Tag: Documentation (800)

Unhappy employees Risk Factors

Employees are a greater risk to computer-security for companies than the much-feared hacker, and experts say. Eight in 10 computer-security breaches are caused by staff members, many of whom are simply disgruntled, says a risk consultant Eighty per cent of IT security breaches are the result of actions by staff Fifty per cent are disgruntled… Continue reading Unhappy employees Risk Factors

Did you know?

Interesting tidbits of information: E-mails, contracts, and PowerPoint files account for 80 percent of corporate information. 71% Use Email to Negotiate Contracts and Agreements 69% Use Email to Exchange Invoices, Statements, and Payment Information 93% Use Email to Communicate with Customers. 38% Use Email to Respond to Regulators 44% Use Email to File with Official… Continue reading Did you know?

Application Security Testing Concerns / Advice

Cross Site Scripting Cross-site scripting allows hackers to: 1)      Execute malicious script in a client’s Web browser 2)      Embed <script>, <object>, <applet>, and <embed> tags 3)      Steal web session information 4)      Modify user’s screen a.       Any Dynamic HTML code based on content that users submit is vulnerable SQL Injection 1)      Users control the criteria of… Continue reading Application Security Testing Concerns / Advice

Are you the Next Target?

They’re after you, who are they? Competitors Disgruntled employees Upset customers Hackers out for a lark  Hactivists Cartels that can buy the latest gadgets and best brainpower Hostile foreign governments / nations Your organization may not be a specific target, just on that had a few vulnerabilities as it was probed. Make you not want… Continue reading Are you the Next Target?

Securing the confidentiality of PHI

PHI (Protected Health Information) requires passwords but…. a) Easy-to-guess passwords are one of the top ten threats to network security b) When passwords change often to improve security, users write them down, increasing the risk of a breach In addition, employers must block terminated staff from continued access to systems that have PHI. However, it is… Continue reading Securing the confidentiality of PHI

From DOS, Windows, Windows 9x / XP Windows NT, and OS/2

You can use the following procedure to identify your video card. From a command prompt type the “debug” command and hit enter. You will leave the C:> prompt and be put in the debug’s “-” dash prompt. C:> DEBUG At the dash prompt type “d C000:0010” and hit enter. C:>debug -d  C000:0010 You will be… Continue reading From DOS, Windows, Windows 9x / XP Windows NT, and OS/2

Short list of IEEE Standards

802.1 Internetworking 802.2 Logical Link Control 802.3 CMSA/CD or Ethernet 802.4 Token Bus LAN 802.5 Token Ring LAN 802.6 Metropolitan Area Network or MAN 802.7 Broadband Technical Advisory Group 802.8 Fiber-Optic Technical Advisory Group 802.9 Integrated Voice/Data Networks 802.10 Network Security 802.11 Wireless Networks 802.12 Demand Priority Access LAN or 100VG-AnyLAN https://www.bestitdocuments.com/Samples

Useful Project Management Definitions

Accountability Matrix. See responsibility assignment matrix. Activity – An element of work performed during the course of a project. An activity normally has an expected duration, an expected cost, and expected resource requirements. Activities are often subdivided into tasks. Activity Definition – Identifying the specific activities that must be performed in order to produce the… Continue reading Useful Project Management Definitions

Why should I bother with a Security Policy?

The image that most frequently comes to mind when discussing security is that of the great firewall standing guard at the opening to your network, fending off attacks from malevolent hackers. Although a firewall will play a crucial role, it is only a tool that should be part of a more comprehensive strategy that will… Continue reading Why should I bother with a Security Policy?

What CEO’s need to be concerned about

Security Internet / External Shortage of key skills Industry consolidation Changes in type/level of competition Impact of the Internet Downward pressure prices Environment, health, and safety issues Change in supply/distribution systems Access to / cost of capital Changing technology Regulatory issues (labor, market access, etc) Effect of corruption Currency issues Stakeholder relations Pressure from institutional… Continue reading What CEO’s need to be concerned about

Liability of Internetwork Carriers

The Internet is undergoing a rapid transition.  Two key, interrelated trends are easily discerned.  First, commercial traffic is now being carried on and across many networks.  Second, many networks are being operated more like businesses than research experiments.  New entities have been created as profit-seeking enterprises.   In this environment, internet-work carriers strongly feel the need… Continue reading Liability of Internetwork Carriers

Identity Management Glossary of Terms

Acquisition device: The hardware used to acquire biometric samples. Acquisition device: The hardware/sensors used to acquire biometric samples. These would include finger sensors or readers, iris scanning devices, facial recognition cameras. Automated Fingerprint Identification System (AFIS): A system that compares a single fingerprint with a database of fingerprint images. Automated Fingerprint Identification System (AFIS): Automated… Continue reading Identity Management Glossary of Terms

SLA / OLA Service Considerations for Building Computing Operating Environments

Describe the environment in which the system will be used and define the major availability, reliability, performance, and integrity requirements. This information will significantly influence the definition of the systems architecture. Consider questions such as: Are the users widely distributed geographically or located close to each other? How many time zones are they in? When… Continue reading SLA / OLA Service Considerations for Building Computing Operating Environments

Net Time Servers

Time Servers                              time.nrc.ca       ntp0.fau.de       time.nist.gov       time-a.nist.gov       time-b.nist.gov       time-c.timefreq.bldrdoc.gov       time-b.timefreq.bldrdoc.gov       time-a.timefreq.bldrdoc.gov       nist1.datum.com Windows command to set / synchronize your time:                  net time /setsntp:time.nrc.ca

Sample Visio, Word, PowerPoint and MindMap – Compliance files

Best IT Document Solutions are far more detailed and comprehensive these samples offer a condensed version of the quality of solutions we offer. Technical_Writing_Style.doc All of these MindMap files Customer Relationship Management.mmap Finance & Administration.mmap Human Resources.mmap Industry Specific.mmap Integrated Services Management.mmap Procurement.mmap HL PCI Domains.mmap Free Sample Document downloads – Compliance research documents: Compliance_ppt1.zip… Continue reading Sample Visio, Word, PowerPoint and MindMap – Compliance files

Identity (IdM) Warehouse described

Support for hierarchical organizational units-organizational structure, reporting structure or functional units Application Metadata Definition Simplified user and entitlements import process – Import from csv, xml, txt and other format files – Import directly from some ldap & odbc sources – Import from Identity Management Systems – Import using RBAC ETL processing • Flexible User Entitlements Correlation Engine • Import… Continue reading Identity (IdM) Warehouse described

Core XML Standards

Introduction to XML The eXtensible Markup Language (XML) is a specification introduced by the World Wide Web Consortium (W3C) for identifying and organizing elements of information in electronic documents. XML is the result of scaling down the Standard Generalised Markup Language or SGML for short an earlier standard for document representation, developed and standardised by… Continue reading Core XML Standards

Rational Unified Process (RUP)

Rational Unified Process (RUP) RUP is a development concept developed by Rational to support development teams with a set of guidelines to successfully implement system applications. Its core principles can be summarised in the following six issues: Iterative development to lessen the risks already in the early phases of the project Effective management of requirements… Continue reading Rational Unified Process (RUP)

Zachman Framework

Architecture Frameworks Zachman Framework is the first and probably most influencing architecture framework. Two key ideas are illustrated in the Zachman Framework: 1. There is a set of architectural representations produced over the process of building a complex engineering product representing the different perspectives of the different participants. 2. The same product can be described, for different… Continue reading Zachman Framework

Role Based Access Market Needs

Determine – ‘Who has access to what’ – ‘If people have the right access for their job’ • Demonstrate compliance to auditors – RBAC Model – Recertification of Entitlements • Efficient User Access Process – Assign access based on ‘business roles’ – Simplified process for creating and managing roles • Clean up orphaned accounts, legacy system accounts and access outside… Continue reading Role Based Access Market Needs

PCI Carholder Information Security Program

Carholder Information Security Program. European Payment Council (EPC). Securing Visa Cardholder Data When customers offer their bankcard at the point of sale, over the Internet, on the phone, or through the mail, they want assurance that their account information is safe. That’s why Visa USA has instituted the Cardholder Information Security Program (CISP). Mandated since… Continue reading PCI Carholder Information Security Program

Identity Compliance Described

Supports enterprise level monitoring of access for segregation of duty (SoD) and security policy conflicts Ability to define rules across any platform / database / application or user’s attributes Support for inter and intra application security policy enforcement Monitoring of SoD, role vs actual exceptions, and terminated users with active accounts exceptions Comprehensive list of… Continue reading Identity Compliance Described

What is an Application Audit

What is an Application Audit Usually required to assess • Business risk• Internal control• Strong linkage to corporate governance and compliances such as SOX, PCI, HIPAA and GLBA It is an audit of a single application • Example: audit of an Excel spreadsheet with embedded macros It could also be an audit of business processes that use… Continue reading What is an Application Audit

Simple Shutdown script for an Exchange Server

@echo off net stop MSExchangeES net stop IMAP4Svc net stop POP3Svc net stop RESvc net stop MSExchangeSRS net stop MSExchangeMGMT net stop MSExchangeMTA net stop MSExchangeIS /Y net stop MSExchangeSA /Y ! ! net stop “Computer Browser”” net stop “Messenger” net stop “Net Logon” net stop “NT LM Security Support Provider” net stop “Plug and… Continue reading Simple Shutdown script for an Exchange Server

Services deleted or modified in Windows 2000 that were in Windows NT 4

Services deleted or modified in Windows 2000 that were in Windows NT 4 Process Manager creates and deletes processes and also tracks process objects and thread objects. Local Procedure Call Facility using a client/server relationship provides a communications mechanism between the applications and the Environmental subsystem. Services added or modified in Windows 2000 that were… Continue reading Services deleted or modified in Windows 2000 that were in Windows NT 4

Digital Rights Management Key Subjects

Management of the DRM Function Data Resource Management Sample Charter / Mission Statement Goals, Objectives and Critical Success Factors Benefits of Data Resource Management Enterprise-wide Data Management Process Maturity Data Resource Management Job Descriptions Data Resource Activities The Framework for Enterprise Architecture Information Stewardship Accountability for Information Quality Repository Management Building the Meta Data Repository… Continue reading Digital Rights Management Key Subjects