Security Manual Templat and Audit ProgramSecurity Policy and Audit Program

ISO / COBIT / HIPAA / SOX Compliant

OrderTable of Contents

This Security Policy Manual (policies and procedures template) is over 240 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance). In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority and security myths need to addressed.

Our security audit program can be used to identify the gaps that exist between mandated security standards and your organization's security practices. As a result, our audit tool can also be used to perform a very detailed gap analysis. Once you've filled all the gaps, you can be assured that you've done everything humanly possible to protect your information assets. If you use our Security Audit Program you will not only comply with the many mandated security requirements but you will also improve the overall performance of your information security program.

Comprehensive, Detailed and Customizable for Your Business

The Security Policy and Audit Program bundle provides all the essential sections of a complete security manual and walks you through the creation of each step. Detailed language addressing more than a dozen security topics is included in 220 plus page Microsoft Word document, which you can modify as much or as little as you need to fit your business requirements. The template includes sections on critical topics like:

  • Risk analysis
  • Staff member roles
  • Physical security
  • Electronic Communication (email / Smartphones)
  • Blogs and Personal Web Sites
  • Facility design, construction and operations
  • Media and documentation
  • Data and software security
  • Network security
  • Internet and IT contingency planning
  • Insurance
  • Outsourced services
  • Waiver procedures
  • Incident reporting procedures
  • Access control guidelines
  • PCI DSS Audit Program as a separate document
OrderTable of Contents

The Security Manual Template a stand alone item (Standard) or in the Premium or Gold sets:

Security Policies and Procedures

 

OrderTable of Contents

Each of the job descriptions is between 3 to 6 pages in length. They have all been updated to reflect the responsibility requirements of Sarbanes Oxley, HIPAA, PCI-DSS, ISO, and ITIL. The job description included in the premium bundle are:

  • Chief Compliance Officer CCO)
  • Chief Security Officer(CSO)
  • VP Strategy and Architecture
  • Director e-Commerce
  • Database Administrator
  • Data Security Administrator
  • Manager Data Security
  • Manager Facilities and Equipment
  • Manager Network and Computing Services
  • Manager Network Services
  • Manager Training and Documentation
  • Manager Voice and Data Communication
  • Manager Wireless Systems
  • Network Security Analyst
  • System Administrator - Unix
  • System Administrator - Windows
OrderTable of Contents

 

 

 

 

 

Security and Auditing News



Security Predictions

2009 began with the biggest data breach in history. Wonder what could possibly be in store this year? The experts have spoken and have issued their astute security predictions for the New Year:

  • Increased funding security budgets
  • New compliance regulations created and enforced by congress
  • New problems with mobile security: new mobile phone worms and Trojans
  • A new key area of competition: Cloud computing
  • Growth in desktop virtualization

Security Manual Template Policies and Procedures

ISO 27000 (27001 & 27002) - Sarbanes-Oxley - PCI - Patriot Act - HIPAA Compliant

  

This Security Manual for the Internet and Information Technology is over 240 pages in length.  The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley.

- more info


PCI-DSS is a global requirement

Although the Payment Card Industry Data Security Standard (PCI DSS) has become a global requirement, many organizations are lagging in compliance. For many companies, regulatory compliance can already be an overwhelming and confusing area to navigate, and the need to comply with the PCI DSS might feel like yet another burden. The PCI-DSS compliance kit meets fully meets enterprise compliance requirements. 

PCI-DSS Requirements Table
    Sample PCI Audit Program      Sample PCI Audit Program

The PCI DSS security requirements apply to all “system components.” A system component is defined as any network component, server, or application that is included in or connected to the cardholder data environment. The cardholder data environment is that part of the network that possesses cardholder data or sensitive authentication data. Network components include but are not limited to firewalls, switches, routers, wireless access points, network appliances, and other security appliances.

- more info


Data deduplications impacts IT budgets

Data deduplication is not just altering what media companies use as backup targets; it dramatically affects operating efficiencies, simplifies remote office data protection, and makes disaster recovery significantly more affordable and realistic for a much greater percentage of the overall market. Its advent is not unlike other storage innovations where market leadership was not necessarily determined by a technology capability, but rather the true achievable business benefits brought about by the entire solution.

Record Management  Backup Policy

Storage is more than a mainframe peripheral and as such has a profound impact on the entire IT industry and IT budgets in particular. Vendors are now poised to make a major impact by illuminating a series of expensive problems within storage environments caused by an endless array of duplicate data sprawl. CIOs and IT professionals now realize they do not have to keep buying more and more storage capacity as there are more efficient ways to store and manage information - especially in secondary storage environments.

- more info


ITSM is part of the necessary infrastructure cost of IT

IT Service Management and technical support of customers is still seen by many organizations as a necessary evil, one of the many costs of doing business. And while providing support does add a line to your balance sheet, it also creates a multitude of opportunities to cultivate relationships that maintain your customer base and even grow it.

IT Infrastructure, Strategy, & Charter TemplateIT Service Management SOA Change Control

The crux of the matter is this: Technical support should no longer be perceived as a pricy "fix-it shop around back"; technical support has grown into a revenue-generating, company-strengthening powerhouse right in the heart of the organization. With the right tactics and technology, your support center can realize its full potential by becoming an essential, strategic component of your organization's success. Just as a surgeon needs the proper tools to perform operations, so, too, must support center representatives have the proper tools to get their jobs done efficiently and cost-effectively.

- more info


IBM Will Leave 500 Call Center Jobs in the US

IBM is taking advantage of tax rebates in Colorado, and hiring 500 customer service call center workers over the next five years.  The workers will work outside of Denver in Boulder.

Outsourcing Guidelines Outsource proceduresIT Hiring IT Job Descriptions IT Salary Survey  The 500 jobs will come between now and 2014. IBM qualified for the rebates after passing environmental and community standards. The company retrofitted 22,000 square feet of space in a 62,000 square-foot space.

Call center job salaries in the area range from $23,000 to $38,000 a year.

The executive director of the Boulder Economic Council, said the expansion shows IBM's stake in staying in Boulder. "What it really indicates to us is that IBM corporate is feeling like Boulder is a key site for their operation," she said. "That says that IBM supports this site in the long run." Draper said the 500 jobs being created "probably aren't going to be the highest-paying jobs in the county by any means," but they will still be good jobs that come with training and stability.

IBM has taken a lot of heat in 2009 from its union and former employees after shedding an estimated 10,000 jobs. The exact figure of layoffs this year is not known, as IBM does not publicly announce its restructuring or job cuts, but former employees have well documented the occurrence of layoffs. Many workers have been forced to train employees in Asia and other countries who replaced many employees in North America.

- more info


Holiday on-line spending up due to reduced prices and sales

MetricsU.S. online holiday spending has risen 3 percent this holiday season, but shopping online slowed over the weekend after the special deals and discounts offered by retailers on Cyber Monday ended.

Cyber Monday refers to the Monday after the U.S. Thanksgiving holiday when retailers, ranging from Wal-Mart Stores Inc to Amazon.com Inc offer deep discounts or limited-time only deals on their websites to lure holiday shoppers.

Overall, Americans plan to spend an average of $1,096 on holiday gifts this season, up $207 from last year -- the largest year-on-year increase since the boom shopping season in 1999, the last time this annual survey hit the $1,000 mark.

Spending plans don't guarantee a strong shopping season; actual consumer spending can depend on the prices and products people see in the stores, the effect of marketing campaigns and economic conditions as they develop. But robust spending plans are surely a good sign.

The National Retail Federation raised its holiday shopping forecast, projecting 6 percent growth in sales over last year, up from its September forecast of a 5 percent increase. NRF said this was its first-ever mid-season adjustment in a holiday sales forecast; it cited strong retail sales in October and falling gasoline prices.

For the first 36 days of the November-December holiday season, online holiday spending reached nearly $16 billion,  up 3 percent from a year ago. For the week ending December 6,  online holiday spending rose 3 percent to $4.6 billion.

- more info


Black screen replaces blue screen of death

DRP/BCP Security Templates On Nov. 10, Microsoft released 15 patches for vulnerabilities in Windows, Windows Server, Excel and Word.  Microsoft was likely just trying to fortify the security of the operating systems when it inadvertently made the error in its patches.  Microsoft's security patches appears to be causing some PCs to seize up and display a black screen, rending the computer useless. The patches appear to make some changes top particular registry keys. The effect is that some installed applications are not aware of the changes and do not run properly, causing a black screen

The problem affects Microsoft products including Windows 7, Vista and XP operating systems, said the CEO and CTO for the U.K. security company Prevx.

Order

The Security Manual for the Internet and Information Technology is over 220 pages in length. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition  contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley, ISO 27000 (ISO27001 and ISO27002), PCI-DSS, and HIPAA. Data Protection is a priority.

- more info


Failure points in data security identified by Janco

Every employee, contractor, and associate that uses e-mail and the Internet is a potential point of failure of every enterprise.  That point may become a leak, either purposely or inadvertently. A worker who was passed up for a raise or laid off may, in a fit of anger, share some embarrassing information with the press or forward sensitive plans to a competitor.  Security policies and procedures are must for every enterprise.

Security Policies and Procedures and Audit ProgramInstant messaging exchanges can be used to sneak files or secrets to outsiders. Employees and contractors often retain their "friend lists" as they move from one department (or company for contractors) to another, or from one employer to the next. Colleagues who IM one another every day could be working for competing firms, and a careless response to "what are you working on lately?" can be disastrous.

Many hack attempts use social engineering to infiltrate corporate networks. An e-mail that seems to be from your IT administrator and requests your login info seems harmless enough, until the hacker at the other end gains entry. The issue is one of education and awareness, and unsuspecting employees become, in essence, potential threats.

Many employees do not take safe data handling practices to heart. They will copy work files onto USB drives or portable hard drives, or even e-mail them to their personal accounts for retrieval from home. This sort of routine activity can place sensitive data at risk, especially considering how easy it is for a small USB key, a smart phone, or a laptop to be misplaced or stolen.

- more info


Windows 7 has tools to improve ITSM and SOA

Help in solving problems now is easier with Windows 7 - ITSM is improved.

Solving problems unique to a machine can be an arduous task for both the end user and the help desk. Windows 7 introduces the Problem Steps Recorder - a screen-capture tool that allows the end user to record the problems they’re having, step by step. It’s as simple as hitting "start record" then adding in comments as needed. A HTML-based file converts to a .ZIP folder, which is easily passed on to the help desk. The program is accessible from the Control Panel under "Record steps to reproduce a problem" or run psr.exe from Explorer.

- more info


Security threats are on the rise and they are costly

Companies as well as individuals need well defined security policies and procedures to combat secrutiy threats.

In a report that was recently published it was estimated that breaches cost companies between $90 and $305 per lost record. This includes notifying customers, hiring contractors to fix computer systems, fines and lost business. In addition, over 95 percent of network attacks are entirely financially motivated. This is different than two or three years ago where it may have been a college student who wanted to crash your computer. Threats today burrow deep in computers and hide. They are a lot less visible today.

Indeed, the new threats are much more sophisticated than those security experts had foiled in the past. The easy things - viruses, Trojans and worms - are generally stoppable by most firewalls or certainly inline intrusion prevention. But now, hackers and the organizations that fund them have upped the ante for gateway and network security.

- more info


Delta Air Lines sue for allegedly hacking e-mail accounts

Security Policies ProceduresDelta Air Lines is being sued and seeks a minimum of $11 million in damages for allegedly hacking the e-mail account of a passenger rights advocate who supports legislation that would allow access to food, water, and toilets during long delays on the tarmac.

The executive director of Flyersrights.org, alleges Delta obtained sensitive e-mails and files and used the material in an attempt to derail the "Airline Passenger's Bill of Rights of 2009," which is pending before Congress.  If the bills are passed, airlines could lose as much as $40 million in revenue and spend much more to comply, the lawsuit contends. The bills would allow passengers to deplane if they have been delayed on the tarmac more than three hours. They would also be entitled to clean air and access to medical treatment.

- more info


New notebooks faster and green

  CIO Productivity Kit IT Infrastructure, Strategy, and Charter TemplateNew notebook trends include:

  • The next generation of chips for notebooks
  • Mobile-oriented features in Windows Vista and XP
  • Embedding wide-area broadband capabilities
  •  "Ultra-light" notebooks, Ultra-Mobile PCs (UMPCs) and other mobile devices
  •  "Green" notebook-related initiatives by vendors in manufacturing, use, and post-use stages.

More Processing Power

For notebooks, the continued improvement in CPUs - the "brains" of the system  - means doing more work faster. It also means using less energy (and not costing more than their predecessors). Intel's newest CPU family for notebooks, desktops, and servers has Core 2 Duo processors and the latest 45-nanometer (nm) process technologies. The processors offer nearly twice the density of Intel's older 65nm approach. That translates into more than 400 million transistors for dual-core processors and more than 800 million for quad-core, providing faster processing and less energy use. It also adds to energy efficiency.

- more info


Today's cost savings increase cost of doing business

Metrics Internet and IT

In these economic times, CIO and CFO are tempted to have their company’s employees to hang on to their desktop and notebook computers for a couple of years beyond the usual three-year life cycle. This way they hope to avoid the capital expense of replacing them. However, knowledgeable professionals have data that shows that as a false savings.

Four to five years after a laptop has been put in service they often are more trouble than they are worth. The reasons are simple, the longer a laptop or a desktop is in service the greater the chance that they will need for repair, an upgrade of an internal card, an upgrade in memory, and a new OS.

After the three years, hard drive failures go up dramatically, as do problems with keyboards, screens, and batteries. In addition, the outdated notebooks will cost an organization in lost end-user productivity, since a machine that is two generations behind current models takes longer to boot up and runs sluggishly.

When CIO and CEO look to trim costs, care needs to be take so that long term productivity is not impacted.  In addition, if employees feel they are not productive because of "technology', once the economy improves they will find better jobs where the technology is more current..

- more info


Browser Twelve Year Trend - Released by Janco

Janco has just updated its web site to include a chart that provides a view of browser market share trends from 1997 to 2009.  This is the most compressive set of data that is available.  Mr. Janulaitis, the CEO of Janco Associates said, "Our data has been used by all of the major browser providers as well as the courts in suits by various governmental agencies as well of individual companies.

Browser Twelve Year Historical Trend

Browser Historical Trend

The full study was produced with data through August 2009.  See a full copy of the  press release here.

Order Browser Market Share White Paper    Sample White Paper

The Browser Market Share and Operating System Market Share White Paper data is by month starting in September 1997 through the August 2009.  The data sampled is internationally based (Just under 50% of the data points sampled are outside of the United States).

 

- more info


Medical students violate HIPAA laws

Sensitive Information Policy Personal Data Security  In a survey of medical colleges, 60% reported incidents of medical students' posting unprofessional content online. Thirteen percent reported that students had violated patient confidentiality in postings on social networking sites.  Below is a summary of the results of the study by the Journal of the American Medical Association.

Security Policies Procedures(JAMA) Sixty percent of US medical schools responded (78/130). Of these schools, 60% (47/78) reported incidents of students posting unprofessional online content. Violations of patient confidentiality were reported by 13% (6/46). Student use of profanity (52%; 22/42), frankly discriminatory language (48%; 19/40), depiction of intoxication (39%; 17/44), and sexually suggestive material (38%; 16/42) were commonly reported. Of 45 schools that reported an incident and responded to the question about disciplinary actions, 30 gave informal warning (67%) and 3 reported student dismissal (7%). Policies that cover student-posted online content were reported by 38% (28/73) of deans. Of schools without such policies, 11% (5/46) were actively developing new policies to cover online content. Deans reporting incidents were significantly more likely to report having such a policy (51% vs 18%; P = .006), believing these issues could be effectively addressed (91% vs 63%; P = .003), and having higher levels of concern (P = .02).

- more info


SSD a reality - IT productivity to improve - green tehcnology

DRP/BCP Security Templates

Hewlett-Packard Co. announced that it will offer 60GB and 120GB solid-state disk (SSD) drives as an option across the full range of HP ProLiant G6 servers, as well as in select ProLiant G5 servers.

The serial-ATA (SATA) SSDs, from Samsung Electronics Co., are aimed at supporting virtualized environments and I/O intensive applications where the latest HP ProLiant G6 servers are often deployed, the company said. Virtualized environments require significant memory, data storage and network connections to optimize server performance.

HP qualified Samsung's SSDs for what it's calling the "green" option across its server line to give customers a way to minimize power consumption, saving money while boosting performance. Samsung claims the SSDs can significantly cut power use in HP's ProLiant servers and offer 40 to 50 times the performance over traditional hard drives, depending upon the application and computing workload

- more info


CIOs Major Responsibilities Are Focused

CIOs have three major responsibilities in helping enterprises succeed.

  • CIOs must keep all IT systems and networks managed, optimized, and available to contribute maximum business value at minimal cost.
  • CIOs need to protect critical infrastructure against an increasingly hostile threat environment spyware, viruses, attacks, intrusions and human-engineered security lapses.
  • CIOs  must prevent exposure to legal and regulatory compliance penalties or breach disclosure laws. If IT fails in any one of these areas, their organizations can go out of business, or face criminal sanctions.

In meeting these responsibilities, CIOs can no longer incrementally buy new tools to meet any new requirement that makes headlines in the technical or business media. Business drivers, security and compliance mandates converging on the enterprise require a converged response. CIOs now demand solutions that enable them to eliminate redundant technologies and processes and integrate disparate elements into a common workflow. While established enterprise software vendors have adopted the language of convergence and consolidation, their product lines remain constrained by legacy architectures and designs. Proposing radical change to their customers' carries the risk of disrupting established revenue flows not to mention technical risks inherent in overhauling or replacing obsolete products.

Business runs at a velocity unimagined a few short years ago. Complex and highly distributed environments have grown to support an intricate web of partners, suppliers, distributors, and customers. Service oriented architectures and web-based applications have progressed from vision to real-world instantiation as enterprises look to leverage technology to innovate and deliver new services. In this new world, IT-delivered services must be available 24x7 to customers, suppliers, employees, regulators, investors and other constituencies.

The highly exposed nature of today's IT infrastructures fundamentally changes how organizations manage IT assets, processes and data. IT organizations can no longer treat resource management and maintenance as back-end functions that can be performed at times and conditions of their choosing. Neither is their work protected from outside scrutiny. Processes whose success or failures were largely internal now make the difference between business success or failure, legal compliance or litigation, prudent stewardship or ineffective execution.

- more info


Turn layoff into an opportunity

IT Job Descriptions  IT Hiring Kit  Salary Survey

Download Salary Survey

How does one go about turning a career setback like a layoff into an advantage? First of all -- and here's the power of positive thinking at work -- think of a layoff as an opportunity, not a setback. Is a layoff a serious challenge? Of course. But you won't get anywhere by focusing on the negatives or feeling sorry for yourself. Look at a layoff as a unique opportunity to open a new door. Maybe this is the time to take your career in a brand-new direction. Recessions have spawned many an entrepreneur, and some of the world's biggest companies were launched in the midst of economic downturns.

- more info


Metrics productivty and cost control focus of CIO

Metrics are the key to productivty improvement and cost control.  Today, CIOs have many reasons for adopting “lean” practices; saving costs is only the most obvious. Other objectives are to reduce time to market, offer more competitive products and services, increase capacity, and simplify solutions.

Metrics Internet and IT

There are a myriad of ways to accomplish this: streamline project-planning practices, use opensource applications, opt for solutions that avoid bureaucratic approvals and delays, etc. Drawing on the experience of four IT vice presidents from diverse industries, this ExecBlueprint discusses “lean IT thinking” from multiple perspectives and provides guidance for how today’s CTO/CIO can create a more cost- and time-efficient operation without sacrificing quality, employee morale, or IT’s vital role in the organization. The claim that such a focus can, in fact, serve to improve IT’s standing with the business and employees by creating innovative opportunities to earn recognition and profits. The key to engaging the business and IT team members? Stay aligned with overall business objectives while celebrating individual and team accomplishments.

- more info


IT employee confidence up

The IT Employee Confidence Index increased 6.1 points to 45.8 in the second quarter of 2009, according to a recent survey conducted by Harris Interactive®, indicates that overall confidence levels among IT workers surveyed rebounded in the second quarter as a result of fewer workers believing the economy is getting weaker, and more workers reporting confidence in their personal employment situation.

Despite having to cope with massive budget cuts, salary freezes and demoralized staffs, most employed IT executives are more satisfied with their jobs this year than they have been in previous years, according to the results of a job satisfaction survey.

 Order Salary Survey   Salary Survey Participate

Summary Results and Changes in Demand for IT Jobs 2009

CIO and IT Salary Trends

The only functional leaders who ranked less satisfied than IT executives were engineering execs, 60 percent of whom said they were satisfied, and sales leaders, 59 percent of whom said they were satisfied.

Executives in marketing, HR, consulting and finance reported the highest levels of job satisfaction.

If anything positive emerges from the recession, it's that the weak economy is making some people grateful for what they have - more info


White House Spams -- Accounts remain open!!

The White House has admitted sending e-mail updates to people who did not sign up for them. In a blog posting the White House Director of New Media, announced:

It has come to our attention that some people may have been subscribed to our email lists without their knowledge - likely as a result of efforts by outside groups of all political stripes - and we regret any inconvenience caused by receiving an unexpected message.

He did not expand on who the "outside groups" were or how they could subscribe users to White House e-mails without their permission. E-mail lists often employ confirmation systems where the recipient has to confirm that they wish to receive e-mails in order to prevent 3rd-party sign-ups.

Earlier the White House deleted an e-mail address (flag@whitehouse.gov) that had been set up for users to report what they considered "fishy" claims about the President's health care proposals. E-mails are currently bouncing with a note that "We are now accepting your feedback about health insurance reform via http://www.whitehouse.gov/realitycheck." The flag address had been called a "monitoring program" by opponents.

- more info


CIO success is driven by relationships

Relationships are critical for a CIOs success.  A poor relationship with superiors and staff is the number one reason for failure of CIO.  Relationships are critical to communications and without them common goals cannot be achieved.

Job Descriptions

CIO and employees who understand each other have preferred styles .better understand how to communicate and work together effectively.  Factors that strongly predict the compatibility between a CIO and their teams are self-assurance, self-reliance, conformity, optimism, decisiveness, objectivity, and approach to learning. Assessing a CIO relationships with team members allows the CIO to use objective information about themselves and their teams so that they can work more effectively toward a common goal.

A poor relationship with one's boss is the number one reason for failure at work. Two common flashpoints adversely affect performance:

  • The employee is unclear about the CIO's expectations - Goals should cascade down from the CIO to team members so that everyone understands how they contribute to the objectives of both the team and the organization. If an employee does not understand the goals given,or if they have not been given goals at all, the onus is on the employee to seek clarity. Asking a simple question such as, "What are the top three priorities in my role that you would like me to focus on?" can help everyone on the team gain clarity. Employees should also ask, "Why is this so important?" as the answer will give them a lot of good clues for developing the relationship with their CIO.
  • CIOs fail to adapt their styles to the employees' preferred styles - Every employee/CIO relationship is unique and requires a different management approach. For example, the approach taken by highly decisive boss working with a highly decisive employee should be significantly different from the approach taken by this same boss when working with a less-decisive employee. The decisive employee thrives on quick decisions, while the other employee will be more methodical in thier decision-making approach. The less-decisive employee will potentially enter into conflict with the faster-paced CIO.  
- more info


E-Verify Pushed by Congress Stalled by White House

The Homeland Security Department runs a Web-based E-Verify system in partnership with the Social Security Administration. About 134,000 employers currently use E-Verify, and 12 states require its use to some degree. The House version of the legislation does not have a similar provision.

IT Hiring Kit      Salary Survey

Employers enter Social Security numbers of prospective new hires and existing employees into E-Verify. If there is a match, the employee is deemed eligible for work. If not, the employee is advised to contact SSA. The system has been criticized for alleged high error rates.

Legislation approved by the Senate that would require federal contractors to use the E-Verify employment verification system is broad and goes beyond what is required for federal agencies.

The Senate's version of the Homeland Security Department fiscal 2010 appropriations bill includes a provision that would require federal contractors to use E-Verify for new hires and existing employees. By contrast, federal agencies are only required to use E-Verify for new hires, the group said.

Also, the Senate measure also goes beyond what is required of federal contractors in the Federal Acquisition Regulation (FAR) rule that pertains to E-Verify and is scheduled to go into effect on September 8. The rule and enforcement has been delayed four times while the Obama Administration has reviewed it.

Under the acquisition rule, there are exemptions for contractor employees with security clearances or Homeland Security Presidential Directive 12 credentials, existing employees not working on federal contracts, and contracts under a certain dollar threshold, among others.

The Senate provision would remove any flexibility that DHS has to further address the applicability of the final rule as part of the Obama Administration’s review of the implementation of the final FAR rule and the overall E-Verify program.

.

- more info


Apple and iPhone linked to suicide and employee abuse

Apple is a worldwide monopoly and acts like it is a law onto itself.  A Chinese worker responsible for handling the next generation of iPhone somehow misplaced it.  The security team at the facility "questioned" the employee and he in turned jumped from the top of his apartment building.  Apple's mild response was to rebuke the company in China with "no sanctions".

IT Job Descriptions  IT Hiring Kit  Salary Survey
Download Salary Survey

Apple will continue to work with employer in China and  nothing has been done to help the dead employee or his family. 

- more info


Cloud Computing Puts Enterprises at Risk

Security Manual - Sarbanes-OxleySecurity is only as tight as the weakest link.  For example, an administrative employee at Twitter was targeted and her personal email account was hacked. From the personal account, a hacker was able to gain information which allowed access to the employee's Google Apps account which contained Docs, Calendars, and other Google Applications that Twitter relied on for sharing notes, spreadsheets, ideas, financial details and sensitive data for the company.

Following that attack, Twitter conducted a security audit and they concluded that there was not security vulnerability in Google Applications.  Twitter continues to use the suite internally.

Are your security policies and procedures strong enough to withstand such a breach?

- more info