http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Mon, 05 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10896.html Although roles-based access control (RBAC)has been the subject of much interest in the past,experience with it has been mostly disappointing.The challenge of discovering established roles,defining new roles according to business need,connecting roles properly to the IT infrastructure,ensuring that they meet all compliance requirements,and managing roles through their natural lifecycles has,until now, proved to be too complicated and cumbersome to be practical. However,a new roles-based model of access governance has evolved that overcomes these problems with an approach that provides a bottom-up perspective of roles (the reality of current user access) and connects it to a top-down business perspective (how a role works in conjunction with a business process.)As a result,roles can now be implemented in a manner that both simplifies access control and makes access governance,risk management,and compliance easier. http://www.compliancehome.com/whitepapers/FISMA/abstract10896.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10894.html Email and data security solutions are available in different deployment configurations, from hardware and virtual appliances to software. Another option, http://www.compliancehome.com/whitepapers/FISMA/abstract10894.html Fri, 02 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10892.html Read this white paper to learn about: *Insight on two-factor authentication credentials to help you decide on the best choice for your customer-base. *Fortune 500 companies are increasingly discovering that stronger authentication options can result in decreased fraud costs, improved customer loyalty, a competitive advantage, and ultimately, higher top-line revenue potentials. *VeriSign Identity Protection is a comprehensive suite of identity protection, authentication, and fraud detection services that enable financial institutions to offer a more secure online experience with minimal consumer disruption. http://www.compliancehome.com/whitepapers/FISMA/abstract10892.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10891.html email threats have expanded from nuisance spam to sophisticated blended attacks. IronPort anti-spam eliminates the broadest range of known and emerging threats. IronPort anti-spam combines best-of-breed conventional techniques with IronPort s breakthrough context-sensitive detection technology to revolution- ize the fight against email threats.Today s spam attacks have become too sophisticated for earlier-generation spam systems.These systems share a common weakness relying heavily on analyzing content that can easily be manipulated by spammers.state of the ar t anti-spam systems must go beyond content examination and analyze messages in the full context in which they are sent. as spam continues to evolve,near real-time rules will need to remain a critical par t of the anti-spam equation in order to successfully eliminate spam and blended threats.With spam on the rise,this type of multi-layer defense is critical to protecting networks worldwide. http://www.compliancehome.com/whitepapers/FISMA/abstract10891.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10890.html IronPort email security appliances are designed to protect networks from todays and tomorrows email threats.These appliances are built on IronPort s proprietary asyncos operating system.optimized for messaging, asyncos provides the foundation that allows a single IronPor t appliance to process mail more than ten times more efficiently than traditional UNIX-based systems.on top of this highly scalable platform,IronPort of fers a variety of security applications for spam and virus filtering,content scanning and policy enforcement.also contained are unique technologies developed by IronPort as well as tightly integrated filtering technology from best of breed partners. The modular design of the system allows these applications to be turned on or off to meet the specific needs of each customer. http://www.compliancehome.com/whitepapers/FISMA/abstract10890.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10889.html A survey of 185 IT professionals finds that, although computer and data security are high priorities, they are surprisingly unprepared to prevent data breaches and computer theft. One out of four organizations surveyed had a data breach in the past year. Preventative measures are found to be consistently undermined, with only 1 in 100 employees consistently following security policy. This white paper explores the survey findings. http://www.compliancehome.com/whitepapers/FISMA/abstract10889.html Thu, 01 May 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10888.html This IDC White Paper examines Novell's identity and security management (ISM) solutions and how these integrated offerings can play a key role in enforcing security compliance for enterprise organizations. When properly implemented and deployed, these solutions help companies to: Avoid violations of government and industry regulations Avoid the leakage of intellectual property Drive down the cost of compliance through integration, consolidation, and automation Strong security and governance programs should be symbiotic in nature. A total identity and access management (IAM)driven governance, risk, and compliance (GRC) solution should ensure foolproof and accurate measurements of policies and practices across the enterprise. This ideally includes creation and life-cycle support for policy and standards development, solid and integrated access and identity administration, security and vulnerability scanning, and audit and remediation capabilities. http://www.compliancehome.com/whitepapers/FISMA/abstract10888.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10884.html The recent news headlines related to subprime mortgage crisis, rogue traders, and corporate fraud have highlighted that despite investment in risk assessment and risk management disciplines, significant risk failures persist. While isolated incidents of one-time governance failures are bound to occur, long-term systemic failures are more than just an isolated anomaly. The failures may be the result of a clutter of risk information caused by many risk assessments from many perspectives. The process of organizing these risk assessments to provide organizations with a more holistic view of enterprise risk is fundamental to mastering risk assessments. This whitepaper explores approaches to risk assessment, offers some best practices for conducting risk assessments and provides practical guidance on mastering this business process. http://www.compliancehome.com/whitepapers/FISMA/abstract10884.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10882.html Computers and electronics run our infrastructure and our world. Electronic signals support generation, transmission, and distribution of power that keeps our lights on and the water coming out of our taps. They also support the entire global industrial manufacturing infrastructure. They are so ubiquitous that at a recent industry conference, a top cyber agent at the FBI was quoted as saying, http://www.compliancehome.com/whitepapers/FISMA/abstract10882.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10880.html Driven by increasing regulatory scrutiny and the need to protect key corporate assets such as intellectual property, compliance and issues surrounding data leakage have risen to the top of the list of priorities for today s corporate executive.Federal US legislation such as HIPAA and GLBA,as well as state laws such as California s SB-1386,clearly define acceptable practices with regards to digital information security.In addition,corporate governance rules have mandated strict policies to deal with authorized and unauthorized access,and use of sensitive corporate information by employees,partners and auditors. http://www.compliancehome.com/whitepapers/FISMA/abstract10880.html Thu, 24 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10879.html BURNED BY ENRONESQUE ACCOUNTING scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a companys shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.But companies that scramble reactively to implement one-off responses to each new set of compliance regulations wont rebuild stakeholder trusttheyll just spend a lot of money on shortsighted solutions. Companies committed to gaining stakeholder trust, as well as better planning and decision making are, instead, taking an integrated approach to the related issues of governance, risk management, and compliance (GRC). The approachcomprises of people, processes http://www.compliancehome.com/whitepapers/FISMA/abstract10879.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10878.html This research benchmark provides insight and recommendations for all organizations that are compelled to manage, audit, and report on security-related systems and information for purposes of demonstrating compliance with industry regulations, government regulations, industry standards and best practices, or internal policies. By doing so on a more consistent and repeatable basis, Best-in-Class organizations have demonstrated their ability to lower operational costs, support higher scale, reduce security risks, and maintain consistent policies for security and compliance. http://www.compliancehome.com/whitepapers/FISMA/abstract10878.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10877.html One of the biggest challenges in continuity planning is identifying and protecting essential elements. An effective plan must be departmentally broad, and consider the needs of the entire enterprise. The goal is to understand what is critical, and to encompass all of the necessary parts (personnel, network, platforms, applications and data) when evaluating the components that support critical processes. Good business continuity planning (BCP) needs to take a broad view, embracing people, human behavior, customers and other factors that lie outside the data center. It is also important to secure the vision (and endorsement) of executive management. Planning for business continuity is similar to buying life insurance. http://www.compliancehome.com/whitepapers/FISMA/abstract10877.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10876.html The tragic events of September 11th and Hurricane Katrina have raised awareness of business continuity and disaster recovery at all businesses. These are extreme examples of threats against which businesses must be protected, and luckily, these events are rare and isolated. For most businesses the threats that must be protected against are far more mundane, though still devastating: power failures, water main breaks, storms and fires. For this reason, all businesses must make business continuity and disaster recovery (BC/DR) part of day-to-day business planning and operations. There are many facets to successful BC/DR and this issue paper focuses on the high-level issues that small and medium sized business must address when considering BC/DR: policy, a plan and regular audits. http://www.compliancehome.com/whitepapers/FISMA/abstract10876.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10875.html IT Risk encompassing Security,Availability,Performance,and Compliance elements has become a critical issue for executives and boards of directors.In this second volume of the IT Risk Management Report,Symantec extends its analysis of IT professionals insights into the nature of IT Risk and the most effective ways to manage it,with added focus on Availability and Performance Risk. http://www.compliancehome.com/whitepapers/FISMA/abstract10875.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10874.html Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include: * Implementing more and appropriate IT controls * Reducing control objectives, making it easier to communicate, measure and report * Establishing higher standards for performance objectives * Encouraging a culture of operational excellence in IT * Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks * Allocating more spend to controls automation http://www.compliancehome.com/whitepapers/FISMA/abstract10874.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10869.html Make sure you know how to use the right set of code analysis tools to mitigate risks posed by insecure enterprise applications. It has recently become clear that the core threat is to the network, but to the enterprises private data and the applications/business functions that interact with that data. But how does an organization choose the right set of application security tools to mitigate this risk? Equally important: how, when, and by whom are these tools used most effectively? This white paper examines the three most common tools used to combat critical security vulnerabilities, including an at-a-glance summary report card. http://www.compliancehome.com/whitepapers/FISMA/abstract10869.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10866.html In early November 2003, WorldPay, the Internet payments subsidiary of the Royal Bank of Scotland, was famously taken offline for three days by a distributed denial of service (DDoS) attack. In the attack build-up, thousands of PCs all over the world had unknowingly become hosts to malicious computer code known as a Trojan. This occurred by an innocent-looking, but unsolicited email attachment. Once opened, the Trojan quietly installed itself on the hard drive of the PC, established a channel of communication to its creator, and then waited for the command to attack. When the attack command came, from an attacker whose identity remains a mystery, the Trojan code sprang into life. Its first action was to hijack the Internet connection of its host. Then, each host was directed to make hundreds of requests from WorldPays servers, each request was issued with a different, bogus, source address. None of these transactions would ever complete. Every bogus request made meant a legitimate cl http://www.compliancehome.com/whitepapers/FISMA/abstract10866.html Wed, 23 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10860.html Enterprises that care about security have long been conducting vulnerability management activities to minimize the exposure to systems in the computing environment. The traditional annual audit of a sample of systems has given way to continuous scanning that detects the latest vulnerabilities. This is true due to the rise of Internet time along with increased business risk. In todays global environments, conducting scans can be difficult to say the least. An on-demand service gives the vulnerability management process global coverage, high accuracy, fast deployment, and low overhead. This white paper discusses the challenges of security in todays business world and provides insight into the value of an on-demand Web-based service for vulnerability assessment. It closes with summary information and feedback regarding the QualysGuard service, as compiled from Qualys customers. http://www.compliancehome.com/whitepapers/FISMA/abstract10860.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10858.html Every business depends on email and the Internet. But reading the press, it's tempting to believe that the risks sometimes outweigh the benefits. Viruses, phishing, spyware, spam, trojans, worms, pornography, hate mail and the like are presented, particularly by the press, as some sort of remorseless digital plague sent down from on high to damage businesses everywhere. While it's true that the scale and scope of the threat has increased dramatically in recent times, much more heat than light has been generated by the hype. This guide takes a common sense approach to the email security challenge, aiming to avoid hyperbole by highlighting the practical, common sense steps that can be taken to beat the hackers. It provides an overview of the most common threats as well as a discussion of how a layered approach to security is the best route to effective countermeasures. It examines the product and technology choices available to business - focusing on the benefits of software, managed ser http://www.compliancehome.com/whitepapers/FISMA/abstract10858.html Mon, 14 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10857.html At its core, disaster recovery is the foundation for building business resilience into your organization.While typically associated with natural disasters, pandemics or national emergencies, disaster recovery involves the ability to respond to and recover from virtually any disruptive event that may impact your workforce,business processes,or infrastructure. Disaster recovery is essential, not only to plan for the eventuality of a disaster, but also to ensure that your organization is in compliance with fast-changing regulatory requirements, and that you are prepared to meet the demands of a changing marketplace. http://www.compliancehome.com/whitepapers/FISMA/abstract10857.html Fri, 11 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10855.html Email is the lingua franca of business today. It is the conduit that allows employees to share information, com- panies to work with partners, and increasingly, provides a way for companies and their customers to interact. Enterprises today deal with an ever-increasing number of email-related threats. Most are familiar with the problems of virus-infected mail attachments and productivity-draining spam, but now companies must also address the threats posted by outbound mail. http://www.compliancehome.com/whitepapers/FISMA/abstract10855.html Wed, 09 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10852.html In September 2007, Research Concepts LLC asked 185 members of NetworkWorlds Technology Opinion Panel about the state of computer and data security in their organizations. The results revealed that, although computer and data security are high priorities for corporations, they are nevertheless unprepared to prevent data breaches and computer theft. Common approaches to computer security aimed at minimizing the possibility of data breach were consistently undermined by employees. Indeed, those surveyed reported that only one in 100 employees consistently follows corporate data and security policies. Only the introduction of end-point security the ability to force mobile computers to secure themselves offers end-users the freedom to embrace mobility and IT departments robust protection for sensitive information. http://www.compliancehome.com/whitepapers/FISMA/abstract10852.html Wed, 02 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10849.html Regulation is a fact of life for many,if not most,businesses today.Businesses,non-profits,and government agencies that handle sensitive data such as Social Security numbers,health care information,credit card or other financial transactions,as well as businesses subject to Sarbanes-Oxley must comply with applicable regulations and legislation. The risk of liability and litigation if regulations are not met is naturally on the minds of CFOs and CIOs.Horror stories appear nearly every week in the press about a company brought down or injured by non-compliance. IT infrastructure and IT systems are increasingly both a target of regulation and a means of ensuring compliance with the law.Given increasingly complex IT infrastructure to manage under a demanding regulatory environment,IT departments find it difficult to manage certain sensitive applications internally,as well as create cost-effective disaster recovery plans that do not create legal liabilities. http://www.compliancehome.com/whitepapers/FISMA/abstract10849.html Wed, 02 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10847.html Despite the hundreds of millions of dollars that organizations have invested in information security technology to secure their critical business-technology infrastructures, the bad news keeps breaking. In the past year, dozens of companies have had to inform their customers that the exposure of their personally-identifiable financial information had placed them at great risk of identity theft. The incidents range from fraudsters successfully establishing bogus access accounts to steal legitimate consumer information to hacked networks to lost backup tapes containing the financial information of millions of consumers. Its not just the widely-publicized cases that count. In the past several years the federal government has prosecuted individuals for criminally abusing their insider access. In February of 2005, federal prosecutors indicted an IT manager for gaining unauthorized access to his former employers network to read e-mail and causing damage to its systems. Federal prosecutors http://www.compliancehome.com/whitepapers/FISMA/abstract10847.html Wed, 02 Apr 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10845.html The importance of perimeter protection Internet-based threats re increasing in both frequency and impact across today s enterprises. Unsolicited e-mails are creating major problems for all companies, either in the form of security threats, consuming excessive network bandwidth and storage, or by reducing employee productivity by permitting large volumes of spam to reach users desktops. According to the Messaging Anti-Abuse Working Group (MM , 2-87% f all incoming email is currently categorized is spam or abusive email . http://www.compliancehome.com/whitepapers/FISMA/abstract10845.html Thu, 27 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10842.html More than 220 million private records have been breached in the last three years. With the average cost of a data-leak incident reaching $6.3 million in 2007, organizations of all sizes must act to protect sensitive data. One industry that is keenly aware of the importance of safeguarding personal information is the financial services industry. The databases of financial services companies hold a vast amount of sensitive financial information about their past, present and future customers. These organizations realize that the loss of customer data could be very costly in terms of tarnished brand image, regulatory fines, lawsuits, customer defection or lost opportunities. Status-quo security technologies, such as firewalls and anti-virus scanners, are designed to keep out attackers - not to protect sensitive information from leaving the organization. Therefore, new policies must be created and technologies deployed to protect sensitive data from either inadvertently or intentionally lea http://www.compliancehome.com/whitepapers/FISMA/abstract10842.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10840.html Todays workforce is rapidly becoming mobile. According to survey conducted by Simpson Carpenter in September 2005, employees spend an average,one third of their time out of the office,and almost half their time in the office away from their desks. And that trend is only rowing.DC projects that by 2009 there will be more than 78 million mobile workers worldwide. In order to stay ahead of the competition, organizations are faced with the challenge of meeting workforce demands to provide them with the functionality that will keep them thoroughly informed,responsive and constantly connected.And with more and more workers spending greater lengths of time away from their desks,businesses are increasingly looking at how to capitalize on the significant benefits of enterprise mobility.For example,a busy executive needs push email on their mobile device so they can respond to a time sensitive communication on the way to the airport.A sales representative needs real-time access to contacts and http://www.compliancehome.com/whitepapers/FISMA/abstract10840.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10839.html The increased demands of regulatory compliance are causing corporate business and IT security managers to review their access governance policies and procedures with an eye toward improving the efficiency and reliability of their systems,while reducing the complexity and cost associated with demonstrating compliance.Within many organizations,however,access governance is not viewed as a strategic issue and regulatory compliance is simply regarded as a sunk cost.This narrow perspective can obscure the true value of investing in technologies that strengthen,automate,and streamline access governance,enabling it to be sustainable. In fact,meeting compliance requirements and reducing costs are not the only compelling reasons for investing in better access governance.When IT security managers focus only on these issues, they may overlook access-related risk factors that can have a profound impact on their organizations including revenue loss,unexpected expenses,customer attrition,and damage t http://www.compliancehome.com/whitepapers/FISMA/abstract10839.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10837.html Spyware has rapidly become one of the most insidious and dangerous forms of malware. Its not just script kiddies any more. Organized crime is busy harnessing the power of exploitative code to extort and launder money, redirect funds, hold intellectual property up for ransom, and more. Theres a very good chance active spyware is on your PC right now because, quite simply, traditional approaches to malware protection dont work for spyware. FaceTime Communications believes that only by understanding the true extent of the threat and applying a comprehensive, intelligent set of defense mechanisms at the desktop and the perimeter, backed with user-driven research, can spyware be effectively defeated. This white paper takes a long, hard look at whats really happening in the spyware underworld, brings together expert opinions on the impact spyware can and does have on corporate networks, and shows how FaceTimes multi-layered Enterprise Spyware Prevention Suite delivers the only viable so http://www.compliancehome.com/whitepapers/FISMA/abstract10837.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10836.html During the next 3 years,the adoption of enterprise instant messaging (IM)will increase threefold. Already,businesses find that they must strike a balance between mitigating security risks and maintaining regulatory compliance while not adversely affecting the productivity of users or the financial benefits of the technology.To temper the myriad security risks posed by IM (e.g.,loss of confidential data,sending sensitive customer data over public IM networks,misusing company IT resources,exposure to malicious code and noncompliance with government regulations),businesses must invest in IM security and compliance solutions that can provide content filtering,access controls,encryption, auditing and archiving. http://www.compliancehome.com/whitepapers/FISMA/abstract10836.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10835.html Information security issues were present even in the days of stage-coach mail delivery, but they were relatively simple to resolve put an armed guard on top of the stage coach and make those horses run like lightening! Todays information sharing methods have evolved since the days of stage coach delivery with telegraph exchange, paper mail delivery, party-line and private-line telephone calls, and bulletin board messages, to innovative methods such as e-mail and more recently, instant messaging (IM) and peer-to-peer (P2P) file sharing. Over time, all of these methods advanced the speed and ease of information exchange, and created new challenges for securing, managing, and controlling the content and use of information. http://www.compliancehome.com/whitepapers/FISMA/abstract10835.html Wed, 26 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10834.html The newly adopted amendments to the Federal Rules of Civil Procedure (FRCP) will have a major impact on the way that organizations manage electronic data. These new eDiscovery rules have broadened the definition of electronically-stored information (ESI) to include chat and file transfers from applications such as Public instant messaging networks such as MSN, Yahoo, GoogleTalk and AOL Enterprise instant messaging networks such as Jabber, as well as the communications aspects of infrastructure products like Microsoft Live Communications Server (LCS) and IBM Lotus Sametime Professional community networks such as Bloomberg and Reuters Peer-to-peer networks including Skype Web conferencing chat threads such as those produced by Webex http://www.compliancehome.com/whitepapers/FISMA/abstract10834.html Mon, 24 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10833.html Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more than 74 percent of IT financial losses last year. Put away the super glue and let Novell ZENworks to assess, protect and enforce security on your desktops. http://www.compliancehome.com/whitepapers/FISMA/abstract10833.html Mon, 24 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10832.html This research benchmark provides insight and recommendations for all organizations that are compelled to manage, audit, and report on security-related systems and information for purposes of demonstrating compliance with industry regulations, government regulations, industry standards and best practices, or internal policies. By doing so on a more consistent and repeatable basis, Best-in-Class organizations have demonstrated their ability to lower operational costs, support higher scale, reduce security risks, and maintain consistent policies for security and compliance. http://www.compliancehome.com/whitepapers/FISMA/abstract10832.html Mon, 24 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10831.html Critical information exists at the core of every business activity and agency initiative around the world. Information security the assurance of system availability, data confidentiality and integrity is a primary concern for information security professionals and business managers alike. Security is at the top of the corporate agenda and at the heart of agency missions; it affects what these organizations value most: performance, accountability to stakeholders and the integrity of the corporate brand. The drive to be secure is a mandate for doing business today. Global corporations need to strike a balance between protecting information and enabling the organization to achieve its mission. The security strategy must limit risk without negatively impacting business effectiveness. This requires a deliberate and strategic security model developed in the context of business objectives. http://www.compliancehome.com/whitepapers/FISMA/abstract10831.html Mon, 24 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10830.html There has been a drastic shift in the importance of and interest in Information Security at the higher levels of organizations in recent years. Increasingly, organizations are finding that the amount of information needing protection is changing. Also, the increased regulatory climate has increased the risk that corporate officers have to accept. As a result, corporate officers are becoming insistent on being directly involved in the review and implementation of security within their organization. As budgets for security have increased, the need to measure and understand how much value those investments are creating for the enterprise is increasing across management ranks.Vendors report to Frost & Sullivan that executives want to ensure that their spending is having the required effect and that any additional cost savings or return on investment is valued highly in selecting a technology for acquisition. In a recent survey conducted by Frost & Sullivan, top IT decision makers at over 8 http://www.compliancehome.com/whitepapers/FISMA/abstract10830.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10828.html The Federal Desktop Core Configuration (FDCC): Background, Deployment, and Management. This whitepaper provides background, current status, and source data on the Federal Desktop Core Configuration (FDCC) that was mandated by the Office of Management and Budget (OMB) on March 22, 2007. Also included is the introduction of a software tool that enforces the FDCC on every PC automatically. All Federal Government agencies must ensure that their desktops and laptops comply with the FDCC immediately (effective February 1, 2008). As a result, there is a need for an efficient, cost-effective implementation process and for effective auditing tools. Without them, FDCC implementation will fail. This paper is written for IT staff tasked with implementing, managing or auditing the implementation of the FDCC. http://www.compliancehome.com/whitepapers/FISMA/abstract10828.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10827.html There are multiple types of threats facing a given organization. Hackers might attempt to access private information resources from inside or outside the organization, for example. Meanwhile, the public Internet carries viruses, spyware and other types of malware that get introduced to unsuspecting users during everyday communications activities, such as opening an email attachment or downloading a file. Left untreated, malware usually causes disruption or complete denial of service (DoS) to one or more networked application services. To launch such attacks, intruders can tamper with packets in various ways. http://www.compliancehome.com/whitepapers/FISMA/abstract10827.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10826.html The International Organization or standardization ISO 17799, derived from the British Standards Institute IS017799 standards, is an internationally recognized information security management standard first published n December 2000. This global, high level, conceptual standard covers wide-ranging aspects of information security, not just information systems security. It makes the important distinction that information itself is the asset to be protected.To successfully achieve information security according to the standard requires not only security technology, but also a combination of policies and procedures, ll f which are aimed at re-serving the confidentiality, integrity and availability of information assets. To consider security far outside the technology ealm s a key point, considering the results of one recent survey of CxO level managers. In this survey, conducted by KPMB LP, majority (559 percent) viewed security as surely a technology issue. In fact, is the ISO 17799 standa http://www.compliancehome.com/whitepapers/FISMA/abstract10826.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10825.html The Internet has become a competitive necessity, providing E-commerce access for customers and vendors, s well s remote employee/office connections. As a result, key corporate assets must now be exposed at some level to provide these services, opening them up to possible disclosure, alteration, or even destruction. Thanks to his exposure, increasing regulatory obligations and economic challenges, corporations now risk financial loss, loss of reputation,and potentially, loss of customers. Global 2000 enterprises and service providers are faced with the incredible challenge of protecting these valuable assets, knowing that a compromise anywhere in the enterprises worldwide network renders the corporation s entire internal network vulnerable. http://www.compliancehome.com/whitepapers/FISMA/abstract10825.html Wed, 19 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10824.html According to The Boston globe, the attack by worm targeting ell-known vulnerability in Microsoft SQL Servers had widespread ramifications, affecting information and transactions n the US espite he act that he attack appeared o originate in the Far-east. According o the same article in The Boston lobe, Bank of America s 13,000 TMs were unable to operate for a while, is a direct result of the worm. http://www.compliancehome.com/whitepapers/FISMA/abstract10824.html Mon, 17 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10820.html Small and midsize businesses have become increasingly reliant on IT. In this paper, we look at how SMBs often progress through the IT adoption cycle, and some of the operational and security challenges they face in aligning their IT strategy as their businesses grows. http://www.compliancehome.com/whitepapers/FISMA/abstract10820.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10818.html New technology to meet security, operations, and compliance needs. Security has evolved beyond merely encrypting http://www.compliancehome.com/whitepapers/FISMA/abstract10818.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10817.html Although roles-based access control (RBAC) has been the subject of much interest in the past, experience with it has been mostly disappointing. The challenge of discovering established roles, defining new roles according to business need, connecting roles properly to the IT infrastructure, ensuring that they meet all compliance requirements, and managing roles through their natural lifecycles has, until now, proved to be too complicated and cumbersome to be practical. However, a new roles-based model of access governance has evolved that overcomes these problems with an approach that provides a bottom-up perspective of roles (the reality of current user access) and connects it to a top-down business perspective (how a role works in conjunction with a business process.) As a result, roles can now be implemented in a manner that both simplifies access control and makes access governance, risk management, and compliance easier. http://www.compliancehome.com/whitepapers/FISMA/abstract10817.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10816.html The business risks associated with providing users access to information resources include a broad array of potentially damaging events that are caused or made possible by inadequate governance.Such events range from relatively minor policy and compliance violations to disastrous business losses.The demands of regulatory compliance are among the factors driving corporate IT and security managers to improve their access governance processes, but the issues are broader and deeper than the scope of any regulation. The stakes involved in access-related risk have risen dramatically in recent years as organizations have become thoroughly operationalized by technology.With nearly every facet of large enterprises operations now dependent on or supported by automated systems, risks related to unauthorized or inappropriate access can appear anywhere within an organization at any time and spread rapidly through the business. All it takes is a single person with the wrong access. The potential co http://www.compliancehome.com/whitepapers/FISMA/abstract10816.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10815.html Every organization has, or should have, a security policy for the protection of its workstations, applications, data, or information systems. This security policy can define minimum authentication levels based on the criticality of the resource used.For example, it is possible to imagine, like in any good spy movie, that a critical workstation is placed inside a protected room, access to which is subject to a secret code, a smart card, and biometric identification of the right eye. In this case, protection is at its maximum, since you need to provide something you know (the code), something you have (the card) and something that is part of you (the eye). http://www.compliancehome.com/whitepapers/FISMA/abstract10815.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10814.html Understand spam in its various forms, such as link spam, or PDF spam which accounts for approximately 20 percent of all spam today. Learn about key spam-related threats, such as botnets, phishing, spyware and more, and how these related threats are evolving into superthreats. Learn also about some of the spammers latest, most sophisticated attack patterns, like those demonstrated in infamous incidents such as SpamThru and Warezov. Youll understand how these threats are constantly evolving, and see why the MessageLabs managed security solution offers superior protection against emerging, evolving spam and spam-related threats. http://www.compliancehome.com/whitepapers/FISMA/abstract10814.html Mon, 10 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10813.html Internet communications have changed. The user-initiated traffic of real-time communications has created a complex environment dominated by highly evasive greynets such as IM, Skype, P2P and web conferencing. Employees introduce these consumer-grade applications into the corporate environment and they circumvent existing security infrastructure, making it difficult for IT administrators to gain visibility and control. In response, many large organizations are deploying unified communications platforms such as Microsoft Office Communications Server and IBM Lotus Sametime. However, use of consumer-grade applications continues. FaceTime research has found that three out of four employees in organizations where an enterprise IM platform has been deployed continue to use public IM systems such as AOL, Yahoo, and MSN. Real-time Internet applications pose myriad network and information security risks because they provide vectors for malware, client-side code vulnerabilities, intellectual prop http://www.compliancehome.com/whitepapers/FISMA/abstract10813.html Thu, 06 Mar 2008 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract10812.html More than 220 million private records have been breached in the last three years. With the average cost of a data-leak incident reaching $6.3 million in 2007, organizations of all sizes must act to protect sensitive data. One industry that is keenly aware of the importance of safeguarding personal information is the financial services industry. The databases of financial services companies hold a vast amount of sensitive financial information about their past, present and future customers. These organizations realize that the loss of customer data could be very costly in terms of tarnished brand image, regulatory fines, lawsuits, customer defection or lost opportunities. Status-quo security technologies, such as firewalls and anti-virus scanners, are designed to keep out attackers - not to protect sensitive information from leaving the organization. Therefore, new policies must be created and technologies deployed to protect sensitive data from either inadvertently or intentionally lea http://www.compliancehome.com/whitepapers/FISMA/abstract10812.html