admini – Page 210 – CyberSecurity Institute

Security firms jump in the acquisition pool

Posted on October 2, 2006December 30, 2021 by admini

Customers want to have a smaller set of vendors accountable if their technology fails to keep information secure and in compliance with regulations–and large systems and storage companies have the financial clout to act as consolidators. “They have the ability to do the potential M&A (mergers and acquisition) deals in cash, or are large enough to do them with stock, or a combination of both,” MacLeod said.

Prior to their acquisition announcements, ISS and RSA Security, for example, had long been rumored to be potential buyout candidates. Other names analysts point to on a short list of potential targets include Trend Micro, Check Point Software Technologies, McAfee and Secure Computing.

“On one side, you have companies like Cisco (Systems) and Microsoft that will discount the price they charge for security, and on the other side, you have the best-of-breed (niche security) companies,” Kuper said.

Buyers don’t want the consumer side, so maybe it could take the consumer piece private and sell the enterprise business,” said one security analyst, who requested anonymity.

http://news.com.com/Security+firms+jump+in+the+acquisition+pool/2100-7350_3-6121403.html?tag=nefd.lede

Wireless emerges as crucial growth area for small firms

Posted on October 2, 2006December 30, 2021 by admini

The figures suggest a triumph of hope over experience, says report author and IoD senior policy adviser Jim Norton.

‘Technology is seen as key to continued business growth and there is increasing maturity in the way it is used, but there is still some way to go,’ said Norton.

http://www.vnunet.com/computing/news/2165119/wireless-emerges-crucial-growth

IT security is a financial headache for business

Posted on October 2, 2006December 30, 2021 by admini

The research, conducted by Ipsos MORI Research, revealed that in addition to multiple vendors, many businesses are deploying a large number of security technologies across their organisation.

One of the main difficulties for businesses with multiple solutions from multiple vendors is in managing the deployment of patches. The use of a single management console can significantly aid the deployment of patches, said Aminah Gianfrancesco, director of system security EMEA at McAfee.

http://www.siliconrepublic.com/news/news.nv?storyid=single7131

ISO 17799 and 27001: Setting the Standards for Information Security

Posted on October 2, 2006December 30, 2021 by admini

ISO 17799 provides best practice recommendations for initiating, implementing, or maintaining information security management systems. The standard contains 12 sections: risk assessment and treatment; security policy; organization of information security; asset management; access control; information security incident management; human resources security; physical and environmental security; communications and operations management; information systems acquisition, development and maintenance; business continuity management; and compliance. Within each section, information security control objectives are specified and a range of controls. For each control, implementation guidance is provided.

The second standard, ISO 27001, specifies requirements for establishing, implementing, maintaining, and improving an information security management system consistent with the best practices outlined in ISO 17799. ISO 27001 is the first standard in a proposed series of information security standards which will be assigned numbers within the ISO 27000 series. ISO 17799 is expected to be renamed ISO 27002 in 2007. ISO 27001 is the formal standard against which organizations may seek independent certification of their information security management systems. It contains a total of 133 controls in eleven sections.

Certification is entirely voluntary but is increasingly being demanded from suppliers and business partners who are concerned about information security.

The management processes implemented for ISO 27001 are based on the Deming cycle of continuous improvement: Plan-Do-Check-Act. Measuring effectiveness is a critical element of improving information security management, and hence realizing business benefit and flexibility in a changing environment.

http://www.bankinfosecurity.com/articles.php?art_id=165

Microsoft ‘taking security risks’

Posted on October 2, 2006December 30, 2021 by admini

Security firms such as McAfee and Symantec believe Microsoft’s actions around security for Vista amounts to a similar anti-competitive stance.

Last month the European Union competition commissioner, Neelie Kroes, accused Microsoft of orchestrating a “co-ordinated campaign” to discredit her. It added: “If Microsoft wants to make Vista more secure, it should provide equal access to the platform that its own developers have to ensure that security vendors can continue to innovate on the platform, and to ensure that consumers and manufacturers can continue to choose the best security solutions for the platform.”

http://news.bbc.co.uk/1/hi/technology/5399534.stm

EU.biz mired by complex security systems

Posted on October 2, 2006December 30, 2021 by admini

Businesses need to look at integrated security solutions under a single console which deliver protection against a full range of threats while at the same time being cost effective and easy to manage,” said McAfee’s European director of system security Aminah Gianfrancesco.

One of the main difficulties for businesses with multiple software solutions from a variety of vendors is keeping the whole security shebang up-to-date, and this means managing the deployment of patches.

Italian businesses are the biggest patchers with 67 per cent admitting to deploying patches at least once a day, closely followed by German businesses. Regardless of multiple IT security systems, only 23 per cent of respondents said they are completely satisfied with the level of security across their systems and network.

http://www.theregister.co.uk/2006/10/02/eu_biz_security_confusion/