Firewalls

There are two main reasons why some companies are hesitant to plug into the Internet.

  1. They know they’ll be exposing their company data to outside attacks from malicious individuals and malware.
  2. They fear their employees might get too many distractions: games, porn, chats, videos, and even social networking sites.

One vital component for your overall security strategy against such concerns? A firewall.

A firewall can block unauthorised access to certain Internet services from inside your organisation as well as prevent unauthenticated access from the outside. It is also used to monitor users’ activities while they were online.

In an enterprise setting, one may expect a collection of firewalls either for providing layered protection or segmenting off different units in the organisation. Some areas only need a standard line of defence while others require more restrictions. As such, certain firewalls may have different configurations compared to others.

Naturally, the more intricate an organisation’s defence requirements get, the more complex the task of monitoring, testing and configuring the firewalls becomes. That’s why we’re here to help.

  • We’ll evaluate your network as well as the security requirements of each department under your organisation to determine which firewall architecture is most suitable.
  • To achieve maximum efficiency, we’ll point out where each firewall should be positioned.
  • We’ll work with your key personnel to make sure all firewall configurations are set and optimised with your business rules in mind.
  • If a large number of firewalls are required, we’ll help you set up a firewall configuration management system.
  • Firewalls should be regularly tested and assessed to ensure they are in line with the organisation’s security policies. We’ll perform these routine tasks as well.

Firewalls aren’t very good at defending against sophisticated viruses. There are much better solutions for malware-related vulnerabilities, and we can help you in that regard too.

Other defences we’re capable of putting up include:

Check our similar posts

Telemetry and the Survival of the Human Species

Without moisture, plants die. Without fodder, the animal food chain collapses. This is why climate change is the greatest threat humankind faces. Crop management needs timely information regarding ambient conditions, and also in the soil itself. In dry areas, online knowledge of trends in rainfall, sunlight, wind speed, leaf moisture, air temperature, relative humidity and solar radiation are indicators of soil stress that can be deadly for plants, and everything that relies on them.

As climate change bites, the need to find solutions accelerates. Drones swoop across to monitor ambient conditions, while probes sunk into plants and the earth in which they grow transmit information to big data repositories for feedback to administrators. In Australia, a remarkable cattle farmer is applying the same approach to his herds.

Nuffield scholar Rob Cook has always been on the edgy side of things. He lost his mobility in a helicopter crash in 2008 patrolling farmland but that has not deterred him. If anything, it has freed his mind to explore the potential that telemetry offers farmers in Australia. He shared this potential with the young beef producers in Roma Australia recently, and here is a summary what he said.

Being wheelchair bound he had to shift from herding with cattle dogs to a more scientific approach. He bought a farm 230 miles / 370 kilometres inland from Brisbane in a warm, temperate climate with significant rainfall even in the driest months. He uses observant software that reports on critical issues like water levels indicating animal consumption, and supplementary water flows from a central irrigation channel.

He also monitors fodder sources for dryer months, and moisture levels in food stocks. Rob is committed to making every blade of grass count. ?We even have the ability to take a photo of the cattle when they are taking a drink of water,? he explains, and that provides valuable information regarding tick and fly infestation and overall condition.

None of this would be possible for Rob Cook without telemetry, which is the process of collecting data at remote points and transmitting it to receiving equipment for analysis. Independent farmers do not have equipment to fund these analytic resources on their own, and use big data resources in a cloud to obtain reports. ecoVaro is on top of current trends. Please speak to us when you need independent advice.

?

Saving Energy Step 2 ? More Practical Ideas

In my previous blog, we wrote about implementing a management system. This boils down to sharing a common vision up and down and across the organisation, measuring progress, and pinning accountability on individuals. This time, we would like to talk about simple things that organisations can do to shrink their carbon footprints. But first let’s talk about the things that hold us back.

When we take on new clients we sometimes find that they are baffled by what I call energy industry-speak. We blame this partly on government. We understand they need clear definitions in their regulations. It’s just a pity they don’t use ordinary English when they put their ideas across in public forums.

Consultants sometimes seem to take advantage of these terms, when they roll words like audit, assessment, diagnostic, examination, survey and review across their pages. Dare we suggest they are trying to confuse with jargon? We created ecoVaro to demystify the energy business. Our goal is to convert data into formats business people understand. As promised, here are five easy things your staff could do without even going off on training.

  1. Right-size equipment? outsource peak production in busy periods, rather than wasting energy on a system that is running at half capacity mostly.
  2. Re-Install equipment to OEM specifications ? individual pieces of equipment need accurate interfacing with larger systems, to ensure that every ounce of energy delivers on its promise.
  3. Maintain to specification ? make sure machine tools are within limits, and that equipment is well-lubricated, optimally adjusted and running smoothly.
  4. Adjust HVAC to demand ? Engineers design heating and ventilation systems to cope with maximum requirements, and not all are set up to adapt to quieter periods. Try turning off a few units and see what happens.
  5. Recover Heat ? Heat around machines is energy wasted. Find creative ways to recycle it. If you can’t, then insulate the equipment from the rest of the work space, and spend less money cooling the place down.

Well that wasn’t rocket science, was it? There are many more things that we can do to streamline energy use, and coax our profits up. This is as true in a factory as in the office and at home. The power we use is largely non-renewable. Small savings help, and banknotes pile up quickly.

How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

  • Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
  • Companies with revenues between $1B – $4.9B spent about 0.16%
  • Companies with revenues between $500M – $999M spent about 0.27%
  • Companies with revenues between $100M – $499M spent about 0.53%
  • Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Ready to work with Denizon?

Contact Us Today