Often companies go the extra mile to protect their production data from internal hacking and unauthorized access.  However, development and test systems can be biggest security holes because no one thinks there is any valuable data on them.  Generally, this is because the information is "old".  This unsecured data can be copied, downloaded, and sold to competitors or identity thieves.

Security auditing on many systems is often never turned on or reviewed unless there is a problem.  This is ironic because it is difficult to know you have a problem with security with security auditing turned off.

The best defense you have is to make sure auditing is turned on for all systems and go back periodically to insure that no one has turned it off.  Often system administrators will turn off auditing (against company policy) due to pressures from upper management. 

Upper management doesn't want to take the minute performance hit from logging.  Usually the real culprit is the fact their systems are under configured and the applications are poorly written.  The systems administrators  don't want to get a poor rating on their annual customer satisfaction survey.

This can lead to security breaches that go on undetected for extended periods of time. Output the security data into an Access database and identify the profiles or accounts that have significant login failures.

Government regulators, stockholders, or your employees would not be understanding if their personal information was compromised or valuable corporate data was stolen.

Copyright © 2004-2006, Key Results Management, Inc., All Rights Reserved  www.k-r-m.com  (404) 437- 6485