Tuesday, 31 May 2011

Computer Security Policy: Part 1 - Hierarchy of Management Direction

When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy.

  • Laws & Regulations

  • Policy

  • Standards/Directives

  • Procedure

  • Guideline


Laws & Regulations

These are the compulsory rules, with sanctions, declared by the government for all citizens.

Here in Canada, the laws are passed by elected members of parliament.  In the United States, laws are passed by elected members of Congress, and then ratified by the Senate.  The president signs the law into being.

Policy

A policy is "a high level statement of enterprise beliefs, goals, and objectives and the general means of attainment" (Peltier).   Another way to look at it is that "policy is the articulation of the intentions of management".  (Fites/Kratz)

It's a course of action or a principle taken by a group of individuals used to govern themselves.

Standards

Standards could be defined as required activities that provide a support structure and direction on how to carry out policies.

"A document, established by consensus and approved by a recognized body, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context."  (Standards Council of Canada)

Procedures

A procedure is a set way to perform a task.  It is a series of instructions to be completed in a particular order or manner.

Guidelines

Guidelines are "general statement designed to achieve policy".  (Peltier)

They could also be classified as a forceful recommendation to achieve a certain goal.

Friday, 27 May 2011

Domino databases can disappear when UNIX/LINUX server is shutdown

Abstract

In certain cases on a Domino 8.5.2 FP1 server, the contents of the Domino data directory can be deleted during shutdown on UNIX and Linux platforms. This does not happen frequently or on all Domino servers. However, if this does happen, a backup restore of the data will be necessary.
This IBM Alert addresses an issue with the ~notetmp.reg file on UNIX or LINUX servers running Domino 8.5.2 FP1.

This is what happens:
The problem occurs if ~notetmp.reg points to the Domino data directory as the temp directory and also contains an empty string filename. In that case, Domino sees everything in the data directory as temporary and all files will be deleted at server shutdown. 
More information can be found on the IBM support site.   Reference is SPR# DWON8FVMYS.

Thanks to Gunawan T. Wicaksono for pointing this Alert out.

Tuesday, 24 May 2011

Admin Notes: Fixes for File Viewer Vulverabilities in Lotus Notes

Just a quick note to make sure this gets out there.

I'm taking on more 'security' type duties at work.   This is something that falls under both my hats.

IBM Support has released a Flash Alert regarding some vulnerabilities discovered in Lotus Notes.

More information can be found on the IBM Support site.

I do like the fact that they have provided work around information all the way back to Lotus Notes 5.x.

Thursday, 19 May 2011

Admin Notes: Lookup of IP address for host failed

If you come across and error like this in your Lotus Domino console, or log file:

"Lookup of IP address for host xxxxx.xxxxx.xxx failed"

Take a look at your Internet Site Documents, chances are one of them (a non-website one) has an invalid domain name.

Wednesday, 11 May 2011

Cross Country Lotus User Group - May 12th, 2011

PLEASE NOTE THE UPDATES TO THE AGENDA IN BLUE
Date:  Thursday,  May 12th, 2011

Time:    1:00pm to 5:00pm –  Eastern Daylight Time  -  Montreal, Ottawa, Toronto
            11:00am to 3:00pm –  Mountain Daylight Time - Calgary
            10:00am  to 2:00pm – Pacific Daylight Time  - Vancouver


Locations
Montreal
1360 René Levesque Blvd West, 13th floor, Conference Room
Local Host: Angela Caruso, acaruso@ca.ibm.com
Ottawa
340 Albert St, Room 100
Local Host: Connie Triassi, ctriassi@ca.ibm.com
Toronto
120 Bloor Street East   Suite 104
Local Host: Rosie Seth, rseth@ca.ibm.com
Calgary
227 - 11th Avenue SW,  2nd floor, Room 2-045
Local Host:  Don Gillis, dgillis@ca.ibm.com
Vancouver
4611 Canada Way, Burnaby, BC, Queen Charlotte Room
Local Host: Jayne Johnson, jaynej@ca.ibm.com


Welcome to the Cross Country Lotus User Group Meeting!

Agenda:

Montreal/ Ottawa/ Markham

Calgary
Vancouver
Topic  & Speaker
Speakers Location
12:30
Lunch
10:30
Coffee
9:30
Coffee
Meet & Greet

1:00
11:00
10:00
Welcome and Agenda

1:05
11:05
10:05
Lotus Notes 8.5.3  –How to set up Notes 8.5.3 for former outlook users

Mary Beth Raven – IBM
Senior Technical Staff Member - Responsible for UI Design
Montreal
2:00
12:00
11:00
DraganRAD– DragonRAD is a mobile enterprise application platform that empowers developers without specialized mobile development skills to create data-driven enterprise applications that run across multiple smartphones and tablets including BlackBerry®, BlackBerry PlayBook™, Android™, iPhone®, iPad®, and Windows Mobile™.

Gord Graham – Seregon Solutions

Ottawa
2:40
Coffee
12:40
Lunch
11:40
Lunch
Networking

3:00
1:00
12:00
How I got started in XPages development! – My first steps into XPages were daunting because of how much I felt I didn't know, how far behind I thought I would be and how steep I was afraid the learning curve was.  I am happy to report that I am glad I took those first steps and am quite excited about using XPages.  I will explain my background in Notes, the resources I have used to become familiar with XPages and then demonstrate some XPages features and discuss the things that I find really powerful in XPages compared to traditional Lotus Notes development.

Graham Acres – Brytek Systems Inc

Burnaby
4:002:001:00
TLCC  - The Leader in XPages Training
Paul Della-Nebbia  will take a few minutes to tell us about TLCC’s Introduction to XPages Development 8.5 Workshop coming soon to a city near you!
Toronto
4:15
2:15
1:15
8.5.x Domino Server Availability and Tuning
Do you want to keep your Domino servers available 99.999% of the time? Is part of that goal to minimize cost and take economic advantage of what's new in Domino for Release 8.5 on? There are capacity planning and administrative actions, design decisions as well as a lack of ongoing and proactive tuning practices that threaten those goals. Gleaning from the struggles, successes and failures of several enterprise deployments using the latest Domino features and configuration options, this session will yield a vital list of items that may need
correction as well as procedural changes going forward.

John Curtis – IBM
Senior Technical Staff Member – Domino Development
Remote
5:00
3:00
2:00
End of Meeting


IBM is pleased to provide lunch and refreshments in each of the host cities.

Register for the Event: https://events.webdialogs.com/register.php?id=df080a48bc&l;=en-US
Upon registration you will receive the information for the web and phone conference. If clicking the link above does not work, please copy the entire link and paste it into your Web browser.

Wednesday, 4 May 2011

Sharing: OSF DataLossDB

I just wanted to share a site that I refer to frequently, the DataLossDB from the Open Security Foundation.

They track both Incidents and Fringe Incidents relating to the loss of data by an organization.

I got thinking about it today because I just submitted my first report to them, not for myself, but for a news article that I spotted online.