|
Risk
analysis is inextricably linked with
disaster recovery. assessment of the
risks which may lead to disaster is
essential in the determination of
what controls are appropriate to the
situation. Again, however, risk
analysis is often made more
difficult than necessary.
The
Threat & Vulnerability Assessment
Tool Kit
and tool was designed to simplify
matters, and to make risk analysis
more widely accessible through
automation. It is now probably the
most widely used product and method
in the world
|
|
|
08/25/2010 USB flash drives a major security risk -
According to the Washington Post, a top Defense Department official is
speaking publicly a successful, high-profile infiltration of a computer network
belonging to the US military's Central Command.
 Deputy Defense
Secretary William J. Lynn III describes the attack in an article to be published
today in Foreign Affairs. The incident occurred in 2008 at a post in the middle
east and was performed by means of a USB flash drive which
installed malware. "That code spread undetected on both classified and
unclassified systems, establishing what amounted to a digital beachhead, from
which data could be transferred to servers under foreign control," according to
Lynn. In 2008, the Los Angeles Times reported, citing anonymous Defense
officials, that the incursion might have originated in Russia.
"Operation Buckshot Yankee," which countered the attack, was a turning point
for military computer
security. Part of the response was a temporary ban on the use of flash
drives in military computers. That ban has since been modified. The broad
outlines of the attack have been reported over time, but the details had
heretofore been kept secret.
The Post suggests that Lynn's article is aimed in part at raising awareness
of the problem and of DoD's actions in response, particularly "active defense"
which seeks out intruders on the network. It is also an exercise in public
lobbying for DoD to have a role in national cyberdefense. Current legislative
proposals generally give the Department of Homeland Security primary
responsibility.
more info
08/18/2010 IE continues to lose market share -
Microsoft Continues to Lose Browser Market
Share!!!
Vista Dead In Its Tracks - Windows 7 Does Better?
 
The summary findings in Janco's Browser and OS Market Share White
Paper are:
- Firefox challenged Microsoft as no other competitor has done in quite some
time but Microsoft seems to have addressed this
- The SmartPhone market has taken off and users no longer have to depend on
a PC to access the Internet
- Users are staying current with the latest versions of IE, and Firefox via
the automatic update feature.
- Googles Chrome is disappointing and has captured only a little over 5% of
the browser market since its introduction.
- Internet Explorers market share continues to fall.
- Attacks on browsers are moving many users to the automatic update feature
to get the latest versions of the browsers.
- The door was open for Google with both Desktop and Chrome it is not
clear that the current offering by Microsofts competitors can do more damage
to Microsoft browser market share. However Microsoft must address the
SmartPhone market to maintain its leadership position.
more info
08/13/2010 Blackberry under attack again... -
India's government is the latest in a long list of national governments that
have recently threatened to shut down BlackBerry services over security issues. The United
Arab Emirates has said it will halt Blackberry Messenger, e-mail, and Web
browsing starting October 11. Indonesia and Saudi Arabia also threatened to
block BlackBerry Messenger service. Saudi Arabia reached a deal with RIM over
the weekend, and a ban that was to go into effect starting Monday was
lifted.
Meanwhile, countries in Europe, such as Germany, are also putting pressure on
RIM to loosen its security enough so that communications can be monitored. The
German government has urged staffers not to use the BlackBerry, and several
ministries have banned them, Reuters reported. And last week, the European
Commission rejected the BlackBerry as a handset for its employees, opting
instead for Apple's iPhone and HTC smartphones.
India's decision followed a meeting that Home Secretary G.K. Pillai had with
officials from India's Department of Telecommunications as well as other federal
security agencies, according to Reuters.
Governments say the BlackBerry's tight security is a concern as they try to
combat terrorist attacks and other illegal activities. India, for instance, is
trying to keep a lid on fighting by insurgents in Kashmir as well as potential
threats from Pakistani militants.
 Of RIM's 46
million users worldwide, about 1.1 million are in India. India is among the
fastest-growing markets for the BlackBerry. This is an important factor given
that the North American market, RIM's stronghold, is becoming saturated. RIM and
other phone makers need to look to developing countries, such as India and
nations in the Middle East, for growth.
If RIM is unable to satisfy India's security demands, the services that would
be shut down are the BlackBerry e-mail service and instant messaging.
more info
08/07/2010 IT infrastructure is complex -
 Todays IT infrastructure is complex. The number of IT
assets in the infrastructure that an enterprise level organisation must manage
can be overwhelming - different platforms, devices, servers, applications
databases and more. And the sheer volume of activity that occurs in this
infrastructure is almost too large to imagine. Many organisations have
technology located in different places around the world. In the retail and
hospitality industries for example, these organizations have corporate data
centers plus thousands of tills and point of sale (POS) devices in stores and
hotels that introduce potential risk.
In addition, to drive down costs, organisations have turned to potential
cost-savings technology such as virtualisation. But such actions introduce new
complications. Virtualisation may provide cost-savings, but managing these
highly dynamic virtual machines introduces a new layer of risk and requires
greater visibility into the activities on these systems.
more info
07/31/2010 Security infrastructure definition key to productivity -
Complex security policies
can be difficult for employees to follow, it is unrealistic to leave
security in the hands of mobile employees. An effective enterprise security plan should
provide for simple, automated, scalable, and comprehensive ways to protect IT
investments and maintain worker productivity. Organizations must approach
security from a comprehensive perspective that ranges from the desktop to the
data center, following best practices to help ensure that the plan protects both
physical assets and data. A good strategy for mobile security is based on:
- Protect systems: Asset tags can help simplify
asset management by identifying individual devices. When used in conjunction
with server-side asset management toolssoftware, these tags can give IT
organizations the ability to monitor internal system components. In addition,
dedicated security locks can help prevent theft. Visual deterrent labels and
company logos offer an additional layer of protection against common theft
because they can prevent an easy resale.
- Protect data: When physical protection fails and a
mobile device is lost, stolen, or damaged, it is critical that organizations
retain the ability to protect sensitive enterprise data on the system. Data
protection is linked to efficient access management. If authentication is not
well managed, data protection can be difficult - especially if it is not
centrally controlled. With a central security management solution a
server-side application that interacts with the client-side software for
central management IT departments can maintain control over key client
security features and link them back.
- Prevent unauthorized access: Security policies
must strike the correct balance between providing the right people with access
to the right level of information and blocking access for improper users.
Authentication is key to enabling secure data access because it focuses on
identifying the user. Authentication methods can include smart cards with PIN
access, contactless cards, or unique biometric verifiers such as Federal
Information Processing Standards (FIPS) - certified embedded fingerprint
readers. Multi-factor authentication is the combination of these technologies
into one strong authentication process, whereby any end user may be asked for
more than one form of authentication.
- Prevent malicious attacks: Network security should
focuses on antivirus deployment and securityappliances, targeting three lines
of
defense: endpoint protection, which relies on software designed to
safeguard mobile devices; network traffic monitoring, which uses appliances to
watch for unusual data traffic patterns on enterprise networks; and Internet
gateway appliances, which serve as filters and firewalls that selectively
identify and block potentially dangerous data.
more info
|
