widespread adoption over the last decade.The very power of the medium has also attracted a disturbingly large and growing number of security threats spam,fraud,viruses,regulator y violations and intellectual property theft. The volume and sophistication of email security threats continues to grow at an unchecked pace.Most customers observe that as much as 90 percent of their incoming mail is invalid (spam,viruses,etc),and the total number of incoming messages is doubling ever y year,even if the number of employees stays constant.These email security threats are fueled by a powerful profit motive associated with spam,fraud and information theft.This creates resources that bring professional engineers into the business of developing new threats,fur ther http://www.compliancehome.com/whitepapers/SOX/abstract10913.html