Indian cyber laws lack teeth to bite data hackers

Posted on by admini

The death of web-freedom activist Aaron Swartz, has once again turned the limelight on the Cyber security issues and laws governing the virtual world. While, Swartz, could have encountered over 30 years in prison if convicted following his trial under US laws, in India he could have gotten away with just three years imprisonment and Rs 5 lakh fine for the same charges.

In case, any university or institute network is hacked by someone, the maximum punishment is 3 years and Rs 5 lakhs fine under Section 66, read with 43 (I). Moreover, it is a bailable offence in India, while in the US it is a non-baliable offence,” Cyber Security expert Pavan Duggal said.

According to Salman Warris, a New Delhi-based cyber law expert, the current legislations are not suffice to deal with data hacking incidents in India. “In the US and Europe there is a complete legislation dedicated to data protection, while under Indian Act there are only two provisions related to data protection.

Aaron Swartz could also have had to shell out a penalty worth millions of dollar for allegedly downloading material from JSTOR. According to a senior professor associated with a leading university,”There has been instances in the past, where the university website has been hacked into. Whatever happen to MIT could happen to any institute, said Kamalesh Bajaj, CEO of Data Security Council of India (DSCI), a Nasscom initiative.

Link: http://www.business-standard.com/india/news/indian-cyber-laws-lack-teeth-to-bite-data-hackers/204728/on

Read more

F5 Networks introduces application delivery firewall

Posted on by admini

With support for SAML 2.0, F5 now offers improved single sign-on (SSO) capabilities for web-based, VDI, and client/server applications—whether hosted in corporate data centers or the cloud. In addition, BIG-IP APM offers identity federation across multiple product instances within an organization, reducing the number of passwords needed by users to access corporate applications.

BIG-IP ASM now features support for applications written with the Google Web Toolkit, meaning security teams can enforce application security policies that use this widely adopted framework. Additionally, BIG-IP ASM can better detect and mitigate clickjacking, a growing web threat that attackers use to trick others into revealing personal information.

Link: http://www.net-security.org/secworld.php?id=14332

Read more

RSA combines SIEM with incident visibility to create Security Analytics

Posted on by admini

With this you get full security visibility of data for log and packet and it gives the user more intelligence and if something is known, if it has been seen before.”

Jon Oltsik, senior principal analyst at Enterprise Strategy Group, said: “The sophistication of advanced attacks and the associated malware is growing every day testing the limitations of existing security analytics tools.”

Marrying intelligence-driven security with Big Data analytics has the potential to help enterprises address the complex problem of advanced threats and thus meet a significant need in the marketplace.”

Link: http://www.scmagazineuk.com/rsa-combines-siem-with-incident-visibility-to-create-security-analytics/article/278162/

Read more

Five eyes push to declassify security vulnerability data – Networks – SC Magazine Australia – Secure

Posted on by admini

Schmidt flagged the need to declassify data during his years at the White House and said progress had been made prior to his resignation from the job in May last year. For Schmidt, the suppression of information denies organisations the ability to defend themselves from attack, noting that it can take months for information to be declassified.

From the time the FBI was notified, DHS (Department of Homeland Security) and the Department of Defense all responded [but] it took 102 days from the time it was reported to the time they went out to industry members. If the declassification effort fails — and it is thought to have stalled amid the recent US Congress reshuffle — then Schmidt said the private sector should take charge and share vulnerability and threat data.

In recent years, security researchers have discovered and extensively detailed malware thought to have been developed by nation-states to launch attacks and conduct espionage against foreign interests.

Schmidt said it is also reckless because such attacks can cause collateral damage against critical private infrastructure, and the malware can be reverse-engineered and re-appropriated for further attacks.

Link: http://www.scmagazine.com.au/News/330685,five-eyes-push-to-declassify-security-vulnerability-data.aspx?utm_source=feed&utm_medium=rss&utm_campaign=SC+Magazine+News+feed

Read more

Cisco has 14k BYOD iPads, says Android malware is not a big threat – BYOD, android malware, cisco, i

Posted on by admini

In 2012, Cisco added 11,000 smartphones and tablets companywide and has nearing an equal ratio of mobile devices to staff. “At the end of 2012, there were nearly 60,000 smartphones and tablets in use in the organisation—including just under 14,000 iPads—and all of them were Bring Your Own (BYO).” Cisco execs have been giving regular updates about its BYOD program in recent times, no doubt because it sells UTM appliances, identity management and other services against the trend.

SAP/Sybase blogger Eric Lai, who has been tracking large iPad deployments, noted from a conference in early May last year that Cisco had 21,000 iPhones, 8,144 iPads and 2,000 Cius tablets (it killed the device later that month). Outside a 5,000 device BYOD program, SAP offers staff a range of 10 smart devices and under that program manages 20,000 iPads, 20,000 iPhones, 4,000 Samsung Android devices, and a smaller number of BlackBerry and Windows Phone devices.

Link: http://www.cso.com.au/article/452398/cisco_has_14k_byod_ipads_says_android_malware_big_threat/

Read more

Governance Must Drive All Security Initiatives… Even Cloud

Posted on by admini

It is up to the CIO or CSO’s due diligence to understand all the implications on how the deployment will affect the holistic enterprise.

“When cloud computing is treated as a governance initiative, with broad stakeholder engagement and well-planned risk management activities, it can bring tremendous value to an enterprise,” said Emil D’Angelo, CISA, CISM, international president of ISACA and founding member of the Cloud Security Alliance.

When due diligence is done, a CIO will have a clear idea of an initiative’s risk versus return and whether a cloud security deployment meets the individual requirements of the company.

For example, seeing who has accessed a certain application gives you historical perspective, but, what if it is a retired account or tries using a decommissioned password? … Or if a partner accesses certain parts of your database to which they are entitled, but quadruples their order in the dead of night to be shipped to Phnom Penh? … There are literally thousands of scenarios by which leveraging the cooperative functionality of IDM, AM, SIEM and Log Management creates not only the holistic visibility to drive governance policies, but offers significant barriers to keep the IT enterprise safer.

The challenge facing most security teams, therefore, is to provide line-of-business users with the access they need while ensuring that the access is appropriate and does not expose the enterprise to unnecessary business risk. But first you must ensure visibility–and when you know where all your data is and all the multiple ways that it is available, then you can best manage the policies, roles, and security functions that best connects your requirements.

Link: http://cloudcomputing.sys-con.com/node/2527026

Read more