12/3/2005 5:00:00 PM
Ryan's soccer team, the Cannonballs, soundly thrashed the Golden Eagles this Saturday. I don't know the final score (they don't "officially" keep score for 4-5 year-olds), but it was something like 13-8. Ryan scored 8 of the Cannonballs goals, made some excellent saves, and had his best overall game so far this season.
12/2/2005 5:00:00 PM
Stella, Christine and I have finally started grinding through the agenda and session proposals for DEC 2006, to those who hae been awaiting feedback on your proposals (Jorge, this means you!), you will be hearing from me starting next week. Sorry for the delay...
12/1/2005 5:00:00 PM
Guido and I (mostly Guido!) put together the Definitive Guide to Active Directory Disaster Recovery a couple of months back. You can download it from the NetPro website at http://www.netpro.com/forum/files/Active_Directory_Disaster_Recovery-Part-I.pdf
. You can get the first part just by clicking on the link. To get the second part, you have to follow the URL at the end of the Part I document and register. Gotta love those marketing people
11/30/2005 5:00:00 PM
The latest version of Control Objectives for IT (COBIT) was released by ISACA recently. I haven't gone through the whole thing yet, but some of the changes relate to improved integration with ITIL and ISO 17799, with COBIT providing the overarching framework and ITIL and 17799 providing more detailed guidance. There is also an increased focus on IT governance and a more detailed description of the IT process model.
11/29/2005 5:50:40 AM
The Personal Data Privacy and Protection Act made it through the US Senate and some form of it will probably become law next year. Its a lot like SB1386 in that it requires notification when unauthorized access to personal data occurs. But the most interesting sections are Title III and Title IV. Title III give people a right to access and correct the personal information held by data brokers. Title IV requires all organizations that hold information for more the 10 thousand customers to develop and maintain a comprehensive data security plan... it doesn't just apply to public companies, but to every company with >10K entries in their customer database. Financial companies and health care companies already covered by GLBA and HIPAA are exempted.
Each company has to:
- Perform a threat assessment and risk evaluation
- Evaluate the existing control structure and identifiy deficiencies
- Implement access controls on the PII
- Detect actual and attempted unauthorized access to the PII
- Use encryption or other means to protect PII in transit and in storage
The interesting part will be sorting out how this law will relate to existing state laws like SB1386. In some cases the states have precedence, and in other cases the federal law has precedence.
Without having dug into the details, it looks like a pretty reasonable regulation. In any case, its going to cost people money, and provide security consultants and auditors with another revenue source
11/29/2005 2:58:08 AM
So Dave Kearns has nominated Kim Cameron as Network MVP for 2005. Can't argue with that.
10/31/2005 3:22:52 PM
The Buffs (Scott's flag football team) lost to the Villains this past Saturday. I think the final was 32-18. Scott made a couple of good tackles during the game. The Villains had a very quick running back who could get outside and run away from everyone on the Buffs. I think he scored 4 of the Villains 5 touchdowns, two of them on kickoff returns. The kids were tired (no substitutions again this week... everyone played the whole game) and pretty dejected by the end. The Buffs really are short-handed this year.