Category: News

Yet the common theme throughout the company’s overarching strategy is not one that emphasizes competition in hot markets or via standalone products, executives say, but rather an approach that attempts to mix security skills into almost all of its existing business lines as a component of its larger vision.

All of those efforts tie back into the notion of lowering customers’ security concerns either by bolstering the onboard protection of its products or fostering business controls that benefit areas like regulatory compliance, the executive said.

The effort is being undertaken in the name of helping businesses drive security further into their own software development efforts, a trend that is currently sweeping across that sector.

http://www.infoworld.com/article/07/07/23/Piecing-together-IBM’s-security-puzzle_1.html

The UK did previously have such an e-crime body, the National Hi-Tech Crime Unit (NHCTU). Roberts added the UK needs the return of the NHTCU, or a similar organisation that understands e-crime, has an international remit and has the authority to do something about electronic crimes. SOCA said the NHTCU has become the core of the e-crime unit of SOCA, with an expanded remit and greater resources. In exactly the same way as happened under the NHTCU, a business that has fallen victim to an e-crime should report the matter to the police.”

The SOCA spokesman added: “SOCA e-crime has taken the private sector relations built by the NHTCU and developed them into a core part of its strategy. We liaise closely with business communities on a sector by sector basis, and will be seeking to increase both the extent and depth of this relationship, as well as joining up the work of key contacts from the world of law enforcement, both nationally and internationally.”

http://www.silicon.com/publicsector/0,3800010403,39167883,00.htm

U.S. Trust’s Axelrod would not reveal what forms of endpoint security he uses within his organization, although he explained his back-end storage philosophy. “I believe in data restriction,” he said, explaining that his primary requirement “is to get rid of it as soon as it becomes obsolete.” “We have a branch of the military that we’re working with — they have a 15-character minimum password and you have to change the last 10 characters every 90 days,” said Kevin Gillis, vice president of secure file transfer at vendor Ipswitch.

Other users at the event cited the challenges posed by removable media and laptops, something that’s become a major headache for IT managers and CIOs.

A number of vendors, including SanDisk, Lexar, and Seagate, are currently touting solutions, designed to lock down data on laptops and USB drives, which is quickly catching on with IT managers and CIOs.

In a show of hands at another of today’s panel discussions, around a quarter of the 20-plus audience members confirmed that they are encrypting their laptop hard drives.

http://www.darkreading.com/document.asp?doc_id=127750&WT.svl=news1_2

Log management tools can help organizations drill down and look for specific data strings such as full track data from credit cards; PCI prohibits storage of such information, so companies can then take corrective action. The log management market includes tools from LogLogic, LogRhythm, Splunk, syslog-focused products such as Kiwi Enterprises’ Syslog Daemon and freeware like Unix’s syslog daemon. Also, security information management (SIM) vendors have begun tailoring their product lines to meet the demand for log management by offering options that focus on providing more storage capacity than correlation capability.

At the Burton Group Catalyst Conference, Jay Leek — manager of corporate IT security services at Nokia — plans to talk about practical considerations for log management and how a centralized system can improve compliance, incident response and troubleshooting while also saving time and money. Without any control over what’s being logged, companies can spend a great deal of time and effort searching through log data during an incident investigation or when trying to troubleshoot an IT problem, he said.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1261647,00.html

The 10 winning contractors are:
* MTM Technologies, with Mobile Armor
* Rocky Mountain Ram, with SafeBoot
* Carahsoft Technology, with Information Security Corp.’s SecretAgent
* Spectrum Systems, with SafeBoot
* SafeNet
* HiTech Services, with Encryption Solutions’ SkyLock
* Autonomic Resources, with WinMagic
* GovBuys, with WinMagic
* Intelligent Decisions, with Credant Mobile Guardian
* Merlin International, with Guardian Edge Technologies

Federal officials are urging commercial industry to follow its lead on encrypting data stored on mobile devices. “Whenever we band together to look for products that raise the bar for security, we’re helping everybody, including our private sector partners,” Wennegren said.

http://seclists.org/isn/2007/Jun/0075.html

Money and investments focused on security and privacy are most often viewed as insurance premiums-to be kept to a minimum consistent with the negative risk experience of each institution. Such spending is certainly not perceived as an investment for winning stakeholders, sustaining excellence or achieving market leadership.

But today’s world, where an increasing majority of institutions do business online using telecommunications networks that span the globe, security and privacy protections expressed in negative terms don’t make the grade. They must adopt an approach based on winning the trust of all stakeholders-customers, employees, channel partners, contractors, vendors and shareholders all.

Trust means stakeholders feel safe in the hands of these enterprises and are confident in the secure delivery of their products and services along with protection of their private information. Given the status of security and privacy today, the CIO is most often anointed as enterprise information security and privacy champion. When stakeholders’ experiences with an institution consistently meet or exceed their expectations, these experiences build awareness, then breed familiarity and finally, earn trust-which inevitably translates into profit.

Amex provided its card members and service establishments with, at the time, a revolutionary new way to do business: They could execute secure and private financial transactions anytime anywhere in the world. The linchpin of this model was and is the magnetic-striped card that identifies and validates individual card members and other authorized stakeholders to use the integrated global network.

A trust-based business model is also a natural extension of enterprises’ commitment to compliance with Sarbanes-Oxley (SOX) regulations and the transparency that results. They need to create incentives for their executive management to create an operating model that earns stakeholders’ trust. Companies will use trust to forge new alliances with stakeholders by guaranteeing secure and private interoperability. And in doing so, companies will define competitive success in a global online real-time marketplace.

http://www.networkworld.com/news/2007/053107-forget-security-and-privacy-focus.html