Cyber Security Institute

Thursday, January 21, 2010

5 tips for cybersecurity-training your employees

When Dennis Lauer joined the Millennium Challenge Corp. as chief information officer two years ago, the young federal program’s growing pains included a startling lack of security.  It was an almost free-for-all atmosphere, he recalled.  Employees installed Apple iTunes on the agency’s network and regularly downloaded malware via pop-ups that harbored malicious code.  “Almost every day we had [surreptitious] viruses, and people didn’t know not to click on” them, Lauer said.  The security situation began to change for the better when the office adopted new security policies and practices.  Launched in 2004, MCC had adopted a few information technology shortcuts in the early years as the U.S. government corporation embarked on its mission of helping underdeveloped nations.


Enterprises Look for Help Managing Security Logs

Managed SIM services started to gain momentum over the past two years, largely due to compliance mandates such as the Payment Card Industry data security requirements.  Managed security services have been growing in popularity over the past several years, and the latest task enterprises are looking to offload to an outside provider is security information management. 


Thursday, January 14, 2010

Product Watch: NitroSecurity Integrates Log Management With SIEM

SIEM vendor NitroSecurity next week will roll out a new log management product and management software that brings the two traditionally separate worlds under one roof.  The new NitroView ESM Version 8.4 and new Enterprise Log Manager (ELM) tools are fully integrated and provide a single view of all SIEM and log management functions.


Wednesday, January 13, 2010

IDC Expects A/P Security and Vulnerability Management Market to Achieve Largest Growth in 2010 as Or

According to the figures recently released in the IDC Asia/Pacific Semiannual Security Software Tracker, most security markets in the Asia/Pacific excluding Japan (APEJ) region are expected to post strong double-digit growth in 2010 compared to 2009.  According to the study, the largest growth will be in the Security and Vulnerability Management (SVM) market which is forecast to grow some 19% to US$115.44 million in 2010.  The Identity and Access Management (IAM) market is estimated to grow by 15.2% to reach US$ 326.38 million.


Monday, January 11, 2010

Virtualization security remains a work in progress

While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009.  Roughly 18% of server workloads have been virtualized, and research firm Gartner expects that number to climb to 28% in 2010 and almost 50% by 2012.  But adapting traditional firewall, intrusion detection, antimalware and other types of security and monitoring software to run optimally in this radically changed hypervisor-based architecture is still very much a work in progress.


Sunday, January 10, 2010

Airport breaches on the rise nationwide

Government officials imposed stricter airport security measures after the failed Christmas Day bombing of a Northwest Airlines flight to Detroit.  Such breakdowns are rare, officials said, but a government report released in October shows breaches at U.S. airports nearly doubled over five years.  “That’s only the breaches we know about,” said Mike Boyd, president of the Colorado-based aviation consulting firm Boyd Group International.  The Transportation Security Administration reported 1,442 security breaches at the nation’s 450 commercial airports in the fiscal year ended Sept. 30, 2004, according to the Government Accountability Office report.


Friday, January 08, 2010

CSI Computer Crime and Security Survey Shows Poor Security Awareness Training in Public and Private

It’s no secret that security pros worry about cyber-attacks that can happen anytime in a networked world, but apparently, they also worry about how much end-users know about good computer hygiene and their organizations’ abilities to assess how secure they are - or aren’t.  The Computer Security Institute (CSI), which holds conferences and educational events for IT workers, released the 14th edition of its annual CSI Computer Crime and Security Survey in December 2009, with an assessment of how respondents felt about their own cyber-security situations and what that assessment may mean for 2010.  A whopping 43.4 percent of them said that less than 1 percent of their security budget was allocated to awareness training, and 55 percent said current investments in this area were inadequate.


Thursday, January 07, 2010

Log Management Appliance facilitates regulatory compliance [and chain of custody]

netForensics, Inc., a leader in the Information Security Management market, today announced data security enhancements to nFX Cinxi One.  By incorporating the latest digital signing and encryption technologies into the industry’s most comprehensive log management solution, nFX Cinxi One creates a secure chain of custody to ensure the integrity of critical enterprise log information needed to demonstrate regulatory compliance.


Tuesday, January 05, 2010

World Cup Cybercrime 2010

The Research team in ESET have put their heads together to discuss the likely shape of things to come in the next twelve months in computer security and cybercrime (and cyberwarfare, to use one of the buzzwords of the moment).