Cyber Security Institute

Friday, October 28, 2005

U.S. makes securing SCADA systems a priority

Wary of the increasing number of online attacks against industrial control systems, the U.S. government has begun a major push to secure the systems used to control and monitor critical infrastructure, such as power, utility and transportation networks.  Several initiatives to help secure the control systems will be rolled out by the government and federally-funded organizations in the next year, Andy Purdy, acting director of the National Cyber Security Division (NCSD) at the U.S. Department of Homeland Security, told members of the House of Representatives’ Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity during a hearing last week.


Monday, October 24, 2005

Security awareness training: How to educate employees about spyware

We all know the threats posed by spyware to enterprise networks: user ID and password theft, financial loss, productivity drain, intellectual property theft.  Security practitioners have two defenses at their disposal: the human and the technical.  While the technology for combating spyware is improving, antivirus vendors have only recently started adding functionality to target it.  That means the best defense is the human one—employees and end users.  They can help in the battle against spyware through security awareness training and information security policies.


Alliance Tackles VOIP Security Threats

From the perspective of those who hold a stake in voice over IP, however, “social irritations” such as spam are the least of their worries.  According to the VOIP Security Alliance, the greatest threat to VOIP comes in the form of deceptive or fraudulent behaviors, such as unlawful monitoring of calls, DoS (denial-of-service) attacks, false caller ID and eavesdropping.  VOIPSA is unveiling a Taxonomy Threat Model as its preferred framework for addressing privacy and security policies surrounding VOIP deployment.


Thursday, October 20, 2005

Full biometrics ID plan to reach U.K. by 2009

Passports and ID cards with facial biometrics are set to hit the U.K. early next year—and fingerprints are expected to be in both by 2009.  The long-awaited passports will include a microchip that holds a digitized facial image with space to hold further biometric technology if required by U.K. policy or an EU directive.


Wednesday, October 19, 2005

Microsoft muscles into security market with Client Protection

Microsoft has unveiled a security strategy and product roadmap to provide anti-virus and security software to rival Symantec, McAfee, Sophos, Computer Associates and Trend Micro.  The Microsoft Client Protection package is designed to protect business desktops, laptops and file servers from malware threats such as spyware and hacking toolkits, as well as viruses and other attacks, said Microsoft.  The company plans to make an early beta of the product available to selected customers later this year.


Monday, October 17, 2005

Tighten Web Security, Banks Told

Federal regulators will require banks to strengthen security for internet customers through authentication that goes beyond mere user names and passwords, which have become too easy for criminals to exploit.  Bank websites will be expected to adopt some form of “two-factor” authentication by the end of 2006, regulators with the Federal Financial Institutions Examination Council said in a letter to banks last week.


Wednesday, October 12, 2005


The Federal Financial Institutions Examination Council (FFIEC) has issued attached guidance for banks offering Internet-based financial services.  Tthe guidance describes enhanced authentication methods that regulators expect banks to use when authenticating the identity of customers using the on-line products and services. Examiners will review this area to determine a financial institution’s progress in complying with this guidance during upcoming examinations. Financial Institutions will be expected to achieve compliance with the guidance no later than year-end 2006.


Monday, October 10, 2005

PGP Encrypts BlackBerry Messaging

Encryption specialist PGP Corporation and wireless messaging king Research In Motion (RIM) will bring PGP-secured e-mail to the BlackBerry platform later this year.  PGP Support Package for BlackBerry, developed by RIM, enables enterprises to extend PGP security to individuals who use both laptop/desktop computers and BlackBerry handhelds.  It provides users with sender-to-recipient e-mail security by complementing the wireless transmission security and device protection already a part of the BlackBerry architecture.


How ‘Good’ is Your Security Policy?

Does ‘good’ mean it’s clearly written and easy to understand by all your staff, or does it simply mean that it now includes a section dealing with mobile devices such as PDAs and USB sticks?  The primary aim of your information security policy must be to enable your organisation and all of your employees to operate in a safe and secure manner.  An appropriate policy, effectively applied, should minimise the potential for security breaches, adhere to the latest standards and ensure your organisation remains legally compliant.


Top Ten Strategic Priorities for 2006 according to PWC, CSO and CIO

Information security executives around the globe identified their top strategic priorities for the next year. Here are the 10 most common answers:


Monday, October 03, 2005

Compliance? What’s That?

The majority of information security executives range from ambivalent (at best) to downright dismissive (at worst) about the intentions, effect and pertinence of security regulations.
Is it the comparatively low number of respondents who are in compliance?  Or the shockingly high number of respondents who cop to not complying even though they know that they have to?  Just 11 percent of respondents said they needed to be in compliance with California’s SB 1386 law, which mandates that companies report breaches of personal data to consumers.


The Global State of

A worldwide study by CIO, CSO and PricewaterhouseCoopers reveals a digital landscape ablaze, with thousands of security leaders fighting the flames.But amid the uncertainty and crisis management, there’s an oasis of strategic thinking.


Saturday, October 01, 2005

Banking Agencies Announce Revised Plan for Implementation of Basel II Framework

The four Federal banking agencies (the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision) today announced their revised plans for the U.S. implementation of the “International Convergence of Capital Measurement and Capital Standards: A Revised Framework,” otherwise known as Basel II.