Group items tagged

i everyone, I am Quentin Christensen and I work on document and records management functionality for SharePoint. Electronic discovery (commonly referred to as eDiscovery) is an area we are supporting with new set of capabilities in SharePoint Server 2010. In case you are not familiar with eDiscovery, it is the process of finding, preserving, analyzing and producing content in electronic formats as required by litigation or investigations. eDiscovery is an important concern for all of our customers and given that SharePoint has grown to be an integral part of collaboration, document, and records management for many organizations, we recognize the need to support the eDiscovery process for SharePoint content. Microsoft Office SharePoint Server 2007 included a hold feature that could be used for eDiscovery, but it was scoped to the Records Center site template. With SharePoint Server 2010 the eDiscovery capabilities have been greatly expanded to provide more functionality and the power to use these features across your entire SharePoint deployment. In this post, I want to highlight three major improvements in SharePoint that support eDiscovery. You can: Manage holds and conduct eDiscovery searches on any site collection Use SharePoint Server Search or FAST Search for SharePoint out of box to search and process content Automatically copy eDiscovery search results to a separate repository for further analysis

Existing cloud users are satisfied. Security is not considered to be an issue

A former IT staffer has been sentenced to a year and a day in prison for stealing sensitive information belonging to his co-workers and using the data to make money filling out online health surveys. Cam Giang, 31, was fired from the University of California San Francisco Medical Center earlier this year after investigators discovered that he'd been using the names, birthdays and Social Security numbers of other UCSF employees to fill out hundreds of online surveys. The point was to collect online vouchers, worth US$100 each.

CERT'S PODCASTS: SECURITY FOR BUSINESS LEADERS: SHOW NOTES Tackling Tough Challenges: Insights from CERT's Director Rich Pethia Key Message: Rich Pethia reflects on CERT's 20-year history and discusses how he is positioning the program to tackle future IT and security challenges. Executive Summary CERT's vision is a securely connected world. CERT's mission is to enable informed trust and confidence in the use of information technology. To achieve this vision and mission, CERT has broadened its perspective to include the full system/software engineering and operations life cycle and is reaching out to thought leaders in the global IT and security community. In this podcast, Rich Pethia, director of the CERT Program at Carnegie Mellon University's Software Engineering Institute, discusses the past, current, and future state of Internet security and CERT's role in tackling future challenges as CERT celebrates its 20th anniversary. PART 1: LOOKING BACK, LOOKING FORWARD: THE GOOD, THE BAD, AND THE UGLY CERT's Vantage Point CERT's vision is a securely connected world, supported by CERT's mission of enabling informed trust and confidence in the use of information technology. As the director of CERT, Pethia has unique access to government, commercial, and industry leaders. The Good News Internet use continues to grow, not just in size (number of people, volume of traffic) but also in utility, for example: * the increasing amount of real government and business operations * the introduction of new applications * the growing use of new mobile appliances User awareness of the need to address security is increasing along with increasing attention from service providers (firewalls, virus protection, anti-spyware, data backup). Developers are paying more attention to building security into their products. Vendors have more mature processes for providing cost-effective, timely updates for software vulnerabilities. Users are more willing

"In December 2010, the government's CIO, Vivek Kundra, released a 25-point plan for an overhaul of Federal IT that emphasizes a cloud-first policy for federal agencies. Currently the federal government is on pace to spend $79 billion on IT this year, with more than 20% going to infrastructure spending. Because the US government has spent $600 billion on IT over the past decade, the plan's intent is to reduce IT spending by the federal government."

"30% to 50% of help desk calls relate to forgotten passwords"

The topic of Cyber Terrorism has been a subject of many debates as to the reality of a significant event-taking place at the click of the button. In recent media coverage we've seen the London & Spain train bombings being triggered remotely using one of the most world's most adopted technologies, a cell phone. Who would ever think that someone would use a cell phone as a trigger point for detonating a bomb? Additionally, who would ever think that a terrorist organization would realize that all cell phones on the same cellular network receives their time/date from the same network timeserver so everyone has the correct time. This has allowed them to conduct simultaneous attacks via sms or speed dial on their phone.

"Back in the 1990s fellow science and technology journalist Charles Mann and I wrote a book uncovering the true story of how a lone, young, cognitively impaired hacker with relatively few computer skills managed to perpetrate what was then the most extensive and scariest series of computer break-ins ever - government weapons labs, dam control systems and ATM networks were among the hundreds of networks compromised. At the end of the book, we predicted that no matter how much effort was poured into making the Internet safer, hackers would always be able to have a field day, partly for technical reasons but also because companies and individuals would never get it together to take simple precautions critical to safe computing."

"This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or reg as well as information about what and who is covered. The list is intentionally US-centric, but includes selected laws of other nations that have an impact on US-based global companies. "

6. "More organizations will realize IaaS's security potential. During various inquiry calls this year, some customers mentioned to us that they dramatically improved data security by using an IaaS framework, centralizing the authentication, authorization, and access control of critical data - as a result disallowing direct access to data sources. This not only improves compliance audits for various organizations but also ensures that only authorized users can access sensitive data. We expect that more organizations, especially those that have hundreds and thousands of sources, will adopt an IaaS framework just to improve data security and compliance. "

In one case, it was used for extortion, i.e. to demand a better severance package. The other used it for revenge.

One of the main reasons organizations are broken into today is because they are fixing the wrong vulnerabilities. If you fix the threats of three years ago, you will lose. APT allows organizations to focus on the real threats that exist today. While APT is important, we need to clear the smoke and hype, focusing on why it is important and what it means to you. Instead of just using it as a buzz word, if we understand the core components of APT, we can use it to improve our security. In APT, threat drives the risk calculation. Only by understanding the offensive threat will an organization be able to fix the appropriate vulnerabilities.  What is APT?

"In his piece, "Cloud Computing Meets Energy Management," William Clifford makes important points about the need to optimize the efficiency of both cloud data centers and on-premise computing. However, a new study released this week challenges his assertion that cloud computing "just transfers the consumption problem to another location." The findings suggest instead that cloud computing can significantly reduce the overall net energy use of business computing needs."

"Research released today by Internet Security company AVG (http://www.avg.com) shows that although most small businesses understand the need to protect their IT systems, fewer are willing to put it into practice. Out of 2000 SMBs surveyed in the US and UK for the "SMB Landscape Report", more than half (52%) have no IT security guidelines for their staff, while 1 in 7 have no Internet security software or solutions in place at all. "

Societies and economies are rapidly changing; and the power of "us" has become far more important than the power of "you"

"Our opportunity is to build a globally connected human network capable of working collectively to address the significant social, economic, and political issues of our time. As leaders, it is our responsibility to lead by collaborative example,"

"70 percent of IT decision makers are using or plan to use cloud computing in their own enterprises within 24 months."

Over the last few years, both consumers and corporate clients have rushed to move their data to .the cloud,.1 adopting web-based applications and storage solutions provided by companies that include Google, Microsoft and Yahoo. Over 69% of Americans use webmail services, store data online, or otherwise use software programs such as word processing applications whose functionality is in the cloud. This trend is only going to continue. The shift to cloud computing exposes end-users to privacy invasion and fraud by hackers. Cloud computing also leaves users vulnerable to significant invasions of privacy by the government, resulting in the evisceration of traditional Fourth Amendment protections of a person's private files and documents. These very real risks associated with the cloud computing model are not communicated to consumers, who are thus unable to make an informed decision when evaluating cloud based services.

This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.

"A new study released today found that companies running applications in the cloud can reduce their carbon emissions by 30 percent or more compared with running those same applications in their own infrastructure. The study, "Cloud Computing and Sustainability: The Environmental Benefits of Moving to the Cloud," was commissioned by Microsoft and conducted by Accenture, a global management consulting, technology consulting and technology outsourcing company, and WSP Environment & Energy, an environmental consulting group. "

"One of the easiest ways to begin implementing ethics and compliance within lower levels is to provide new hires with extensive training on company expectations and ethics and compliance"