This week new research from Check Point, carried out by the Ponemon Institute shows that many systems administrators get very jumpy when enterprise users try to deploy Web 2.0 apps, believing that the apps will expose systems to outside interference. Some GRC attention with a new partnership.

Web 2.0 Apps are Bad for You?

Ever wondered what risk level web 2.0 applications posed to your enterprise? It appears Check Point has been asking the same question and with the help of the Ponemon Institute (news, site) has conducted a survey around enterprises that shows most systems administrators believe web 2.0 apps pose a serious security risk.

The survey entitled Web 2.0 Security in the Workplace shows that up to 82 percent of IT security administrators surveyed believe social networking, internet applications and widgets have significantly lowered the security posture of their organization.

Respondents cited viruses, malware and data loss as the top Web 2.0 concerns, with as many as 77 percent of businesses planning to implement a solution addressing such vulnerabilities within the next five years.

The survey of over 2,100 IT security administrators in countries around the world showed that security administrators believe employees rarely or never consider corporate security threats in their everyday business communications -- when downloading Internet applications, web browsing, opening links, video streaming, utilizing peer-to-peer (P2P) file sharing sites and engaging with social networking outlets.

The majority of respondents also believe that employees should be held most responsible for mitigating Web 2.0 security risks in the enterprise. If you want to check out the full report you can download it here.

SharePoint Goverance Gets LiveCompare

SharePoint has also been getting some GRC attention over the past week. The first was from MetaVis (news, site) which added a new capability to its suite of SharePoint migration tools, helping organizations implement better governance over SharePoint implementations.

The new feature is called MetaVis Live Compare and it's a small but very useful feature. If you are in the processing of migrating from SharePoint 2007 to SharePoint 2010 or just changing the structure within your current SharePoint implementation, then this feature will help you see the differences between the content, taxonomy, IA, security and permissions of two sites.

LiveCompare is a client side tool, so there is no installation of software on the server at all. It's a part of the MetaVis Architecture Suite, which includes a number of tools for managing your both your SharePoint content and metadata migrations.

AIIM Launches SharePoint Certificate Program

The second piece of SharePoint GRC news is that AIIM (news, site) has just launched a Certificate program focused on best practices for adopting and implementing Microsoft SharePoint 2010.

Partnering with the Gimmal Group, an ECM and Records Management services firm, AIIM has developed the SharePoint Certificate program to show enteprises how to apply strategies for sharing and managing corporate information on the SharePoint 2010 platform.

A recent AIIM study, SharePoint: strategies and experiences, reveals that governance is fairly poor in the majority of installations with very little thought given to e-discovery, retention policies and most of all, classification schemes and metadata standards.

This certification, AIIM says, is suitable for information management professionals working with SharePoint with courses delivered online or in public and private classrooms. If you want to find out more check it out on the AIIM website.

New Risk Partnership for Oracle’s JD Edwards

Oracle’s JD Edwards (news, site) has also been getting some attention this week with the announcement by JD Edwards deployment specialist SYSTIME that they have gotten together with Q Software, which provides security, risk management and compliance software for JD Edwards, in a new partner agreement.

By combining the two, JD Edwards’ users will be able to simplify their security deployments while maximizing the effectiveness of their control, enabling customers to reduce posting errors, fraud and total cost of ownership of their JD Edward system.

Additionally, JD Edwards’ users will be able to use the joint SYSTIME and Q Software Audit service to report regularly on segregation of duties and compliance issues. The software can be bought from either SYSTIME or Q Software to simplify on-going security maintenance.

Qualtrax Upgrades Compliance Software

Finally, Qualtrax has just released a new version of its compliance software. The new v4.2 release comes with more than 25 feature enhancements that provide document control and workflow management.

Version 4.2 simplifies certification processes, improves quality management and enhances user experience. Active Directory integration automatically logs users into Qualtrax once credentials are entered into their PCs.

Training enhancements include an easy-to-read training matrix for clear and manageable employee training records while the workflow designer enables users to visually flowchart processes that are then mapped into electronic workflows. If you want a demo go to the Qualtrax website.