Archive for October 29th, 2007

Network Nightmare #2: Stupid Passwords on Privileged Accounts

Monday, October 29th, 2007

I imagine that most people would consider the chances of an attacker guessing a privileged account name and password in two or three guesses to be astronomical. Unfortunately, nothing could be further from the truth. Breaking into corporate networks, and thereby corporate information, has never been easier. Why? Firstly, access to systems (usually Windows) at the desktop is universal. Secondly, most people, including IT staff, don’t appear to know how to select adequately secure passwords.

(more…)

Posted in Threat Detection | No Comments »

SOX and the General Control Environment

Monday, October 29th, 2007

Good corporate governance depends on the effective management of internal controls and on the availability, confidentiality and integrity of information. Corporate reputation, brand preservation and financial results all depend on the defence of business processes and on compliance with a growing array of legislation and regulation. For companies listed on US exchanges, the Sarbanes-Oxley Act of 2002 (‘SOX’) is of overriding importance and information security has a crucial role to play in achieving compliance.

Information security and SOX

SOX was passed to ensure that executives are held responsible for establishing, evaluating and monitoring the effectiveness of internal controls over their financial reporting. To ensure compliance, SOX legislation contains provisions that include both criminal and civil penalties for any violations.

(more…)

Posted in Compliance Issues | No Comments »



© Exaprotect. All Rights Reserved | Disclaimer | Privacy | Terms of Use

Entries (RSS) and Comments (RSS).