THE OFFICIAL BLOG OF THE SBS DIVA : ITpro2012

Social resources - ITPro2012

bradley — Sat, 09 Jun 2012 17:35:00 GMT

Tips for Using Social Media Outlets

Familiarize yourself with privacy settings. Often the default privacy settings reveal more information than you might want to share with your entire network.

Minimize the amount of biographical information you put on your profile. Many sites give you the opportunity to post your full name, address, phone number, email address, and birth date. Be cautious about what you choose to post — do you really want this information accessible to people you don’t know very well?

Be selective about whom you accept as friends and connections. It is not uncommon for fraudsters to send friend requests to people they have never met, and many users are careless as to whom they accept requests from. Be careful not to assume someone is an old acquaintance you’ve simply forgotten; it very well might be a fraudster trying to contact you.

Take steps to safeguard access to your account. Choose passwords that are difficult to detect. Strong passwords are typically at least eight characters in length, with a mixture of letters and numbers and special characters. Use different passwords for different accounts.

Be careful when accessing your account on a public or shared computer or over a wireless network. If you are dealing with any type of sensitive information, it is best to access your accounts on secured networks and private computers.

Do not make an investment decision based solely on the recommendation of a member of an organization or group to which you belong; the investment might be an affinity fraud. Even if you know the person making the investment offer, be sure to ask questions and research the investment before handing over your money.

Source: http://www.acfe.com/fraud-examiner.aspx?id=4294973009

Also review - http://www.hrthatworks.com/SOCIALMED.pdf and http://www.mofo.com/files/Uploads/Images/120605-Socially-Aware.pdf

Compliance resources - ITPro2012

bradley — Fri, 08 Jun 2012 15:45:00 GMT

During the session on compliance I talked about some resources that I was going to blog about and here there are --

http://events.qualys.com/PCI-DSS-Webcasts

·         Compliance
a.    In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations
·         What
a.    rule?
b.    law?
c.    regulatory body?
d.    agency?
e.    jurisdiction?
f.     enforcement?
·         Alphabet soup of compliance - Cloud
a.    SOC 1/SSAE16/ISAE 3402 (takes the place of SAS 70 Type II)
                                  i.    (Hint if your cloud provider says they are SAS 70 compliant, that’s the old rules – they are not up to date)
b.    FISMA (Federal Information Security Management Act
c.    FISMA Moderate
d.    PCI DSS Level 1
                                  i.    Credit cards
                                 ii.    And this makes you secure right?
e.    ISO 27001
                                  i.    Widely adopted global security standard
f.     International Traffic in Arms Compliance
g.    FIPS 140-2
h.    Specified cryptographic modules
i.      HIPAA
j.      Cloud Security Alliance consensus assessments
k.    FERPA (Federal Educational Rights and Privacy Act)
l.      Criminal Justice Information Security policies
m.   EU safe Harbor
n.    EU Model Clauses
o.    Transfer of Data
p.    Data Processing Agreements
q.    Service Level Agreements

·         Premise compliance
a.    PCI-DSS
                                  i.    What level?
                                 ii.    in SMB?
                                iii.    Real world guidance
                               iv.    http://social.technet.microsoft.com/wiki/contents/articles/853.adjustments-for-pci-dss-scan.aspx
                                v.    Most detailed of all the compliance regs
                               vi.    Recommend: Moving Credit cards away from SBS 2003
b.    GLBA
                                  i.    The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information.
c.    SOX
                                  i.    Section 302 of Sarbanes-Oxley requires that a publicly traded company’s CEO and chief financial officer must vouch for the accuracy of the company’s financial reports, including certifying that its internal controls--such as who has access to financial records, systems and reports--are effective.
d.    PIPEDA
e.    Canadian - Personal Information Protection and Electronic Documents Act
f.     HIPAA/HITECH (Health Information Technology for Economic and Clinical Health Act)
g.    Accelerate Electronic Health Care records
·         Regulations are intentionally vague
·         Privacy compliance
a.    EU rules typically more strict
b.    Cookie laws
·         Local regulation compliance
·         Data breach notification
a.    First – California SB1386
b.    Forty-six states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information.
c.    http://www.ncsl.org/issues-research/telecom/security-breach-notification-laws.aspx
https://www.pcisecuritystandards.org/

Going to the ITPro2012 Conference? No Stellas

bradley — Wed, 06 Jun 2012 06:39:00 GMT

Check out the Friday lunch with StorageCraft from noon to 1:30 p.m. And you know and I know that meals at Jeff's conferences are not just any old seminar steak meals, but wonderful meals.

On Saturday it's lunch with RecoverAssist.

Major sponsors include Microsoft and HP Solutions in SMB. Yes the Gnome is getting out his travel gear and will be hitting the road to New Orleans.
SATURDAY EVENING BON VIVANT!

THE HONOR OF YOUR COMPANY IS REQUESTED

June 9, 2012 for 6:45 pm Saturday

We assemble at the New Orleans Astor Crowne Plaza Hotel, departing promptly there from on a brief stroll to our destination for

Saturday Evening with Cocktails, Dinner and Music until the moon is high.

We are gathering friends together for a laissez fare evening
on a special occasion to be announced when appropriate just prior to this affair. We hope to
entice and prepare you for your travel and carefree enjoyment with more details below.

It’s soon to be June, wedding season of summer in New Orleans
and we too are planning a bit of an old southern soirée. Ours is a casual summer dinner
party with service on white linen, to revisit gentile days of recent past. We’ll gather
among French Quarter courtyard townhomes with a sense of nostalgia where you once
might have been introduced to Sachmo, the Kingfish, or Tennessee Williams. In mind, it’s
not the time of antebellum Old South, this is the hip New South, the birthplace of jazz in a
time when everything is cool but the weather.

Southern hospitality is in our nature,
we want you to be as comfortable
with our climate as with the evening surroundings. On balmy evening nights such as
these, in the Crescent City a local would choose linen, or seersucker, or the most
comfortable cotton anything to wear to fine evening affairs of this sort. Of course, such
sensible attire locally is traditional, but sadly not so common for visitors from abroad.

As our guests prepare for this special Saturday night
may we therefore gently ask forgiveness to indulge the local evening dress code and suggestions?

Above all we observe for fear of proper service declined that no shorts or jeans, certainly
no, not even invoking ‘Stella!!’ transforms Stanley’s t-shirt as appropriate to appear on
this evening. If you will please entertain our orientation to follow, the attire most
appreciated for the occasion is suggested in kind manner.

A FESTIVE OCCASION IS A CAUSE FOR CELEBRATION

Gentlemen:

A jacket in these summer nights suggests refined tastes, even if you just
carry it to look “ready” for proprieties. In truth, to arrive with no jacket is also
graciously understood for a fete among friends, but in such case (this is very important),
a plain WHITE DRESS SHIRT is quite essential to maintain the formalities. Remarkably,
no one seems to notice when white sleeves are rolled or short, as it is the sea of white
that appears so graceful when no jackets are in view. Certainly, the Avenue Uptowner’s
would don a bow tie or madras plaid skinny in June, and it would indeed be perfect. Yet,
no tie at all is required for our “costume” night unless that is what completes your
statement for the evening. If you are stumped or the constant traveler: Khaki pants (or
summer slacks avoiding dark colors) are ever sensible, joined with a proper buttoned
white shirt, these are a gentleman’s universally confident choices of summer. Hunting a
fine meal in the French Quarter, your foot is in the door as you now look smart to enter,
so long as the maitre de is properly tipped, and we have that covered!

Ladies:

Imagination shall be yours for an evening of summer cocktails and a seated
dinner party, for which we wouldn’t dare to suggest your choice of outfit. From beneath
the lazy ceiling fans of the south, we have embraced air conditioning in fine dining, and
the courtyards are optional throughout the evening. So the tradition remains simply that
the color and style in the room is informed by the choices the ladies offer for their
comfort with grace. With sincerity, since the arrival here of our family name, we fear for
your finest heals on the French Quarter flagstones, and observe that many southern
ladies choose the modesty of flats or simpler designs for even short walks or courtyard
affairs, when they plan for such occasions.

How to beat the heat of New Orleans for a dinner party in town is the mid-year
challenge. Simple or sophisticated…mademoiselle, c'est si bon… it’s entirely up to you!