Cyber Security Institute

Tuesday, August 30, 2005

Integrating automated patch and vulnerability management into an enterprise-wide environment

This article explores the trends that are creating requirements for a strategic - rather than a tactical - approach to information security, patch and vulnerability management among public and private sector organizations.  It demonstrates how an integrated, automated and enterprise-wide strategy that uses best-of-breed security solutions can be most effectively integrated into the operations of organizations large and small.


Monday, August 29, 2005

Symantec, SonicWall Unveil New Security Gear

Two new all-in-one security appliances from Symantec and SonicWall will offer customers of gigabit Ethernet performance a variety of security functions including firewall, antivirus protection, SSL VPN and even antispyware features.


Networking giant sets site on security intelligence

MySDN, a security intelligence Web site maintained by Cisco Systems Inc., identifies, collects and analyzes security threats pertinent to Cisco products.  To analyze security threats, the free Web resource uses the Common Vulnerability Scoring System, an emerging industry standard for gauging the severity of security vulnerabilities.



CA Ranked Top Identity and Access Management Software Vendor Again

Computer Associates International Inc. has been ranked the worldwide leader in identity and access management software again.  It is the fifth consecutive year that the Islandia, N.Y.-based management software company has been named the market leader by IDC, a research and analysis company based in Framingham, Mass.


Friday, August 26, 2005

Colleges Lead Charge for Secure, Open Networks

Security is moving to the forefront of campus IT efforts, after decades as an afterthought at schools, according to interviews with campus IT administrators.  The techniques that schools are adopting could soon become commonplace on corporate networks, as well, as traditional network perimeters begin to disappear, experts say.


Cisco sensor flaw

Cisco Systems has warned of a security flaw affecting two of its widely used security systems, IDSMC and Secmon.  The flaw involves SSL (Secure Sockets Layer) and affects CiscoWorks Management Center for IDS Sensors (IDSMC) as well as Monitoring Center for Security, also called Security Monitor or Secmon.


Tuesday, August 23, 2005

Banks abandoning SSL on home page log-ins

Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time.  Some of the biggest banks have abandoned the practice of posting their online account log-in screens on SSL-protected pages in an effort to boost page response time and guide users to more memorable URLs, a U.K. Web performance firm said.


Monday, August 22, 2005

New security breaches disclosure law

New York has enacted an information security breaches law, which will oblige firms and local government agencies to notify customers in the state if their personal information is taken, or its systems are hacked into.  The legislation is designed to promote security.


New law may tighten power plant security

U.S. power plants may have to tighten security against malicious hackers bent on wreaking havoc, according to a new federal law.


US-Cert report on spyware

US-Cert has published a report on spyware,, a 15-page document that includes an overview, definition and examples of different types of threats.


Gartner’s latest on tablet PCs, social tagging, and other emerging technologies

Innovative approaches to security are underway according to Gartner.  AT&T provides a range of network-based security services and startups like VigilantMindsa, Prolexic Technologies and Perimeter Internetworking insert themselves into the cloud, similarly to how anti-spam filtering services insert themselves into the e-mail flow.


Sunday, August 21, 2005

Repositioning the CISO

The position of CISO is relatively new.  It came into being in response to federal regulations, the burgeoning security industry, and the ever-increasing cyber-threats facing the modern enterprise.  The CISO is responsible for establishing a credible economic basis for information security investments, assessing corporate risk as it relates to information security, and effectively communicating his or her findings to corporate executives.  But many CISOs seem to be struggling in the position.  This is due to several factors, some structural and some cultural.


Saturday, August 20, 2005

Tough road for identity tech

Privacy rights aren’t exactly a pressing concern in Malaysia.  If they were, the country’s Government Multi-Purpose Card wouldn’t exist.  All Malaysians over 12 must carry the card, nicknamed “Mykad.”  It stores thumbprints, a digital photo and basic information on the cardholder, including religion for the major ethnic group, the Malays.  But the card also serves as a driver’s license, passport and, under government plans, the national health card.  And cardholders can use it to pay for purchases, withdraw money from ATMs, cover transit fares, pay road tolls and digitally sign documents on their PCs.  Few countries are following Malaysia’s example with the all-in-one card, but a growing number of nations, from China to the tiny Baltic republic of Estonia, are already rolling out the new generation of electronic ID.


Thursday, August 18, 2005

Bills could make businesses do more to prevent ID theft

Businesses better take steps to protect the personal data of consumers and employees or face the wrath of Congress, an identity theft prevention expert warns.  John Gardner, an independent associate with Pre-Paid Legal Services in Darlington, S.C., in a Birmingham seminar last week, outlined several proposed bills that could make businesses liable for negligence that leads to identity theft.  At least a half-dozen bills are under consideration in Congress to help fight identity theft.


Thursday, August 04, 2005

Hackers’ Prowess on Display at Defcon Conference

Even the ATM machines were suspect at this year’s Defcon conference, where hackers play intrusion games at the bleeding edge of computer security.
Anyone naive enough to access the Internet through the hotel’s unsecured wireless system could see their name and part of their passwords scrolling across a huge public screen. It was dubbed the “The Wall of Sheep.”  Among the exposed sheep were an engineer from Cisco Systems Inc., multiple employees from Apple Computer Inc. and a Harvard professor.


Tuesday, August 02, 2005

Apple adopts controversial security chip

Developer preview models of Apple’s new Intel powered computer contains a security chip that has been criticised for privacy risks.  Apple recently started shipping its Developer Transition Kits that help developers test and prepare their software to the switch to the new Intel powered Apple computers next year.  The kit contains a version of OS X for Intel and a Mac computer featuring the new processor.


Fighting The New Face of Fraud

Banking fraud is as old as the industry itself, and it continues to be one of the largest expenses faced by many financial institutions, according to Virginia Garcia, research director for Needham, Mass.-based TowerGroup.  Garcia estimates that 30 percent to 50 percent of the industry’s $55 billion in annual operating losses is attributable to fraud.


Government, Financial Top Targets Of Security Attacks

IBM reported that virus-laden emails and criminal driven security attacks increased by 50 percent in the first half of 2005 - underscored by a significant rise in ‘customised’ attacks on the government, financial services, manufacturing and healthcare industries.  According to the report, there were more than 237 million overall security attacks in the first half of the year.