admini – Page 202 – CyberSecurity Institute

81% of IT Managers report a security incident due to IM or other Greynets

Posted on November 8, 2006December 30, 2021 by admini

Results of the survey show that more users are adopting greynet applications while, at the same time, little progress has been made toward combating greynet-related attacks. Greynets – real-time communications applications that are often introduced by end users and use highly evasive techniques to traverse the network – pose myriad network and information security risks because they provide vectors for malware, intellectual property loss, identity theft and compliance risks.

A typical organization is estimated to spend nearly $130,000 per year on average to repair damage from greynet-related attacks, while the largest companies are estimated to spend upwards of $350,000 per year repairing damage from greynet-related attacks due to higher incident rates.

http://www.it-observer.com/news/6950/81_it_managers_report_security_incident_due_im_or_other_greynets/

Microsoft trains partners to improve security

Posted on November 8, 2006December 30, 2021 by admini

Microsoft adopted the Security Development Lifecycle as part of its Trustworthy Computing Initiative, adopted in January 2002 after the massive Code Red and Nimda worm epidemics. The SDL aims to drum out security flaws from the company products and train development, quality-control and support staff to keep flaws from reoccurring. Windows 2003, Visual Studio 2005, Internet Explorer 7 and Microsoft Office 2007 have all been developed under the SDL process.

http://www.securityfocus.com/brief/351

Managed Services on the Rise

Posted on November 8, 2006December 30, 2021 by admini

The most recent movement comes from BT Group, global provider of communications solutions and managed services, which announced that it acquired Counterpane Internet Security, a provider of managed network security services.

In late September 2006, SecureWorks and LURHQ merged under the SecureWorks name.

In late August, IBM announced that it had reached a deal to acquire Internet Security Systems (ISS) for $1.3 billion in cash.

If Perimeter wants to be acquired, its own recent acquisitions make it ripe for that possibility. SurfControl announced two new managed security services offerings for Web and email protection. The merger and acquisition trends fit with industry analyst projections for increasing interest in the overall managed services sector.

http://www.windowsitpro.com/WindowsSecurity/Article/ArticleID/94176/WindowsSecurity_94176.html

Security must focus on desktop policy

Posted on November 7, 2006December 30, 2021 by admini

Outside the control of an organisation, such applications can increase the risk of the company network being hit with malicious software, designed to steal data, or worms and viruses that can paralyse company systems.

The influence of major events on the downloading of personal email files to company PCs was also reflected in the amount of respondents -34% – who had opened attachments during this year’s World Cup. The research also highlights a number of areas where unintentionally users could be increasing security risks; 28% of the employees share files with family and friends and 25% allowed others to go online using their work computer, effectively forfeiting control over what is being used on or downloaded to their devices. Just under half said that they connect devices to their computers such as cameras, music players, mobile phone and PDA.

The research also indicates that most users are probably unaware of the risk posed by their behaviour with 90% of those surveyed believing that their work computer is either fairly or very secure, with 67% trusting that their IT department has taken the necessary measures to secure their device against threats.

http://www.it-observer.com/news/6945/security_must_focus_desktop_policy/

19 Ways to Build Physical Security into a Data Center

Posted on November 7, 2006December 30, 2021 by admini

Sure, the extra precautions can be expensive. But they’re simply part of the cost of building a secure facility that also can keep humming through disasters.

Suggestions:
Build on the right spot.
Have redundant utilities.
Pay attention to walls.
Avoid windows.
Keep a 100-foot buffer zone around the site.
Use retractable crash barriers at vehicle entry points.
Limit entry points.
Make fire doors exit only.
Protect the building’s machinery.
Plan for secure air handling.
Ensure nothing can hide in the walls and ceilings.
Use two-factor authentication.
Harden the core with security layers.
Prohibit food in the computer rooms.
Install visitor rest rooms.

http://www.csoonline.com/read/110105/datacenter.html

I would also advise that you don’t organize related systems in nice rows (hortiontal or vertical). It might be convienent but a localized incident could take out a whole critical business solution. So distribute related systems across a data center.

Symantec to Acquire Company-i

Posted on November 6, 2006December 30, 2021 by admini

Corporate boards and executive management teams are focusing on reducing operational risk to ensure resilient business operations, trusted brands, and compliance with evolving regulations.

With data centers now managing petabytes of data, Symantec is increasingly asked by clients for assistance architecting and running these complex IT infrastructures in a way that reduces operational risks.

“Symantec’s Global Services strategy around managing IT risk makes them a trusted advisor for addressing critical data center challenges,” said Mark Pennycook, CEO, Company-i.

http://www.symantec.com/about/news/release/article.jsp?prid=20061106_02&WT.svl=bestoftheweb4