The U.S. Department of Commerce’s NIST (National Institute of Standards and Technology) recently released Special Publication 800-53, a report titled “Recommended Security Controls for Federal Information Systems and Organizations.”The 237-page report discusses the latest suggested practices for minimizing network vulnerabilities in government agencies, but its lessons carry over to any business, school, or organization with Internet access. It also discusses compliance with FIPS (Federal Information Processing Standards) 199 and 200 security levels. The report was prepared by the Computer Security Division of NIST’s Information Technology Laboratory.

http://csrc.nist.gov/publications/PubsSPs.html

Team Photo with IBM Tivoli / ISS Product Leads

From left to right :

Waseem Rafique : Fault Management / Network Performance – IBM Products Lead

Imran Ali Butt : Systems Performance / D-Box / SLA, SLM  – IBM Products Lead

Waqar Khan: Application Performance / Compliance  – IBM Products Lead

They can capture your imagination and catapult you from your everyday problematic data center management life into an enterprise service management world.

Friday – In Office

We love to be very casual on Friday.

Build & Maintain A Secure Network

Requirement 1:Install and maintain a firewall configuration to protect cardholder data.

Requirement 2:Do not use vendor-supplied defaults for system passwords and other security parameters.

Protect Cardholder Data

Requirement 3:Protect stored cardholder data.

Requirement 4:Encrypt transmission of cardholder data across open, public networks.

Maintain A Vulnerability Management Program

Requirement 5:Use and regularly update antivirus software.

Requirement 6:Develop and maintain secure systems and applications.

Implement Strong Access Control Measures

Requirement 7:Restrict access to cardholder data by business need-to-know.

Requirement 8:Assign a unique ID to each person with computer access.

Requirement 9:Restrict physical access to cardholder data.

Regularly Monitor & Test Networks

Requirement 10:Track and monitor all access to network resources and cardholder data.

Requirement 11: Regularly test security systems and processes.Maintain An Information Security Policy

Requirement 12: Maintain a policy that addresses information security.

SOURCE: PCISECURITYSTANDARDS.ORG

RSA released its SecurID SoftwareToken for the iPhone. The software en-ables an iPhone to be used as an RSASecurID authenticator, providing conve-nient and cost-effective two-factor authentication for enterprise applications and resources. It is designed to generate a one-time password that changes every 60 seconds, enabling secure access to enterprise applications and resources. The application is available free in the AppStore.

Addonics Technologies announced CipherChain, an encryption tool designedto provide protection for technology suchas personal computers, servers, rack-mounted systems, and data storage equip-ment. The AES 256-bit hardware full-disk encryption tool is roughly the size ofa flash drive. To help companies encryptlegacy systems or systems in a heteroge-neous computing environment, Cipher-Chain can operate on any operating sys-tem. CipherChain is designed to be simpleto use, with no software, drivers, or pass-words to deal with. It is designed to workwith any SSD or SATA storage device.