January 2006 – CyberSecurity Institute

Identity Theft Laws Elevate Security to the C-Level

Posted on January 31, 2006December 30, 2021 by admini

The government must assess the risk associated with certain data types so companies aren’t notifying consumers every time a breach of even noncritical data occurs,” asserts Jerry Cerasale of the Direct Marketing Association (DMA), a New York-based trade association representing more than 5,200 direct, database and interactive marketers.

Fred Cohen, a principal analyst at Burton Group (Midvale, Utah), says enterprises should consider creating new positions or morphing existing ones to prepare for such legislation. “The position of a chief information security officer (CISO) exists at many large firms, but it has not been a C-level position,” says Cohen.

http://www.banktech.com/showArticle.jhtml?articleID=177102701

23% of corporate networks rely on users applying security patches themselves

Posted on January 31, 2006December 30, 2021 by admini

Many IT managers are leaving the security of their organization’s network to chance, despite more than 85% of respondents now having a workforce that is mobile or field-based.

Nearly half those surveyed (46%) admitted that the only way to enforce security settings on laptops and mobile devices is when they are physically back in the corporate environment. This means that while they are working or connecting remotely, they pose as significant risk to the business.

23% said that they must rely on their users to apply the security patches themselves.

http://www.zdnetindia.com/zdnet2005/mediaturf/top_728x90_1.html

Security consortium creates guidelines

Posted on January 31, 2006December 30, 2021 by admini

“Few product testers currently document their test samples or methodology,” the companies said in a statement. “Many use very small sample sets in their testing environments. As a result, there is no distinguishable benchmark for comparison.” The software makers are part of a larger organization, called the Anti-Spyware Coalition, which is working to standardize industry terms and technology for battling spyware.

Next on the group’s agenda: Defining threat-naming conventions, intelligence-sharing best practices, and emergency information distribution guidelines. The group says it will use definitions already created by the Anti-Spyware Coalition.

http://www.zdnetindia.com/zdnet2005/mediaturf/top_728x90_1.html

BMC, Oracle Increase Identity Management Focus

Posted on January 30, 2006December 30, 2021 by admini

BMC released BMC Identity Management .Net, which lets companies add user access, compliance, and password management into applications based on .Net. Due to lack of options, many businesses have been forced to build their own identity management apps for the .Net environment, says Somesh Singh, VP and general manager of BMC’s identity management group. BMC’s move to support .Net could help it stand apart from some of its large competitors in the business application market.”This will give small and medium businesses better automated control over their user populations, including access and the levels of privileges are being granted; something only large businesses have been able to afford and implement,”says Gerry Gebel, a Burton Group senior analyst, noting that BMC competitor Oracle doesn’t support the .Net environment with its security tools.

http://www.compliancepipeline.com/showArticle.jhtml?articleID=177105746

Vista will not ship with antivirus

Posted on January 29, 2006December 30, 2021 by admini

When asked why, Allchin refused to answer, citing complicated reasons. Anyhow, Windows Vista is going to still be protected -to some level- through Windows Defender. Also, there will be a built-in firewall capable of filtering suspicious traffic originating from a Vista PC as well as ingress filtering.

http://www.xatrix.org/article.php?s=4274

Symantec warns of notebook dangers

Posted on January 27, 2006December 30, 2021 by admini

“It’s alarming that executives have mobile devices containing data of such financial value and that very little is being done to protect the information on them.

The research shows that only a few organisations have measures in place to retrieve this information if their laptop is lost or stolen, which is very worrying,” said Lindsey Armstrong, senior vice president EMEA at Symantec.

http://www.macworld.co.uk/news/index.cfm?RSS&NewsID=13702