Tag Archives: MySQL

About 1814 days ago Computer Security

Instituting Security Metrics

our beautiful site

A crisis or catastrophe lurks behind every CNN headline: Devastating worm attacks vulnerable computers. Laptops stolen, along with critical data. Identity theft costs business millions. It’s easy to feel constantly under siege. But there might be a better way. Some experts say that setting up security metrics may be a less-costly long-term solution. What are security metrics? If measurements and benchmarks can be compared to taking a patient’s daily temperature, metrics are the temperature trends that reveal themselves over time. Like key performance indicators, security metrics gauge both where you’ve been and where you are currently. “Security metrics identify where the organization is accepting a higher level of risk,” says James DeLuccia, author of IT Compliance & Controls: Best Practices for Implementation (Wiley, John & Sons, 2008). “Accurate information about security operations ensures that only necessary safeguards are deployed, and done so where most effective.” Plus, DeLuccia says that security metrics can help an organization identify where they’re spending inefficiently. Areas to measure security DeLuccia suggests conducting an inventory of security applications, hardware, or processes. In conjunction, identify data stores and machines that contain sensitive information. Create performance goals for security control or process, and then take the “temperature” of each item through measurements.  By doing so, “the organization delivers the necessary level of services and optimizes security technology,” Deluccia says. Here are a few areas for measurement: Measure your uptime from month-to-month, and document failures due to vulnerabilities in operating systems, network devices, or applications. Conversely, if outsourcing IT security, demand that your key vendors provide reports of their service levels. System security. Public-domain benchmarking tools can reveal your current level of exposure due to flawed setups of Windows, Solaris, or Linux. Online toolkits at sites like the Center for Internet Security indicate best practices.  The guides offer step-by-step pointers on locking down your core platforms, including Exchange Server or MySQL server. Cost per user. How much are you spending to protect each user or customer? Can you decrease costs while increasing security over time? Compliance. John Kindervag, chief security architect with Vigilar, an IT security consulting firm, says that merchants using credit cards should measure their compliance with PCI requirements, always striving to better their performance. “Use the self-assessment questionnaires and resources from the PCI standards council,” he says.  Medical businesses may wish to do self-assessments for HIPAA. Make comparisons over time Compare month-to-month, year-to-year to find out where underlying problems exist. “You want to look at this in a tactical way, using strategy and measurement,” Kindervag says. And DeLuccia points out that through understanding processes and setting goals, businesses streamline security. Reduce risk through review of users with access to sensitive data; replace poor-performing security software (or consultants) with better options. Applying metrics isn’t a quick, overnight exercise — but neither is growing your business.  Measuring security alongside sales leads to a clearer view of your strengths, and where you need to focus your solutions. 

About 1814 days ago Data Security

Instituting Security Metrics

our beautiful site

A crisis or catastrophe lurks behind every CNN headline: Devastating worm attacks vulnerable computers. Laptops stolen, along with critical data. Identity theft costs business millions. It’s easy to feel constantly under siege. But there might be a better way. Some experts say that setting up security metrics may be a less-costly long-term solution. What are security metrics? If measurements and benchmarks can be compared to taking a patient’s daily temperature, metrics are the temperature trends that reveal themselves over time. Like key performance indicators, security metrics gauge both where you’ve been and where you are currently. “Security metrics identify where the organization is accepting a higher level of risk,” says James DeLuccia, author of IT Compliance & Controls: Best Practices for Implementation (Wiley, John & Sons, 2008). “Accurate information about security operations ensures that only necessary safeguards are deployed, and done so where most effective.” Plus, DeLuccia says that security metrics can help an organization identify where they’re spending inefficiently. Areas to measure security DeLuccia suggests conducting an inventory of security applications, hardware, or processes. In conjunction, identify data stores and machines that contain sensitive information. Create performance goals for security control or process, and then take the “temperature” of each item through measurements.  By doing so, “the organization delivers the necessary level of services and optimizes security technology,” Deluccia says. Here are a few areas for measurement: Measure your uptime from month-to-month, and document failures due to vulnerabilities in operating systems, network devices, or applications. Conversely, if outsourcing IT security, demand that your key vendors provide reports of their service levels. System security. Public-domain benchmarking tools can reveal your current level of exposure due to flawed setups of Windows, Solaris, or Linux. Online toolkits at sites like the Center for Internet Security indicate best practices.  The guides offer step-by-step pointers on locking down your core platforms, including Exchange Server or MySQL server. Cost per user. How much are you spending to protect each user or customer? Can you decrease costs while increasing security over time? Compliance. John Kindervag, chief security architect with Vigilar, an IT security consulting firm, says that merchants using credit cards should measure their compliance with PCI requirements, always striving to better their performance. “Use the self-assessment questionnaires and resources from the PCI standards council,” he says.  Medical businesses may wish to do self-assessments for HIPAA. Make comparisons over time Compare month-to-month, year-to-year to find out where underlying problems exist. “You want to look at this in a tactical way, using strategy and measurement,” Kindervag says. And DeLuccia points out that through understanding processes and setting goals, businesses streamline security. Reduce risk through review of users with access to sensitive data; replace poor-performing security software (or consultants) with better options. Applying metrics isn’t a quick, overnight exercise — but neither is growing your business.  Measuring security alongside sales leads to a clearer view of your strengths, and where you need to focus your solutions. 

About 1935 days ago Business Software

How to Choose In-House Blogging Software

our beautiful site

The biggest step in creating an in-house blog is deciding how you’ll use it. But once you’re over that hurdle, you’ve still got to wade through all the available options to find a technology platform that’s right for your business. Should you license software and run it in house, or sign up for a hosted service? Is open-source software the way to go or would proprietary tools be a safer choice? What to consider The right answer will depend on an individual company’s needs and desires, according to social-media industry experts. When evaluating blogging software, small and mid-sized businesses need to consider their budget, in-house technical skills, how much use a blog will get and how large it could grow, says Paul Gillin a new media consultant and author of The New Influencers. In addition, Gillin and other industry experts suggest that companies consider: Location — The biggest decision a company has to make is whether to host a blog in-house or use a Web-based service. There’s nothing inherently better about running blog software in-house, it’s more a question of corporate policy, the type of information that’ll appear on the blog, and whether a company has employees who can maintain the hardware and software, according to Anil Dash, vice president of evangelism for Six Apart, maker of Moveable Typeand TypePad blogging software. “It really has to do with your desire for control,” he says. Portability — The day may come when a company wants or needs to switch vendors, so make sure you create can be easily exported to a new platform, says Lee Huang, head of the New York City chapter of the Internet Strategy Forum and former digital strategy director at Nielsen Business Media. Customization — If you opt for a hosted service, find out how much you can customize it to suit your special needs and if additional plug-in functions are available. Vendor expertise — The biggest vendors of blogging software aren’t necessarily the ones with the most experience, according to the experts. Evaluate vendors by looking at their track record, customer base, support from developers, and the type of training and support that’s available directly or through developers and other users. Simplicity – “Any kind of technology gets left behind if people find it too hard to use,” says Dash, of Six Apart. SIDEBAR: Blogging Software Vendors Blog technology comes in as many flavors as ice cream. Some of the better known technology providers are: WordPress — This free, open-source blogging software from WordPress.org can be hosted on any computer server running PHP version 4.2 or later or MySQL version 4.0 or later. WordPress.com is a website that hosts free blogs written in WordPress. Blogger — The latest version of the free, Web-based blog service fromGoogle supports multiple authors, allowing for group blogs. Movable Type and TypePad – Movable Type is Six Apart’s blog publishing platform. Prices for the MT Enterprise Solution start at $295 for a five-user license. In December 2007, SixApart introduced the beta version of a free, open-source version of Movable Type called MTOS 4.1. TypePad is Six Apart’s free, Web-based blog service that’s based on Movable Type’s publishing platform. Joomla — Version 1.5 of this free, open-source content management system (CMS) debuted in January and includes blog software along with forums and chat software and many other features. b2evolution This free, open source CMS supports multiple blogs, news feeds and other social-media features, and runs on Web servers with PHP and MySQL. Roller — Version 4.0 of this Java-based, open-source blog software from Apache Software Foundation debuted in December 2007 and includes upgrades such as custom blog themes. Blogtronix — This enterprise-level integrated social media platform can be used to create text, audio and video blogs, plus wikis, RSS, and networked communities on Microsoft’s .Net 2.0 platform. Blogtronix offers a free 25-user Express version with limited functions and paid support, and a 30-day free trial of its complete enterprise platform. SuiteTwo — Another social-media platform bundle that includes technology for blogs, wikis and other applications from Intel, SpikeSource, Simplefeed, Moveable Type, and others. Prices for software only or a hosted version start at $990, and for a hardware/software suite at $2,495 for a 10-user license.

About 2027 days ago Business Software

Upgrading to a Database

You know it’s time for your business to upgrade to a database when: Spreadsheets aren’t enough to organize the growing amounts of electronic data anymore, it’s hurting business and clients are screaming for change. The advantages of replacing stand-alone programs outweigh the time and expense of switching to something new. In this age of hackers, viruses and identity theft, it’s not safe for people to keep valuable information on desktop or laptop computers. No matter what the reason, even the smallest business can benefit from upgrading to a database to centrally collect and manage vital company information, according to analyst and industry experts. First introduced in the 1970s, relational databases consolidate and store information in tables that can be shuffled and reshuffled myriad ways, helping companies better track diverse data such as sales transactions, inventory and customer profiles. Plethora of products Today, small businesses have a wealth of database types and vendors to choose from, including: Low-cost solutions like Microsoft Access, part of the Office product suite, or Filemaker Pro from Filemaker. Open source products like MySQL or the Base database fromOpenOffice.org. Software-as-a-service offerings such as InternetOffice.biz. Entry-level enterprise database software from industry leaders such as Oracle, Sybase and Microsoft But don’t put the cart before the horse. The first step in a database upgrade isn’t picking the software. It’s deciding what you’re going to use it for, who’ll be using it, and how far it has to scale as your company grows, says Noel Yuhanna, a database analyst at Forrester Research in Cambridge, Mass. Once you’ve created the database and know what needs to be moved, automated tools can easily transfer data from existing spreadsheets and other files to the new system, Yuhanna says. With identify theft and other computer-related crimes on the rise, security is another reason companies switch to centralized databases, Yuhanna says. “If someone were to remove files from your desktop or laptop, you might not know about it. Anybody can change a figure and you wouldn’t know it. In a database, you can track that.” Who’s in charge Deciding what you need a database to do might be a group effort, but the job of putting a plan into action typically falls to a select few. At small companies, that might be the most tech savvy person on staff, or a consultant who’s hired for a month or two to get things running and train the staff. Mid-sized companies might need one or two IT people to maintain associated hardware and software, according to Greg Nelson a former software company owner and currently chairman of the Naples, Fla., chapter of SCORE, the small-business advisory group. Costs will vary accordingly, Nelson says. For a small company using Microsoft Access to create a database for 10 people, the costs would be nominal. But a database with 500 users and roll-back capabilities that minimize lost data in the event of a power failure could be $25,000 in software alone, he says. However, any forward-looking company shouldn’t think twice about putting a properly constructed database in place, Nelson says. “Having the right information available at the right time,” he says, “can certainly make the difference between success and failure.”

About 4341 days ago Business Software

Database Driving Essentials

You’ve honed your HTML skills and now you want to take your Web site to the next level by adding some database interactivity. You’ve browsed around the Net looking for ideas, tried out Web-based tutorials, and you’re raring to get going with some real code. Here are five essential resources you’re going to need on your journey — don’t set out without them. Yes, the advocates of tools such as Macromedia Dreamweaver UltraDev and Microsoft Visual Studio claim you can build your site just by pointing and clicking, without writing a line of code. These packages come with excellent tutorials that appear to prove this point. But believe me, out there in the messy real world, when you are working on a live application, you will need to edit that code by hand. Ignore all those seasoned Web hands who boast they only use Notepad and get yourself a proper programmer’s text editor. It might cost you all of $20 (U.S.), but it will be worth every cent. I’ve been using TextPad constantly, for years, and I wouldn’t exchange it for anything else. But quite a few equally good editors are out there, including NoteTab, EditPlus and UltraEdit. Or try a search at a site such as Download.com to find others. Some text editors are free, others cost a few bucks. Download evaluation copies, try them and register the one you feel most comfortable using. Then spend some time getting to know its capabilities. All these editors offer some incredibly powerful features, such as advanced search and replace options, which can save you hours of tedious work. Test EnvironmentSet up a Web server and a database on your own computer for testing. When you’re just starting out in server-side programming, you will make plenty of mistakes — and some of these mistakes will crash your machine. I can assure you it’s much less hassle to crash your own PC than your live Web server. If you’re paying for your Internet access by the minute, testing off-line will also save you money. Microsoft Windows 98, 2000 and ME come with a Web server built into the operating system (Personal Web Server in the case of Windows 98, and Internet Information Server for Windows 2000) so you are likely to have one installed. You’ll probably also need to set up a database connection using Object Database Connectivity between your selected database — for example, Microsoft Access — and your Web server. If your target environment is a UNIX Web server running Apache, PHP and MySQL, a very common configuration, you can still set up a reasonably close approximation on your PC. Windows versions of all three of these applications are available. Setup is considerably more complex, but you’ll find some good tutorials at Webmonkey that take you through the process step by step. BookmarksWhich brings me to essential tool No. 3, a collection of bookmarks to help you learn your chosen technology. Whatever you need to do when you’re starting out, you’ll almost never have to develop it from scratch. You’re certain to find an example you can adapt to your needs on one of the many tutorial sites. Even when you’re more experienced, these sites are a rich source of information.