admini – Page 271 – CyberSecurity Institute

Computer security incidents cost NZ businesses millions

Posted on December 6, 2005December 30, 2021 by admini

“It’s disturbing that the number automatically updating their internet security systems has dropped,” Mr Peterson said, down from 90.3 per cent in 2004 down to 75.2 per cent in 2005.

“Though more businesses are allowing staff access to the internet at work – now up to 65 per cent – staff internet policies have not kept pace, while training on safe internet practices has dropped from 67.2 per cent in 2004 to 55.9 per cent in 2005.

Overall 88 per cent of respondents have installed antivirus software; 77 per cent have in place firewall software or appliance; and overall 63 per cent have spam filtering.

Fifty-one per cent of total respondents have been the target of a phishing expedition, the study showed and businesses are receiving an average of 98 spam emails per day.

This year, five per cent of the survey sample report getting 51-100 spam emails a day compared with 12 per cent reporting the same volume in the last survey.

http://www.nbr.co.nz/home/column_article.asp?id=13723

Eight steps for integrating security into application development

Posted on December 6, 2005December 30, 2021 by admini

Most organizations spend a tremendous amount of resources, time and money to protect their network perimeters from Internet-borne threats and hackers. But no matter how good a defense may be, it usually falls short in addressing the vulnerabilities inside the network at the application layer.

Recent research findings indicate that the application layer is one of the highest-risk areas and where the most potential damage can occur, either through insider targets or lack of protection. As a result, confidential company information can be exposed, resulting in harm to a company, its customers and its reputation. While many variables affect Web application security, improving security in a few key areas can help eliminate vulnerabilities.

It’s critical that security be included in the initial Web design and not retrofitted after the application is developed. While some experts argue over where and when security integration and testing should be applied in the development life cycle, no one would argue that it has become an essential ingredient.

The software industry is making headway in this area, with some providers offering incentives to development teams to integrate security during the application development process. Integrating security into the application development life cycle is not an all-or-nothing decision, but rather a process of negotiation within policy, risk and development requirements. Engaging security teams — in-house or outsourced — during the definition stage of application development determines the security areas necessary to satisfy policy and risk tolerance in the context of the organization.

http://www.computerworld.com/securitytopics/security/story/0,10801,106805,00.html

DSW Settles Data Theft Case

Posted on December 2, 2005December 30, 2021 by admini

In March, DSW found that credit, debit and checking account numbers of customers in 25 states had been stolen by hackers breaking into the company’s database. In its complaint, the FTC charged that DSW unnecessarily held on to sensitive customer data it no longer needed and stored the information in multiple files, increasing the risks to consumers.

Some DSW customers have reported fraudulent charges to their accounts, and others with checking accounts have asked the company to pay the cost of closing accounts and ordering new checks, the FTC said. DSW noted that when the theft was discovered, it took immediate steps to notify customers and put in measures to prevent future thefts.

http://www.latimes.com/technology/la-fi-dsw2dec02,1,733532.story?coll=la-headlines-technology&ctrack=1&cset=true

BY THE NUMBERS: THE NEW SOX BREAKDOWN

Posted on December 1, 2005December 30, 2021 by admini

AMR Research compliance guru John Hagerty attributes the shift in spending in part to better guidance from the Securities and Exchange Commission (SEC) and the Public Company Accounting Oversight Board (PSCAOB), the watchdog for public accounting firms.

AMR found that many companies focused their SOX efforts this year on refining their existing business and IT control in preparation for automating through technology. According to the AMR survey, more than 80% of companies said they expect to reap business benefits by adding or improving their SOX compliance regimens.

The two biggest areas for SOX investment in 2006, says AMR, will be compliance management software and continuous controls monitoring software.

The report is a sneak peak at the firm’s annual comprehensive survey on SOX spending.

http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci1148856,00.html

IT specialists ‘a dying breed’

Posted on November 29, 2005December 30, 2021 by admini

“The long-term value of today’s IT specialists will come from understanding and navigating the situations, processes and buying patterns that characterise vertical industries and cross-industry processes,” said Diane Morello, a research vice-president at Gartner, in a media statement.

According to Gartner, the workplace will also spawn a trend which will see the transfer of laptop ownership from company to employee. By 2008, 10 percent of companies will adopt this practice, managing the use of employee-owned laptops with schemes such as notebook allowances.

In addition, the analyst predicts that spending on regulatory compliance will grow at a rate twice that of IT spending. In a bid to keep up with regulatory compliance requirements by the US government and European Commission, businesses may consume discretionary IT budgets. This would leave little resources for organisations to manage initiatives key to business growth, such as exploring the use of new technology, Gartner warned.

The analyst advised IT departments to work with their legal, financial, and corporate departments to ensure business growth.

These and other industry trends are part of Gartner’s research series that discusses major trends affecting IT users, vendors and most industries in 2006 and beyond.

http://news.zdnet.co.uk/business/employment/0,39020648,39238831,00.htm

INFLUENTIAL SURVEY SAYS SECURITY ‘SET BACK BY 6 YEARS’

Posted on November 23, 2005December 30, 2021 by admini

“Six years ago attackers targeted operating systems and the operating system vendors didn’t do automated patching. Now the attackers are targeting popular applications, and the vendors of those applications do not do automated patching. ” During a press conference, Paller added, “These applications, other than AV, don’t have automated patching.”

In recent years, the institute said a majority of attacks targeted operating systems like UNIX and Windows and Internet services like Web servers and mail systems.

“The most noticeable set of applications targeted by attackers are the backup and recovery tools as well as antivirus and other security tools that most organizations think are keeping them safe from attacks and from loss of data,” the institute said. These include backup software, antivirus software, database software and even media players.

During the Tuesday morning press conference, Dhamankar said the threats that worry him the most are those targeting the Web browsers and media players — including Microsoft Media Player and Macromedia Flash. “The US-CERT received reports of important system compromises using vulnerabilities in backup products within a few days of the public disclosure of vulnerabilities in those products,” he said.

SANS said another worrying trend this year has been the fresh attention given to critical security holes in network devices like the routers and switches that keep traffic moving across the Internet.

http://searchcio.techtarget.com/originalContent/0,289142,sid19_gci1148491,00.html