One of the (many) things that I find alarming in my line of work is the number of companies that expect to respond to a data breach without a solid and tested response plan. As an ex-systems engineer, I know that the best-intentioned plans have little chance of succeeding unless they’ve been thoroughly tested, updated, and then tested again; perhaps multiple times.

PowerTech helps customers with security solutions that address many of the security challenges encountered in shops running on IBM i-based servers. We’ve developed solutions to remediate audit visibility, to permit access control, and to provide alerting. These solutions augment the IBM i integrated security controls. However, despite the best of intentions, you should always assume that someone, somewhere, eventually will find a way to access information that they shouldn’t. That’s when you’re going to need to put your plan into effect.

Last week, while I was in Atlanta to work on a security proof-of-concept for a large IBM i enterprise, I hiked up the gorgeous Stone Mountain. It’s a pretty steep trail that ascends almost 800 feet over a 1.3 mile distance. My hike wasn’t made any easier by the 20 lbs of camera equipment I had slung over my shoulder, but I made it up—and back down—without incident. While my heart was pumping hard, I still was able to see some humor in this emergency call box that wasn’t providing much assistance. It made me contemplate how many companies don’t realize that their incident response plan isn’t working until they need to use it—and by then it’s too late. Hopefully, none of the many hikers walking the trail from dawn to dusk will need assistance anywhere near this particular station. And, I hope your company has only working and tested responses waiting to kick into action.

If you’d like information on the solution modules that comprise the PowerTech portfolio, please contact me at robin.tatam@powertech.com.

Cheers!

- rt

Following the resounding success of last year’s PowerTech-sponsored “Security Event of the Year” in Las Vegas, Help/Systems is announcing an all-brands user conference in 2012. The conference will be hosted at the Hyatt Regency Conference Center in downtown Minneapolis, and will deliver exciting content to any organization that secures, automates, or data-mines using PowerTech, Robot, or SEQUEL solutions. In fact, there’ll be interesting content even if you don’t currently use these tools.

Mark your calendars and come meet Help/Systems’ experts in our corporate home town. And don’t worry, even if we finally catch up with the snow accumulation and freezing temps normally experienced during a Minnesota winter, it will be long gone by the time the conference rolls around!

When:     September 18 – 20
Where:    Minneapolis, MN

In security news, a House panel recently approved legislation known by the acronym Precise (Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act). According to govinfosecurity.com, an online security news website, the Precise Act is designed to coordinate the efforts of the government’s non-defense and non-intelligence agencies, as well as businesses that operate critical nation IT infrastructure. It’s one of several cyber bills currently under review.

The site also reported on last week’s revelation that Verisign had been hacked several times during 2010. Verisign, which operates two of 13 DNS servers that route internet traffic, admitted that top management was not aware of the breaches until September 2011. While it’s not currently believed that the internet DNS servers were affected, Verisign responded to the attacks (as most companies do in their unfortunate situation) with increased security monitoring controls to try to limit the impact of a repeat attack.

Also last week, Citigroup was among the latest victims of a Brazilian hacker group called “Anonymous Brazil” when they suffered a denial-of-service attack that took down their consumer banking website for about an hour. It looks like this year is off to a start not dissimilar to last.

Lastly, if you purchased a Motorola Xoom tablet last year and subsequently returned it, be aware that any information you placed on it might have been exposed. Apparently, 100 or so of these devices were sold as reconditioned units without being wiped totally clean. Previous owners are being offered two years of credit monitoring services.

If you store private information—such as passwords, contacts, or photos—on a device such as a desktop computer or a mobile phone, don’t rely on the manufacturer to delete it for you; set it back to a factory default before returning it. The same advice holds true if you are selling a device. It still comes as a surprise to many people that deleting a file from a computer hard drive doesn’t actually delete the file—it simply marks the space occupied as reusable. It is entirely possible to undelete files if that space has not been overwritten, so make sure you use a technology that permanently wipes the data.

If you’d like information on the solution modules that comprise the PowerTech portfolio, please contact me at robin.tatam@powertech.com.

Cheers!

- rt