|
Risk
analysis is inextricably linked with
disaster recovery. assessment of the
risks which may lead to disaster is
essential in the determination of
what controls are appropriate to the
situation. Again, however, risk
analysis is often made more
difficult than necessary.
The
Threat & Vulnerability Assessment
Tool Kit
and tool was designed to simplify
matters, and to make risk analysis
more widely accessible through
automation. It is now probably the
most widely used product and method
in the world
|
|
|
07/26/2010 Government employees continue to breach privacy of individuals -
According to Gazette.net, a Maryland Department of Human Resources employee
has been fired for posting about 3,000 names, Social Security numbers and other
personal information on his personal website.
The information, which belonged to department clients who use food stamps,
housing programs and other social services provided by the state, had been
posted on the employee's website since April 27. The site has since been removed
and there is no indication that the information has been misused.
The Baltimore Sun reports that a DHR spokeswoman, says it is unclear why
he used the data in an unauthorized way.
The incident is still under investigation and no decision has been made yet
about whether criminal charges will be filed.
more info
07/24/2010 Record Management Needs to Include Email -
As the importance of IT, the Internet, SmartPhones, and email has grown, its
legal status has changed with far-reaching consequences. A variety of laws and
regulations have been extended to cover all business
records, including email and all communications in both public and private
sectors. Sarbanes-Oxley (SOX) and other mandates requirements touch almost every
facet of paper and electronic data.
Among other provisions, SOX requires companies to maintain all audit or
review work papers for at least five years. For registered public accounting
firms, the period is at least seven years. Penalties for noncompliance include
severe fines and even imprisonment, and intentionally altering or destroying
records can bring even more serious consequences.
Consider that most work papers and records are created as emails and may
never exist in physical form. An email can be deleted in violation of SOX at the
click of a mouse. Key considerations for ensuring your company meets SOX
record-keeping requirements include:
- Can employees reliably distinguish ordinary emails from protected business
records?
- Are you be certain that employees are storing the protected emails
for the required time period?
- Is there a process in place for storing physical copies of every protected
business records and emails?
- Are you certain that no one is hacking into your email system and
maliciously changing records?
more info
07/13/2010 Wi-Fi needs to be secure -
 You can secure your wireless network in
little time with these 5 simple rules:
- Secure your access point administration interface: The default passwords
of most standard devices are already known to most hackers. So, when you set
up your router through the web interface, change the default password and
write it down somewhere safe.
- Stop broadcasting your SSID: Your wireless router continuously transmits
your SSID (Service Set Identifier). While this is useful in an office where
many people are going to connect to your network, at home this is certainly
not needed. Turn SSID transmission off as soon as you can. Wireless LAN
"sniffers" will still be able to detect your network, but other than that,
your network will mostly be shrouded from outsiders.
- Use MAC address filtering: Turn on MAC address filtering on your wireless
router configuration utility. By doing so, you can add the MAC addresses of
all of your networking devices to the address pool of the router. This way, no
one outside your home network will be able to access your network.
- Reduce the power of transmission: Reduce the power of your wireless
transmitter to such a degree that the signal does not reach outside your
faciltiy or home. This will keep most outsiders at bay.
- Disable remote administration tool: Your remote administration utility is
seldom used. So, keeping it on exposes your network to outsiders. Turn it off
for enhance your network security.
more info
06/22/2010 Feds to spend billion on cybersecurity research -
As the Obama administration and Congress propose various measures to improve
the nations cybersecurity, the Office of the Director of National Intelligence
is planning to spend "multiple billions of dollars" on cybersecurity
research.
The deputy director of national intelligence for acquisition and
technology, said at a recent cybersecurity summit sponsored by
Defense Daily that her office, together with the White House Office of Science
and Technology, will be sponsoring "innovative" research addressing three areas,
the Washington Post reported:
- Multiple security levels
for government and non-government organizations.
- Security systems that change constantly to create moving targets for
hackers.
- Methods to motivate individuals to improve their cybersecurity
practices.
more info
06/18/2010 Disaster Recovery / Business Continuity is Not the Place to Cut Costs -
In today's
business environment, many enterprises are looking for way to reduce their expenses by cutting
overhead. Often this takes the form of reducing headcount, particularly in areas
that are regarded as ancillary or non-core components of the
enterprise.
Disaster Recovery and
Business Continuity often are placed in that category and, as a result, can
be an early casualty of many cost-cutting programs. Whether it is an internal Disaster Recovery and
Business Continuity team losing
staff members, or a part-time Disaster Recovery and
Business Continuity manager with less time to spare from the day job,
Disaster Recovery and Business Continuity programs can be neglected and will
quickly become out of date and ineffective, particularly in a rapidly changing
organization. As anyone who has ever had to manage a Disaster Recovery and
Business Continuity event knows, there are few things more useless than an out
of date Disaster
Recovery and Business Continuity plan.
Of course,
it is hard to make a case for Disaster Recovery and
Business Continuity at a time when core functions are under pressure, but
maybe that is just when it should be on the radar even more than usual. With
share prices shaky and credit hard to find, the last thing any organization
needs right now is the damage to its reputation and credibility that could arise
from failing to effectively manage a high profile disruptive
incident.
Arguably,
during a recession companies are at their most vulnerable, which makes it the
worst time to neglect anything, which contributes to resilience or reduces risk.
However, if an organization is under financial pressure, how can it square the
circle and achieve those reductions in overhead costs while still maintaining
the effectiveness of its Disaster Recovery and
Business Continuity program.
more info
|
