admini – Page 203 – CyberSecurity Institute

Security must focus on desktop policy

Posted on November 7, 2006December 30, 2021 by admini

Outside the control of an organisation, such applications can increase the risk of the company network being hit with malicious software, designed to steal data, or worms and viruses that can paralyse company systems.

The influence of major events on the downloading of personal email files to company PCs was also reflected in the amount of respondents -34% – who had opened attachments during this year’s World Cup. The research also highlights a number of areas where unintentionally users could be increasing security risks; 28% of the employees share files with family and friends and 25% allowed others to go online using their work computer, effectively forfeiting control over what is being used on or downloaded to their devices. Just under half said that they connect devices to their computers such as cameras, music players, mobile phone and PDA.

The research also indicates that most users are probably unaware of the risk posed by their behaviour with 90% of those surveyed believing that their work computer is either fairly or very secure, with 67% trusting that their IT department has taken the necessary measures to secure their device against threats.

http://www.it-observer.com/news/6945/security_must_focus_desktop_policy/

19 Ways to Build Physical Security into a Data Center

Posted on November 7, 2006December 30, 2021 by admini

Sure, the extra precautions can be expensive. But they’re simply part of the cost of building a secure facility that also can keep humming through disasters.

Suggestions:
Build on the right spot.
Have redundant utilities.
Pay attention to walls.
Avoid windows.
Keep a 100-foot buffer zone around the site.
Use retractable crash barriers at vehicle entry points.
Limit entry points.
Make fire doors exit only.
Protect the building’s machinery.
Plan for secure air handling.
Ensure nothing can hide in the walls and ceilings.
Use two-factor authentication.
Harden the core with security layers.
Prohibit food in the computer rooms.
Install visitor rest rooms.

http://www.csoonline.com/read/110105/datacenter.html

I would also advise that you don’t organize related systems in nice rows (hortiontal or vertical). It might be convienent but a localized incident could take out a whole critical business solution. So distribute related systems across a data center.

Symantec to Acquire Company-i

Posted on November 6, 2006December 30, 2021 by admini

Corporate boards and executive management teams are focusing on reducing operational risk to ensure resilient business operations, trusted brands, and compliance with evolving regulations.

With data centers now managing petabytes of data, Symantec is increasingly asked by clients for assistance architecting and running these complex IT infrastructures in a way that reduces operational risks.

“Symantec’s Global Services strategy around managing IT risk makes them a trusted advisor for addressing critical data center challenges,” said Mark Pennycook, CEO, Company-i.

http://www.symantec.com/about/news/release/article.jsp?prid=20061106_02&WT.svl=bestoftheweb4

Security threat changing, says Symantec CEO

Posted on November 3, 2006December 30, 2021 by admini

The head of Symantec’s Asia-Pacific business, Bill Robbins, explained in an interview that the changing threat means businesses will not only have to spend more time and energy on making sure that data is secure, but also on recording which users are accessing and manipulating information stored in corporate databases.

Midsize companies should sit up and take notice because hackers aren’t choosing their targets by brand name, Robbins said.

Symantec’s warnings come at a time when fear of online crime is increasing and law enforcement agencies around the world are taking the issue more seriously.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004741&source=NLT_AM&nlid=1

Security Management in Flux

Posted on November 3, 2006December 30, 2021 by admini

Blum will talk about this and other security trends in his “Security Landscape: Market in Flux” session on Monday at the Computer Security Institute’s 33rd Annual Conference and Expo in Orlando, Fla.

This integration is also expected to simplify security oversight, with fewer tools and easier management of all that data they generate. “If you had one vendor provide everything for you, then it wouldn’t [be able to easily] keep up with change and new attacks,” he says. “And if you have too many different vendors’ products, you can’t keep up with the burden of integrating” it all and you’re probably not getting the best bang for your buck because you’ll also have to invest in integrating the tools.

The key is not getting trapped on a treadmill of having to buy a new security tool every time a new attack vector is discovered, or a new compliance requirement comes along, he says.

Meanwhile, there’s still no easy way to manage — nor sift through the false alarms — the data security tools generate. Today’s network operations centers don’t typically encompass all of an organization’s security management, “Most of us don’t have security in the NOC. You see security teams playing more strategic roles than operations, such as compliance, high-level risk management, etc. And they need to be able to exert control through distributed points as well… You can’t do it all from one NOC.”

http://www.darkreading.com/document.asp?doc_id=109786&WT.svl=news1_3

Review of The 6th Annual InfoSecurity New York Conference and Exhibition

Posted on November 3, 2006December 30, 2021 by admini

Among the solutions provided, there exist data encryption, IT auditing services, application security solutions, biometrics, end-to-end infrastructure management… Whether your institution requires simple IT risk assessment or a full-enterprise database infrastructure centralization and standardization, InfoSec NY provided a complete spectrum of provider solutions.

In a world where both threats and solutions are constantly evolving, educating yourself about the various security providers available is no longer an issue of compliance and best-practices. InfoSec NY provided both elements by offering informative sessions hosted by field experts and other authorities in addition to vendor resources.

Out of the companies surveyed, the study found 72 percent of breaches occurred because of a lack of protection. Yet regardless of this fact, the costs caused by breaches are primarily reactive, with costs increasing with relation to collateral mitigation, such as:

– a 55 percent focus in marketing costs
– a 34 percent focus in customer support costs
– an 11 percent focus in legal, audit, and risk management cost
– a 0 percent focus in IT security costs

With the IT department bearing none of the costs related to addressing data breaches, such a trend will continue for those who do not maintain a best-practices information security posture.

From attending InfoSec NY, the tracks available satisfied every information security need for all financial institutions, whether they attended to simply touch base with the industry trends, or to gain insightful methods into improving their business posture. As for the general atmosphere of the discussion panels, the warm reception and the number of pleased nods the sessions provoked was a good indicator of the audience’s approval.

http://www.bankinfosecurity.com/articles.php?art_id=167&PHPSESSID=5d300b3be8332b81086b766592012ed5