Technology, security, analytics and innovation in the world of audit and business.
Friday, March 28, 2008
Information Systems Security Home (Index) Page
IS Security publications standby, Auerbach Publications, has a website that showcases various publications in the area that are very useful for research. The site is at: Information Systems Security Home (Index) Page
Thursday, March 27, 2008
Canadian Conference on IT Audit, Governance and Security
The annual Canadian Conference on IT Audit, Governance and Security is soon to take place at the Toronto Hilton. The conference is sponsored by the CICA, ISACA and IAA. The full program is up on the conference's exclusive website. It promises to be a worthwhile event. Canadian Conference on IT Audit, Governance and Security
Wednesday, March 26, 2008
Hackers Seize on Excel Vulnerability - CIO.com - Business Technology Leadership
With the proliferation of spreadsheets in accounting information systems, it is interesting to note that hackers can exploit weaknesses in them to gain access to other elements of the system. That is happening now, with a current and likely short term flaw in Microsoft's Excel spreadsheet. Patches are available but many have not yet installed them. Spreadsheets are very convenient for accumulating and working with data, and are widely used in systems, particularly to perform end-of-cycle routines, such as preparation of financial statements. They are used so widely and make it so difficult to leave an audit trail that some have referred to the phenomenon as "spreadsheet hell" Hackers Seize on Excel Vulnerability - CIO.com - Business Technology Leadership
Monday, March 24, 2008
Vulnerability Remediation
CERT is a leader in vulnerability remediation. In its site, CERT provides an excellent summary of its approach to this important area, largely in the context of large scale development projects, but in a way that applies to all systems development. The site also provides a number of useful publications in the area. Vulnerability Remediation
Thursday, March 20, 2008
Technology Review: The Technology That Toppled Eliot Spitzer
Eliot Spitzer got caught because he was shuffling money around through wire transfers to pay for his "dates". The money laundering software of his bank picked up on the transfers and flagged them. Most of the banks are running such software, which analyzes bank transfers to look for anything out of the ordinary. The software has obvious assurance implications. Technology Review: The Technology That Toppled Eliot Spitzer
Wednesday, March 19, 2008
Cisco's Ironport has released a report on current security trends. Spam rates high as a continuing, growing and destructive phenomenon. You can download the report at http://www.computerworld.com/pdfs/ironport_security
_report_wp.pdf
First you have to fill out one of those annoying forms. But the content is good.
_report_wp.pdf
First you have to fill out one of those annoying forms. But the content is good.
Friday, March 14, 2008
PC World - Business Center: KPMG Expert: Wi-Fi Security Still Too Complicated
The 802.1x protocol is a security protocol that can be used to protect wireless networks by controlling access to the ports in use. It takes the security over wireless networks a step beyond WEP and therefore helps to counter the vulnerabilities of that system. However, a KPMG study shows that few companies are using it, because of the complexity of implementation and lack of awareness. PC World - Business Center: KPMG Expert: Wi-Fi Security Still Too Complicated
Wednesday, March 12, 2008
Taming the Extended Ecosystem: 10 Best Practices for Managing Mobile Devices | News | Mobile Enterprise Magazine
Mobile devices have presented a whole new set of security and control challenges that most companies are trying hard to deal with. This article sets out a number of issues that should be taken into account in developing a good control system over these devices. Taming the Extended Ecosystem: 10 Best Practices for Managing Mobile Devices News Mobile Enterprise Magazine
IBM Systems Journal | Vol. 47, No. 1, 2008 - Service Science, Management, and Engineering
Service Innovation has been an area of growing importance in the glpobal economy and one that firms need to come to grips with in their systems design and delivery efforts. This issue of the Ibm Systems Journal contains eight articles on this important new field. IBM Systems Journal Vol. 47, No. 1, 2008 - Service Science, Management, and Engineering
Thursday, March 6, 2008
SIS Taps Mobiles To Reduce Credit Fraud -- Identity Theft -- InformationWeek
In the continuing effort to find ways to counter credit card fraud and identity theft, SIS has come up with a technique that matches a person's cell phone location with the location of their card being used and denies the transaction if the two don't match. Presumably people could run into trouble if they don't take their cell phones with them. SIS Taps Mobiles To Reduce Credit Fraud -- Identity Theft -- InformationWeek
Wednesday, March 5, 2008
The top 10 risks for business in 2008 - Strategic business risk - AABS - Ernst & Young
Ernst & Young recently released their study on the top ten business risks in 2008. The top risk - regulatory and compliance risks. This reflects the pressure that business is under and a good deal of it centers around their information systems, through the emphasis by regulators on high quality internal controls. The top 10 risks for business in 2008 - Strategic business risk - AABS - Ernst & Young
Monday, March 3, 2008
Verisign compared to other services in Research Brief
In a research brief recently published by Aberdeen Group, it was found that Verisign users were bettter able to reduce fraud incidence as compared to other managed security services. It was also better for protecting account holder data. See the full report at: http://www.aberdeen.com/c/report/research_briefs/4962-RB-verisign-bolstering-user-confidence.pdf
Subscribe to:
Posts (Atom)