IT Security and Auditing Framework – A Glass Half Full or Half Empty?

0

Log Management, Compliance Reporting and SIEM

Corporate islands with no connectivity to the external world and/or employees seeking permission to share company critical information with an outsider are not options that ensure protection from information thefts. Not a day goes by without a security breach or espionage attempt in the media. It doesn’t matter whether it’s an internal or external hack caused by a deliberate or inadvertent action. The IT guy is made accountable for the security gaps and is asked to revisit the policies to ensure that such incidents don’t recur.

We can all say thanks to the built-in logging mechanism in devices, systems and applications, which help track e…

PCI-DSS 3.0: The Stress on Password Protection & Security [Part-2]

0

[In the previous post, we briefly discussed the requirements proposed for PCI-DSS 3.0. In this post, we’ll discuss the requirements in depth.]

When a customer presents a payment card to a merchant at the point of sale, a chain of operations is triggered in the background. The request-approval process happens across software applications, wireless devices, firewalls, routers, switches, storage devices, telecommunication systems, and a host of other applications. Therefore, your data’s security is directly dependent upon the security of all these devices and applications.

Although several authentication mechanisms are emerging, passwords are still the most prominent mode of authenticatio…

Can your organization be Hack Immune?

0

This past few months witnessed a record breaking global level of malware threats and APTs (Advanced Persistent Threat) that put the mightiest of Enterprises’ security at jeopardy! Since December 2009, post the Google Aurora attack, the way Enterprises see APTs has changed forever. Even the last bit of resistance was wiped out when World Bank, Morgan Stanley was taken down by such threats too. The challenge with this type of security attack is the manner in which Enterprise IT Security is hacked – slow and disguised.

Not to mention the plethora of ‘zero day’ attacks lead by hacktivists (Eldarwood gang, Anonymous to name a few) that shake the very foundation of data security of the Enterprise with …

Software asset management is not so “soft” and “smooth”

0

“Choco bloc” is the idiom I think of when it comes to asset tracking (Hardware & Software). Tracking the assets information is not an easy thing to do especially software management and license monitoring. Enterprises need to look at three different aspects of software management – Software Metering, Software Compliance, and Prohibited Software.

Software Metering – You will purchase a lot of software that is required for your enterprise. But you need to track the usage metrics since not every software in enterprise is utilized 100%. Tracking the software usage helps you realize the used and unused software that can help you to take an informed decision. This decision can save your costs o…

Object Access Auditing Simplified – Find the ‘Who, What, Where, When’ of File & Folder Access

0

Most administrators face the challenge of knowing what actually happened to their files and folders – who accessed them, deleted them, edited them, moved them, where the files and folders went, etc. Object access auditing can help administrators to meet this challenge head-on.

Object access auditing is a critical requirement for organizations and helps network administrators to secure their enterprise network. With Object access auditing, organizations can secure their business critical data, such as employee data, accounting records, intellectual property, patient data, financial data, etc. One of the key goals of object access audits is regulatory compliance.

Industry standards such as Sa…

The Perils of Non-Compliance

0

The word ‘compliance’ has come a long way in the English dictionary. It might have started as yet another addition to the vocabulary, but now the image it conjures up – little would have the people who coined this word foreseen this evolution.

SOX, HIPAA, PCI, FISMA, GLBA… and considering the probability of the future Enrons, this list is only expected to grow. However, since many organizations have taken active steps to adhere to the compliance-rules, transactions on the web have become a lot safer than they used to be! Companies will surely not want to take the risk of being non-compliant…not if they have to face dire consequences!

You’ll have to face those dubious ‘CNN moments,’ where you

Ask me in EventLog Analyzer.

IT Manager /CXO of an enterprise are responsible to manage all IT infrastructure of an enterprise. This includes a vigorous update on the status of various security threats posed by internal users in their enterprise, and have a vital eye on various internal transactions carried out. It makes them to demand summary reports on important IT resources from their team, which includes specific stern events.

Such requirements are often delegated to system administrators and other IT staff, who supply IT managers with these specific reports. Mostly the information a CXO requires are Bird’s eye view of

  • Network security status for the complete enterprise
  • Overall compliance status and related remediation /co