Saturday, May 3, 2008

Email Anti Spam And Virus Protection For Businesses - There Is Hope

Anti-spam with suppliers certificates Low-Cost, companies can now enlarged E-mail anti-spam and anti-virus with a user-friendly interface but at a lesser cost. The positive aspect of technology, it is, as it develops, it is faster, additional features and economical. In recent years, the same evolution has taken place, with anti-spam technologies and services. In large part may be due to & 39; Open Source, plus the software community gesch ftst chtige companies Improving the performance of this software and packaging & 39; easy to use, anti-spam appliances.
It n & 39; is not practicable, anti-spam software runs on desktop computers in a networked environment d & 39; business. The management of all employees-Junk E-mail software on the desktop & 39; n is not realistic. This can be a nightmare and costly in terms of time and licensing.
Spam appliances sitting in front of your mail server, so that & 39; e-mail, it is d & 39; outset on the anti-spam and e-mails are scanned for viruses and spam. The filter blocks the message, if you know, as spam. If the filter & 39; is not sure that & 39; e-mail is it really maintain quarantine and e-mail filters, and it is stored until & 39; that the recipient erase, it gives your e-mail-box, or they can d & 39; a "white list" of correspondents, so that future e-mails will not be accepted. This would allow for a net reduction of the burden on your mail server and reduce your bandwidth required. We saw anti-spam & 39; block up to 83% of incoming messages. This could help prolong the life of your mail server and slid the need to improve & 39; capacity.
Most virus outbreaks occur via e-mail and cheaper equipment can block the virus before that & 39; n & 39; they reach your network and users inboxes. It & 39; d & 39; is an added layer of defence in addition to your anti-virus solution.
Businesses have two options if they conform to a system based on the solution of their spam and viruses Control. You can & 39; the purchase and management of their own filters. This is a good option if you have a large number of mailboxes to protect workers and technical staff to manage anti-spam. Companies also have the ability to control spam as a service hosted. This is a good choice for small businesses and technologies l & 39; information, when it does & 39; is not your specialty.
If you buy your own spam filter, a subscription for updates may also be required. Make sure you are ahead of the price of & 39; add-ons who need it. If you have more than 100 e-mail users and technical staff to anti-spam, do you buy your own filters, you can better option. In principle, the basic model works for most organizations. Large organizations with thousands of users & 39; requires a spam filter system to increase the capacity and functions. Spam are specially designed to work with all messaging systems, but some specific extensions to Microsoft Exchange Server software popular collaboration and & 39; e-mail server LDAP support (low weight Directory Access Protocol) . Spam peripherals use LDAP, before providing messages to recipients of your mail server, thus avoiding resource consumption server.
If your company has five hundred employees, outsourcing and anti-spam and virus filtering service is a good economical solution for your company. The costs are based on the number of users and you only pay for what you use. You will not regret not having to buy equipment, maintenance and updating. The costs to advance & 39; is minimal, and most E-mail Filtering suppliers, you can try the service free in the first place. Another advantage is that & 39; outsourcing your anti-spam control is redundancy. It is important that you choose a supplier that their anti-spam and virus filters Co & 39; secure the Internet in the computer centre. Data Centres provide redundant network connections and power, so that if your mail server or Internet connection unexpectedly the anti-spam is your e-mail, until & 39; that your mail server is available, less spam and viruses.
Anti anti-spam to constantly improve the technology and costs are increasingly low. With & 39; increased productivity and an added layer of defence against the intrusion of & 39; virus, anti-spam appliance or & 39; a service is something that your company can not afford without .



Bookmark it: del.icio.usdigg.comreddit.comnetvouz.comgoogle.comyahoo.comtechnorati.comfurl.netbloglines.comsocialdust.comma.gnolia.comnewsvine.comslashdot.orgsimpy.com
Posted by at No comments:

Thursday, May 1, 2008

Is the Fox Auditing the Hen House?

When you ask your doctor for a second opinion, you really want him to give his opinion again? No. You want a second opinion. An independent evaluation. Too many financial institutions are very present on a daily basis - they hire the same company that has placed its security systems in place to make a security audit much about these systems. How many fence-builders are going to find flaws in their own fences? " Nope. No problem here. There & 39; s supposed to be some information leakage. It& 39;s called " " natural seepage. " Or, worse yet - " The bad news is that you have a huge gap in your firewall. The good news is that we can correct. For a small fee. "
Another common mistake that financial institutions are to choose a company audit of safety is to hire an all-in-a company which also sells security solutions. Gee, what are the chances that they& 39;ll find a problem that your product just happens to correct?
The legal requirements and regulations (FFIEC, GLBA, SOX, FDIC, etc.) further clarify the need for independence in the evaluation of internal security controls and protection of confidentiality information.
In this brief, we will address some specific issues for financial institutions to consider when choosing a company to do an audit of security, and summarize about the risks for institutions that lack objective evaluations.
The Practical Perspective
What could be more practical than having one company do all their IT work for you? You only have to sign a contract, and you do not need to go shopping for another auditor. It& 39;s convenient, and it appears as a money-saver.
Not as much.
We bank had a client that had its internal IT security audit completed by the same company that managed its technological infrastructure. During the examination, regulators rejected the objectivity of the audit of security, and the bank was forced to retain another firm to do the work of the whole again.
On other time, we are satisfied with a potential client who was just about to implement a mitigation strategy proposed by its auditor to a lower security risk. The correction was vai cost $ 20000 - to sell a product was the auditor. On the spot, we suggest an obvious lack of cost determining the risk mitigated by making some minor improvements in operational processes. This highlighted two problems with the seller-based auditors, 1) they may try to upsell their own products, and 2) is not likely they are to concentrate on capturing or problems with simple issues.
The operational cost savings those are two obvious examples, but there are other cost savings that are less obvious when its audit of safety is really independent. The auditor has a larger goal, fresh perspective, and will not give you a list of 1,000 nit-picky problems. Instead, they help you any outbreak central issues that are discovered, and suggest practical solutions and profitable. The legal and regulatory Perspective
While the practical considerations of security audit independence are clear, there are also substantial regulatory guidance. If the cost of security issues and practical, are not sufficient to explain the need for independence, after an analysis of compliance with obligations certainly should.
Trivia question: How many times does the word independence or autonomy occur in the FFIEC IT Audit Review Manual? 76 times!
And now for a little light reading.
The FFIEC - Federal Financial Institutions Examination From the FFIEC Security Council Information IT Examination Manual: " Independent and diagnostic tests include penetration tests, audits and assessments. Independence gives credibility to the test results. To be considered independent, test personnel should not be responsible for the design, installation, maintenance and operation of the system tested, as well as the policies and procedures governing its operation. The reports generated from the tests should be made by people who are also independent of the design, installation, maintenance and operation of the system tested. "
The FDIC - SOX Compliance In consideration of the Sarbanes-Oxley Act, the FDIC recently updated its guidance for the independence of auditors. According to the Charter associated Financial Institution (IDF-21-2003), " The main feature of this analysis is that the person (s) directing and / or perform the review of internal controls is not also responsible for the management or operation these checks. " also, " If the agency staff agree that the independence of the external auditor or another vendor seems to be committed the agency may conclude that the imposition of external audit of the program is inadequate and does not meet requirements for audit and reporting "
The FDIC - GLBA Compliance Section III of FDICs Financial Institution Letter (FIL-68-2001) in relation to compliance with section 501 (b) of the Gramm-Leach-Bliley Act (GLBA) assesses the adequacy of institutions " a program to manage and control risks. The fundamental question posed for examiners to audit security in this section is: " assess whether tests are conducted or reviewed by independent third parties or independent of skilled people who develop or maintain the security programme. "
Six Questions
Here are six questions you can ask them to help determine if the auditor is independent:
1. My IT consulting company said that its audit services of security are met by another division within your company? Just because my two years of age, is the daughter " Kid " Division of my family does not mean that it is not yet a part of my family (even if the division& 39;s finances).
2. It is my safety auditor also a supplier of IT products or other services, such as firewalls?
3. My auditor security to offer rehabilitation on the issues they find?
4. Will my work on our internal auditor security technology, but argue that their penetration test only covers the firewall, they do not manage, so there is no independence? (Believe it or not, we see the penetration test suppliers do nothing more than review the firewall, and losing the contextual issues of the entire network architecture.)
5. It is my seller emphasizing the ease and benefits of a single window, without clarifying the conflicts of interest?
6. My seller meet this standard regulatory from the FFIEC IT Audit Manual Review: Tier I Examination Procedures - 5 Objective: To determine the level of audit independence:
Determine or independence is compromised by: Auditors responsible for operating a system of internal control or actually operational performance or duties activities.
Conclusion
Wouldn & 39; t it be great if you could have classified his own end in college? " Johnson, you are brilliant! I had no idea that the Wright brothers were not only working for Enron, but also invented the car! A +! " This feeling is brilliant that it gives companies that do their IT or try to sell extra services when you hire them for their safety audit.
While there are perceived benefits in one-stop shops or companies that can fix any problems identified by ensuring that there is independence and objectivity in the audit process will save time and money in the long run and maintain an institution on a path of regulatory compliance. Consider asking you the types of issues that arise here on their own security audit relationship.
John Abraham, president, Redspin, Inc.
Redspin (www.redspin.com) is a provider of security and compliance audits for more than 100 banks and untions of credit throughout the country. Chocante - who want to have guessed? -- They do not sell any other institution products.
References
Financial cards - 501 (b) EXAMINATION GUIDELINE IDF-68-2001, August 24, 2001. Examination Procedures for assessing compliance with the guidelines to safeguard customer information. http://www.fdic.gov/news/news/financial/2001/fil0168.html, http://www.fdic.gov/news/news/financial/2001/fil0168a.html
Information IT Security Examination Manual, FFIEC ( Examination of the Federal Financial Institutions), in December 2002. http://www.ffiec.gov/ffiecinfobase/index.html
Audit IT Examination Manual, FFIEC (Examination Council Federal Financial Institutions), August 2003. http://www.ffiec.gov/ffiecinfobase/index.html
Financial Institution cards - internal audits IDF-21-2003, March 17, 2003 http://www.fdic.gov/news/news/financial/2003/fil0321 . html http://www.fdic.gov/news/news/press/2003/pr2403a.html
Redspin specializes in security audit and assessment of security services, which help identify potential threats. http://www.redspin.com



Bookmark it: del.icio.usdigg.comreddit.comnetvouz.comgoogle.comyahoo.comtechnorati.comfurl.netbloglines.comsocialdust.comma.gnolia.comnewsvine.comslashdot.orgsimpy.com
Posted by at No comments:
Subscribe to: Posts (Atom)