admini – Page 245 – CyberSecurity Institute

Despite Stricter Rules in Europe, US Companies More Advanced in Protecting Data

Posted on April 27, 2006December 30, 2021 by admini

“The study further shows that European corporate privacy leaders are more likely to hold the view that their role is inextricably tied to advancing a culture of responsible information use rather than establishing technical or administrative controls over privacy and data protection,” said Larry Ponemon, founder of the Ponemon Institute, who led the research team. Most European companies have a strict “no share” policy for consumer and employee data.

US companies are more likely to employ information security technologies to protect or safeguard sensitive personal information than European firms, including the use of encryption, intrusion detection systems and website monitoring.

Whether in established or emerging markets, the hallmark of White & Case is our complete dedication to the business priorities and legal needs of our clients.

http://www.whitecase.com/news/Detail.aspx?news=1091

British business improves on security

Posted on April 26, 2006December 30, 2021 by admini

This disparity may be responsible for the rise in costs of dealing with security incidents overall, while average “clean-up” costs for large companies actually decreased.

http://www.viruslist.com/en/news?id=185152438

Phishing goes international

Posted on April 26, 2006December 30, 2021 by admini

RSA says the trend is down to a combination of factors including an increase in the number of online banking users in Europe and Asia Pacific, banks offering increased functionality as part of online services, and heightened sophistication on the part of hackers.

Fraudsters are essentially crooked entrepreneurs; they are constantly looking for the greatest return for the smallest investment, and financial institutions in relatively untapped markets with users unfamiliar with phishing attacks are an attractive target.

http://www.theregister.co.uk/2006/04/26/international_phishing_survey/

IT security checklist focuses on consequences of breaches

Posted on April 26, 2006December 30, 2021 by admini

“We started seeing huge vulnerabilities,” Borg said Wednesday at the GovSec conference in Washington, where the draft document was released. Most of the systems were compliant with current security checklists and best practices. “And portions of those systems were extraordinarily secure. But they were Maginot Lines,” susceptible to being outflanked. The problem is that existing best practices are static lists based on outdated data. “We are way into diminishing returns on our investments in perimeter defense,” he said. “To deal with it now, you have to think of the problem of cybersecurity not from a technical standpoint, but by focusing on what the systems do, what you could do with them and what … the consequences [would] be.”

The list is based on real-world experience and on economic analysis of breaches. Surprisingly, the researchers found that simply shutting a system down is not the biggest threat in most areas of critical infrastructure. “Shutting things down for two or three days is not that costly,” Borg said. The larger threat is disruption of systems in ways that are not immediately evident.

“All of the things we are talking about are already under way,” Borg said, but some of the items in the checklist have no cost-effective commercial solutions. Borg said he hopes industry will step up to the plate to create solutions, and that government will adapt its acquisition policies to create incentives for these developments.

Borg said there is no schedule for final DHS approval of the draft. Additional information about the checklist is available from Borg at mailto:scott.borg@usccu.us.

http://www.gcn.com/online/vol1_no1/40564-1.html

Novell Shells Out $72 Million to Buy e-Security

Posted on April 25, 2006December 30, 2021 by admini

On the operating system front, e-Security had already created collectors for Microsoft Windows 2000 and Windows 2003 and the Microsoft Operations Manager (MOM) systems management console; Red Hat Enterprise Linux; Sun Microsystems Solaris and Trusted Solaris (an ultra-secure variant of Solaris); IBM AIX and OS/400; Hewlett-Packard HP-UX.

A few months after Novell bough Immunix, it took the AppArmor security appliance software that Immunix had created and not only began the task of embedding it into SUSE Linux, but also released the AppArmor code as an open source project as a means to help create the thousands of application profiles that the AppArmor software requires.

Sales and engineering for the Sentinel product will remain in Vienna, but the company will be rolled into Novell’s system security and identity management unit, which includes the AppArmor, ZENworks, and Novell Identity Manager products.

http://www.itjungle.com/tlb/tlb042506-story03.html

How To Stop Internet Identity Theft

Posted on April 25, 2006December 30, 2021 by admini

Essentially, the process works by tricking e-mail recipients into going to phony Web sites to divulge personal data, like bank-account numbers or credit-card information.

Identity thieves also use technical subterfuge through spyware and Trojans to capture user names and passwords so they can gain access to consumers’ financial details.

http://www.cio-today.com/story.xhtml?story_id=42950&page=1