admini – Page 125 – CyberSecurity Institute

Security spending survey finds misaligned IT security budgets

Posted on April 5, 2010December 30, 2021 by admini

The survey found most security spending is driven by compliance initiatives, which focuses on protecting less valuable custodial data in the form of customer personally identifiable information and credit card numbers.

The data makes up a smaller proportion of a company’s assets, about 38%, while 62% of valuable enterprise assets typically make up corporate secrets.

“Catastrophic toxic data spills are dramatic and expensive, and they garner the most headlines…But for most enterprises, secrets are more valuable than custodial data,” according to the Forrester report, “The value of corporate secrets.”

Firms in the manufacturing, information services, professional, scientific and technical services and transportation accrue between 70% and 80% of their information portfolio value from corporate secrets. The survey found the average cost for lost smartphone incidents was about $12,000 per incident, while lost laptops and accidental leakages cost $26,000 per incident.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1508039,00.html?track=sy160&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+techtarget%2FSearchsecurity%2FSecurityWire+%28SearchSecurity+%3A+Security+Wire+Daily+News%29

US, Europe, Japan agree on data center efficiency metric

Posted on April 2, 2010December 30, 2021 by admini

“The Green Grid is working with organizations around the world to develop a clear and well-defined language for the way we communicate about energy efficiency metrics, which will give us a common measuring stick for all data centers regardless of their location,” said Tom Brey, an IBM employee who is secretary of The Green Grid, in a statement.

PUE, which was developed by the Green Grid, divides the total energy consumed by a data center by the amount of energy used to power the IT equipment. It has emerged as the most popular metric for measuring data center efficiency, and some large companies, notably Microsoft and Google, have been publishing PUE numbers as a way to show off the efficiency of their newest facilities.

“A global task force with representatives from each of the above mentioned organizations will continue to move this initiative forward and reconvene later this year to evaluate progress,” the Green Grid says in the statement.

In January representatives from the EPA met with several data center industry groups from the U.S., including 7×24 Exchange and ASHRAE (The American Society of Heating, Refrigerating and Air-Conditioning Engineers).

Rising energy costs and the amount of powerful IT equipment that has been added to data centers in recent years has made them a cost center on the radar of senior executives.

http://www.computerworld.com/s/article/9174701/US_Europe_Japan_agree_on_data_center_efficiency_metric?source=rss_news

Database Security Suffers From Leadership Gap

Posted on April 2, 2010December 30, 2021 by admini

“We asked who owns database security, and what we found is that a lot of companies have multiple people involved,” Oltsik says.

According to ESG, the most common stakeholders listed by survey respondents were security administrators, DBAs, and system administrators. But some organizations could have as many as 10 different individuals or functional groups burdened with responsibility for regulatory compliance when it comes to the sensitive information within their databases.

Approximately nine different corporate roles were listed by at least a quarter of respondents as having a say in database security, including the usual suspects along with auditors, compliance departments, and legal staffers.

Unfortunately, with so many stakeholders responsible for securing valuable database information, Oltsik suspects that too many of them believe someone else is taking care of database security — thus leaving no one at the tiller.

“Instead of investing in hardware or software, I would start with the people first,” says Kornbrust, CEO of Red-Database-Security GmbH, a consultancy that specializes in securing Oracle databases.

This could start by testing out cooperation with the hardening of just a few databases.

http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=224201189&cid=RSSfeed

FAA Launches Real-Time Security Pilot With IBM

Posted on March 30, 2010December 30, 2021 by admini

In addition to the FAA’s own cybersecurity efforts, the FAA’s security operations center manages cybersecurity for the rest of the Department of Transporation as well as for parts of the Department of Energy and the Department of Commerce, and Brown expects the amount of cybersecurity information being fed to the FAA’s analysts only to grow with time.

According to IBM, the effort will work by first establishing certain baselines in order to be able to identify anomalous traffic, and then use those baselines to detect the presence of possible attackers in real-time and even to perform predictive analytics to anticipate what hackers who have infiltrated a system might do next in order to cut them off at the pass before they’re able to do real damage.

InfoSphere Streams is able to digest heavy streams of low-level data in multiple formats simultaneously, analyze them with pre-processing, and adjust to tweaks in algorithms and analytical models on the fly.

http://www.darkreading.com/vulnerability_management/security/perimeter/showArticle.jhtml?articleID=224200806&cid=RSSfeed

A Security Checklist for Deploying Software-as-a-Service

Posted on March 26, 2010December 30, 2021 by admini

When you convert to SaaS, your data will be transported across the Internet to the SaaS vendor site. If their application is not secure, your critical business information will potentially be exposed to anyone who can take advantage of such a vulnerability.

– Review the vendor’s service history
– Application and infrastructure security requirements
– Solid Service Level Agreements
– No silent fixing
– Data recovery
– Encryption standards and key management
– No weak links in the security access chain
– Ownership

Finally, you need to remember that software is secure only when it’s built that way, so when choosing a sound SaaS solution, be sure that the security has been checked for all vulnerabilities so that it’s secure for all of today’s distributed software portfolios.

http://www.ctoedge.com/content/security-checklist-deploying-software-service

Senate Committee OKs Cybersecurity Act

Posted on March 24, 2010December 30, 2021 by admini

Olympia Snowe (R-Maine), was introduced last April and then re-introduced last week with some key changes. Notably, it no longer gives the president unilateral power to disconnect networks from the Internet in the event of a major cyberattack. The bill also includes amendments for how the president and private sector can work together to help secure critical infrastructure.

During the hearing, senators expressed how important it is that the Senate passes the legislation quickly, as it’s long overdue. “The government hasn’t gotten its act together; the private sector has had problems getting its act together,” he said. Bill Nelson (D-Florida) said that might even be too much time in light of potential cyber threats.

The House last month passed its own cybersecurity bill, the Cybersecurity Enhancement Act of 2009 (HR 4061), first introduced by Rep. Daniel Lipinski (D-IL) last year.

http://www.darkreading.com/security/government/showArticle.jhtml?articleID=224200245&cid=RSSfeed