Category: Product

Doug Merritt, executive vice president and general manager of suite optimization products and technology at SAP, said that consultants in the compliance arena, regulatory bodies and other vendors will also be able to contribute to this repository. “It allows companies to manage hugely heterogeneous landscapes,” noted Merritt. Merritt said the solution will help risk managers and business owners identify financial, legal and operational risks, analyze business opportunities in light of these risks, and develop appropriate responses.

The key to all three solutions, the company said, is that they give line-of-business executives greater visibility of how governance and risk-management policies are implemented and followed in the course of doing business. Effective GRC management can do more than ensure that companies are in compliance with Sarbanes-Oxley and other regulations, said Merritt. “GRC is more business-driven than just keeping the CEO out of jail,” said Merritt in response to a question from internetnews.com during a conference call this week. “Understanding the relative risks and rewards of different activities is as critical or more critical than regulatory reporting,” he said.

Amit Chatterjee, senior vice president of the risk and compliance management unit at SAP, said that whatever can be monitored can be managed.

SAP GRC Repository and SAP GRC Process Control will be generally available Nov. 30. Other solutions, particularly those pertinent to industry verticals, will become part of the new solution during the second quarter of next year.

SAP also announced that it is bringing these products to market jointly with networking solutions vendor Cisco Systems (Quote, Chart).

http://www.internetnews.com/ent-news/article.php/3630606

But the need for network access control won’t wait that long, so businesses will have to continue to control network access using technology already available in some of Cisco’s products and through other security vendors.

By year’s end, Cisco and Microsoft will offer a limited beta program–with no more than three mutual customers–to gain a more realistic understanding of how their access control technologies will work together. As these beta testers will soon find out, combined network access protection and network access control consists of several client-side software applications that check and communicate the health of laptops, desktops, and other devices attempting to connect into a given network.

On the network side, Cisco routers and switches, Cisco Secure Access Control Server, Microsoft Network Policy Server, and policy servers from other vendors work together to give the thumbs up or thumbs down to any device seeking to connect.

Cisco and Microsoft have cross-licensed the Cisco NAC and Microsoft NAP protocols used to communicate information between clients and networks to help ensure their products continue to work together.

A Forrester Research study of 149 technology decision makers at North American companies found that while more than one-third plan to adopt some type of network access control this year, the rest cite cost and manageability as obstacles to deployment.

http://www.informationweek.com/news/showArticle.jhtml?articleID=192501974

According to Digital Cyclone Chairman Paul Douglas, “With the new Hurricane Tracker feature, My-Cast users get that extra margin of safety, the critical hurricane information they need delivered directly to their mobile phone, to get a head-start and take appropriate action.”

Also included are StormWatch plots and warnings for affected counties, lightning tracking and alerts from the National Weather Service given virtually as they are issued.

My-Cast features radar images that show the speed and direction of approaching weather, visible and infrared satellite imagery, plus hourly and extended forecasts for up to 7 days, the company says. With GPS-enabled phones, location-aware My-Cast delivers data for the precise current location of the user automatically.

http://www.pocketpccity.com/articles/2006/8/2006-8-29-Track-Hurricanes-From.html

Today, most hacking is financially driven and well-organized, with attacks launched to steal information from banks, financial services firms and online retailers. With banks, for instance, hackers working with inside employees or identifying weak application exploits have been known to set up temporary offshore accounts to siphon tiny amounts from many of accounts. Stealing customer information is the most common attack, since it can be done with simple SQL-injection scripts to retrieve complete database tables.

With the arrival of Web 2.0 and Ajax, new vulnerabilities are popping up at the client level. To identify holes, developers must revalidate Ajax code at the server level before finalizing transactions. Essentially, Ajax creates the same types of vulnerabilities as server-based Web applications, but they’re more magnified because more code is exposed at the client side, with less validation done at the server side.

Cenzic promotes a “divide and conquer” methodology, in which security administrators make critical decisions on how to test applications during development and QA testing. The only security strategy promoted by ASPs and ISPs deals with providing firewall and SSL support to applications, leaving application logic completely out of their security infrastructure.

In addition to Hailstorm, Cenzic offers two ASP models to simplify remote testing and QA for customers that don’t have the resources in-house.

http://www.darkreading.com/document.asp?doc_id=102274&WT.svl=cmpnews2_1

With McAfee Foundstone Enterprise 5.0, companies can easily prioritize and rank their highest-value business assets then identify their most critical security vulnerabilities and the threats which could exploit them. The merging of compliance with risk management at the enterprise level is shifting the focus from just identifying vulnerabilities and configuration holes to understanding the total impact of threats, vulnerabilities, and configuration errors on critical assets. Customers can now take in Foundstone data and “link” corporate security policies and standards to specific Foundstone checks to ensure business policy objectives are being adhered to across the network.

McAfee Preventsys Compliance Auditor supports centralized auditing across all aspects of policy: process, procedure and technical controls, which provides a consistent way to reduce the costs associated with demonstrating security compliance.

http://www.darkreading.com/document.asp?doc_id=100686&WT.svl=wire_7

EMC Corp.’s recent acquisition of RSA Inc. underscores the convergence of information security and storage. EMC, which sells large storage systems for use in corporate data centers, bought RSA—a manufacturer of encryption software and devices—to provide it with identity and access management technologies and encryption and key management software, which will help EMC deliver information lifecycle management. A survey last year by CompTIA, an IT trade association, found that protecting and securing data is the number one challenge in storage management.

A passel of widely-publicized cases of missing tapes containing Social Security numbers and other personal data has sensitized companies to the need for protecting information should it fall into the wrong hands. In addition, laws and regulations require banks and other financial institutions to institute policies for retaining, protecting, and accessing information.

“We’re now seeing the same blending of security and storage as we’ve seen with security and networks,” says Barbara Nelson, CEO of NeoScale Systems, which makes “appliances”–hardware devices that encrypt disks and tapes, and manage the keys needed to unlock data.

RSA’s encryption and key management technology is central to EMC’s strategy to directly protect information no matter where it resides within or outside of an organization, the company said in a statement.

While software encryption works at the application level, additional technology is needed to secure data at the media level, e.g., disks and tapes.

http://www.bankinfosecurity.com/articles.php?art_id=156&PHPSESSID=cfb4ec9e2060b1a75aa318ad04007258