The for purchase product enables organizations to control how employees use the Internet, and provides easy-to-use tools to create, enforce, and monitor the right web policy for your organization.

Web virus and spyware protection

• Proactive blocking of web malware before it reaches your network
• Protection from zero-hour threats
• Eliminate spyware back-channel communications
• Reduce patching and updates

Web filtering and content control

• Protects your network and your staff from undesirable web content, file types and MIME types
• Quota support by surfing time, bytes transferred and number of connections
• Optimizes network resources by reducing bandwidth congestion
• Monitors online activity with comprehensive reporting

Protection for roaming and remote users

• Extends to all roaming employees wherever they are working – at home, in a hotel room, café, client premises, or Wi-Fi spot
• Applies acceptable use policies to all roaming employees
• Enhances privacy by automatically encrypting all web traffic when the user connects to a public network
• Eliminates the need to backhaul traffic over the corporate VPN
• Simplifies management with no endpoint client and updating

In order to be a successful Chief Information officer (CIO) an individual must have excellent management skills have proven processes in place in order to lead the IT function and the enterprise effectively.  

The CIO needs:

• Open communication channel to all levels of the enterprise from CEO to shipping clerk
• Information that gives the CIO the real, unadulterated truth about how the Information Technology group is performing.
• Strategic information which is focused on managing the business performance of their function.
• Information from various sources that are outside of the CIOs area of control
• Time to digest all of the information and data

The worldwide shift from stationary desktop computers to highly-portable laptop and tablet PC computers offers enterprises increased productivity, flexible work schedules and greater work/life balance. Driven by the need for increased productivity and the ability to present up-to-date information at a moments notice, secure mobile computing can be an enterprises greatest strength. However, research indicates that lost or stolen laptop computers cause nearly 50% of public data breaches. With recently expanded state data breach legislation, even a single lost or stolen computer can expose enterprises to the negative publicity and increased costs associated with public data breaches.

 
DRP Security Bundle

Today, accepting the loss or theft of one laptop or tablet PC or Smartphone (PDA) is simply not an option. A missing device can result in compliance and data protection issues that may be very costly to an organizationÂ’s reputation and bottom line. Organizations need to be able to accurately track their computers, know who is using them, what is installed on them, and be able to prove the actions taken to secure computers remain deployed and intact until the computer can be located.

The topics covered in this issue are:

• Real ID Implementation status
• SOX Compliance Requirements
• Security Audit Program

The Newsletter also provides direct links to topics on:

• Disaster Recovery and Business Continuity
• Job Descriptions
• 2008 Salary Survey

• Network and perimeter security (including firewalls)
• Endpoint security and threat mitigation (including anti-virus and patch management)
• Data security
• Identity and access management
• Wireless security 

The Security Manual address each of these issues and provides solutions which can be implemented immediately.

Users must install and maintain antivirus software. Security policies must define what applications and configurations are acceptable where, and IT and business processes must ensure that security policies are monitored, and exceptions are corrected.

Gaining transparency into risk and security status with rapid, flexible security assessments can quickly improve risk management. Assessments should deliver risk-relevant views of IT infrastructure to track progress towards policy compliance targets and the Security Audit program does that in compliance with all mandated requirements.

• Conduct weekly searches to monitor your company name and company reputation
• Review content of company and employee blogs for accuracy and compliance to company policies
• Validate that all public information has a real identity – this includes blogs and press releases
• Apologize and admit your errors
• Redirect blogs to positive product, employee and company information when anything negative is posted
• Minimize negative comments and never say anything negative about your competition or its products.

Once those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and this attack happens once every month). In this example, US$35,000 x 12 = US$420,000 per machine.

To protect your financial viability, you need to be able to perform data restoration and bare metal system recoveries more efficiently and faster than ever.   

As guidance and a framework for SOX compliance, the US Securities and Exchange Commission (SEC) has mandated that affected organizations use a recognized internal control framework. The SEC makes specific reference to the recommendations of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). While there are many sections within the Sarbanes-Oxley Act, the focus here is on section 404, which addresses internal control over financial reporting. This section requires the management of public companies to assess the effectiveness of the organizationÂ’s internal control over financial reporting and annually report the result of that assessment.

We are seeing a change in the threat landscape, from ones that were noisy and targeting the perimeter of the network, to becoming much more silent, difficult to detect and highly targeted. These attacks are mostly targeting Web browsers and the client applications on the computer itself. And while a small business network may not be as complicated as an enterprise network, they still have desktop and mobile clients.

Because small businesses have fewer IT resources at their disposal, they need solutions that provide comparable protection, at affordable costs and requiring minimal administration.

The threats are:

• Spyware
• Attacks inside the firewall  -  USB devices
• WiFi and other rogue access points
• Worms and viruses
• Information theft via authorized paths
• Phishing
• Key stroke logging
• Instant Messaging
• Blended attacks

Maine is the only jurisdiction that has not yet met the security requirements needed to obtain an extension. Implementation of the bar on accepting Maine licenses will require substantial planning and effort, which will begin immediately in the absence of an agreement. Maine will have until close of business tomorrow to agree to certain security changes in order for Maine IDs to be acceptable for purposes of boarding commercial aircraft and accessing certain federal facilities after May 11, 2008.

DHS recognized earlier this year that states could not meet the full requirements of the REAL ID Act by May 11, as set by Congress. The department made extensions available for states that needed additional time to come into compliance, or to complete ongoing security measures. Initial extension requests were due by March 31. These extensions are valid until Dec. 31, 2009, when states must upgrade the security of their systems, to include a check for lawful status of all applicants, for their licenses and ID cards to be acceptable for official purposes.

The need for secure documentation was a core 9/11 Commission finding. REAL ID addresses their finding by setting specific requirements that states must adopt for compliance in four key areas: (1) information and security features that must be incorporated into each card; (2) proof of the identity and U.S. citizenship or legal status of an applicant; (3) verification of the source documents provided by an applicant; and (4) security standards for the offices that issue licenses and ID cards.

REAL ID enrollment will be completed for all individuals 50 years of age and under by Dec. 1, 2014. For all others, enrollment may be extended three additional years to Dec. 1, 2017. At that time, all state-issued driverÂ’s licenses and identification cards intended for official purposes must be REAL ID-compliant.