Five Steps Congress May Take on Information Security in 2009
2009-01-05 01:00:00 Well, it’s that time of year again: lots of prognosticators making predictions for 2009 as they take a look at 2008 in the rearview mirror and try to figure out what’s in front of us in the New Year. So, I’ll join the legions of IT experts guessing what may be in store in the coming months as we raise our glasses to 08 and toast 09 with anticipation, hope and given the current economic climate, with consternation as well. Since I am a creature of Washington and have the opportunity to work with the U.S. Congress, I’ll focus on what steps we might expect our national legislature to take in 2009 as it relates to information security and privacy issues.
The Lingua Franca of Information Security
2008-10-24 02:00:00 Working across the EMEA region and being employed by an American-headquartered company, I’m fortunate (and occasionally unfortunate!) to encounter the many cultural differences which unite and divide us. Today for example, I’m speaking at our EMC Forum in Moscow, earlier in the week I was in Sweden, and just last week I was with customers and colleagues in the somewhat sunnier climes of Dubai. It’s interesting then to note what changes, but perhaps more importantly the many more things that stay the same as you talk information security strategy throughout the region…...
GIAC - Applying the OSI Seven Layer Network Model to Information Security
2008-07-16 18:26:00 This paper focuses on reviewing a key area of data networking theory - The Open Systems Interconnect (OSI) Seven Layer Network Model. This paper demonstrates the application of the model's concepts into the context of information security. This paper presents the perspective that common information security problems map directly to the logical constructs presented in the OSI Seven Layer Network Model, and seeks to demonstrate the Seven Layer Model's usefulness in evaluating information security problems and solutions. The OSI Model is presented by way of both formal definition and practical terms that affect information security on a layer-by-layer basis.Download
GIAC - Applying the OSI Seven Layer Network Model to Information Security
2008-07-16 18:26:00 This paper focuses on reviewing a key area of data networking theory - The Open Systems Interconnect (OSI) Seven Layer Network Model. This paper demonstrates the application of the model's concepts into the context of information security. This paper presents the perspective that common information security problems map directly to the logical constructs presented in the OSI Seven Layer Network Model, and seeks to demonstrate the Seven Layer Model's usefulness in evaluating information security problems and solutions. The OSI Model is presented by way of both formal definition and practical terms that affect information security on a layer-by-layer basis.Download
Essential Truths in Information Security: Be Reliable and Trustworthy
2008-06-05 06:05:00 Kees Leune – As an information security professional, everything you do has to lead to one thing only: confidence in information. In order to achieve this, it is of paramount importance to have excellent working relationships with the people who actual use the… read more
Eleven months of writing for the Information Security Systems Association J
2008-05-21 01:57:00 I have been writing now for eleven months in the Information Security Systems Association Journal (ISSA). These articles have been primarly focused along the lines of sharing information concerning the emerging threat-landscape and what we are seeing from a Panda Security perspective. Therefore; I thought I would share a little history with you by making these articles ...
Ebook Dictionary of Information Security
2008-04-23 06:12:00 About Dictionary of Information Security Book: The dictionary has the most up-to-date terms, including those related to computer viruses, malware, and more recent technologies such as wireless networking.
Japanese Firms Starting Ratings For IT Security
2008-04-08 17:53:00 Well, here is an interesting twist. I can’t say that I’m overly surprised as this type of ranking was inevitable. From the Associated Press: Eighteen Japanese firms said Tuesday they were creating the world’s first ratings agency looking at data security, which they said was a rising concern for companies. The new firm, called IS Rating, will ...
How does Deming Relate to Information Security?
2008-04-07 13:27:00 The Security and Compliance Connection Blog – I came across this post on RiskAnalys.is and wanted to share it to see what thoughts you might have. DEMING?S SEVEN DEADLY DISEASES 1. Lack of constancy of purpose to plan product and service that will have a market and ... read more
Enterprise Information Security ? Tips
2008-04-03 18:43:00 Every entrepreneur knows the importance information security. In today?s business world where information is so often carried to and fro across the organization for performing specific functions, and data security becomes much more complicated issue. Here are some tips for securing your precious enterprise information.As with any other business practice, information security requires a plan, which clearly defines each staff?s privileges of accessing, sharing and modifying information. The second thing an enterprise needs is good information security system(s), which can be effectively integrated with your business processes and practices. An enterprise must have one person solely responsible for the security of sensitive information, he/she must have access to every thing needed and must guide employees. A good enterprise information security must clearly avoid any un-authorized and anonymous accesses to precious, non-public information. The basic enterprise information security sys...
Schneier: Inside the Twisted Mind of the Security Professional
2008-03-20 13:52:00 Bruce Schneier has a great commentary on Wired this morning that tackles the security practitioners mindset. Here’s a snippet from Wired: Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was ...
Eliot Spitzer: The Primary Lesson for Information Security Professionals
2008-03-13 13:00:00 bloginfosec.com – Amidst the resignation of Eliot Spitzer, there is one primary lesson to be learned from the scandal (as it relates to our field). For those who do not know, as Attorney General of NYS on of Spitzer?s roles was to prosecute prostitution rings. It is most likely the case that he knew how the government ... read more
Administrative Systems, Inc. Reports Information Security Breach On 200,000
2008-02-13 06:34:00 The site pogowasright.org has a follow up on a small article that I saw yesterday. It looks like someone who was affected by Administrative Systems, Inc. (ASI) computer theft got in touch with the privacy?championing website. The original article, while short, had made a couple of things clear. A desktop computer was stolen from ASI?s office back in December. Because ASI provides administrative services for insurance and other financial services companies, it handles sensitive information including names, dates of birth, mailing addresses, and Social Security numbers. The website ASI set up to disseminate information announced that credit card information or driver?s license numbers were not included. They did not mention whether the stolen desktop computer was encrypted or not, but I would bet a pretty penny that it probably wasn?t. Those possibly affected were contacted via mail. That was yesterday, and it was one of various data b...
Information Is Our Only Security Weapon: Bruce Schneier
2008-01-30 14:50:00 We love Bruce here at Liquidmatrix. He gave a keynote at Linux.conf.au. From itnews.com.au: Computer security expert Bruce Schneier took a swipe at a number of sacred cows of security including RFID tags, national ID cards and public CCTV security cameras in his keynote address to Linux.conf.au this morning. These technologies were all examples of security products tailored ...
Information Security Management Handbook, Fifth Edition
2008-01-27 00:33:00 Book Description Since 1993, the Information Security Management Handbook has served not only as an everyday reference for information security practitioners but also as an important document for conducting the intense review necessary to prepare for the Certified Information System Security Professional (CISSP) examination. Now completely revised and updated and in its fifth edition, the handbook maps the ten domains of the Information Security Common Body of Knowledge and provides a complete understanding of all the items in it. This is a must have book, both for preparing for the CISSP exam and as a comprehensive, up-to-date reference.Rapidshare.com Information_Security_Management-Handbook
Roles and Responsibilities in Information Security
2008-01-23 23:30:00 Kees Leune – Recently, I have been thinking about what the roles and responsibilities of an information security manager should be. These thoughts partially originated from an academic desire to form a complete picture of what information security management at mid-tactical to strategic… read more
IRS Apparently Taxed by Information Security Control Weaknesses
2008-01-14 22:15:00 The Security and Compliance Connection Blog – Last week, the General Accounting Office (GAO) announced that the Internal Revenue Service has fixed only 29 of 98 weaknesses in its information security controls, threatening the confidentiality and availability of its financial processing systems and information and limiting the… read more
Information Security - Spyware | Protect Yourself
2007-12-22 08:09:00 What the Heck is Spyware, Anyway? Is your computer slow? Trouble Connecting? Taking forever to load certain pages? (like mine) :-) Spyware is computer software that is installed on your computer to intercept and record your activity without your knowledge. These programs can collect various types of personal information, and can even control your Web-browsing experience by directing you to certain sites without your intent. While it is often used for advertising purposes, Spyware has also been exploited as a vehicle for privacy theft, such as the pilfering of credit card numbers, bank account credentials, and the like. Most Spyware is installed by piggybacking on other applications that often appear useful, such as Weatherbug or Kazaa. Machines infected with Spyware often have degradation in performance, difficulties when connecting to the Internet, accelerated CPU activity, and stability iss...
By: Active Brad
Should Information Security Standards be Legislated?
2007-12-22 01:35:00 The Security and Compliance Connection Blog – Professor Mervyn King addressed the annual Information Security Forums Annual World Congress in Cape Town, South Africa on the issue of information security and legislation this week. As a former Supreme Court Judge and advisor to the World Bank, Professor… read more
Federal Information Security and Management Act -- Five Years On
2007-12-18 03:00:00 An anniversary recently passed amid a heightened focus in Washington, D.C. on the status of federal information security: the Federal Information Security and Management Act (FISMA) just completed its fifth year on the books as a federal law. As the follow up to the Government Information Security Act of 2000, FISMA established an updated legal framework for federal information security, including baseline security standards for federal agencies. I remember that the information security community was excited about FISMA and its promise. So, what's the verdict five years later? In my opinion it's a mixed bag. On one hand, FISMA has arguably increased awareness of, and focus on, federal information security...
Information Security Management Risks
2007-12-15 09:27:00 By Anna Woodward Of course, it is always clear that “risk” is a possibility that something unsuitable happens. What is not clear is how probable it is, what nature it has, and what harm it can do to an organization. Betting on some event means the chance of financial loss: the unsuitable outcome. To decide if we ...
Free White Paper on "Information Security" at TradePub.com
2007-12-14 04:49:00 TradePub.com has a Free White Paper on “Information Security: It’s Not an Option,” which provides ideas and solutions to improve Information Security. Check out these other new titles: Advances in Data Warehouse Performance - query optimization The CMO’s Strategic Agenda Benchmark Report - Marketing Automation Social Computing - benefits of using blogs, forums and social bookmarking Take Advantage of ...
Free White Paper on "Information Security" at TradePub.com
2007-12-14 04:49:00 TradePub.com has a Free White Paper on “Information Security: It’s Not an Option,” which provides ideas and solutions to improve Information Security. Check out these other new titles: Advances in Data Warehouse Performance - query optimization The CMO’s Strategic Agenda Benchmark Report - Marketing Automation Social Computing - benefits of using blogs, forums and social bookmarking Take Advantage of ...
Information Security For The Two Lost CDs In The UK Would Have Cost $102,00
2007-12-07 04:04:00 It boggles the mind. And, in a way, I can understand why the information was not stripped when the two CDs were sent from HM Revenue and Customs. Based on internal e-mails passed back and forth, it looks like there were questions in regards to whether the sensitive/unnecessary information could be stripped. Thus asked an NAO official (the recipient of the CDs, I?d imagine): ?I do not need address, bank or parent details in the download -- are these removable to make the file smaller?? And the reply was, ?I must stress we must make use of the data we hold and not over burden the business by asking them to run additional scans/filters that may incur a cost to the department.? It?s quite obvious that the data that is causing conniptions all over Britain were not filtered as a cost measure. That backfired. Big time. Especially when you?re clued in to this fact: recent testimony by HMRC acting chair Dave Hartnett shows, upon pressured que...
Information Security: Principles and Practice
2007-12-04 01:13:00 In my spare time I’ve been working my way through this great book by Mark Stamp. I believe the book is used as a text book for colleges (hence the somewhat high price), but it’s really a great read. Information Security starts out briefly describing the history of “Crypto”, telling about ancient ciphers (Caesar cipher anyone?), ...
By: Hate Windows
Security And The Seasonal Party Circuit
2007-11-30 16:40:00 Whenever there is a meeting to talk about say, Windows servers, the discussion is left primarily to the subject matter experts when dealing on a technical level. The same can be said of application development et cetera. So, why is it that when the discussion ultimately circles around to security that everyone in the room ...
Information Security Must Go Right To Top
2007-11-28 16:24:00 This article comes to us from Computer World: Information security may be put in place mostly at the IT level, but to work well it must go right to the top, says security expert Basie von Solms. The visiting South African security governance specialist and president of the IFIP (International Federation of Information Processing) was speaking ...
Information Security
2007-11-25 05:55:00 Hop Integrity in the Internet By Chin-Tser HuangDownloadComputer Security BasicsBy Rick Lehtinen DownloadInformation Security FundamentalsBy Thomas R. Peltier DownloadComputer Security HandbookBy Seymour Bosworth DownloadInternet & Intranet SecurityBy Rolf Oppliger Download
Questions Raised About Information Security
2007-11-25 02:07:00 From Journal Live: At a time when the debate about identity cards rages on, and NHS patient records are soon to be brought together on a national database, the query becomes all the more pertinent. Any problems one might have about the intrusiveness of an increasingly surveillant society are compounded by errors like the one exposed in ...
Is the Bush Administration Getting Serious About Information Security?
2007-11-16 01:00:00 Earlier this month, President Bush requested $154 million in FY2008 funding for expanding cyber security initiatives at the Department of Homeland Security (DHS) and other federal agencies. The majority of the initial budget request (which would shift current government fiscal year money from other projects) will reportedly be focused on expanding DHS's "Einstein" program, which is run by the U.S. Computer Emergency Readiness Team. See this Federal Computer Week story by Jason Miller titled White House officials ask for $154 million in new cybersecurity spending for more background.
Information Security Consulting Services
2007-11-16 00:00:00 Intersoft offers a diverse portfolio of Information Security Consulting services that caters to your information and business security needs. Also our services area is Business Continuity Planning, Disaster Recovery Planning, Network Security, Information Risk Management, Privacy Protection, Incident Response and Information Security User Awareness Programs Consulting Services.
By: SAP RE
Yet Another Security Certification
2007-11-13 17:54:00 Security certs. Love ‘em or hate ‘em they are littering the landscape of the security business. Case in point, yours truly has several certs such as CISA, CISSP, CISM (when I send in the paperwork, someday) and PMP to name a few. For the most part I took these to flush out the resume. Chaff ...
Important information security and dosing LEVITRA is a prescription medicin
2007-11-09 07:13:00 Important information security and dosing LEVITRA is a prescription medicine that is used treat erectile dysfunction (ED). Men who are examining nitrate drugs, often used to control pain box (also known as angina), should not be consideration of LEVITRA. Such combinations could cause blood pressure to drop to an unsafe level. As with all ED ...
Shhh, Tech Makes Porn Access Easier
2007-10-22 03:57:00 Shhhh, don’t tell anyone. USA Today has some cutting edge journalism on how technology makes it easier to access porn at work. Bit of a silly piece but, amusing just the same. From USA Today: Devices providing wireless access to the Internet appear to be giving the porn-at-work phenomenon a boost even as employers are getting ...
Federal ?Fix? Deletes CA.GOV
2007-10-04 17:11:00 OK, someone had a worse day than Myrcurial did yesterday. From Network World: Even the government shudders when someone says they’re from the government and they’re here to help. Case in point: A hacker’s diversion of traffic from a California county government Web site to a porn purveyor spiraled into IT chaos yesterday after a countermeasure applied from ...
Information Security Forum Spreads The Word With Global Security Briefings
2007-10-02 21:20:00 The ISF highlights latest security risks and threats at executive briefings across 13 cities and ten countriesThe Information Security Forum (ISF) is hosting 13 executive security briefings around the world during October, November and December to raise greater awareness of the risks to information security and emerging threats. These interactive sessions aimed at senior information security and risk executives, will start in Chicago on 9 October and run in New York, Toronto, Charlotte, Atlanta, Mexico City, Paris, Madrid, Munich, London, Sharjah, Mumbai and finish in Pretoria on 6 December.The Information Security Forum is a not-for-profit international association of over 300 major companies and public sector organisations across 25 countries, including half of the Fortune 100. The ISF is the leading independent authority on information security and has invested more than $100million in delivering practical research, in-depth authoritative reports and advanced methodologies and ...
By: Security Press
Announcing certification program in Information Security - The next big thi
2007-10-01 10:42:00 DOEACC Centre, Calicut announces the launch of the certification 'Information Security Certified Associate' under the ISEA project of the Department of IT, Government of India. Get recognized as an Information Security Professional and advance in your career. Information Security Certified Associate - ISCA > As much as it is important to know how to use a computer, so is it necessary to know how to protect your computer on a network. The information on the computer is an asset and the risks are very high. There are no geographical limitations to computer attacks. The certification outlines every thing about Information security that a computer user (at all levels) should know. This foundation level certification will enable an individual to take other higher level certifications in the field. Exam Objectives > The table below lists the topics covered in the certification and the extent to which they are represented in the examination. To...
By: kozhikode news
InfoSec - Information Security Carnival - 3rd edition
2007-09-30 11:18:00 Nice articles, tips and reviews to keep you safe on
By: A Geek Family
NIST Releases Web Services Guidelines
2007-09-04 04:22:00 NIST has released a security guideline for web services. From GCN: The National Institute of Standards and Technology has released a 128-page guide to help organizations understand the security challenges of Web services in service-oriented architecture. NIST Special Publication 800-95, ?Guide to Secure Web Services,? provides practical guidance on current and emerging standards applicable to Web services ...
Information Security Poll
2007-09-01 04:09:00 Andy ITGuy – My latest information security poll was a hit with yall. It received more votes than the other 3 combined. I was very pleased to see the response. ... I have to admit that I am quiet surprised at the results. I honestly expected about 95 to 98 percent of the votes to go to the last 2 options (Slightly or None). While they did receive the majority of the votes it was only about 73% of the total vote. ... read more
CRC press - Information Security management Handbook - Download
2007-08-31 13:52:00 The landscape of information security has changed. The bad news: It is more nebulous than ever before. No longer can chief information security officers work solely within the confines of their organizations’security policies or their industry-specific regulatory mandates and feel comfortable that the depth and efficacy of their program will not be second guessed. As current events unfold, established institutions such as Bank of America, Lexis-Nexis, and Choicepoint watch as their reputations come into question and their names are plastered on the front pages of the national media. Regardless of the incidental details, be they business process fraud or third-party errors and omissions, all of the events to date have been publicized as “security breaches.” Read about this and more in this book.Book info:Information Security Management Handbook, fifth edition, volume 3by Harold F. Tipton, Micki KrauseAuerbach PublicationISBN-10: 0-8493-9561-5ISBN-13: 978-0-8493-9561-1Download t...
By: WinSecurityWar
Running the Information Security and Privacy Program in the Right Shoes
2007-08-30 04:21:00 Realtime IT Compliance – What do running shoes have to do with information security, privacy and compliance programs? A LOT!!! Just like running shoes, information security programs, privacy programs, and compliance programs often get launched after a lot of thought and planning, making a big splash in the organization and (if done correctly) seeming as though they fit the organization perfectly! ... read more
Interscience Information Security Principles
2007-08-30 03:28:00 Some security textbooks offer a large dollop of dry useless theory. Reading one of these books is about as exciting as reading a calculus textbook. Other security books offer nothing but a collection of apparently unrelated facts, giving the impression that security is not really a coherent subject at all.
Facebook Costs Employers More Than $5 Billion A Year
2007-08-21 04:05:00 Here is an interesting piece from InformationWeek. Basically the piece outlines the obvious when it comes to FaceBook. I have witnessed several companies in the Toronto area that allow their employees to use the popular social networking site. The marvel of this is the viral nature of the site and the sheer volume of time ...
SYNGRESS Zen and the Art of Information Security
2007-08-18 01:41:00 Book Description: While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking ...
Oh, Don?t Tell Me: 10 Claims That Scare Security Pros
2007-08-14 13:52:00 Jon Espenschied has an amusing (or scary) piece on security claims in Computerworld: A child with a chocolate-smeared shirt says, “I didn’t do it.” The phone rings, and Mom assures you, “There’s nothing to worry about.” A systems administrator carrying a box of tapes says, “We’ll have everything back up in a few minutes.” Sometimes the ...
Bad Advice from the Uninformed and Inexperienced Hurt Information Security
2007-08-13 03:14:00 Realtime IT Compliance – The results of the poll for this past week show that 91% believe information security and privacy training and awareness is important, but 9% believe it is not necessary to effectively safeguard data. Well, I’ve had some very interesting conversations in the past few years, usually while at conferences and when chatting with vendors, who were emphatic about how awareness and training is a waste of time and money.... read more
IRS Employees Hand Over Passwords
2007-08-10 21:01:00 HAHAHAHAHA! I’m weeping inside. From Federal Times: What?s the easiest way to get Internal Revenue Service employees to compromise computer security protocols? Ask them to. In a test conducted in March and April by the agency?s inspector general, 60 percent of more than 100 IRS employees revealed their user names and changed their passwords when government ...
Wii Need To Be Creative With Information Security and Privacy Awareness
2007-08-07 06:02:00 Realtime IT Compliance – No, I didnt misspell in the title… :) My youngest son recently celebrated his birthday. Both my sons are the greatest kids I could ever have dreamed of. They both always do their chores and homework with very little prodding, are healthy, smart, considerate, loveable…well, I could go on and on. I am very thankful for them. ... read more
Sigh, What A Day
2007-07-27 04:56:00 Sometimes a day is little more than a blur at the end of it. Today I had a moment of “I told you so” that I refrained from engaging in. Several years ago I warned someone I know that their company had a potential problem. He shrugged and didn’t see it as a big deal. ... |
|
 |
|
 |
