admini – Page 219 – CyberSecurity Institute

Implementing Information Safeguards Under Gramm-Leach-Bliley

Posted on August 11, 2006December 30, 2021 by admini

The Gramm-Leach-Bliley Act (GLBA) contains a rule, known as the Safeguard Rule, under which the Federal Trade Commission and other federal agencies have established standards for financial institutions relating to administrative, technical, and physical safeguards for customer information. The objectives are to ensure the security and confidentiality of customer records and information, protect against threats or hazards to the security or integrity of such records, and protect against unauthorized access to or use of such records that could result in substantial harm or inconvenience to any customer.

The rule requires financial institutions to develop, implement, and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards. As part of its program, each financial institution must designate an employee or employees to coordinate its information security program.

The FTC has published a complete list of safeguards at http://www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.htm When implementing the Safeguards Rule, a company must consider all areas of its operation, especially employee management and training; information systems; and managing system failures. Companies may also want to check the references of any potential employees who would have access to customer information, and ask each new employee to sign an agreement to follow the confidentiality and security standards for handling that information. The Safeguards Rule also requires financial institutions to maintain security within their information systems – which include network and software design as well as information processing, storage, transmission, retrieval, and disposal.

Similarly, in order to prevent and manage system failures, the new publication suggests that companies should respond to any security breach in a timely manner; regularly update firewalls and antivirus software; and install patches to repair software vulnerabilities. The FTC provides additional guidance at http://www.ftc.gov/infosecurity.

Guidance is also available from leading security professionals who’ve assembled consensus lists of vulnerabilities and defenses so that every organization, regardless of its resources or expertise in information security, can take basic steps to reduce its risks.

http://www.bankinfosecurity.com/articles.php?art_id=160&PHPSESSID=dcbc1ff3dbe449eb074c7951e447cda1

Symantec Establishes Council

Posted on August 10, 2006December 30, 2021 by admini

The Council is a working body of customers established to provide guidance to Symantec’s leadership and development teams regarding the company’s strategic plans and enterprise services and solutions. They will also help guide the direction of existing solutions by providing feedback that reflects the evolution of the security and availability markets and the changing realities of the customers’ business environments. In addition, the Council provides an opportunity to create meaningful and strategic partnerships between Symantec and its large enterprise customers.

http://www.darkreading.com/document.asp?doc_id=100924&WT.svl=wire_3

Workers Ignore the Risks of Web Links and Attachments

Posted on August 8, 2006December 30, 2021 by admini

A survey into the habits of 142 UK office workers conducted by Finjan has uncovered that although they know the security risk to their employers caused by clicking on web-links or opening attachments from unknown sources, they simply can’t help themselves.

http://www.it-observer.com/news/6646/workers_ignore_risks_web_links_attachments/

Weekly Report On Viruses And Intruders

Posted on August 7, 2006December 30, 2021 by admini

Firstly, RuSpy.A is a Trojan that obtains user names and passwords for a range of programs including ICQ, Internet Explorer, Mozilla, Outlook and The Bat! This information is then sent to the creator in an email message. To avoid detection, it tries to terminate several processes belonging to security tools (antivirus programs and files).

Another widespread fraud technique is to hijack computers. This is what the Tervserv.A backdoor Trojan does.

Finally, this week’s report looks at Banker.DZO. This is a Trojan that monitors Internet traffic generated when a user accesses the web pages of Banco de Brasil, Bradesco, CEF, GERENCIADOR, Itau and Brad.Juridico.

http://www.it-observer.com/news/6645/weekly_report_viruses_intruders/

IM Attacks Escalate

Posted on August 7, 2006December 30, 2021 by admini

Postini also noted in July a continuing rise in encrypted email traffic, as organizations around the world increasingly use encryption to protect sensitive communications with their business partners, contractors, regulators and remote employees.

The ability to encrypt email, based on an industry standard called Transport Layer Security (TLS), is built into every modern email server and is easy and free to use.

http://www.darkreading.com/document.asp?doc_id=100733&WT.svl=wire_2

McAfee Releases 5.0

Posted on August 7, 2006December 30, 2021 by admini

With McAfee Foundstone Enterprise 5.0, companies can easily prioritize and rank their highest-value business assets then identify their most critical security vulnerabilities and the threats which could exploit them. The merging of compliance with risk management at the enterprise level is shifting the focus from just identifying vulnerabilities and configuration holes to understanding the total impact of threats, vulnerabilities, and configuration errors on critical assets. Customers can now take in Foundstone data and “link” corporate security policies and standards to specific Foundstone checks to ensure business policy objectives are being adhered to across the network.

McAfee Preventsys Compliance Auditor supports centralized auditing across all aspects of policy: process, procedure and technical controls, which provides a consistent way to reduce the costs associated with demonstrating security compliance.

http://www.darkreading.com/document.asp?doc_id=100686&WT.svl=wire_7