Draconis Software Blog

Microsoft has published a paper called Microsoft Solutions for Security and Compliance, that’s designed to “help IT managers and Microsoft customers meet specific IT compliance obligations that directly relate to major regulations and standards.”

As the regulatory requirements become increasingly complex, a “big-picture” guide such as this, with ideas on how to implement them, can be a very useful resource for those in the SysAdmin business. The document discusses five major regulations and standards that are likely to affect your buiness:

• Sarbanes-Oxley Act (SOX)
• Gramm-Leach-Bliley Act (GLBA)
• Health Insurance Portability and Accountability Act (HIPAA)
• European Union Data Protection Directive (EUDPD)
• ISO 17799:2005 Code of Practice for Information Security Management (ISO 17799)

In addition to giving a succinct overview of the law you need to be aware of, Microsoft Solutions for Security and Compliance discusses what IT controls are and how they might be implemented in your organization. “IT controls regulate and guide the operation of IT in the organization, including all of the processes, and systems within it. These controls focus on processes that concern IT managers, including availability, change management, user provisioning, security, and so on. It is these controls that are the focus of this planning guide.”
Another useful guide from Microsoft is their Security Risk Management Guide, which gives a useful overview of the process IT departments often implement to minimize organizational risk to data theft and other issues.

If you’re in the IT biz, be sure to check these out.