Begin RBAC, strengthen security

Security: “Good computer security is driven by role-based, least-privilege access control,” Roger Grimes begins GO RBAC now. That’s RBAC as in role-based access control, a practice introduced in 1992 but still in its infancy on most platforms. “If you don’t have a role-based security model, you should start researching it and strive to move to RBAC, if only a tiny step at a time. You can start by defining your access control security groups by roles instead of departments. Don’t designate HR, IT, and accounting security groups; instead, create security groups for each department based on their roles. Look to your company’s organizational chart or job descriptions if you need a beginning point.”

Gripe Line: A reader who is more in tune with Internet fraud than HSBC alerted the bank after selling an item on Craigslist for $75 and receiving a $2,150 payment. “I knew I was dealing with a fake check. That’s not unusual, or even disturbing. It’s expected. What was not expected was the response I received when trying to report this fraud.” Cash fraudulent check, HSBC says. Check overpayment scams typically result in the seller ultimately being liable for the full amount. Even still, HSBC told him to deposit the check and see if it cleared — thereby recommending he commit a felony. “‘Well sir,’ they said ‘we can’t tell you if it’s fake or not until you deposit it.'” So he contacted Craigslist about it, but to no avail. The only company to show any interest was UPS, which delivered the check. “Now I’m wondering who’s the bigger fool — the person who falls for these scams, or the person who tries to fight back.” Seen an Internet scam we all need to know about? Talkback below or via the link above.

Storage: What with the constant flux of software and hardware updates the outcome of even the best laid business continuity strategies is anything but certain, and “an overlooked change could cripple your business in the event of a disaster,” Mario Apicella writes. But, you can error-proof your disaster recovery plan. Continuity Software’s RecoverGuard is one such option. “I liked just about everything I heard and saw during my briefing and demonstration with Continuity Software, including its assessment challenge — a sort of gauntlet thrown at your current DR procedure.”