Devoted to hardware, software, IT issues, and information technology management

Alec DeSimone, senior manager of internal audit at San Francisco-based Del Monte Foods Co. has a lot of say about how his company is improving security on business intelligence systems and spreadsheets in an interview with Computerworld last week. Looks like they are doing a good job securing their food products and keeping the nation healthy. Here's a gist of the steps they are taking in light of increasing laptop thefts and data breaches:

- We have a pretty robust BI security plan in place. We now are trying to standardize our access and security procedures across all platforms.

- We set up some preliminary practices in [early 2005] to secure the data, and to ensure that data -- especially data that flowed through spreadsheets -- was presented consistently. We set up a change management process. We put the spreadsheets on servers that had limited access.

- We limit people's access to the BI system. We have security over that data. Our feeling is that if they have been granted a certain type of access to the data . . . that is our security over what they can download and what they can't.

Check out the full review here

Email dominates business communications today, and government and regulatory agencies have been quick to recognize its importance as a category of business records and take steps to safeguard its content and regulate its use. Yet business organizations have been slower to recognize both the value of electronic communications as an information asset and the substantial risks posed by poor management and protection.

SOX and Emails
The Sarbanes-Oxley Act of 2002 (S-OX), passed in reaction to highly-publicized corporate scandals, requires high levels of accountability from companies and their senior executives to verify the policies, process and procedures behind each companies financial reports and even business operations.

New e-mail management products are emerging that specifically address regulatory requirements for S-OX to be able to review and hold both incoming and outgoing messages based on key words that might trigger a compliance concern.

To read more, download this white paper that (you'll need to register) I just perused through earlier. Its engaging.

Being in the middle is not exactly a good thing sometimes. Ask any Midsize Business on how they handle IT related operations and things will get tough once it blows out of the budget. Here's some tips about managing security on a budget and it applies to companies with revenue between $100 million and $1 billion

Stanley "Stash" Jarocki is used to getting plenty of attention. Once the VP of IT security at Morgan Stanley, Jarocki knows what it's like to manage a staff of dozens at a Fortune 50 company that spends millions of dollars on technology. When he called a vendor, the vendor answered. Quickly. "I'd pick up the phone, and the company—service provider, hardware provider, software provider—would be in the door tomorrow, today," Jarocki says.

3 main tips :

1. Find good security generalists—and know when it's time to call in extra help.
The biggest challenge? Finding and keeping a small stable of talented security employees who are jacks-of-all-trades, in a marketplace that sometimes values specialization.

2. Emphasize the "value-added" that VARs have to offer.
These often regional companies sell products from the biggest security and information technology vendors but add their own expertise.

3. If you can't buy it, share it (especially compliance expertise).

IT Security at Midsize Businesses source

If your company writes open source code or develops software for the non-Windows sector, its always good to follow the guidelines of the GNU General Public License (GPL). Now you'll even have to be aware of the implications of the Sarbanes-Oxley Act of 2002

Historically, you'd earn the scorn of the Free Software Foundation (FSF) and the open source community, and you might have to disclose or rewrite some code if violate the GNU General Public License (GPL). However, the intellectual property disclosure requirements of the Sarbanes-Oxley Act of 2002 may present an additional threat to companies that violate the GPL.

Compliance to regulations such as Sarbanes-Oxley, Gramm-Leach-Bliley and the European Privacy Directives doesn't have to be expensive and disruptive. Here's some articles that deals with and provides tips for using Identity Management to achieve the end goal of compliancy.

Is your company on its way to reaching SOX Compliancy ? It better be well prepared if it wants to stay traded on the New York Stock Exchange.

1. Deploying Identity-Related Compliance: Best Practices
Domestic and international regulations mandate business outcomes that most organizations have pursued all along: improved efficiency, protection of confidential information, integrity of financial information, protection against fraud, etc. Now that organizations have painstakingly gone through their first round of compliance activities, they are searching for ways to improve the timeliness and cost-effectiveness of their audit and compliance processes. This paper is directed to these organizations, and describes best practices that remove the hindrances of attaining the benefits that identity-related compliance provides.