admini – Page 141 – CyberSecurity Institute

Number of reported cyber incidents jumps

Posted on February 17, 2009December 30, 2021 by admini

The Federal Information Security Management Act requires agencies to report cyber incidents, which are defined as acts that violate computer security or acceptable-use policies.

Mischel Kwon, US-CERT’s director, said that the numbers represent both an increase in malware and improvements in the capabilities of US-CERT and agencies to detect and report cyber incidents. “Both parts of the story are true: There is an increase in mal events, and there is an increase in capabilities in order to detect those mal events.” Kwon added that the numbers were a bit deceiving because the reports are based on manual reporting by agencies and that there are few security operations centers that monitor federal agency networks.

US-CERT, the operational arm of DHS’ National Cyber Security Division, works to analyze and reduce threat capabilities throughout government and industry, disseminate warning information and coordinate incident response activities. US-CERT also runs Einstein, a federal network-monitoring system. It is in the process of deploying a second version of the system with enhanced capabilities.

Kwon added that visibility across the federal network and incident reporting will improve as the second version of Einstein is deployed and agencies continue to reduce the number of connections they have to Internet under the Trusted Internet Connection project.

http://fcw.com/Articles/2009/02/17/CERT-cyber-incidents.aspx

Tenable Releases Database Auditing Capability

Posted on February 5, 2009December 30, 2021 by admini

Over the last five years, Tenable has continued to add additional capability to this widely used and cost effective tool.

Nessus’ capabilities have been extended to conduct agent-less patch audits, system configuration analysis against industry best practices, auditing of applications such as web servers and anti-virus installations and being able to audit hard drives for personally identifiable information (such as credit card numbers and social security numbers), copy written content, and other financial or confidential information.

The ability to perform a full security audit of the underlying operating system as well as the SQL database configuration can ensure that applications have taken every measure to prevent data loss from SQL injection attacks, direct attacks on the database and inadvertent internal access to sensitive data.

“Most organizations practice some sort of defense in depth to keep from being the next high-profile data loss headline,” says Ron Gula, CEO of Tenable Network Security.

The new capability of Nessus includes support for auditing Oracle, MS SQL, MySQL and many others, as well as SQL audit polices based on the Center for Internet Security and the Defense Information Systems Agency “STIGs.”

http://www.marketwatch.com/news/story/tenable-releases-database-auditing-capability/story.aspx?guid=%7B62074F33%2D6313%2D481C%2DB19D%2DB86B8748D3F6%7D&dist=msr_2

Sunbelt Pioneers New Anti-Virus Technology

Posted on February 5, 2009December 30, 2021 by admini

In a separate interview with Techworld, Eckelberry said that as far as he was aware the only other anti-malware products to have tried file emulation in anger were Microsoft and BitDefender.

Vipre Enterprise also boasts of its anti-rootkit protection – the program runs a special module called ‘firstscan in advance of Windows loading – and advanced kernel monitoring.

http://www.pcworld.com/businesscenter/article/158996/sunbelt_pioneers_new_antivirus_technology.html

Playing cricket, 3 miles up

Posted on February 5, 2009December 30, 2021 by admini

It will take the players nine days of mountain-climbing to reach their playing field, an artificial pitch on the Gorak Shep plateau in Nepal.

In the process, they hope to raise more than $350,000 for the Himalayan Trust UK and other charities.

Said one cricketeer, Mark Butcher: “It’s pretty bonkers, but anything that’s out there raising money for good causes is terrific.”

Scaling the world’s tallest mountain is treacherous work, and altitude sickness poses a genuine problem for the players. A medical team will be accompanying them.

http://www.heraldtribune.com/article/20090205/ARTICLE/902050305/2193/SPORTS?Title=Playing_cricket__3_miles_up

S’pore data protection enforcement needs bite

Posted on February 2, 2009December 30, 2021 by admini

In response to queries from ZDNet Asia, a spokesperson from the Ministry of Information, Communication and the Arts (Mica), said the inter-ministry committee involves public sector agencies including the Infocomm Development Authority, the Ministry of Trade and Industry, the Ministry of Finance, the Ministry of Home Affairs and the Attorney-General’s Chambers.

According to him, the committee is reviewing various approaches including those of the United States, the European Union and Canada, as there currently is no established, uniform method to deal with data protection.

“In shaping Singapore’s own data protection regime, we will take into account such international perspectives, where relevant, as well as views from the public. “Mica will share the details of the proposed framework at the appropriate juncture,” the spokesperson added.

Joshua Chua, Deloitte & Touche’s security and privacy leader for risk consulting in Southeast Asia, concurred. According to Chua, there is currently no specific data breach notification legislation in Singapore, which mandates that companies notify regulators and the public in the event of a privacy breach, or leakage of personal customer information.

Last year in the United Kingdom and Australia, there were some debate and momentum in handling data breaches. News of an impending data breach notification law surfaced in July when the Information Commissioner’s Office said that the European Union’s ePrivacy Directive would be a catalyst for such legislation in the country. The Hong Kong Monetary Authority, for example, issued a customer data protection circular to all authorized financial institutions on Jul. 10, 2008, he noted. The document contained guidelines requiring banks in the Special Administrative Region to have specific data breach management procedures in place, and also to appoint a senior official responsible for incident management. Instead, data protection and privacy is regulated via industry-specific laws and enforced by industry regulatory bodies, he explained.

Companies, on the other hand, need to ensure they have incident response procedures in place, as poor handling of data breaches can cause further damage.

http://www.zdnetasia.com/news/security/0,39044215,62050547,00.htm

Archer Technologies Acquires Brabeion Software

Posted on January 31, 2009December 30, 2021 by admini

Developed in cooperation with PriceWaterhouseCoopers, the Brabeion content will be added to Archer’s GRC product line and significantly expand Archer’s content offerings to now include more than 130 technical compliance baselines and controls.

This acquisition also gives Archer immediate access to a diversified, blue chip customer base including 12 of the Forbes 350 and 15 Fortune 1000 clients.

As part of our future growth strategy, Archer will actively and selectively seek additional strategic partnerships and acquisitions that enable customers to implement a best-in-class GRC program,” said Jon Darbyshire, Archer President and CEO. “The timing for this deal is perfect. This location offers a strategic hub for Archer’s professional services, client support, business development and sales teams with closer proximity to 40 percent of Archer’s customer base. Most importantly, we are confident they will realize the value that Archer brings to their expanding GRC initiatives outside of IT.”

http://pr-usa.net/index.php?option=com_content&task=view&id=165031&Itemid=96