http://www.csoonline.com/fundamentals/abc_leadership.html
Author: admini
CA Introduces New ITIL Compliance Software Set
A dedicated CMDB (configuration management database) that provides a common repository for all asset information and maps assets to the business services the customer’s system supports a mechanism for managing change across the enterprise consolidation and reconciliation of disparate sources of IT-related data in the context of business priorities full visibility into configuration item information such as resource attributes, relationships and dependencies across the enterprise.
Using Universal Federation Adapters, including out-of-the-box integration with Microsoft SMS, CA CMDB enables organizations to collect, manage and maintain a single view of configuration data from CA, third-party IT management applications and in-house developed applications and solutions.
http://www.eweek.com/article2/0,1759,1982613,00.asp?kc=EWRSS03119TX1K0000594
SMBs Set to Spend US $11.4B on IT Security in 2006
“Over 75% of all medium businesses (100-999 employees) and almost 60% of the small businesses (1-99 employees) surveyed in the developed economies indicated that enhancing IT security was very important for them,” said Anil Miglani, New York based Senior Vice President at AMI-Partners.
Total global SMB spending on IT security is growing rapidly, driven by the continuing growth in the adoption of several security products like anti-virus, anti-spam, anti-spyware and firewalls/VPNs.
http://www.it-observer.com/news/6527/smbs_set_spend_us_114b_it_security_2006/
Endpoint Device Control, Don’t believe the Hype
For most companies it is either the theft of proprietary or confidential/classified information or the injection of malicious code or surveillance software into the corporate network. If this is the case then memory devices attached via the USB port is not your only worry.
Take the problem of installing malicious code into a network, and please note that malicious code can be as small as a few Kb. Device Protection solutions are not able to identify malicious code inside the network or prevent it from being introduced into the network other than by a single method alone.
If it is preventing classified information from leaving the company that you are trying to achieve then controlling the use of the USB drive and other I/O devices is only going to give you a partial answer. In cases like these where device protection vendors claim to stop confidential information leaking to unauthorized parties, they are merely marketing their solutions to you and avoiding the real world scenarios.
To put ones faith in a single security solution that gives full granular control of any type of attachable memory device is flawed.
http://www.it-observer.com/articles/1168/endpoint_device_control_dont_believe_hype/
Security in the balance
“There is a growing concern about the damage to brand reputation and brand equity when a phishing attack is successful and gets media attention,” says Justin Doo, managing director of Trend Micro Middle East and North Africa. “One of the biggest risks banks face here is negative customer perception of the banking operations,” agrees Maria Medvedeva, regional director for security management business unit, CA EMEA Eastern markets. “In Dubai, we have read about different banks that have been subjected to fraud, such as phishing e-mails or physical damage to their ATMs. People see it as lack of security control and this causes absolutely negative perception and customer dissatisfaction.”
For a customer, a security fraud means that the bank has failed to implement systems or some type of security control to protect its customers. Such concerns have led to the slow uptake of online banking, according to Doo. “Most banks are spending more money gearing up for growth in online banking than they are spending gearing up for growth in physical location expansion,” he says. Research has shown that the cost of a transaction where somebody visits a branch and does an over-the-counter transaction is nearly ten times the cost of the same transaction that is carried out online,” Doo continues. “However, there is a global slowdown, at the moment, when it comes to internet banking uptake.
To encourage people to adopt online banking, Ayman Majzoub, general manager of Pointsec Mobile Technologies Middle East and Africa, insists banks should put more emphasis on better security tools. For instance, we go and secure one server or secure one desktop. “Banks in the US are already on stage three and four because they are trying already to improve on alignment of business by introducing more and more reporting mechanisms.” Majzoub believes that the lack of regulatory policies is the main reason why banks in the Middle East are not actively doing more to improve security.
http://www.itp.net/features/details.php?id=4568&category=
Financial Institutions Face Surge in External Security Attacks
“The extent and nature of these security breaches signals a new reality for the global financial services industry,” said Ted DeZabala, a principal in the security services group of Deloitte & Touche LLP. “Executing these types of attacks requires significant resources and coordination, which implies professional hackers and organized crime have entered the domain once ruled by ‘script kiddies’ and one-off hackers. This shift means organizations not only face more sophisticated and hard to track attacks, but are also challenged by increased risk and potential loss. Financial institutions should take these factors into account in their overall security strategy.”
The shift to a more sinister criminal profile of online attackers and the potential risk they represent has not gone unnoticed by the financial sector, and there is evidence that companies have started taking steps to fend off these threats. This year, identity theft and account fraud (58 percent), along with identity management (41 percent), made their way into the top five security initiatives for 2006. The industry has also responded to the recent string of natural disasters around the globe, and disaster recovery and business continuity (49 percent) also placed among the top five security initiatives. In fact, an impressive proportion of organizations (88 percent) confirmed having an enterprise-wide business continuity management program in place.
“Deloitte’s survey shows that financial institutions are attentive to the fast-paced and ever-changing security environment,” said DeZabala. “They are shifting priorities and starting to take necessary measures to mitigate emerging security risks and challenges. While it is only natural to shift focus to the most imminent threats, in order to avoid being blindsided organizations must strive to maintain a balanced, more holistic approach to their security operations and initiatives.”
Interestingly, security awareness and training is one of the initiatives that dropped off the top five list from the previous survey. While virtually all (96 percent) respondents were concerned about employee misconduct involving IT systems, only a third (34 percent) have provided their staff with some form of information security and privacy training over the past year. The most common medium financial institutions use for security training and awareness are web page alerts and emails (63 percent). Other, perhaps more effective methods, such as orientation training (35 percent) and recognition of exemplary behavior (9 percent), ranked lower in utilization.
Additional key findings of the survey:
· Ninety-five percent of participants indicated their information security budget grew over the past year. Logical access control products topped the list of security budget spending (76 percent of respondents).
· Almost three-quarters (72 percent) of financial institutions who experienced a security breach indicated the estimated amount of damage for the organization, including direct and indirect costs, was in the range of US $1 million.
· While the number of respondents with a Chief Information Security Officer (CISO), dropped by 6 percent compared to last year (75 percent vs. 81 percent), the life span of the position continues to grow, with 22 percent having been in the position from six to 10 years, up from 13 percent in 2005.
· Two-thirds (65 percent) of respondents confirmed having a program to manage privacy, down by 3 percent from last year.
http://www.bankinfosecurity.com/articles.php?art_id=154