admini – Page 110 – CyberSecurity Institute

Cloud computing ISO Standards in the pipeline

Posted on August 18, 2010December 30, 2021 by admini

The area of digital forensics concerns any digitally-stored evidence. There is some risk in digital forensics — legal, professional, ethical and IT technical risk.

However, many organisations have not put in the necessary preparation to handle these risks.

At the workshop Dr Brian Cusack, leader of the AUT University Digital Forensic Research Laboratories, discussed a draft working document to provide guidelines to identify, collect and/or acquire and preserve digital evidence.

The standard for corporate governance of IT (AS/NZS ISO/IEC 38500:2010) includes principles that provide a checklist for IT investment decisions and a framework to evaluate, direct and monitor the use of IT in organisations.

While he used Australian case studies, these issues are relevant to organisations here. He also discussed common problems in IT projects — often it is not the technology itself he says, but the way organisations use it.

http://computerworld.co.nz/news.nsf/special/cloud-computing-iso-standards-in-the-pipeline

Small And Midsize Businesses Look For Ways To Cut Compliance Costs

Posted on August 12, 2010December 30, 2021 by admini

While a large company can shell out hundreds of thousands of dollars for assessment and compliance solutions, that sort of money is not in the budget of most smaller firms. Yet, even small companies may need to comply with at least one — and sometimes more — security regulations that govern the data that they store on their servers.

Medical firms need to abide by the Health Insurance Portability and Accountability Act (HIPAA). Small banks have to comply with the Gramm-Leach-Bliley Act (GLBA). And any firm holding credit-card data needs to be compliant with the Payment Card Industry (PCI) Data Security Standards.

For small and midsize businesses, perusing the PCI standards is a good first step, Corman says, because most businesses accept credit cards and because many other standards use the PCI requirements as a starting point. The first is initial design and implementation of systems to collect the data and create the reports needed to pass future audits. Because many smaller businesses do not have dedicated IT staff — never mind IT security staff — the company usually has to pay a security consultant or assessor to do this work.

The second major cost is the ongoing effort needed to collect the data necessary for compliance validation. “One client kept track of the time spent on compliance and found that, in year one, they spent 60 percent of staff time on collecting log data for reports,” he says.

Finally, SMBs must pay an auditor to verify that they are complying with regulations. Many companies look to minimize their compliance costs and go for the checkboxes, without really paying much attention to real security — even though fixing their security problems can mean avoiding a costly breach. Companies that minimize the number of systems that handle data can significantly reduce the cost of an audit as well, Corman says.

“SMBs might want one-stop shopping to save money, but it is a healthy practice to make sure that you are not getting your auditing from companies the sell products,” he says.

http://www.darkreading.com/smb-security/security/management/showArticle.jhtml?articleID=226700099

Tallying the Cost of Cyber Crime

Posted on August 11, 2010December 30, 2021 by admini

The median tally came to $3.8 million per organization, but the range spanned from $1 million to almost $52 million, according to researchers.

“Through actions such as the appointment of a chief information security officer [CISO], the rollout of an enterprise security strategy, and investments in technologies capable of addressing sophisticated threats and managing complex security events, companies are able to reduce the financial impact of cyber crime.”

http://esj.com/articles/2010/08/10/tallying-cost-of-cyber-crime.aspx

Stats: The Age of the Internet of Things Has Dawned

Posted on August 11, 2010December 30, 2021 by admini

So far AT&T is banking heavily on it and has even won some deals, in part because its GSM-based network is compatible with the networks used in the rest of the world, while Verizon and Sprint’s CDMA networks are U.S.-only. This issue of incompatible networks may be another reason that Verizon is pushing its LTE launch so aggressively, and why a transition to LTE will benefit Clearwire-Sprint in the long term.

While it[US] lags Japan and Korea in 3G penetration by a distance, due to higher penetration of smartphones and datacards, the consumption is much higher than its Asian counterparts. Sharma points out that U.S. consumers are data hogs on smartphones, using 230 MB on average — a number that’s up 50 percent in the last six months.

http://gigaom.com/2010/08/10/stats-the-age-of-the-internet-of-things-has-dawned/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OmMalik+%28GigaOM%29

CouchDB Says Hello To Google Android

Posted on August 11, 2010December 30, 2021 by admini

CouchDB, the open source database that is part of the NoSQL movement, is now available on Google’s Android. Palm, a division of Hewlett Packard, has already announced that the next version of its webOS will include services for syncing local data with CouchDB. According to Couch.io executives, applications — web…

First SMS Trojan for Android is in the wild

Posted on August 11, 2010December 30, 2021 by admini

There have been isolated cases of devices running Android getting infected with spyware since last year, but this is the first occasion that an SMS-spewing Trojan, common in the world of mobile malware, has affected devices running Google’s operating system.

If a user agrees to permit an application to access premium rate service during installation, the smartphone may then be able to make calls and send SMSs without further authorisation.

http://www.theregister.co.uk/2010/08/10/android_sms_trojan/