segunda-feira, 28 de maio de 2007

Liberada a versão 1.2 do OSSEC HIDS

OSSEC HIDS Version 1.2 is available!
 
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.
 
It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.
 
 

sábado, 26 de maio de 2007

Alemanha aprova lei que pune hackers com pena de até dez anos

Veja a reportagem em http://idgnow.uol.com.br/internet/2007/05/25/idgnoticia.2007-05-25.2406954107. Nesse momento, em que estamos analisando as propostas de regulamentação no Brasil, seria interessante conhecer o trabalho desenvolvido em outros países.

sexta-feira, 25 de maio de 2007

Measures passed by SEC to ease burden of Sarbox

Measures passed by SEC to ease burden of Sarbox

By Jeremy Grant in Washington

Published: May 24 2007 03:00 | Last updated: May 24 2007 03:00

US regulators yesterday approved measures to ease compliance with Sarbanes-Oxley five years after the law was passed in the wake of big corporate scandals.

The move is a sign a more "principles-based" approach to financial regulation is gaining ground in the US.

Critics of the way Sarbox has been implemented said reliance on rules and a "box-ticking" mentality to internal controls checks have been cumbersome and added needlessly to costs.

The Securities and Exchange Commission's five commissioners agreed unanimously to the establishment of a set of guidelines for company management on how they should carry out internal control checks mandated under Section 404 of the law.

Section 404 requires management to check controls over financial statements and have those signed off by an external auditor.

Critics of the way Sarbox was written had argued that the lack of such guidance had led to over-reliance by executives on the checks carried out by their external auditors, leading to often unnecessary audits.

Specifically, the SEC's new "interpretive guidance for management" would allow executives to "scale and tailor their procedures to fit the facts and circumstances" of a company's situation, according to SEC chairman Christopher Cox.

Michael Ryan, executive director of the Centre for Capital Markets Competitiveness at the US Chamber of Commerce, said: "This major rewrite is a clear step forward and recognises how seriously off-track Section 404 implementation has become."

The guidance is not only "scalable" according to size of company but also takes account of the complexity of a company's business.

Annette Nazareth, one of two Democrats on the commission, said: "I strongly support this principles-based interpretive guidance.

"It encourages innovation instead of a one-size-fits-all approach. I hope that it will help liberate companies by allowing them to apply the guidance to their own situations. It will provide overarching principles without forcing companies to fit into a prescribed mould."

The SEC also sharpened its definition of "material weakness" in accounts - a key uncertainty in previous audit cycles - as "a deficiency, or combination of deficiencies, in internal control over financial reporting" such that there is "a reasonable possibility that a material misstatement of the company's annual or interim financial statements will not be prevented or detected on a timely basis".

The new guidance is likely to have the biggest effect on smaller companies, which will have to comply with the SEC's management controls provisions of Section 404 by year-end.

Today the Public Company Accounting Oversight Board, the US accounting watchdog, is expected to produce new rules for auditors checking a company's internal controls.

Guia de Outsourcing

Excelente referência sobre os provedores mundiais de outsourcing: http://www.theblackbookofoutsourcing.com/

sexta-feira, 11 de maio de 2007

COBIT 4.1 - Mudanças

 
 
Na minha opinião, houve uma melhora, principalmente na reordenação e reagrupamento de alguns objetivos de controle.
 
Acho que o Executive Overview ficou muito extenso, pois existem outros documentos do próprio ISACA que já dispõem de conteúdo similar e mais detalhado.
 
As mudanças não chegam a ser "significativas", pois a melhoria ocorrida na evolução COBIT Third Edition para o COBIT 4 já haviam sido muito grandes, e muito bem feitas.