_

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

___________________

 

 

 

 

     

 

 

 

 

 

 

 

     
Proven competency in building the most advanced Microsoft

security solutions to protect the customer’s information assets.

 

Security is a top priority for Microsoft and solution partners. Microsoft is committed to building software and services that will help better protect our mutual customers and the industry.

Security-based solutions include:
  • Security Management and Operations
  • Secure Wireless
  • VPN
  • Perimeter Management
  • Identity and Access Management
Firms large and small rely on data from accounting information to tracking customer relationships. Lose the trust in that data, and the firm loses a key competitive advantage. Arguably, you have no business. In the past, information security was for the spooks government agencies and defense department contractors who had real secrets. Today, it is an integral part of how we all do business.

As it relates to the accounting environment, security knows no size the sole practitioner to Big 4 should be just as concerned as their counterparts. At the same time, security is typically mandated by a controlling organization. For example, solo medical transcribers must be concerned about the security and privacy provisions of the Health Insurance Portability and Accountability Act (HIPAA), while large accounting firms are trying to define the security implications of Sarbanes-Oxley legislation. California, the regulatory bell-weather state, led the pack in 2003 by signing into law SB 1386 mandating that any California resident be notified when there is an unauthorized intrusion that could lead to identity theft of their names and personal account information. In early 2004, this regulation forced Wells Fargo Bank to notify some customers whose names and Social Security numbers were stored on a computer that was stolen by an individual intending to use customer information for identity theft.

First and foremost, Information Security begins with education, awareness, and setting policies. To begin the process of setting forth workable policies, invite a group of employees to a brainstorming pizza party. Discuss risks you have in your firm or business and the protection methods you currently undertake and evaluate on a regular basis. Talk about your systems, threats (internal and external), and your internal policies on security and access to information.

Next, compute the potential damages and the price of remediation. While determining the ROI on prevention can be difficult, without a realization of the potential for losses, you are putting your business at risk.

Its a fact that Information Security is just part of a much larger concern. The definition of Information Security, as defined by the Top Ten Technology Task Force, is The hardware, software, processes and procedures in place to protect an organizations information systems from internal and external threats. This includes firewalls, anti-virus, password management, patches, locked facilities, IP strategy, and perimeter control. Many other areas are affected as well, including intrusion detection systems, security standard setting, social engineering, digital identity, privacy, biometric authentication, and digital rights management.

With the constant 24/7 on and connected world in which we live, the information technology help desk has transformed into a war room of sorts. For example, in 2003, we started the year with the SQL worm, a tiny little program that overwhelmed the Internet in the mere space of 30 minutes, causing systems and ATM machines around the world to grind to a halt. In the middle of the year, we had MSBlast that caused unpatched Microsoft Windows XP and Windows 2000 machines to reboot.

Late in the year came word that Linux distribution source code servers were compromised with backdoors, causing team members to review code checksums and patches to MAC OSX soon after its release.

If you learned nothing else in 2003, you realized that no operating system holds the panacea for absolute security, and, in fact, the concept of managed risk became vogue. The former only-embraced-by-large-firms concept of Patch Management became a new constant; several vendors even began discussion lists, including www.patchmanagement.org to discuss best practices and polices for the most ideal way to deal with distribution of patches to workstations.

As we continue working in 2004, what will this year bring in Information Security? Weve already seen several worms and its highly probable there will be many more. A new worm? A new threat? More bulletins or less? One thing is for sure: every one of us needs to ensure that security is built into every single application from the ground up. You cannot layer on security at a later time and receive the same results that you do when security is built into the project from the beginning. At each step of any project you undertake in 2004 should be a risk analysis to fully understand how best you can build in protection.

For More Information: info@roncook.com
 

Security Overview • Analysis • HTTPS • eMail Filters

Suffolk: (631) 265-0102
Nassau: (516) 559-7219
Manhattan: (917) 464-3815

Copyright © 2008 Technology Is Made Easy, Corp. 

Corporate website terms and conditions