Friday, May 30, 2008

Orphaned User Accounts Run Wild in Enterprises

For decades IT auditors have included steps in their programs to determine if their client routinely closes user accounts for departing employees. However, a recent study shows that this elementary step is often not carried out and there is an abundance of orphaned accounts in many organizations. They represent a security risk that needs to be addressed by those organizations. Maybe auditors need to tighten up their procedures on them as well. Orphaned User Accounts Run Wild in Enterprises

Thursday, May 29, 2008

OpenSSL Vulnerability Shows Open-Source Process Weaknesses

Recent research has revealed a significant security exposure in some open source Linux systems. The problem springs from a flaw in the random number generator of OpenSSL, which enables hackers to access encrypted data within the systems. The flaw reduces the extent to which SSL can be repied upon is such systems and emphasizes the need for compensating controls. OpenSSL Vulnerability Shows Open-Source Process Weaknesses

Wednesday, May 28, 2008

COBIT Control Practices: Guidance to Achieve Control Objective for Successful IT Governance, 2nd Edition

COBIT Control Practices: Guidance to Achieve Control Objective for Successful IT Governance, 2nd Edition: "This publication provides guidance on the risks to be avoided and value to be gained from implementing a control objective, and instruction on how to implement the objective." The publication and appendices are available for free download from the ISACA site by clicking the above link.

Monday, May 26, 2008

Volume 32 Number 2

The June issue of MIS Quarterly is a special Issue devoted to research on Information Systems offshoring. Among the many useful aspects of the Issue is a ranked listing of issues related to offshoring, such as the effect of cultural differences, impact on strategy, effect of distance, etc. The Issue provides an excellent source for practitioners who are considering offshoring or their offshoring policies and for academics interested in researching this important area of interest. Volume 32 Number 2

Sunday, May 25, 2008

Group releases credit-card software standard

Plastic cards proliferate our world and many of them have magnetic strips on them that are used to store private information. This has played a role in some of the most dramatic instances of system failure where the privacy of sensitive information has been breached, such as those at Hannaford Bros and the TJX Companies. The PCI Security Standards Council has released a new standard that will hopefullly improve on that situation by limiting the type of information stored on the magnetic strips for credit cards. Of course, credit card fraud in one the the biggest menaces facing commerce - online and offline - today. The new standard can be downloaded at https://www.pcisecuritystandards.org/pdfs/04-15-08.pdf and there is a sumary of it at the following link: Group releases credit-card software standard

Friday, May 23, 2008

Enterprise Risk Services - Risk Management - Focus On - Deloitte Touche Tohmatsu

Deloitte has provided a valuable source of information in its website on risk mitigation strategy. The section of their site includes a number of small books and articles on the subject, which should be helpful to many organizations interested in comprehensive risk mitigation strategies. Deloitte refers to such organizations as "risk intelligent enterprises." Enterprise Risk Services - Risk Management - Focus On - Deloitte Touche Tohmatsu

Monday, May 12, 2008

Technology Review: Archiving E-mail Effectively

Email messages created in an organization are legally recognized as documents and therefore need to be treated as such, including measures to safeguard them, preserve their integrity and archive them so they can be available if needed. This has been a problem with conventional software, but new archiving software may help to make it better. Technology Review: Archiving E-mail Effectively

Thursday, May 1, 2008

Kroll Inc. - News Room

Kroll has released a report that points to the increased level of risk of fraud and theft among companies using expanded global supply chains, which normally involve extensive outsourcing. Cargo theft has become a major issue, and the report identifies a number of red flags to help identify potential problems, many of which are not new. Overall, however, the report points to the need for tightening of the internal controls over global supply chain systems. Kroll Inc. - News Room