Using SBS 2003 to Meet Objectives in the 5 Rules of the Regulatory Process

Striving to meet the objectives of the 5 Rules of the Regulatory Process does not have to be a huge burden to small businesses. You don’t have to outlay tens of thousands of dollars in document management systems and security safeguards to protect information that can be handled with technologies you may already have at your disposal. As a fan of Microsoft’s Small Business Server 2003, I can attest to the fact that a small investment of a few thousand dollars can offer my small business many of the technical safeguards at no extra cost, and allow me to meet the objectives of the 5 Rules of the Regulatory Process. Here are just a few examples:

• The usage of Active Directory allows me to apply fine grained access control to information assets to my business. (Rule of Information Protection)
  
• The usage of Microsoft's Encrypted File System (EFS) provides key encryption to sensitive information on both desktops and laptop computers. (Rule of Information Protection)
  
• I have fine grained network access control through the usage of ISA 2004. (Rule of Information Protection)
  
• I have detailed auditing controls with Group Policy on both the SBS server and workstations. (Rule of Information Integrity)
  
• SBS 2003 Backup offers me great backup and easy restoration (Rule of Information Integrity and the Rule of Information Retention)
  
• I have data modification auditing with Windows Shadow Copy (Rule of Information Integrity)
  
• I have document version control directly in Sharepoint (Rule of Information Integrity)
  
• I have the ability to offer all employees easy information restoration with the use of the shadow copy client. Accidental (or malicious) deletion of information can easily be restored. (Rule of Information Availability)
  
• I have the ability to offer employees easy remote access through VPN, and more importantly, Remote Web Workplace… the killer app for SBS 2003. (Rule of Information Availability)
  
• I have multi-edit document history with Volume Shadow Copy (Rule of Information Retention)
  
• I have email retention and archiving with Exchange (Rule of Information Retention)
  
• I have easy access to free risk assessment tools such as the Microsoft Security Assessment Tool and the Microsoft Baseline Security Analyzer (Rule of Risk Management)
  
• In the upcoming release of SBS R2, I get the benefits of Windows Server Update Services (WSUS) (Rule of Risk Management)
  
• I have complete access to the Microsoft Small Business Security Guidance Center. (Rule of Risk Management)
  

These are just a few of the assets I get FOR FREE with Small Business Server. I do not have to outlay any more financial investment in new tools to gain many of the benefits to my small business that the 5 rules offer.