I wrote this paper last year on document retention & compliance with regard to e-mail systems. Sarbanes-Oxley section 802 has created a small nightmare for IT managers, and there is precious little information for what 802 really means. I wrote this paper as a guide for designing a system that would satisfy the worst case scenario. SOX 802 carries big financial penalties as well as jail time for company officers. If you are an IT manager of a public company, this paper will serve as a good starting point. It is written with a vendor neutral approach.

If you are looking for a compliance solution for e-mail, I highly recommend Hewlett-Packard’s RISS/RIM product suite. Symantec’s Enterprise Vault is also a good product, although in my experience it does not scale well beyond 1 data center. If you find this paper useful, drop me a comment and let me know how you are dealing with e-mail & SOX.
«download here»

 Digg This Story!

EdgeBack’s consultants rarely sit still for long. Because he aparently has too much free time, Jerry Gilreath just launched his new site dedicated to “the gadgets we own, the gadgets we want, and the gadgets that are kinda cool… and some neat things to do with them.” Jerry claims the site is like MAKE meets engadget. I say it is just plain cool. Look for future posts here in the security section and at Gadget Workshop on the security threats many of these “gadgets” represent. I posted a short review of the Vantec NexStarLX NAS enclosure. My next project will involve creative ways to exploit U3 software found on many USB flash drives including SanDisk to gain control of target PCs. -Bill