admini – Page 409 – CyberSecurity Institute

The Role of Identity Management in Information Security

Posted on November 23, 2003December 30, 2021 by admini

Defining accurately what identity management and information security really are for the enterprise and its IT organization – and then correlating those explicit functional definitions – can provide a starting point for initial planning decisions and approaches to both identity management and information security, and ensure efficient use of IT resources.

META Trend: The strategic approach to information security will transform from a monolithic set of controls to an evolving program of principles, behaviors, and solutions (2003-05).

The pervasive nature of information security will result in establishment of strategic programs – 40% of Global 2000 organizations in 2003, rising to 80% by 2006/07.

These will be managed via dedicated program offices and budgets, and led by a chief security officer or equivalent.

Proper planning for identity management in the context of information security can result from defining identity, identity management, and information security from a functional business and an IT organization perspective and from determining the relationships that exist in those definitions.

More info: [url=http://techupdate.zdnet.com/techupdate/stories/main/Identity_Management_Information_Security_Part_1.html?tag=tu.scblog.6673]http://techupdate.zdnet.com/techupdate/stories/main/Identity_Management_Information_Security_Part_1.html?tag=tu.scblog.6673[/url]

IT security spending by Asia to grow sharply: IDC

Posted on November 22, 2003December 30, 2021 by admini

Singapore’s security solutions market is forecast to expand at a five-year compound annual growth rate (CAGR) of 27.2% to reach over US$430 million by 2007, said IT research house IDC in a statement.

Spending on security solutions in Asia Pacific, excluding Japan, is estimated to hit US$1.7b this year and grow 25 percent yearly to US$4.1b in 2007, IDC said.

Countries such as Australia, Korea, China will constitute the largest share of the security solutions market in terms of market value and actual spending, according to IDC.

More info: [url=http://www.channelnewsasia.com/stories/technologynews/view/58545/1html]http://www.channelnewsasia.com/stories/technologynews/view/58545/1html[/url]

Security and individual responsibility

Posted on November 22, 2003December 30, 2021 by admini

The resulting security breakdowns occur because there’s a perception that security is only the responsibility of a company’s information technology security officer.

A company that fails to correct that impression may inadvertently foster a casual attitude among employees, who then naturally view security as outside of their day-to-day purview.

It is surprising how much impact a vigilant attitude can have.

Making security a high priority for each employee begins with a company culture that stresses how much each individual contributes to a company’s overall IT security.

For starters, management should invest in security training and educate the work force about best practices. It’s the simple stuff–such as encouraging employees to reset their own passwords–that can ease the burden placed on IT staffs. Ensurin that they reset pass codes regularly, avoiding the use of birthdays and names as passwords, and being conscientious about logging out when working from a remote or public location, als help.

Individual users also need to get the message that opening e-mail attachments from unknown sources or using one’s own name as a network password are also security risks.

Companies also need to articulate a thorough security policy. Security measures that protect against unauthorized network access are obviously necessary, but that only tells part of the story.

As security budgets grow and threats continue to mount, companies should begin to educate employees and instill cultures that encourage individuals to take responsibility for IT security.

More info: [url=http://rss.com.com/2010-7355_3-5110588.html?part=rss&tag=feed&subj=news]http://rss.com.com/2010-7355_3-5110588.html?part=rss&tag=feed&subj=news[/url]

Hackers needle out web data

Posted on November 19, 2003December 30, 2021 by admini

Its research suggests 72 per cent of Australia’s leading companies are vulnerable to an “SQL injection attack” that gives the attacker unrestricted access to the corporate database. The SQL attack occurs when a hacker adds code to a standard URL address that tricks the application into giving access to stored information.

“If the vulnerability is so widespread, then the only possible explanation is that there’s a flaw in corporate governance.

“The risk of web-based application attacks is commonly known in the IT industry, as are simple, publicly available measures to prevent such attacks.”

B-sec security consultant Justin Derry said SQL injection stood out as the No.1 concern in recent security assessments.

More info: [url=http://australianit.news.com.au/articles/0,7204,7916529%5E15318%5E%5Enbv%5E15306,00.html]http://australianit.news.com.au/articles/0,7204,7916529%5E15318%5E%5Enbv%5E15306,00.html[/url]

Comdex Panel Debates Security Needs

Posted on November 19, 2003December 30, 2021 by admini

Today, about 40 percent of organizations are well secured, 20 percent are beginning to increase their security expenditures, but a good 40 percent still don’t really get it. “Overall security expenditures have increased by about 10 percent in each of the past three years, and security spending now comprises about 4 percent to 10 percent of a company’s budget,” Byrnes said.

“Companies that were merely secure about five years ago are now looking to do things more efficiently, by remaining secure while cutting costs.”

Ron Moritz, head of eTrust security products for Computer Associates, said one way companies might do this is by looking for security solutions that cover entire networks and can be centrally managed.

But all the panelists agree that such a system requires an organization to have a sound security policy. “If you don’t know what’s going on in your network, you can’t respond.

More info: [url=http://www.internetweek.com/story/showArticle.jhtml?articleID=16101239]http://www.internetweek.com/story/showArticle.jhtml?articleID=16101239[/url]

Symantec CEO: Take new tack against Net attacks

Posted on November 19, 2003December 30, 2021 by admini

The focus on security needs to shift from cleaning up after a problem to anticipating potential problems, he said, with automated patch management and better coordination of software and hardware.

“Security needs to move beyond its niche focus,” he said. Otherwise, it will be impossible to keep up, Thompson claimed.

“More than 100 new viruses are identified every week–and 60 new software (problems) every week,” he said. “We saw a 19 percent increase in attack activity in the first half” of 2003.

In the relatively near future, the world will likely see the debut of damaging threats the industry is calling “Warhol” attacks, as they are likely to achieve fame by spreading across the Internet in 15 minutes. “Day Zero” threats, which exploit previously unknown vulnerabilities, will hit without warning, the Symantec CEO added.

Corporations are also taking action to stem attacks, such as creating more homogeneous computing environments or taking part in initiatives such as the Network Admissions Control program to ban insecure mobile devices from corporate networks, announced Tuesday by Cisco Systems.

Thompson stated that a shift to Linux from Microsoft wouldn’t be a sure way to avoid the kind of recent suffering caused by viruses that exploited holes in Microsoft code.

More info: [url=http://zdnet.com.com/2100-1105_2-5109531.html]http://zdnet.com.com/2100-1105_2-5109531.html[/url]