admini – Page 113 – CyberSecurity Institute

BIS: We Have Failed to Learn From the Nordic Crisis

Posted on August 6, 2010December 30, 2021 by admini

In the current episode, the down-leg of the financial cycle had not proceeded as far and banks were further away from the point of technical insolvency.
However, the underlying weakness in balance sheets has not been recognised as fully. All this has tended to slow down resolution. In other words, the zombie banks live on just as they have in Japan.

Principle 1: Early recognition and intervention
The nature and size of the problems should be recognised early and intervention should follow quickly. The purpose of early recognition and intervention is to avoid a hidden deterioration in conditions that could magnify the costs of the eventual resolution. A key reason why costs tend to increase as action is delayed is that economic agents operate under distorted incentives.

Principle 2: Comprehensive and in-depth intervention
Intervention and resolution should be broad-ranging and in-depth. The overriding objective is to restore lasting confidence in the financial system and its capacity to operate effectively and sustainably, without public support. Intervention includes three critical steps: (i) stabilising the financial system; (ii) restructuring balance sheets; and (iii) re-establishing the conditions for the sector’s long-term profitability.

Principle 3: Balancing systemic costs with moral hazard P3: Intervention should strike a balance between limiting the adverse impact on the real economy and containing moral hazard.

http://seekingalpha.com/article/219124-bis-we-have-failed-to-learn-from-the-nordic-crisis

Apple iPhone, iPad in Enterprise Needs Security Policies: Forrester

Posted on August 4, 2010December 30, 2021 by admini

Enterprises should consider instituting provisions to acceptable-use policies, he added, including the requirement that employees back up their devices using iTunes. Certain enterprises, such as health care, demand more stringent security policies. For those companies, Jaquith recommends additional configuration profile settings: seven-character alphanumeric passcodes for stronger protection, hardware encryption with an AES-256 symmetric key, certificate-based authentication, and the application encryption supported by iOS4.

Those more-stringent requirements would also demand new policy provisions, including a company right to emergency device confiscation, and a requirement that users scrub their address books of sensitive information such as social security numbers.

Even with Apple’s more robust security measures, the report suggests that the iPhone and iPad “still lack some key security and management refinements that enterprises require.”

These include the iPhone’s inability to automate installation tasks, even as it generates configuration profiles; a lack of mature enterprise device management tools and support for smart-card authentication; no compliance with FIPS 140-2; and zero capability for logging and archiving SMS messages.

http://www.eweek.com/c/a/Security/Apple-iPhone-iPad-In-Enterprise-Needs-Security-Policies-Forrester-578909/

FTC Slaps Twitter Down Hard For Lax Security, Privacy Violations

Posted on July 25, 2010December 30, 2021 by admini

For instance, users can send “direct messages” to a specified follower so that only the specific author and recipient can view the message. Twitter users can also click a button labeled “Protect my tweets,” which means only approved followers can view them.

According to the FTC, the privacy policy posted on Twitter’s website stated that “Twitter is very concerned about safeguarding the confidentiality of your personally identifiable information.

In January 2009, a hacker used an automated password-guessing tool to gain administrative control of Twitter after submitting thousands of guesses into Twitter’s login website. The hacker reset at least one Twitter user’s password, and could access nonpublic user information and tweets for any Twitter users.

According to the FTC’s complaint, Twitter was vulnerable to these attacks because it failed to prevent unauthorized administrative control of its system, including reasonable steps in password management among administrators and employees.

http://www.darkreading.com/securityservices/security/privacy/showArticle.jhtml?articleID=225701520&cid=RSSfeed_DR_News

Ireland considers detailed data loss disclosure guidelines

Posted on June 10, 2010December 30, 2021 by admini

In comparison, the U.K.’s disclosure guidelines are less specific than the proposed Irish code of practice, Malcolm said. However, the U.K.’s Information Commissioner does expect organizations to report serious data breaches, he said.

In April, the U.K. Information Commissioner for the first time gained the power to fine organizations for violating the Data Protection Act. The European Union has a data breach disclosure law on the books, but it only applies to telecommunication companies.

http://news.idg.no/cw/art.cfm?id=21BB489B-1A64-6A71-CE1333F9221EF072

Survey Finds Enterprise Mobility Management Lowers Cost, Improves Security and Supports More Devices

Posted on June 10, 2010December 30, 2021 by admini

“Enterprise Mobility Management has emerged as the essential tool top performing organizations use to take control of the full mobility lifecycle of their mobile ecosystem,” said Andrew Borg, senior research analyst for wireless and mobility, Aberdeen. Aberdeen distinguished the respondents as Best-in-Class, Industry Average and Laggard organizations.

+ EMM impacts the bottom line — By leveraging EMM, TCO per mobile employee in a Best-in-Class company averaged $189, 23 percent lower than the Industry Average
+ Best-in-Class organizations mobilize 84 percent of their employees — an increase of 22 percent over the last 12 months.
+ EMM reduces number of lost/stolen devices
+ Diversity and complexity of mobile platforms is exploding
+ 70 percent of Best-in-Class organizations developed a detailed inventory of all devices including employee owned
+ Remote control management capabilities contribute to competitive advantage

The Aberdeen survey also found that Best-in-Class organizations leveraged EMM capabilities to ensure that end user devices are properly authenticated before accessing company network and data.

http://finance.yahoo.com/news/Survey-Finds-Enterprise-iw-1578956769.html?x=0&.v=1

IBM Announces New Offerings to Help Organizations Drive Innovation While Managing Cost and Risk

Posted on June 7, 2010December 30, 2021 by admini

Integrated Product Management Offerings: A set of IBM software and hardware offerings and best practices from across the IBM and Business Partner organizations that help design, deliver and subsequently manage the lifecycle of increasingly complex offerings, including product planning, software development, software design chain and asset management.

Flexible, Affordable Software Development: As organizations strive to reduce their capital expenditures and operational expenses, new deployment and licensing models can help them meet these goals.

IBM is providing new cloud test and development offerings, in both private and public environments.

Support for IBM Industry Frameworks and Customized Solutions: To support and extend the new Integrated Product Management initiative, and offer customers continual improvement unique to the challenges of their industries, IBM is investing in new best practices, assets and workbenches optimized to specific industry vertical use cases.

IBM’s Integrated Product Management offerings, based on solutions and software from IBM Rational, provide a holistic environment in which to design and deliver software while sustaining competitive differentiation through continuous innovation. Today, software development and delivery teams are being asked to respond to changes in the marketplace more quickly–but with fewer resources and mounting pressure to deliver more value. IBM can help speed innovation with reduced cost and risk by deploying a flexible environment for software design, development and delivery on multiple platforms.

IBM’s new token and term licensing models provide instant flexibility, giving customers access to the right software at the right time during a project, without an abundance of shelfware or the hassle of a new PO or evaluation process. With tokens, users can quickly move between products as the capabilities are required without needing to calculate the anticipated number of licenses for each product, taking the guesswork out of product usage.

As cloud computing brings an array of options to software development, organizations pilot and prove cloud computing models, and provide the tools to extend cloud offerings into production. IBM Rational Software delivery services for cloud computing help leverage the cloud to transform software by providing software development and test solutions across multiple platforms, available for private cloud deployments on the IBM Smart Business Development and Test Cloud and as an offering for IBM Smart Business Development and Test on the IBM Cloud. Specifically Rational has added products and services into the IBM Insurance Industry Framework, the IBM Banking Industry Framework, the Chemicals and Petroleum Integrated Information Framework, and the Service Provider Delivery Environment Framework.

EGL, a business application programming language created by IBM, is designed for developing portable, cross-platform applications and services that can be deployed to the appropriate runtime environments based on the evolving needs of the business.

http://www.marketwatch.com/story/ibm-announces-new-offerings-to-help-organizations-drive-innovation-while-managing-cost-and-risk-2010-06-07?reflink=MW_news_stmp