Cyber Security Institute

Friday, February 27, 2004

Brainier networking gear to the rescue

Networking equipment makers are adding “intelligence” to their gear in an effort to protect bandwidth resources from being hijacked by spammers, denial-of-service attackers and peer-to-peer application users.


SEC Extends Sarbanes-Oxley Deadlines

The Securities and Exchange Commission (SEC) pushed back the compliance deadlines for the Sarbanes-Oxley Act, a financial reporting regulation that has sent some enterprises scrambling to deploy additional software and hardware to better account for security and employee access to information.


Virus damage tops $80bn in February

According to security experts mi2g, virus activity caused as much as $83bn in economic damage in February.


Thursday, February 26, 2004

Xerox Researchers Unveil New Document Management Technology

Scientists at Xerox’s Research Centre Europe in Grenoble, France, that they’ve come up with new classification software clever enough to “read” an electronic document, decide how it should be classified, then automatically route it to the right person’s e-mail address or an online document management system.


Groove Networks Announces Role In Newly Announced Homeland Security Information Network

Groove Networks Inc., a provider of secure virtual office software that lets teams of people work over the network as if they were in the same location, today announced that its software is a core component of an information-sharing network that Department of Homeland Security Secretary Tom Ridge announced Tuesday, calling it “a key part of our national homeland security strategy.”


Wednesday, February 25, 2004

ISS Unveils Web Content, Spam Filtering Software

Internet Security Systems (ISS) Wednesday rolled out two new products in its Proventia line at the RSA Conference to filter Web traffic at the gateway and defend enterprises against spam.


Cybersecurity vendors form policy advocacy group

A collection of technology providers working in the online-security sector announced the formation of a new industry oversight organization Wednesday, in the name of establishing common ground among vendors, legislators and users to discuss threats to Internet safety.


Banks falling behind on Basel II

Many banks are falling behind on their projects to implement the Basel II Accord on capital adequacy (the amount of capital required to be held to meet risk), according to a global survey by KPMG of 294 financial institutions in 38 countries.  Around half are still only in the pre-study or assessment phase.


Tuesday, February 24, 2004

Sarbanes-Oxley Doesn’t Worry Most IT Managers

Looked upon with dread by many IT managers, the Sarbanes-Oxley Act (SOX) might, in fact, not be as onerous when they actually have to face its implementation, according to a new study.


Monday, February 23, 2004

Stuck in the SAS 70s

As Sarbanes-Oxley Section 404 meets up with an obscure auditing standard, many companies are thinking hard about offshoring their business processes.


Zone Labs Updates Integrity Security Policy Enforcer

Zone Labs unveiled a new version of its Integrity endpoint policy enforcement software—Integrity 5.0—that adds additional integration with products from Check Point, which is in the process of acquiring the San Francisco-based security firm.


How Long Must You Wait for an Anti-Virus Fix?

Imagine that your office building was on fire, and you called the fire department, only to be told, “Please wait there while we invent a new method to fight the kind of fire you have.”  Anti-virus software can predict and prevent some never-before-seen viruses.  But all too often, a new virus can spread unchecked while software vendors develop and distribute a new “signature” file that can match the virus and kill it.


Sunday, February 22, 2004

New HP Security Services Automate Threat Prevention


Friday, February 20, 2004

Marimba to Update Security Patch Managment Software

Marimba Inc. on Monday,02/23/2004 will step up its efforts to move into the patch-management space with the launch of Version 2 of Marimba Security Patch Management.


Only 10% of Web Applications Are Secured Against Common Attacks

The vulnerability assessments conducted by WebCohort’s Application Defense Center (ADC) concluded that at least 92% of web applications are vulnerable to some form of hacker attacks.


Thursday, February 19, 2004

Can a New Law Really Protect Our Critical Infrastructure?

Starting February 19, every business in the United States must tell the Department of Homeland Security about vulnerabilities in its information technology infrastructure.  That’s because today the DHS is quietly activating the Critical Infrastructure Information Act, a law that, like many of the steps the DHS has taken, has managed to displease both industry leaders and consumer advocates.


IBM tool targets data compliance

IBM unveiled an all-in-one device that aims to help clients comply with data-handling rules.  The Data Retention 450, a product that combines IBM server computers, storage and software in a secure cabinet.


Tuesday, February 17, 2004

Nemx Upgrades Anti-Spam Software


Monday, February 16, 2004

NT4 support to end later this year

It looked like third time lucky last week, as Microsoft claimed NT4 support will definitely end later this year - a move only cautiously welcomed by the channel.


Saturday, February 14, 2004


With the announcement that conformance to the Basel II Capital Accord must be achieved by 2006, the banking industry now has a defined timeline for regulatory compliance.


Friday, February 13, 2004

Nachi variant wipes MyDoom from PCs

A new variant of the Nachi worm which attempts to cleanse computers infected by MyDoom and download Microsoft security patches to unprotected computers has careened onto the Net.


Wireless Honeypot Trickery

Wireless technologies have spread quickly in recent years and are now widely deployed in corporate environments as well as at home.  The human dependency on those technologies has increased to the point where one can find wireless devices almost everywhere, from network devices to laptops, cameras, and so on.


Thursday, February 12, 2004

Europeans complain over Sarbanes Oxley costs and to SEC over U.S. listing requirements

European companies, worried about the costs and restrictions of complying with the Sarbanes-Oxley Act, are mounting a drive to make it easier for them to stop complying with U.S. securities laws.


Organizational Models for Computer Security Incident Response Teams (CSIRTs)

When computer security problems occur, it is critical for the affected organization to have a fast and effective means of responding.  The speed with which the organization can recognize an incident or attack and then successfully analyze it and respond will dramatically limit the damage done and lower the cost of recovery.


Monday, February 09, 2004

Five Steps to a Compliant Patch Management Program

A bank’s IT infrastructure is laden with business applications, operating systems, core processing systems, and system services like anti-virus programs and email.  Commercial software often contains flaws, some severe, that create not only performance issues but also security vulnerabilities intruders can leverage to access information housed in bank systems.


Friday, February 06, 2004

Task Force: Patches Must be Small, Easy to Install

A high-powered cybersecurity task force says software vendors must adopt patch management principles to ensure security patches are well-tested, small, localized, reversible and easy to install.

The National Cyber Security Partnership (NCSP), a public-private task force that includes participation from the Business Software Alliance (BSA), issued its recommendations in a 123-page report (PDF file aimed at improving security across the software development lifecycle.

The NCSP made four key recommendations in its report, calling for an improvement in the education of software developers, the development of best practices to make sure security is at the core of the software design process, the adoption of guiding principles for patch management and the creation of an “incentives framework” for policymakers and developers.

The task force, which is co-chaired by Microsoft chief security strategist Scott Charney, proposed the creation of a new initiative to put security at the heart of software development programs at the university level.

The report recommends that four sub-groups be created to focus on tightening Internet security in the face of a barrage of overt attacks by malicious hackers targeting software flaws.

Initially, the group’s Education sub-group insisted that security should be a key subject area in software development programs in schools.

In the long term, the NCSP’s “Patching” sub-group defined steps to help make that the patching process simple, easy, and reliable.

The group called for the adoption of a “top-ten” list of best practices to ensure vulnerability patches are properly tested and simple to install.

“Patches would also not require reboots, use consistent registration methods, include no new features, provide a consistent user experience, and support diverse deployment methods,” the group said.

The task force calls for smaller, simplified patches comes on the heels on a concession from Microsoft that narrowband customers were having problems downloading and installing critical software fixes.

Wednesday, February 04, 2004

Patch management: Find the weakest link

Everyone should agree that when it comes to maintaining a corporate network of computer systems, security is only as strong as your weakest link.  Sometimes that weak link is not a computer but a system designed to support those computers.


The World Is Your Perimeter (Finally they realize it)

The castle-and-moat era of information security is over: Now it’s described as woven cloth, submarines, onions and Snickers bars.  How will CISOs translate nutty metaphors into secure worldwide systems?


Tuesday, February 03, 2004


The Sarbanes-Oxley Act of 2002 has CFOs of public companies worried about more than just executive certification and internal control reporting, two of the most publicized aspects of the legislation.


Sunday, February 01, 2004

MyDoom downs SCO site

The MyDoom computer virus knocked out SCO Group’s Web site on Sunday, and the company expects the massive denial-of-service attack to continue until Feb. 12.