Microsoft IT Compliance Management Guide

This is a new solution accelerator publichsed by Microsoft to help shifting IT governance, risk, and compliance (GRC) efforts from people to technology. It aims to help IT people to understand better on how to address GRC with an IT management framework implemented.

Click here for the IT Compliance Management Guide.

Published: October 29, 2008

About This Solution Accelerator

The IT Compliance Management Guide can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. This Accelerator helps you better understand how an IT management framework can help you implement controls to address GRC requirements that apply to your organization. In addition, you can use its configuration guidance to help efficiently address your organization's GRC objectives.

The IT Compliance Management Guide is a Microsoft Operations Framework (MOF) 4.0 companion guide that is based on the Regulatory Compliance Planning Guide. It addresses GRC authority document requirements.

The IT Compliance Management Resources workbook provides an extensive inventory of GRC–related configuration and management guidance organized by Microsoft products.

"This guide contains the information that will enable IT professionals to have an informed discussion with their GRC subject matter experts, including legal and audit personnel. The overview of the audit process and descriptions of general GRC terminology and control concepts will allow IT professionals to be an active participant in these discussions. The associated workbook provides a comprehensive list of Microsoft resources that address GRC planning and product configuration topics relevant to IT professionals.

Web-Harvest

Web-Harvest is Open Source Web Data Extraction tool written in Java. It offers a way to collect desired Web pages and extract useful data from them. It is normally called Web Scraping or Web Data Mining.

It leverages well established techniques and technologies for text/xml manipulation such as XSLT, XQuery and Regular Expressions. Web-Harvest mainly focuses on HTML/XML based web sites.

Gmail Modes

>>>> From Google Operating System

If you can't access Gmail, try some of these URLs:

Safe mode - http://mail.google.com/mail/?labs=0. It disables the experimental features from Gmail Labs, just in case some of them are buggy. You can remove some of the features from Gmail's settings page.

Secure mode - https://mail.google.com/. It encrypts the traffic between your computer and Gmail's servers. Use it from public computers, Wi-Fi networks or to bypass some proxies and web accelerators. There's a Gmail setting that redirects the standard version to the secure mode ("Always use https").

Older version - http://mail.google.com/mail/?ui=1. This version has been replaced in October 2007 by a rearchitectured Gmail, but the old version is a little bit faster.

Basic mode - http://mail.google.com/mail/?ui=html. It's the version that doesn't use JavaScript, so it loads faster and it works well with older browsers. Unfortunately, many Gmail features are missing (contacts autocomplete, chat, spell checker, rich formatting) and each click loads a new page. If you like this version, click on "Set basic HTML as default view" at the top of the page.

Mobile mode - http://mail.google.com/mail/?ui=mobile or http://m.gmail.com. This is a simplified Gmail interface for mobile phones that has even less feature than the basic mode. Use it if no other Gmail mode works for you.

iPhone mode - http://mail.google.com/mail/x/gdlakb-/gp/. A more user-friendly mobile version for iPhone and other mobile phones that use WebKit-based browsers.

iGoogle gadget - http://www.google.com/ig/gmailmax. This was mentioned here before. It is a canvas view for the updated Gmail gadget which can be found in the new iGoogle. Some people found that this interface bypasses most corporate filters that prevent them from accessing Gmail at work.

"No browser checking" mode - http://mail.google.com/mail?nocheckbrowser. If you use a cutting-edge new browser and Gmail serves you the basic HTML mode, try this URL to bypass browser detection.

Command Line mode - http://goosh.org/. This is for UNIX users.

Two Database Audit Tools

Today I found 2 audit tools for database: SQLAudit and DBAudit.

SQLAudit is made up of two .NET 2.0 Assemblies: SqlAudit.dll and SqlAuditGenerator.exe
T-SQL Script Generator for SQL Server 2000/2005 to Allow Auditing on Database Tables using Triggers and Additional tables for Auditing.

DBAudit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.

Microsoft Windows Azure

Today Microsoft announced Windows Azure, a new version of Windows that lives in the Microsoft cloud. You won't be running Windows on your PC over the internet with Azure, though; instead the platform is intended to help developers host and distribute software running over the internet.

Windows® Azure is a cloud services operating system that serves as the development, service hosting and service management environment for the Azure Services Platform. Windows Azure provides developers with on-demand compute and storage to host, scale, and manage Web applications on the Internet through Microsoft® data centers.

We can use Windows® Azure to:

• Add Web service capabilities o existing packaged applications.
• Build, modify, and distribute applications to the Web with minimal on-premises resources.
  
• Perform services (large-volume storage, batch processing, intense or large-volume computations, etc.) off premises.
• Create, test, debug, and distribute Web services quickly and inexpensively.
• Reduce costs of building and extending on-premises resources.
  
• Reduce the effort and costs of IT management.