Sarbanes-Oxley in Brief

Sections under the SOX compliance, more relevant to the Information Technology domain are as follows:

 

1. Section 302: Certification of Financial Reports

    This section refers to the requirement that CEOs, CFOs and registered public       

    accounting firms must certify the accuracy of financial statements, as well as retain

    and make public the internal information used to produce the reports. For the IT

    operations folks and the CIO, that means all e-mail messages must be preserved and

    there must be a verification that the integrity of these systems is being properly

    maintained.

 

2. Section 404: Certification of Internal Controls

     This section requires that a company's internal controls, or the systems, processes,

    applications and policies which are used to develop and maintain the financial reports

    for the company, be documented and certified.

 

3. Section 409: Material Event Reporting

     This section requires that a company must disclose information regarding material changes in the financial condition

    of the company. Moreover, these changes must be captured and reported in real-time. This section has not yet

    gone into effect.

 

Ref: http://www.ins.com/knowledge/articles/SOX-Williams-0405.asp

ERROR:null in the Task Tab

When "ERROR:null" is displayed after clicking the All Tasks tab, implies that one or more of the task instances are stuck and executing. We can still search for tasks by going to the Find Tasks tab and checking only the "is Finished/Executing/Ready" option and clicking the search button. Delete the executing or hanged tasks through the debug page->Task Instances. There may be more than one such task instances. We can have java program clean-up such instances. This occured when xml parse exceptions are encountered.

Active-Sync Fine Tuning

Active Sync (realtime) running on LDAP  is slows down the server and sometimes crashes it. The active sync process is fine tuned to process only those changes that are necessary for Lighthouse user identity management rather than having all the data processed for each of the records in LDAP. In this case LDAP gets the feed from PeopleSoft HR. Proposed work-around was to host the Lighthouse active-sync and user interface processes on different servers pointing to the same LH repository. This can be done by changing the "sources.hosts=localhost" under "UI Options" in the waveset.properties file. Change this to - "sources.ldap.host = {ip address of the hosting location}".

Some minor issues encountered in Sun IdM

(1) Switiching on the personal firewall in the local setup will break the link between Identity Manager and the local database (MySQL) and throws an exception in the login page. To get this properly functioning switch off the personal firewall.

(2) Trying to stop the active sync process (which might be running for a large number of users) may fail. To stop the process - set the active sync process start-up procedure to manual and restart the server.

Displaying The Security Tab In XP Home Edition

When trying to share a folder and providing access to users on the network by right clicking on the folder and going to properties, displays only three tabs 'General', 'Sharing' and 'Customize' but not the 'Security' tab unlike in Windows XP Professional. One way to get the 'Security' tab back is to uncheck the "Use simple file sharing(Recommended)" option under Tools->Folder Options->View. In Windows XP Home this can be rectified by downloading the scesp4i.exe file and extracting the files. Right click on the Setup.inf file and click install, which brings up the 'Security' tab on the properties menu after restarting the system.

Password entry through keyboard is a risk?

It was interesting to know from today's morning news on WWJ 950AM, that Researchers at University of California, Berkeley say that a password can be decrypted (or retrieved) by recording the sound made by the keys while typing the password. This sound will then be analyzed and the password is guessed based on the fact that the sound made by each of the different keys on the keyboard is different.

Rewriting import declarations while migrating from Lighthouse to SunIdM

One problem that occured while setting up a build process for an IdM project (previously existed in the Lighthouse Version 4.1 SP2) in SunIdM (Version 5.0 SP5) was that the compiler continuosly complained about the "EncryptedData" class which was extensively used in the project. This is because the EncryptedData Class existed in the lighthouse.jar file, is now moved to the "com.waveset.util" package in the idmcommon.jar file provided by the Identity Manager. So, one needs to rewrite all the import declarations in the resource adpaters while considering a migration from older version of the identity manager (Lighthouse) to the Sun IdM, to reflect this modification. 

How secure is your company or how compliant are your IT systems with government regulations?

"The more you try to be secure the more vulnerable and insecure you become", seems to be so true with many companies which are trying to meet the SOx, HIPAA and many other acts framed by the government in the recent years. It would be very interesting to contemplate how these changes effect the information security and the IT world as such in the coming days.

Welcome to my Blog

I have started blogging primarily to keep track of all the issues that I encounter while working in the identity management domain. I welcome any comments or thoughts on similar issues or on IT Security as a whole.