Category: Uncategorized

Infrequent or inadequate patching exposes the organization to significant risk of corrupt systems and stolen information. This nature of software alarmed the federal regulators who in the fall of 2003 dictated that all financial institutions develop an adequate patch management program to reduce the risks posed by these flaws.

The federal regulators declared that a patch management program be part of the financial organization’s information security plan. They also stated that failure to maintain an adequate plan can adversely affect an institution’s overall IT examination rating. With the release of FDIC: FIL-43-2003 the FDIC identified these four steps to a compliant patch management program:

1. Development of appropriate organizational procedures.
Like all programs, a structure needs to be created to facilitate the patch management plan.
2. Monitoring software vulnerabilities and identifying corrective patch information.
Patch management is a pro-active pursuit.
3. Evaluating the impact of patches.
Once a patch has been identified the next step is to assess the impact of that patch on the environment.
4. Testing and installing software patches.
The next step is to test each patch prior to installation.
5. Report to the Board of Directors.
Section 501(b) of the Gramm-Leach-Bliley Act stipulates that institutions must perform periodic risk assessments and present the findings to the Board of Directors.

More info: [url=http://www.bankinfosecurity.com/?q=node/view/554]http://www.bankinfosecurity.com/?q=node/view/554[/url]

CISOs have spent the past few years perfecting digging moats around the corporate castle. Now, as they lift their heads out of the trenches, they find themselves living in the age of bomber planes and guided missiles.

The problems with perimeter-based security are neither new nor unclear. Corporate information systems increasingly rely on tools and processes that exist outside the protective embrace of the traditional firewall. Wireless, mobile, remote and ad hoc are the watchwords of today’s business, with employees, partners and customers often using two or three different devices—ranging from laptops to cell phones to kiosks at the local Internet caf

You need a solution that proactively builds security defenses before the damage is done—instead of reacting after it’s too late. According to the Carnegie Mellon University, more than 90 percent of all security breaches involve a software vulnerability caused by a missing patch that the IT department already knows about. That means most IT departments lack a methodology for rapidly deploying patches. The rest are ones that they did not know about and probably lacked the resource to investigate.

You need to get as close to 100% of your vulnerabilities covered as quickly as possible since one breach can be devastating and costly. Until operating system and application vendors start writing perfectly secure software, IT administrators will have to deal with the patch problem. But effective patch management is more than just plugging holes and hoping for the best. It’s an ongoing, systematic process that can benefit from automation. If your IT environment shows any of these early warning signs, you will have a problem:

FAIR USE NOTICE: This site contains excerpts from copyrighted material (along with links and attributions to full text original sources) the use of which has not been pre-authorized by the copyright owner. This material is made available to advance understanding of political, economic, scientific, social, art, media, and cultural issues. The ‘fair use’ of such copyrighted material is provided for under U.S. Copyright Law. In accordance with U.S. Code Title 17, Section 107, material on this site is distributed without profit to persons interested in such information for research and educational purposes. If you want to use copyrighted material from this site for purposes that go beyond ‘fair use’, you must obtain permission from the copyright owner.

Introducing a new product or service, adding a new channel partner, or targeting a new customer segment–any of these can present unforeseen costs, complexities, and delays in a business that runs enterprise applications. The expense and difficulty can be so great that some companies abandon new business initiatives rather than attempt one more change to their enterprise applications.

The good news is that just as the limitations of the current generation of IT architectures are becoming painfully apparent, new methods of organizing technology resources are appearing. IT is on the verge of a shift to a new generation of “service oriented” architectures that promise to go a long way toward reducing, if not removing, current obstacles to new operational initiatives.

Service-oriented architectures will enable companies to introduce new business practices and processes more rapidly and at lower cost. Companies that follow suit will break free from the constraints of today’s architectures and become capable of leveraging IT–mostly for the first time–to gain strategic advantage.

More info: [url=http://news.com.com/2030-1069_3-5144911.html?part=rss&tag=feed&subj=news]http://news.com.com/2030-1069_3-5144911.html?part=rss&tag=feed&subj=news[/url]

Surveys show that any large organisation lose between 3-5% of their laptops every year.

Relaying laptop theft stories in the local pub is almost as common-place as people boasting how much their houses have shot-up in price over the last two years. However, with an increasingly mobile workforce, often using privately bought mobile devices, the board and IT departments have to take greater notice of who is carrying what around with them and take a rain check of the damage that could be caused if this information was lost and broadcast to the outside world.

[i]One[/i] You must have a mobile Use policy or ensure that your corporate IT security policy has specific provision for mobile devices and you update it whenever you adopt new hardware categories such as combined PDA/phones.
[i]Two[/i] Take the responsibility of IT security away from the end-user and centrally manage and deploy it.
[i]Three[/i] Invest in a solution which is usable and flexible.
[i]Four[/i] Have a blanket approach to security by owning every mobile device that leaves your office and make access control and encryption mandatory.
[i]Five[/i] Be realistic with passwords
[i]Six[/i] Become a realist