Friday, March 28, 2008

Information Systems Security Home (Index) Page

IS Security publications standby, Auerbach Publications, has a website that showcases various publications in the area that are very useful for research. The site is at: Information Systems Security Home (Index) Page

Thursday, March 27, 2008

Canadian Conference on IT Audit, Governance and Security

The annual Canadian Conference on IT Audit, Governance and Security is soon to take place at the Toronto Hilton. The conference is sponsored by the CICA, ISACA and IAA. The full program is up on the conference's exclusive website. It promises to be a worthwhile event. Canadian Conference on IT Audit, Governance and Security

Wednesday, March 26, 2008

Hackers Seize on Excel Vulnerability - CIO.com - Business Technology Leadership

With the proliferation of spreadsheets in accounting information systems, it is interesting to note that hackers can exploit weaknesses in them to gain access to other elements of the system. That is happening now, with a current and likely short term flaw in Microsoft's Excel spreadsheet. Patches are available but many have not yet installed them. Spreadsheets are very convenient for accumulating and working with data, and are widely used in systems, particularly to perform end-of-cycle routines, such as preparation of financial statements. They are used so widely and make it so difficult to leave an audit trail that some have referred to the phenomenon as "spreadsheet hell" Hackers Seize on Excel Vulnerability - CIO.com - Business Technology Leadership

Monday, March 24, 2008

Vulnerability Remediation

CERT is a leader in vulnerability remediation. In its site, CERT provides an excellent summary of its approach to this important area, largely in the context of large scale development projects, but in a way that applies to all systems development. The site also provides a number of useful publications in the area. Vulnerability Remediation

Thursday, March 20, 2008

Technology Review: The Technology That Toppled Eliot Spitzer

Eliot Spitzer got caught because he was shuffling money around through wire transfers to pay for his "dates". The money laundering software of his bank picked up on the transfers and flagged them. Most of the banks are running such software, which analyzes bank transfers to look for anything out of the ordinary. The software has obvious assurance implications. Technology Review: The Technology That Toppled Eliot Spitzer

Wednesday, March 19, 2008

Cisco's Ironport has released a report on current security trends. Spam rates high as a continuing, growing and destructive phenomenon. You can download the report at http://www.computerworld.com/pdfs/ironport_security
_report_wp.pdf

First you have to fill out one of those annoying forms. But the content is good.

Friday, March 14, 2008

PC World - Business Center: KPMG Expert: Wi-Fi Security Still Too Complicated

The 802.1x protocol is a security protocol that can be used to protect wireless networks by controlling access to the ports in use. It takes the security over wireless networks a step beyond WEP and therefore helps to counter the vulnerabilities of that system. However, a KPMG study shows that few companies are using it, because of the complexity of implementation and lack of awareness. PC World - Business Center: KPMG Expert: Wi-Fi Security Still Too Complicated

Wednesday, March 12, 2008

Taming the Extended Ecosystem: 10 Best Practices for Managing Mobile Devices | News | Mobile Enterprise Magazine

Mobile devices have presented a whole new set of security and control challenges that most companies are trying hard to deal with. This article sets out a number of issues that should be taken into account in developing a good control system over these devices. Taming the Extended Ecosystem: 10 Best Practices for Managing Mobile Devices News Mobile Enterprise Magazine

IBM Systems Journal | Vol. 47, No. 1, 2008 - Service Science, Management, and Engineering

Service Innovation has been an area of growing importance in the glpobal economy and one that firms need to come to grips with in their systems design and delivery efforts. This issue of the Ibm Systems Journal contains eight articles on this important new field. IBM Systems Journal Vol. 47, No. 1, 2008 - Service Science, Management, and Engineering

Thursday, March 6, 2008

SIS Taps Mobiles To Reduce Credit Fraud -- Identity Theft -- InformationWeek

In the continuing effort to find ways to counter credit card fraud and identity theft, SIS has come up with a technique that matches a person's cell phone location with the location of their card being used and denies the transaction if the two don't match. Presumably people could run into trouble if they don't take their cell phones with them. SIS Taps Mobiles To Reduce Credit Fraud -- Identity Theft -- InformationWeek

Wednesday, March 5, 2008

The top 10 risks for business in 2008 - Strategic business risk - AABS - Ernst & Young

Ernst & Young recently released their study on the top ten business risks in 2008. The top risk - regulatory and compliance risks. This reflects the pressure that business is under and a good deal of it centers around their information systems, through the emphasis by regulators on high quality internal controls. The top 10 risks for business in 2008 - Strategic business risk - AABS - Ernst & Young

Monday, March 3, 2008

Verisign compared to other services in Research Brief

In a research brief recently published by Aberdeen Group, it was found that Verisign users were bettter able to reduce fraud incidence as compared to other managed security services. It was also better for protecting account holder data. See the full report at: http://www.aberdeen.com/c/report/research_briefs/4962-RB-verisign-bolstering-user-confidence.pdf