admini – Page 394 – CyberSecurity Institute

Business continuity planning: will it save you?

Posted on January 12, 2004December 30, 2021 by admini

While the survey by Compass shows that 98% of an undisclosed number of FTSE 100 firms had a business continuity plan in place, only just over one-third of those companies that had suffered an IT disaster over the last five years (58% of all firms surveyed) had used the measures that they had put in place in the business continuity plan to solve the problem.

Bloor’s own visionary, Robin Bloor, has pointed out recently that the level of security breaches has reached crisis level, with 90% of companies experiencing security breaches of some sort in 2003 – and this is growing at a rate of 50% or more every year.

In addition, a whole host of legislation is either being passed or ratified at the moment – such as the Data Protection Act of the EU, which requires companies to apply a much higher level of protection to the data that the collect, hold in storage or even dispose of.

More info: [url=http://www.theregister.co.uk/content/55/34811.html]http://www.theregister.co.uk/content/55/34811.html[/url]

Digital Signatures And European Laws

Posted on January 12, 2004December 30, 2021 by admini

In electronic commerce and communication you can’t see the person you are speaking with, you can’t see the documents that prove one’s identity, and you can’t even know if the web site you are connected to belongs to the society it says.

What will happen if I have problems with the contract and I must take it to a court of law?

To answer these juridical necessities the European Union adopted a community framework for electronic signatures some time ago (directive 1999/93/EC of the European Parliament and the council of December 13, 1999, on a community framework for electronic signatures) that has been implemented in various European countries.

A digital signature, also called an electronic signature, means data in electronic form that is used for security and trust in electronic business and communications.

Imagine the door of a house with a two key deadbolt: the key you use to enter (public key) is not the same one required to exit (private key) so if a thief gets in the house he won’t be able to exit.

The electronic signature working principle is this: you create some text, the text is encrypted by your private key using a mathematical relationship, you send the encrypted text, the reader who receives the text uses your publicly available key (connected to the private key) to open it, and she is then sure the text is original and it is written by you.

It is used for authentication, to be sure the person who sent the text is the electronic signature’s holder, however you can’t be sure she is also the key owner.

More info: [url=http://www.securityfocus.com/infocus/1756]http://www.securityfocus.com/infocus/1756[/url]

Banks Strive for Security Awareness with $2M Contract from Treasury

Posted on January 10, 2004December 30, 2021 by admini

The award will go towards providing its industry members with secure collaboration, additional data feeds regarding threats and vulnerabilities, alert confirmation, new analytical capabilities, and performance metrics.

“Our research convinced us that the FS/ISAC must make significant investments to upgrade its technological infrastructure if it is to serve the entire sector and deliver a product that would elicit ongoing, private-sector support,” remarked Brian Roseboro, Acting Under Secretary of the Treasury for Domestic Finance.

The FSSCC’s membership consists of trade associations, institutes and utilities in the banking world, rather than the individual banks themselves.

Acting on their members’ behalf, the FSSCC representatives will help to coordinate sector-wide initiatives in specific market segments within financial services.

The FSSCC may also prove to be a important conduit for coordinating comments on statutes published for comment by the Department of Homeland Security, taking a broad, industry-wide perspective.

More info: [url=http://www.bankinfosecurity.com/feed.php?target=http://www.banktech.com/story/news/showArticle.jhtml?articleID=17200386]http://www.bankinfosecurity.com/feed.php?target=http://www.banktech.com/story/news/showArticle.jhtml?articleID=17200386[/url]

Word encryption hole exposed with no fix on the way

Posted on January 7, 2004December 30, 2021 by admini

The password-protection feature in Microsoft Word – activated by clicking on Tools/Protect Document – can be bypassed, disabled or deleted at will, with the help of a simple programming tool called a hex editor.

Microsoft was informed about the vulnerability in late November by Thorsten Delbrouck, chief information officer of Guardeonic Solutions, which is a subsidiary of German security specialist Infineon Technologies. He explained that one of his company’s hardware suppliers is Dell, which emails its quotes on a form protected-Word document.

Following Delbrouck’s revelations, Microsoft updated its Knowledge Base article 822924, titled ‘Overview of Office features that are intended to enable collaboration and that are not intended to increase security’ to include the following warning to users: “When you are using the ‘Password to Modify’ feature, a malicious user may still be able to gain access to your password.”

Instead of using the protect feature, Thorsten Delbrouck advises companies sending sensitive information to use digital signatures or a different document format altogether, such as Adobe’s PDF, which he has recommended to Dell in Germany.

More info: [url=http://www.silicon.com/hardware/desktops/0,39024645,39117653,00.htm?foo=Word%20hole%20exposed%20with%20no%20fix%20on%20the%20way%2001-07-2004]http://www.silicon.com/hardware/desktops/0,39024645,39117653,00.htm?foo=Word%20hole%20exposed%20with%20no%20fix%20on%20the%20way%2001-07-2004[/url]

Top five security policies tips

Posted on January 7, 2004December 30, 2021 by admini

5. Don’t forget what you don’t see. Your traveling and remote users may be out of sight, but they shouldn’t be out of mind.
4. Cover all your bases. While you aren’t rewriting War and Peace, you should be as comprehensive as possible.
3. Be reasonable. Your end-users should be able to comprehend and abide by the policies that you set forth.
2. Understand what a security policy is. But do you really know what a security policy is?
1. Don’t start from scratch. You aren’t the only IT manager facing the Herculean task of writing security polices.

More info: [url=http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci943353,00.html]http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci943353,00.html[/url]

Indian outsourcing: Your data is more at risk than your job

Posted on January 6, 2004December 30, 2021 by admini

There are growing concerns that personal information being used by data processors such as offshore call centres may be abused once it is taken outside the reach of EU law enforcement bodies. And David Naylor, partner at law firm Morrison & Foerster, believes these fears are not without foundation, despite rules which make it illegal.

Naylor said there are laws in place which mean companies generally cannot enter into outsourcing agreements where personal data is transferred outside Europe unless it is to a country which shares the same rigorous levels of data protection or the individuals concerned have consented to the transfer of their data abroad. In addition, the company transferring the data must ensure that the outsourcing service provider meets other key criteria, such as guaranteeing levels of security and employee reliability. However, he warned “there is definitely a significant danger that data could be misused once it is taken outside the EU, even though any data controller thinking they can do so without breaking UK law would probably be entirely wrong”.

With so much data being transferred via so many transactions it is often difficult to spot the legitimate from the illegal. By moving operations offshore and adding a further level of complexity to this equation it is almost inevitable breaches, both deliberate and accidental, will occur. Naylor said: “Data is flowing from country to country at incredible speeds in ever greater volumes and the ability of regulators to control that and to ensure rules are observed and laws are obeyed is far from limitless.”

More info:[url=http://www.silicon.com/software/security/0,39024655,39117625,00.htm]http://www.silicon.com/software/security/0,39024655,39117625,00.htm[/url]