search the articles directory
Powered by Google™
old Online security articles
The business case for information security - ...? Nick Coleman, Chairman of SAINT
(Security Alliance for Internet and New Technologies) and Head of Security
Services at IBM,...
The demand for continuous information - ... to be at the top of the business agenda. Now more
than ever, interaction between customer and company takes place through technological
chann...
The threat from cybercrime - ...ual or in highly organised gangs, either of whom may attempt
to gain access into a computer system in order to carry out a criminal activity. The h...
Recent attack trends - ...nies to much greater risk to both
their cost-base and brand. Below are some of the more common ways in which companies
can suffer from the more dis...
Recognising the enemy within - ...ow people to do their jobs efficiently we have to place
them in a position of trust, with access to sensitive data and systems. Given the evidence,...
Cyberliabilities in the workplace - ...l over their
employees, and the means by which they can do so can be increasingly intrusive. The need
to strike a balance between the concerns of ...
Data complacency - ...sitivity of their company’s data as ‘low’. In a world where the
threat of information security breaches is an everyday considerat...
Cybercrime and The marketing dimension - ...and clients to the appropriate website, and
to your email address, and carry on. Why bother about marketing the methodology? Why
not stick to marke...
Information Security Management System - ... try you out!
To have an Information Security (Assurance) Management System (ISMS or IAMS) in
place and working properly will provide you with the...
Online Security and Threats to email - ...vailable. It is quick,
convenient and cheap, but unless used properly, fundamentally insecure. It is as public as a
postcard and leaves a written r...
Reducing the risks and eliminating the threats in our emails - ...y, authenticity and legitimacy of electronic communication records and
computerised transactions. Whether or not businesses in the UK actually ge...
How to be protected against viruses transmitted over networks - ...maintain anti-virus programs to protect against viruses transmitted
over networks, via email, via dangerous ActiveX components and through a host...
Key security vocabulary explained - ...ney.
Denial of service: This is a hacker-based attack on a web server that prevents
customers/visitors from gaining access to a...
Protecting online privacy - ...urope) data protection. All UK e-commerce businesses must comply with
data protection law. This is not just to avoid legal liability; by paying c...
Secure Internet service - ...usiness, be it on the Internet or on a private network.
Of course, network abuse and hacking can come in a variety of forms. On one
hand, your cus...
Virus attacks - ... infrastructure. It is therefore easy to see why a
rather unpleasant can of worms is opened when that is compromised.
The nature of...
Authentication and encryption - ...e expected to reach US$108 billion by 2003, and business-to-business
(B2B) e-commerce expected to increase to US$1 trillion over the same period, t...
What are digital signatures - ...From home banking to network shopping and online
information subscription services, security remains a growing concern. Key questions that
are ask...
Digital rights management - ...o;, the agencies used to carry and deliver information
have done so based on two key principles: the rights of confidentiality and the clear
expec...
Electronic licensing advantages - ...rom petrochemical companies to games developers. In essence, electronic
licensing creates and enforces a simple business ethic: you get what you pa...
Security policies Countering cybercrime - ...w requirements that companies do take
proactive steps to prevent this type of fraud. This approach is no longer acceptable and businesses
must now...
Cybercrime policy statement - ...g
agreements.
The policy statement should be clear about the action that the company will take in the
event that an act of cybercrime is detected....
What to do when cybercrime is detected - ... turn be responsible for researching the best methods of investigating a specific
type of cybercrime.
This individual may also be given responsibi...
Where to start implementing IT security - ...security of three per cent of IT budgets
or 10 per cent of IT budgets in the case of financial services companies. Only 27 per cent of
companies sp...
Reporting and recovering from a security breach - ...er’ approach to the issue, in that they identify that a
threat exists or that a security incident has occurred and then determine a specific ...
Managed security services - ...primarily by resource constraints to
capital and security expertise.’
This model however is not new; companies have previously outsourced fun...
Employee confidentiality and a culture of security. Electronic business models - ... but it also means that the
business is more vulnerable to everyone. Failure to properly deal with information security
issues involves both regula...
Why is security training important - ...nts.
Why is security training important?
This may sound like an obvious question, but it is important to look at wh...
Outsourcing in IT security - ...ders. In terms of physical security this instinct
has softened over recent decades as contract guards, commercial alarm monitoring stations
and sec...
Contingency planning Business continuity and crisis management - ...d/or crisis
management capability. They emphasised that a robust, effective and fit-for-purpose
preparedness is essential – and complacency ...
latest articles under "Online security"
Navigation: Categories » Internet and online » Online security
Below is a list of all Online security articles. If you want to find a tutorial by keywords, all you have to do is a quick search in our directory. Just use the search option available at the top-right side of the page. The website search is powered by web-articles. Or, if you want to read specific Online security tutorial, just point to it. The newest articles and tutorials are shown first in the list. To access the last ones, browse the pages 2, 3, 4... at the bottom. Also, you may browse articles alphabetically ordered.
Page# 1 (last added articles shown first)
Enter page# 1 (last added articles shown first)
Below is a list of all Online security articles. If you want to find a tutorial by keywords, all you have to do is a quick search in our directory. Just use the search option available at the top-right side of the page. The website search is powered by web-articles. Or, if you want to read specific Online security tutorial, just point to it. The newest articles and tutorials are shown first in the list. To access the last ones, browse the pages 2, 3, 4... at the bottom. Also, you may browse articles alphabetically ordered.
Page# 1 (last added articles shown first)
An information security crisis is the moment when you improvise (06/04/2007)
(...) It was, and will always be, a threat that is surprisingly hard to define. Almost by definition, terrorism will continually seek to change its face. But enough has already been written on this subject and before we also slide towards overindulging our concern with just one type of threat, let us return to the subject of this article: can you really handle any crisis? In March 2000, a lightening bolt caused a blaze at a Philips electronic factory in Albuquerque in the United States. (...)
(...) It was, and will always be, a threat that is surprisingly hard to define. Almost by definition, terrorism will continually seek to change its face. But enough has already been written on this subject and before we also slide towards overindulging our concern with just one type of threat, let us return to the subject of this article: can you really handle any crisis? In March 2000, a lightening bolt caused a blaze at a Philips electronic factory in Albuquerque in the United States. (...)
The business case for information security (06/03/2007)
(...) Virus attacks were still the most frequently occurring incidents, with 1612 incidents taking place during the last 12 months alone.1 In the FBI/CSI 2002 survey 85 per cent of organisations surveyed had experienced viruses; 55 per cent had experienced laptop thefts; 40 per cent has experienced a denial of service attack. Before making direct comparisons we need to take into account the differences in sample populations. (...)
(...) Virus attacks were still the most frequently occurring incidents, with 1612 incidents taking place during the last 12 months alone.1 In the FBI/CSI 2002 survey 85 per cent of organisations surveyed had experienced viruses; 55 per cent had experienced laptop thefts; 40 per cent has experienced a denial of service attack. Before making direct comparisons we need to take into account the differences in sample populations. (...)
The demand for continuous information (06/03/2007)
(...) The key findings reinforce the growing supremacy of technology in facilitating this interaction, and the ongoing difficulties faced by businesses in measuring costs. Of those surveyed, 94 per cent of businesses said that their customers now use call centres to contact them, with 88 per cent of those questioned using email and 66 per cent also using the Internet. This compares with more traditional methods, where only 43 per cent of customers still use branch networks. (...)
(...) The key findings reinforce the growing supremacy of technology in facilitating this interaction, and the ongoing difficulties faced by businesses in measuring costs. Of those surveyed, 94 per cent of businesses said that their customers now use call centres to contact them, with 88 per cent of those questioned using email and 66 per cent also using the Internet. This compares with more traditional methods, where only 43 per cent of customers still use branch networks. (...)
The threat from cybercrime (06/03/2007)
(...) The Department of Trade and Industry (DTI) Report1 of April 2002 reveals that key UK government departments face an average of 84 hacking attempts a week. 1.3 1Information Security Breaches Survey 2002, DTI. (...)
(...) The Department of Trade and Industry (DTI) Report1 of April 2002 reveals that key UK government departments face an average of 84 hacking attempts a week. 1.3 1Information Security Breaches Survey 2002, DTI. (...)
Recent attack trends (06/03/2007)
(...) Trend 4: Increasing permeability of firewalls Firewalls are often relied upon to provide primary protection from intruders. However, technologies such as IPP (Internet Printing Protocol) and WebDAV (Web-based Distributed Authoring and Versioning), as well as certain protocols marketed as being firewall-friendly, are designed to bypass typical firewall configurations. Trend 5: Increasingly asymmetric threat Security on the Internet is, by its very nature, highly interdependent. (...)
(...) Trend 4: Increasing permeability of firewalls Firewalls are often relied upon to provide primary protection from intruders. However, technologies such as IPP (Internet Printing Protocol) and WebDAV (Web-based Distributed Authoring and Versioning), as well as certain protocols marketed as being firewall-friendly, are designed to bypass typical firewall configurations. Trend 5: Increasingly asymmetric threat Security on the Internet is, by its very nature, highly interdependent. (...)
Recognising the enemy within (06/03/2007)
(...) The next candidates in this category are under-utilised employees who find themselves with time on their hands during the working day in which to experiment and investigate. For whatever reason, at a given moment in time they are not the best friends of the company. The careless employee is the one that leaves their password written on a piece of paper in the top drawer of their desk, or who walks away from a terminal leaving it connected to a valuable data source. (...)
(...) The next candidates in this category are under-utilised employees who find themselves with time on their hands during the working day in which to experiment and investigate. For whatever reason, at a given moment in time they are not the best friends of the company. The careless employee is the one that leaves their password written on a piece of paper in the top drawer of their desk, or who walks away from a terminal leaving it connected to a valuable data source. (...)
Cyberliabilities in the workplace (06/03/2007)
(...) Employers may risk being vicariously liable for defamatory material communicated by email. In a high profile case of recent years, incorrect rumours concerning a rival insurance company were circulated on Norwich Union’s internal email system, with the result that Norwich Union paid out nearly half a million pounds in a court settlement to the rival company. As email is so quick and easy, there is an increased risk that employees may unwittingly enter into contracts that bind their employers. (...)
(...) Employers may risk being vicariously liable for defamatory material communicated by email. In a high profile case of recent years, incorrect rumours concerning a rival insurance company were circulated on Norwich Union’s internal email system, with the result that Norwich Union paid out nearly half a million pounds in a court settlement to the rival company. As email is so quick and easy, there is an increased risk that employees may unwittingly enter into contracts that bind their employers. (...)
Data complacency (06/03/2007)
(...) It is this unchallenged availability and the ease with which it can be circulated by an employee with an email connection that is presenting a security risk that has so far largely gone unnoticed. In most cases the circulation of sensitive data, perhaps a sales forecast or share price information, is not conducted maliciously. Instead it is carried out by the growing army of employees to whom email is second nature, who perhaps don’t assign as much importance to a piece of data as their contemporaries would have done ten years ago. (...)
(...) It is this unchallenged availability and the ease with which it can be circulated by an employee with an email connection that is presenting a security risk that has so far largely gone unnoticed. In most cases the circulation of sensitive data, perhaps a sales forecast or share price information, is not conducted maliciously. Instead it is carried out by the growing army of employees to whom email is second nature, who perhaps don’t assign as much importance to a piece of data as their contemporaries would have done ten years ago. (...)
Cybercrime and The marketing dimension (06/03/2007)
(...) We feel that we ‘own’ our PC – even if our organisations actually paid for them – but unless proper measures are taken we may well be sharing ‘usership’ with others. Either they know everything that we do, or they use part of ‘our’ computer’s power for their purposes; or they come in and alter our information, or are totally destructive, or act ‘merely’ as vandals. Suddenly the marketing manager is looking rather vulnerable, because his/her organisation is vulnerable, and the fallout will be lack of trust and reputation, which leads to brand problems. (...)
(...) We feel that we ‘own’ our PC – even if our organisations actually paid for them – but unless proper measures are taken we may well be sharing ‘usership’ with others. Either they know everything that we do, or they use part of ‘our’ computer’s power for their purposes; or they come in and alter our information, or are totally destructive, or act ‘merely’ as vandals. Suddenly the marketing manager is looking rather vulnerable, because his/her organisation is vulnerable, and the fallout will be lack of trust and reputation, which leads to brand problems. (...)
Information Security Management System (06/03/2007)
(...) The ‘mistake’ (or ‘I didn’t mean to destroy your livelihood’) Recently a ‘hactivist’ (someone who believes that their hacking is ‘ethical’ because they only break into sites and systems that are owned or run by organisations that they don’t agree with) destroyed a company that was totally innocent, even of the so-called ‘crime’ that the hactivist was so worked-up about. Unfortunately for the company its original founder had chosen a name that was similar to the name of a business that was connected with the use of animals for their fur – not the same name; not the target name; and the business certainly had nothing to do with the practice so hated by the hactivist. The company was totally innocent – and is now totally out of business. (...)
(...) The ‘mistake’ (or ‘I didn’t mean to destroy your livelihood’) Recently a ‘hactivist’ (someone who believes that their hacking is ‘ethical’ because they only break into sites and systems that are owned or run by organisations that they don’t agree with) destroyed a company that was totally innocent, even of the so-called ‘crime’ that the hactivist was so worked-up about. Unfortunately for the company its original founder had chosen a name that was similar to the name of a business that was connected with the use of animals for their fur – not the same name; not the target name; and the business certainly had nothing to do with the practice so hated by the hactivist. The company was totally innocent – and is now totally out of business. (...)
Online Security and Threats to email (06/03/2007)
(...) It is clear that the government needs to set out definite guidelines and regulations for the safe use of email. The events of 11 September 2001 brought new challenges to the protection of privacy in the modern age that led governments worldwide to extend control over individuals through the law and technology. It is unquestionable that email security is the next big IT security issue – a fact that gives rise to the following question: if a company’s most valuable asset apart from its workforce is its intellectual property, why are so many businesses failing to take the crucial steps towards protecting that property in its electronic form when it would be both simple and cost-effective for them to do so? Given the strictly monitored methods that are applied to the treatment of hard-copy letters and other documents, it is highly illogical for electronically transmitted information to be treated in the haphazard and insecure fashion that typifies common business practice regarding the use of email. (...)
(...) It is clear that the government needs to set out definite guidelines and regulations for the safe use of email. The events of 11 September 2001 brought new challenges to the protection of privacy in the modern age that led governments worldwide to extend control over individuals through the law and technology. It is unquestionable that email security is the next big IT security issue – a fact that gives rise to the following question: if a company’s most valuable asset apart from its workforce is its intellectual property, why are so many businesses failing to take the crucial steps towards protecting that property in its electronic form when it would be both simple and cost-effective for them to do so? Given the strictly monitored methods that are applied to the treatment of hard-copy letters and other documents, it is highly illogical for electronically transmitted information to be treated in the haphazard and insecure fashion that typifies common business practice regarding the use of email. (...)
Reducing the risks and eliminating the threats in our emails (06/03/2007)
(...) It protects confidentiality and confirms for the recipient that the message has arrived in its original state without having been seen by an unauthorised person. Good encryption software ensures that information is only decrypted as and when needed, and then makes provision for the safe deletion of electronic messages. This would have the same effect that a shredding machine has on paper that needs to be destroyed. (...)
(...) It protects confidentiality and confirms for the recipient that the message has arrived in its original state without having been seen by an unauthorised person. Good encryption software ensures that information is only decrypted as and when needed, and then makes provision for the safe deletion of electronic messages. This would have the same effect that a shredding machine has on paper that needs to be destroyed. (...)
How to be protected against viruses transmitted over networks (06/03/2007)
(...) Unlike the average Internet connection, these systems have network connections with large amounts of bandwidth. After an infection, a worm can use the bandwidth to spread itself to other web servers. Equally, the organisation operating the web server may base a large percentage of its revenue on traffic from its website, and the site outage could cause a largescale financial impact – not to mention the impact on customer confidence. (...)
(...) Unlike the average Internet connection, these systems have network connections with large amounts of bandwidth. After an infection, a worm can use the bandwidth to spread itself to other web servers. Equally, the organisation operating the web server may base a large percentage of its revenue on traffic from its website, and the site outage could cause a largescale financial impact – not to mention the impact on customer confidence. (...)
Key security vocabulary explained (06/03/2007)
(...) It also has the ability to ‘drop’ the attack from the network to stop it from reaching its target. Trojan Horse: This is an attack that is hidden within a seemingly legitimate attachment to an email received across the Internet. Once inside a PC it infects memory, processor and applications, then spreads to other network resources. (...)
(...) It also has the ability to ‘drop’ the attack from the network to stop it from reaching its target. Trojan Horse: This is an attack that is hidden within a seemingly legitimate attachment to an email received across the Internet. Once inside a PC it infects memory, processor and applications, then spreads to other network resources. (...)
Protecting online privacy (06/03/2007)
(...) In particular the eight data protection principles in the Act must be complied with, namely: 1. Personal data shall be processed fairly and lawfully. 2. (...)
(...) In particular the eight data protection principles in the Act must be complied with, namely: 1. Personal data shall be processed fairly and lawfully. 2. (...)
Secure Internet service (06/03/2007)
(...) Proseq services are available in the UK through partners such as Morse and Telenor Business Solutions UK. What do we do? In a nutshell, our partners either integrate our service to provide secure Internet services, or they provide unique security services with the required level of local support. We pride ourselves on having a round-the-clock operating centre with competence and vigilance to help and guide our customers through everything from small everyday incidents to serious attacks. (...)
(...) Proseq services are available in the UK through partners such as Morse and Telenor Business Solutions UK. What do we do? In a nutshell, our partners either integrate our service to provide secure Internet services, or they provide unique security services with the required level of local support. We pride ourselves on having a round-the-clock operating centre with competence and vigilance to help and guide our customers through everything from small everyday incidents to serious attacks. (...)
Virus attacks (06/03/2007)
(...) By that time the damage can be impossible to undo as back-ups are corrupted as well. That said, if a company does fall foul of a virus that simply eliminates data, backups can often be used to restore the lost information. Clean-up costs Deciphering how much it costs an organisation to reinstate lost data, or to negate corruptions made by malicious code is an almost impossible task and depends greatly on the specifics of the virus in question. (...)
(...) By that time the damage can be impossible to undo as back-ups are corrupted as well. That said, if a company does fall foul of a virus that simply eliminates data, backups can often be used to restore the lost information. Clean-up costs Deciphering how much it costs an organisation to reinstate lost data, or to negate corruptions made by malicious code is an almost impossible task and depends greatly on the specifics of the virus in question. (...)
Authentication and encryption (06/03/2007)
(...) ‘Trojan horse’ computer viruses that steal passwords; competitors accessing seemingly protected databases using borrowed passwords of acquaintances; personal accounts being exposed to every member of a bank: none of these examples are just threats anymore; they are reality – and it’s not just sophisticated computer hackers who are causing the problems. Thrillseeking teenagers, novice computer programmers trying to make a name for themselves, and criminal organisations are all using password-cracking tools that are readily available on the Internet. As new e-business models become more complex and attackers develop more sophisticated tools, we can only expect the number of security breaches to increase. (...)
(...) ‘Trojan horse’ computer viruses that steal passwords; competitors accessing seemingly protected databases using borrowed passwords of acquaintances; personal accounts being exposed to every member of a bank: none of these examples are just threats anymore; they are reality – and it’s not just sophisticated computer hackers who are causing the problems. Thrillseeking teenagers, novice computer programmers trying to make a name for themselves, and criminal organisations are all using password-cracking tools that are readily available on the Internet. As new e-business models become more complex and attackers develop more sophisticated tools, we can only expect the number of security breaches to increase. (...)
What are digital signatures (06/03/2007)
(...) In this process information is coded (encryption) to stop information from being read or altered by anyone but the intended recipient. It may be intercepted, but it will not be intelligible to someone without the ability to decode (decryption) the message. Encryption and decryption require both a mathematical formula (or ‘algorithm’) to convert data between readable and encoded formats and a key. (...)
(...) In this process information is coded (encryption) to stop information from being read or altered by anyone but the intended recipient. It may be intercepted, but it will not be intelligible to someone without the ability to decode (decryption) the message. Encryption and decryption require both a mathematical formula (or ‘algorithm’) to convert data between readable and encoded formats and a key. (...)
Digital rights management (06/03/2007)
(...) Digital content is a broad term used to describe the wealth of information and products now available for consumption. From business and entertainment software, to video and Internet feeds, our society has never been so rich in information. The marketplace offers huge rewards to software pirates, from the casual copier to the dedicated hacker, particularly when the cost of a CD burner has fallen to less than C100. (...)
(...) Digital content is a broad term used to describe the wealth of information and products now available for consumption. From business and entertainment software, to video and Internet feeds, our society has never been so rich in information. The marketplace offers huge rewards to software pirates, from the casual copier to the dedicated hacker, particularly when the cost of a CD burner has fallen to less than C100. (...)
Electronic licensing advantages (06/03/2007)
(...) Whilst the BSA educates computer users on software copyrights and cyber-security, they are also very actively involved in the fight against software piracy in all its forms. In June 2002, in their seventh annual survey on software piracy, the BSA announced that: The rate of software piracy in the UK has dropped by one per cent to 25 per cent, the same level as in the United States … Globally, however, software piracy is on the increase for the second year running, growing from 37 per cent in 2000 to 40 per cent in 2001. Global losses reached almost US$11 billion. (...)
(...) Whilst the BSA educates computer users on software copyrights and cyber-security, they are also very actively involved in the fight against software piracy in all its forms. In June 2002, in their seventh annual survey on software piracy, the BSA announced that: The rate of software piracy in the UK has dropped by one per cent to 25 per cent, the same level as in the United States … Globally, however, software piracy is on the increase for the second year running, growing from 37 per cent in 2000 to 40 per cent in 2001. Global losses reached almost US$11 billion. (...)
Security policies Countering cybercrime (06/03/2007)
(...) 2.1 states that: ‘The directors should, at least annually, conduct a review of the effectiveness of the group’s system of internal control and should report to all shareholders that they have done so. The review should cover all controls including financial, operational and compliance controls and risk management. (...)
(...) 2.1 states that: ‘The directors should, at least annually, conduct a review of the effectiveness of the group’s system of internal control and should report to all shareholders that they have done so. The review should cover all controls including financial, operational and compliance controls and risk management. (...)
Cybercrime policy statement (06/03/2007)
(...) Cybercrime needs to be treated as a business risk and an organisation therefore needs to carry out a risk management assessment procedure to ensure that the steps taken to prevent cybercrime are effective in relation to the practices peculiar to that organisation. Anticybercrime procedures should be tailored to match the type of business in which an organisation is involved. For example, an e-tailer is more likely to be concerned with establishing the identity of the individual attempting to carry out a ‘card-not-present’ transaction to make an online purchase as this type of business is more prone to the risk of identity theft and credit card fraud. (...)
(...) Cybercrime needs to be treated as a business risk and an organisation therefore needs to carry out a risk management assessment procedure to ensure that the steps taken to prevent cybercrime are effective in relation to the practices peculiar to that organisation. Anticybercrime procedures should be tailored to match the type of business in which an organisation is involved. For example, an e-tailer is more likely to be concerned with establishing the identity of the individual attempting to carry out a ‘card-not-present’ transaction to make an online purchase as this type of business is more prone to the risk of identity theft and credit card fraud. (...)
What to do when cybercrime is detected (06/03/2007)
(...) It must be considered how the firm intends to secure and gather the evidence without alerting the criminal. The firm must address the question of how it intends to deal with a suspect and when it should contact the relevant authorities such as the National Hi-Tech Crime Unit. As with all frauds, it must be considered when it is appropriate to inform the public that a cybercrime has occurred, bearing in mind the damage that such an announcement can have on a business compared to the value of the crime itself. (...)
(...) It must be considered how the firm intends to secure and gather the evidence without alerting the criminal. The firm must address the question of how it intends to deal with a suspect and when it should contact the relevant authorities such as the National Hi-Tech Crime Unit. As with all frauds, it must be considered when it is appropriate to inform the public that a cybercrime has occurred, bearing in mind the damage that such an announcement can have on a business compared to the value of the crime itself. (...)
Where to start implementing IT security (06/03/2007)
(...) This is a formal published document that defines roles, responsibilities, acceptable use and enterprise security practices. Very few companies have a formal written security policy in place; however, if there isn’t one to refer to, how can you determine whether or not you’ve applied all the correct security measures? With even a basic security policy in place, organisations can go some way to alleviating some of the key risks to their business. For example, according to Gartner: ‘90 per cent of security breaches take advantage of poorly configured or unpatched servers; such breaches are easily preventable if security processes are followed. (...)
(...) This is a formal published document that defines roles, responsibilities, acceptable use and enterprise security practices. Very few companies have a formal written security policy in place; however, if there isn’t one to refer to, how can you determine whether or not you’ve applied all the correct security measures? With even a basic security policy in place, organisations can go some way to alleviating some of the key risks to their business. For example, according to Gartner: ‘90 per cent of security breaches take advantage of poorly configured or unpatched servers; such breaches are easily preventable if security processes are followed. (...)
Reporting and recovering from a security breach (06/03/2007)
(...) The obvious conclusion is that information security must address equally internal threats and external threats. Incidents originating from outside the organisation are generally: website defacement – this is where a page on the web server (typically the home page) is modified in order to announce to the world that the site has been hacked; denial of service (DOS) – this is where a hacker will cause a system or application to crash (often repeatedly); this results in loss of revenue and, potentially, loss of customers. Incidents originating from inside the organisation are generally: web surfing of non-business-related sites resulting in loss of productivity (ie revenue); service disruption resulting from unscheduled or untested changes to the environment; illegal activity such as downloading pornographic material (such as paedophilia); unwittingly introducing some form of virus into the environment, typically through email or file sharing; attempted access to systems or information by unauthorised persons (either accidental or malicious); leaving classified or sensitive information on screen, visible to unauthorised persons; leaving systems logged in, unattended and accessible to passing persons; wrongful disclosure of personal information (in contravention of the Data Protection Act 1988); accidental deletion of information. (...)
(...) The obvious conclusion is that information security must address equally internal threats and external threats. Incidents originating from outside the organisation are generally: website defacement – this is where a page on the web server (typically the home page) is modified in order to announce to the world that the site has been hacked; denial of service (DOS) – this is where a hacker will cause a system or application to crash (often repeatedly); this results in loss of revenue and, potentially, loss of customers. Incidents originating from inside the organisation are generally: web surfing of non-business-related sites resulting in loss of productivity (ie revenue); service disruption resulting from unscheduled or untested changes to the environment; illegal activity such as downloading pornographic material (such as paedophilia); unwittingly introducing some form of virus into the environment, typically through email or file sharing; attempted access to systems or information by unauthorised persons (either accidental or malicious); leaving classified or sensitive information on screen, visible to unauthorised persons; leaving systems logged in, unattended and accessible to passing persons; wrongful disclosure of personal information (in contravention of the Data Protection Act 1988); accidental deletion of information. (...)
Managed security services (06/03/2007)
(...) Managed security pros The benefits of outsourcing managed security include: leveraging the talents and experience of security and privacy experts to protect brand, intellectual property and revenues; supplementing existing security resources cost-effectively; implementing sophisticated security solutions; focusing resources on building core business, not on building a security centre or on trying to constantly stay on top of changing security threats; controlling and managing security spending; accessing a trusted advisor during security incidents; obtaining third-party validation and verification of the appropriateness of your security policies; benefiting from cutting-edge security research and development. Managed security cons Amongst the disadvantages of outsourcing security solutions we find: allowing a third party access to the ‘keys to the safe’; long term- inflexible contract terms; that several companies in the managed security area are start-ups with an uncertain economic future; trust as the main barrier. Moving to the managed model Once a decision is taken to embrace managed security how do you select a service provider? There are several key metrics to be checked off when searching for a good quality MSP (managed service provider): written service-level agreements (SLAs); secure financial position; recognised standards, eg ISO; global reach; high level of vendor accreditations; secure NOC (network operations centre); customer testimony. (...)
(...) Managed security pros The benefits of outsourcing managed security include: leveraging the talents and experience of security and privacy experts to protect brand, intellectual property and revenues; supplementing existing security resources cost-effectively; implementing sophisticated security solutions; focusing resources on building core business, not on building a security centre or on trying to constantly stay on top of changing security threats; controlling and managing security spending; accessing a trusted advisor during security incidents; obtaining third-party validation and verification of the appropriateness of your security policies; benefiting from cutting-edge security research and development. Managed security cons Amongst the disadvantages of outsourcing security solutions we find: allowing a third party access to the ‘keys to the safe’; long term- inflexible contract terms; that several companies in the managed security area are start-ups with an uncertain economic future; trust as the main barrier. Moving to the managed model Once a decision is taken to embrace managed security how do you select a service provider? There are several key metrics to be checked off when searching for a good quality MSP (managed service provider): written service-level agreements (SLAs); secure financial position; recognised standards, eg ISO; global reach; high level of vendor accreditations; secure NOC (network operations centre); customer testimony. (...)
Employee confidentiality and a culture of security. Electronic business models (06/03/2007)
(...) Security awareness and employees Managers and directors of businesses need to be aware of the threats facing their organisations and of the potentially devastating effect that a security breach could have on them. They also need to be aware that there are a number of simple steps that can be taken to enhance security. One of the biggest threats to information security that a company is faced with comes from its own employees. (...)
(...) Security awareness and employees Managers and directors of businesses need to be aware of the threats facing their organisations and of the potentially devastating effect that a security breach could have on them. They also need to be aware that there are a number of simple steps that can be taken to enhance security. One of the biggest threats to information security that a company is faced with comes from its own employees. (...)
Why is security training important (06/03/2007)
(...) security-survey.gov.uk), which indicated that information security has never been a higher priority at the board level (73 per cent compared to 53 per cent in 2000), but relatively few businesses are translating this priority into effective action. (...)
(...) security-survey.gov.uk), which indicated that information security has never been a higher priority at the board level (73 per cent compared to 53 per cent in 2000), but relatively few businesses are translating this priority into effective action. (...)
Outsourcing in IT security (06/03/2007)
(...) In the background is an increasing awareness of security issues and the potential business impact of incidents – most significantly amongst senior and executive management. Whilst IT security used to be a fringe issue for specialists and ‘geeks’, it is now very much in the mainstream and has the attention of strategists and budget holders. Underlying this growing awareness is a real increase in the level of incidents. (...)
(...) In the background is an increasing awareness of security issues and the potential business impact of incidents – most significantly amongst senior and executive management. Whilst IT security used to be a fringe issue for specialists and ‘geeks’, it is now very much in the mainstream and has the attention of strategists and budget holders. Underlying this growing awareness is a real increase in the level of incidents. (...)
Contingency planning Business continuity and crisis management (06/03/2007)
(...) However, BCM is not only about disaster recovery. It should be a business-owned and driven process that unifies a broad spectrum of management disciplines (see Figure 6.1. (...)
(...) However, BCM is not only about disaster recovery. It should be a business-owned and driven process that unifies a broad spectrum of management disciplines (see Figure 6.1. (...)
Enter page# 1 (last added articles shown first)