January 2004 – Page 5 – CyberSecurity Institute

Top five security policies tips

Posted on January 7, 2004December 30, 2021 by admini

5. Don’t forget what you don’t see. Your traveling and remote users may be out of sight, but they shouldn’t be out of mind.
4. Cover all your bases. While you aren’t rewriting War and Peace, you should be as comprehensive as possible.
3. Be reasonable. Your end-users should be able to comprehend and abide by the policies that you set forth.
2. Understand what a security policy is. But do you really know what a security policy is?
1. Don’t start from scratch. You aren’t the only IT manager facing the Herculean task of writing security polices.

More info: [url=http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci943353,00.html]http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci943353,00.html[/url]

Indian outsourcing: Your data is more at risk than your job

Posted on January 6, 2004December 30, 2021 by admini

There are growing concerns that personal information being used by data processors such as offshore call centres may be abused once it is taken outside the reach of EU law enforcement bodies. And David Naylor, partner at law firm Morrison & Foerster, believes these fears are not without foundation, despite rules which make it illegal.

Naylor said there are laws in place which mean companies generally cannot enter into outsourcing agreements where personal data is transferred outside Europe unless it is to a country which shares the same rigorous levels of data protection or the individuals concerned have consented to the transfer of their data abroad. In addition, the company transferring the data must ensure that the outsourcing service provider meets other key criteria, such as guaranteeing levels of security and employee reliability. However, he warned “there is definitely a significant danger that data could be misused once it is taken outside the EU, even though any data controller thinking they can do so without breaking UK law would probably be entirely wrong”.

With so much data being transferred via so many transactions it is often difficult to spot the legitimate from the illegal. By moving operations offshore and adding a further level of complexity to this equation it is almost inevitable breaches, both deliberate and accidental, will occur. Naylor said: “Data is flowing from country to country at incredible speeds in ever greater volumes and the ability of regulators to control that and to ensure rules are observed and laws are obeyed is far from limitless.”

More info:[url=http://www.silicon.com/software/security/0,39024655,39117625,00.htm]http://www.silicon.com/software/security/0,39024655,39117625,00.htm[/url]

Microsoft publishes program to blast MSBlast

Posted on January 6, 2004December 30, 2021 by admini

The MSBlast worm, also commonly called the Blaster worm, started spreading last August and is believed to have spread to hundreds of thousands of systems.

While most corporations have cleaned up the worm, Microsoft has found that a large number of home users are still unknowingly infected, the software giant said in a statement.
“For many users in this situation, there is little indication that they are infected other than possible performance degradation,” Microsoft said in a statement. “And those infected are still actively transmitting the worm, causing Internet congestion in the process.”

Microsoft’s aim in releasing the latest tool is to reduce the amount of traffic being born by ISPs by cleaning up a significant number of home computers.

The tool can be found on Microsoft’s download site.

More info: [url=http://news.com.com/2100-1002_3-5136260.html?tag=nefd_top]http://news.com.com/2100-1002_3-5136260.html?tag=nefd_top[/url]

Internet security: the Top 10 online blunders

Posted on January 6, 2004December 30, 2021 by admini

Failing to archive firewall log files: Firewalls are often correctly configured with full logging enabled.

Not knowing where your passwords are documented: Nothing makes supporting customers more of a challenge than if they cannot remember where their passwords are documented.

Not scanning e-mails for viruses: Without question, e-mail borne viruses are today the biggest Internet security threat.

Not blocking Instant Messaging on your firewall: With Microsoft now in a big push to get people using its IM technology we are beginning to see IM clients freely deployed in businesses, mainly by users.

Depending on users to patch their own workstations: Let’s face it, users are terrible at following instructions

Not having an incident response plan: All networking and security professionals know that even with the best planning in the world, something will still go wrong.

Failing to disable accounts for departed employees: You would not believe how frequently HR fails to tell IT that an employee has left the business.

Failing to configure any security on a wireless access point: We all know wireless is here to stay.

Not keeping your firewall patched: This is pretty much tantamount to paying for an expensive lock on your front door at home and then leaving the keys in the lock – on the outside!

Not securing home PCs with their own firewall, VPN and virus detection

More info: [url=http://www.biosmagazine.co.uk/op.php?id=77]http://www.biosmagazine.co.uk/op.php?id=77[/url]

Security Threats Won’t Let Up

Posted on January 5, 2004December 30, 2021 by admini

There were tens of thousands of threats that affected individual businesses in various ways, depending on what systems and applications they had deployed and what kinds of security systems and practices they had in place.

– In 2000, the CERT Coordination Center, a government-funded security group, recorded 21,756 security-related incidents.
– Four out of five businesses were hit by a virus or worm in 2003, according to a survey of 404 security decision makers by the Yankee Group. Denial-of-service attacks were the second-most-common security incident, hitting about 40% of those surveyed.
– More than half of those surveyed by the Yankee Group expect their security budgets to increase during the next three years, while only 8% expect security spending to decline.

Security analysts and vendors predict that 2004 will bring thousands of new viruses and worms and a huge increase in the use of spyware. They also say that spammers will increasingly adopt tools used by virus writers, adding to the volume of spam and the problems it causes for corporate networks.

“The issue gets serious when it comes to telecommuters using home PCs, which may not have antivirus and firewalls installed,” says Scott Blake, VP of information security at security firm BindView Corp. “The corporation has no control over what software they install on their home PC.” For more than a year, he collected the keystrokes of the customers of the printing and copying chain, including passwords and user names, and used that data to fraudulently open bank accounts.

http://www.informationweek.com/story/showArticle.jhtml?articleID=17100340

CIO priorities for 2004

Posted on January 5, 2004December 30, 2021 by admini

At the SAS Institute Inc. CIO Suzanne Gordon said that security occupies the top spot on the Cary, N.C., software firm’s 2004 wish list. Gordon said that SAS will have a rolling forecast and look at the budget every quarter, so if the company needs a weapon to combat a Blaster worm is needed, she can get it.

For Tsvi Gal, CIO of Warner Music Group in New York, Web services and service-level management in heterogeneous environments, as well as digital rights management, rank in the upper tiers of his list.

Both said that disaster recovery (DR) investments are high priorities, which is in keeping with Forrester’s prediction that DR will be right behind security on the CIO shopping list. Gal said that his company is moving from a model in which DR is considered an issue only for IT departments to one that gets business divisions involved.

The emphasis on DR and business continuity isn’t only a CIO priority, according to Bob Doyle of Dallas-based RPD Global Consulting and a CIO for more than two decades, most recently with Fleming Companies. Rounding out Forrester’s top five CIO priorities for 2004: upgrading existing applications and desktops (“business-as-usual investments” as Gal called them) and compliance with new laws, namely the Sarbanes-Oxley Act.

IT outsourcing, one of the hottest topics in 2003, finished closer to the bottom of the 2004 priority pile, with only 24% of respondents saying that they would be exploring outsourcing alternatives in 2004, and only 17% said that moving IT work offshore was of the utmost importance. Forrester finding — that of the firms that already use offshore providers, 68% will send even more work overseas in 2004.

More info: [url=http://searchcrm.techtarget.com/originalContent/0,289142,sid11_gci943125,00.html]http://searchcrm.techtarget.com/originalContent/0,289142,sid11_gci943125,00.html[/url]