admini – Page 203 – CyberSecurity Institute

19 Ways to Build Physical Security into a Data Center

Posted on November 7, 2006December 30, 2021 by admini

Sure, the extra precautions can be expensive. But they’re simply part of the cost of building a secure facility that also can keep humming through disasters.

Suggestions:
Build on the right spot.
Have redundant utilities.
Pay attention to walls.
Avoid windows.
Keep a 100-foot buffer zone around the site.
Use retractable crash barriers at vehicle entry points.
Limit entry points.
Make fire doors exit only.
Protect the building’s machinery.
Plan for secure air handling.
Ensure nothing can hide in the walls and ceilings.
Use two-factor authentication.
Harden the core with security layers.
Prohibit food in the computer rooms.
Install visitor rest rooms.

http://www.csoonline.com/read/110105/datacenter.html

I would also advise that you don’t organize related systems in nice rows (hortiontal or vertical). It might be convienent but a localized incident could take out a whole critical business solution. So distribute related systems across a data center.

Symantec to Acquire Company-i

Posted on November 6, 2006December 30, 2021 by admini

Corporate boards and executive management teams are focusing on reducing operational risk to ensure resilient business operations, trusted brands, and compliance with evolving regulations.

With data centers now managing petabytes of data, Symantec is increasingly asked by clients for assistance architecting and running these complex IT infrastructures in a way that reduces operational risks.

“Symantec’s Global Services strategy around managing IT risk makes them a trusted advisor for addressing critical data center challenges,” said Mark Pennycook, CEO, Company-i.

http://www.symantec.com/about/news/release/article.jsp?prid=20061106_02&WT.svl=bestoftheweb4

Security threat changing, says Symantec CEO

Posted on November 3, 2006December 30, 2021 by admini

The head of Symantec’s Asia-Pacific business, Bill Robbins, explained in an interview that the changing threat means businesses will not only have to spend more time and energy on making sure that data is secure, but also on recording which users are accessing and manipulating information stored in corporate databases.

Midsize companies should sit up and take notice because hackers aren’t choosing their targets by brand name, Robbins said.

Symantec’s warnings come at a time when fear of online crime is increasing and law enforcement agencies around the world are taking the issue more seriously.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004741&source=NLT_AM&nlid=1

Security Management in Flux

Posted on November 3, 2006December 30, 2021 by admini

Blum will talk about this and other security trends in his “Security Landscape: Market in Flux” session on Monday at the Computer Security Institute’s 33rd Annual Conference and Expo in Orlando, Fla.

This integration is also expected to simplify security oversight, with fewer tools and easier management of all that data they generate. “If you had one vendor provide everything for you, then it wouldn’t [be able to easily] keep up with change and new attacks,” he says. “And if you have too many different vendors’ products, you can’t keep up with the burden of integrating” it all and you’re probably not getting the best bang for your buck because you’ll also have to invest in integrating the tools.

The key is not getting trapped on a treadmill of having to buy a new security tool every time a new attack vector is discovered, or a new compliance requirement comes along, he says.

Meanwhile, there’s still no easy way to manage — nor sift through the false alarms — the data security tools generate. Today’s network operations centers don’t typically encompass all of an organization’s security management, “Most of us don’t have security in the NOC. You see security teams playing more strategic roles than operations, such as compliance, high-level risk management, etc. And they need to be able to exert control through distributed points as well… You can’t do it all from one NOC.”

http://www.darkreading.com/document.asp?doc_id=109786&WT.svl=news1_3

Review of The 6th Annual InfoSecurity New York Conference and Exhibition

Posted on November 3, 2006December 30, 2021 by admini

Among the solutions provided, there exist data encryption, IT auditing services, application security solutions, biometrics, end-to-end infrastructure management… Whether your institution requires simple IT risk assessment or a full-enterprise database infrastructure centralization and standardization, InfoSec NY provided a complete spectrum of provider solutions.

In a world where both threats and solutions are constantly evolving, educating yourself about the various security providers available is no longer an issue of compliance and best-practices. InfoSec NY provided both elements by offering informative sessions hosted by field experts and other authorities in addition to vendor resources.

Out of the companies surveyed, the study found 72 percent of breaches occurred because of a lack of protection. Yet regardless of this fact, the costs caused by breaches are primarily reactive, with costs increasing with relation to collateral mitigation, such as:

– a 55 percent focus in marketing costs
– a 34 percent focus in customer support costs
– an 11 percent focus in legal, audit, and risk management cost
– a 0 percent focus in IT security costs

With the IT department bearing none of the costs related to addressing data breaches, such a trend will continue for those who do not maintain a best-practices information security posture.

From attending InfoSec NY, the tracks available satisfied every information security need for all financial institutions, whether they attended to simply touch base with the industry trends, or to gain insightful methods into improving their business posture. As for the general atmosphere of the discussion panels, the warm reception and the number of pleased nods the sessions provoked was a good indicator of the audience’s approval.

http://www.bankinfosecurity.com/articles.php?art_id=167&PHPSESSID=5d300b3be8332b81086b766592012ed5

MasterCard tackles PIN-based debit card fraud

Posted on November 2, 2006December 30, 2021 by admini

A majority of banks currently use Fair Isaac Corp.’s Falcon fraud-detection system and their own homegrown systems for dealing with payment card fraud, she said. “But MasterCard, along with Visa, is in a better position to see networkwide transactions,” which can be an advantage in detecting fraud, Litan said.

MasterCard’s Online Fraud Monitor service will use a proprietary risk-scoring model that will look at factors such as account spending, transaction histories and device-level activity to calculate the likelihood of fraud on an individual ATM transaction, Sargent said. For instance, if a card that in the past has been used only domestically were to be used in a large transaction in a foreign country, the transaction would automatically be flagged as high-risk for follow-up action.

MasterCard already offers a similar fraud-detection capability for credit card and signature-based ATM transactions via its Expert Monitoring System and MasterCard Alerts services.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004681&source=NLT_AM&nlid=1