Ads by TechWords

See your link here
Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Merger Interrupts Sarb-Ox Project

A last-minute security audit for a sudden acquisition briefly puts a major push toward Sarbanes-Oxley compliance on hold.

August 9, 2004 12:00 PM ET

Computerworld - The first e-mail I got this week was a meeting invite with the subject line "Emergency discussion of merger and acquisition items for recent acquisition." Once again, the company made an acquisition and informed the IT organization only after the deal was signed.
We understand that these deals need to be kept under wraps for legal reasons. The problem is that if we discover an issue that might affect the deal, it's difficult to go back and change the agreement. And dealing with issues related to the acquisition meant we had to temporarily stop working on our Sarbanes-Oxley compliance project.
Griping aside, we took part in the conference call and learned that the acquired firm has fewer than 50 employees, all of whom work in one location, and it does no software development outside the country. This definitely made life a lot easier for me.
The most important order of business was to get the new employees configured so they could access our intranet, use e-mail and sign up for benefits and payroll. From a security perspective, before we provided VPN client software or created a point-to-point VPN tunnel, we had to make sure that we wouldn't be introducing malicious code or activity from their environment into ours. We accomplished this by reviewing desktop configurations, ensuring that they were using antivirus software and conducting a scan of the desktop IP address space.
We had only a few hours to conduct our work, so I prioritized and started on the network scans. I got a listing of their IP address space and used Nessus, a freely available port scanner, to run a scan of the corporate desktop addresses.
The results were of some concern. Most Windows desktops hadn't been patched in almost nine months -- an eternity for Windows systems. In addition, several Linux desktops were running vulnerable versions of applications like Secure Shell and Sendmail. And some users were running Telnet, an insecure remote-access utility. Since we were short on time, we gave the company's IT manager our Linux security guidelines and a copy of the assessment report.

For the Windows desktops, we had users install the latest patches and our corporate antivirus software. Our other immediate goal was to identify and take control of critical assets. This included a content versioning system repository containing the company's source code, a workstation housing the company's financials and HR files, and backup tapes, which were being stored at an employee's home.
In general, the acquisition assessment went well. Other than the desktop



Jump to comments

Security

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
 

SAS Information Management Kit

SAS is the leader in business intelligence and analytical software and services. Only SAS offers leading data integration, storage, analytics and business intelligence applications within a comprehensive enterprise intelligence platform. SAS gives 97 of the top 100 companies in the 2007 Fortune 500 THE POWER TO KNOW®.

Webcast: The Information Management Roadmap
Imagine high-quality data, cleansed, analyzed and delivered throughout your organization. Join Computerworld, IT visionary Thornton May and a panel of experts to learn how SAS® can help you make it happen.

View this webcast 
Research Report: Information Management Initiatives at Midsize and Large Organizations
See the top-line results of this Computerworld sponsored survey to see how IT and business leaders are handling information management implementation.

Download this report 
White Paper: Information Management: Better Information for Winning Decisions.
This white paper explains how the SAS Information Evolution Model aids companies in assessing how they use this information to make strategic decisions and drive business.

Download this white paper