Wednesday, June 25, 2008

Patch Management - Network World

Patch management is always an issue in managing systems. Should new patches be installed? Will they work with specific systems? How to keep track of them - the installed and uninstalled. Besides the basic management issues, there are the control issues. Patches involve changing the system, and need to be subjected to controls that recognize this feature and maintain good control over pre and post installation systems as well as during the installation. This is something that can't be taken for granted, as exposures can arise from poorly controlled patches. Patch Management - Network World

Tuesday, June 24, 2008

UNITED STATES: Cybercrime

Cybercrime is changing fast, through the use of sophisticated techniques such as fast flux, which involves rapid changing of IP addresses for illicit websites along with the use of encryption for transmissions. Training is available in several venues for those who wish to keep up with this challenging area. One possible source is that of the Computer Crime Research Center, which runs an ongoing program of training throughout the US. A summary is at the following site. UNITED STATES: Cybercrime

Friday, June 20, 2008

ISACA e-symposia and Webcasts

ISACA runs a series of webcasts on various matters of interest to IS Assurance and audit personnel. Coming up on June 25th, for example, is one on Security Privacy and Trust. The series also contains one on the features of online CoBit. It's a useful way to help to keep up to date and to gain CPE hours. ISACA e-symposia and Webcasts

Wednesday, June 18, 2008

Data Centric Security

Data moves throughout an organization and it is difficult to cover all the points at which it may be lost with security procedures. Research shows that the best way is to adopt an information or data centric security structure, so that the various points of leakage can be identified and considered in the overall security processes. An Aberdeen white paper on the subject can be found at the following link:
http://www.aberdeen.com/c/report/market_alert/5224-MA-websense-voltage-security.pdf

Thursday, June 12, 2008

Cyber Terrorism Threat Growing, EU Agency Says - Yahoo! News

The European Network and Information Security Agency (ENISA) recently released a report that urges European countries to make greater efforts on internet security. Among other things, the report points out that there are more people using the internet than ever before, but few of them know anything about internet security. Also, there are significant assets at risk, particularly in the event of a terrorist assault on the system. Cyber Terrorism Threat Growing, EU Agency Says - Yahoo! News: "European Network and Information Security Agency"

Wednesday, June 11, 2008

IBM Systems Journal | Vol. 47, No. 1, 2008 - Service Science, Management, and Engineering

IBM Systems Journal Vol. 47, No. 1, 2008 - Service Science, Management, and Engineering: "Recognizing the growing significance of service innovation in the global economy, many in academia and industry have suggested that there is a need for a new science of service systems whose chief goal is the development of efficient and scalable methods for service system analysis, design, implementation, and delivery. This issue presents 14 papers on a variety of aspects of service science, management, and engineering in an effort to help define and promote research in this emerging multidisciplinary field."

Tuesday, June 10, 2008

Technology for Small Business

Cloud computing is gaining some popularity with small business as well as large. It offers convenience for people on the road because they can access their apps and data from any computer that has access to the internet. They don't have to take their laptop with thm and find a suitable connection. Also, from a security perspective, despite the concerns often expressed about having data resident on outside systems, cloud computing may be an answer to the current problems with the security of mobile units, like pc's, handhelds and smartphones. The security issues may in fact be less severe and ultimately more controllable. It's like any outsourcing activity - you need to know the service provider and to become familiar with their security procedures. Technology for Small Business

Friday, June 6, 2008

What makes a Cybercriminal tick? This article is written from the perspective of a systems attacker and provides some insight into this question. Also, the article provides a good description of some of the technoques that Phishers use, and why they do it.
http://www.issa.org/Downloads/Journal%20Feature.pdf

Thursday, June 5, 2008

Smart phones 'bigger security risk' than laptops

A new survey of 300 IT professionals indicates that smart phones are seen as a greater security risk than laptops. The reason - smartphone users just don't use the password features. Also, there is, of course, a greater risk of loss. Smart phones 'bigger security risk' than laptops

Wednesday, June 4, 2008

globeandmail.com: Watchdog urges firms to lock up customer digital data

Jennifer Stoddard, Privacy Commissioner of Canada, has released her annual report on PIPEDA (http://www.privcom.gc.ca/information/ar/200708/2007_pipeda_e.asp) and has urged companies to take greater care with the private information they currently hold in potentially insecure platforms such as laptops. It was also reported that work is underway to draft legislation that will require companies to report breaches of security with regard to their data. Security over data help on laptops and handhelds continues to dominate the news and points to the need for this area to remain a major element of an organization's security strategy. globeandmail.com: Watchdog urges firms to lock up customer digital data

Monday, June 2, 2008

Bank loses tapes with data on 4.5M clients

It's happened again. Backup tapes containing private data for (this time) 4.5 million customers were lost by a bank. Bank of New York Mellon - rather their backup outsourcer - Archive America lost the tapes while they were in transit. Once again, they were not encrypted. This time, the loss was not even reported to customers for three months. The case shows - again - that, while companies can outsource key functions, they cannot outsource the responsibility that goes with them. They need to have strong monitoring and management processes for their outsourced activities. Also, the case again demonstrates the need for data encryption for data in transit - something that should be considered for every corporate security policy. Bank loses tapes with data on 4.5M clients

Crimes in cyber space

As internet exposure has become a greater risk factor for companies in recent years, so cyber insurance has grown in its importance as a risk mitigation tool. Cyber insurance covers the exposures arising from cyber crime. From 2002 - 2006, gross premiums from cyber insurance more than tripled. Crimes in cyber space