Cyber Security Institute

Thursday, April 08, 2010

Cloud computing risks outweigh benefits, survey finds

A new survey is finding a continued level of angst among IT professionals administering cloud computing projects within their organizations.  The survey of more than 1,800 U.S.-based IT professionals found that 48% said Software as a Service (SaaS) and cloud computing risks outweigh the benefits.  The survey was conducted by Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), the IT security governance organization that administers security certifications.


Wednesday, April 07, 2010

Researchers expose complex cyber espionage network

Security researchers from the Information Warfare Monitor (Citizen Lab and SecDev) and the ShadowServer Foundation, have released the findings from their eight month investigation, “Shadows in the Cloud”, detailing the inner workings of complex cyber espionage network that was systematically stealing sensitive documents/correspondence from the Indian government, the United Nations, as well as Dalai Lama’s offices, from January to November 2009.


Outsourced security extends to wealth of services, study finds

Interest is growing in non-traditionally outsourced security technologies, including log management and patch and configuration management.  The market for security services providers grew by about 8% in 2009, despite the economic turmoil that stagnated some security budgets.  And the growth is not necessarily all about cutting costs, said Khalid Kark, vice president and principal analyst at Cambridge, Mass.-based Forrester Research Inc.  More important to most enterprises is 24x7 protection and increased security competency that many service providers can offer.


Monday, April 05, 2010

Firms unprepared for new ICO powers

Experts are warning that many firms may still not be aware of new powers granted to data protection watchdog the Information Commissioner’s Office (ICO) which will enable it to fine businesses up to £500,000 for serious breaches of the Data Protection Act (DPA).  The new powers, which it is hoped will act as a deterrent and promote compliance with the DPA, were initially approved by the justice secretary in January after years of lobbying by the ICO, and come into force on Tuesday.


Microsoft Cyber Security Survey Finds Businesses’ Most Valuable Data at Risk

While many IT departments are spending significantly on compliance and protection from accidental leaks of “custodial data,” most are not investing enough in protecting their organizations’ most important secrets.  That’s according to a new Forrester Consulting survey funded by Microsoft and RSA.  According to the researchers, who surveyed 305 IT security decision makers globally, two types of business data need to be secured.  Refocusing corporate cyber security while maintaining compliance In the report, Forrester, Microsoft (NASDAQ: MSFT) and RSA, the security division of EMC (NYSE: EMC), provided a set of recommendations to help IT security organizations address rebalancing security priorities.


Security spending survey finds misaligned IT security budgets

Many enterprise IT security budgets may be focused too heavily on protecting credit card data and customer personal information rather than safeguarding more valuable corporate secrets.  For most enterprises, secrets are more valuable than custodial data.  That was the conclusion of a global survey of 305 people with primary responsibility over IT security budgets, conducted by Forrester Research Inc. CISOs value company earnings and financial information the most, yet the majority of IT security spending is aimed at protecting less valuable data, according to the survey, which was commissioned by Microsoft and RSA, the security division of EMC Corp.


Friday, April 02, 2010

US, Europe, Japan agree on data center efficiency metric

Industry groups and government agencies from the U.S., Europe and Japan have reached a basic agreement on how to measure the energy efficiency of data centers, they are expected to say on Monday.  The agreement is seen as significant because it establishes a common metric that different types of data centers, in different parts of the world, can use to report their level of energy efficiency.  That could provide a yardstick for companies to assess the efficiency of their own data centers, and also to gauge the effectiveness of energy-saving techniques employed by other facilities.  Orchestrated by the Green Grid, an industry consortium in the U.S., the agreement is backed by the U.S. Department of Energy, the U.S. Environmental Protection Agency, the European Union Code of Conduct and the Japan Ministry of Economy, according to a statement from the Green Grid.


Database Security Suffers From Leadership Gap

If there’s one sure thing about database security, it’s that most organizations are unsure about who exactly is in charge of protecting their data stores.  According to a survey of 175 IT decision-makers polled by ESG, nearly a quarter of them reported that a lack of inter-departmental cooperation was one of the greatest risks to their database security.