Report: Cybersecurity Issues


The Commission on Cyber Security for the 44th Presidency, organized by the Center for Strategic and International Studies, has issued a report entitled‘Securing Cyberspace for the 44th Presidency.’

Read the rest of this entry »

Security Lessons From the World Bank Breach


The World Bank is making headlines after a disputed report claims hackers managed to access their secure network for over a year. One security pro offers takeaways that everyone can learn from the breach.

By Joan Goodchild, Senior Editor, CSO Security and Risk Online, October 14, 2008

Read the rest of this entry »

Voice over IP Software Risk Alert


Fortify Software recently warned companies using Voice over IP (VoIP) private branch exchange (PBX) software to be aware that the complex program code involved with Internet telephony can make such systems vulnerable to hacker attacks.  The company’s warning comes after the FBI announced that users of Asterisk VoIP PBX software should upgrade to the latest edition of the package to avoid a security flaw that lets hackers dial into their telephone systems.

Read the rest of this entry »

Survey: Half Of U.S. Companies Risk Sensitive Information Leaks via E-Mail


Mimecast, a holistic e-mail management company offering Software as a Service (SaaS)-based e-mail archiving, continuity and security, has found that 50 percent of U.S. companies are at risk of sensitive information leaks by employee e-mails, based on a survey of 500 IT professionals regarding their e-mail archiving and continuity policies.

Read the rest of this entry »

Global InfoSec Standard: ISO/IEC 27005:2008


An important international standard for information security is ISO/IEC 27005:2008 - Information Technology, Security Techniques, and Information Security Risk Management.  Business continuity professionals who are also interested in information security should review the standard.

Read the rest of this entry »

EC proposes Critical Infrastructure Warning Information Network


The European Commission recently proposed legislation to establish a Critical Infrastructure Warning Information Network (CIWIN) to strengthen information-sharing on critical infrastructure protection between EU Member States.

Read the rest of this entry »

NIST Serves Up Guidelines on Cell/PDA Security


The National Institute for Standards and Technology (NIST) recently released Special Publication SP 800-124, entitled Guidelines on Cell Phone and PDA Security.

Read the rest of this entry »

Wall Street Journal Tackles IT Security and Risk Management


A recent special section in the Wall Street Journal addresses the increasing concerns of risk practitioners in today’s cyber-world.

The section is entitled “IT Security: Risk Management in the Digital Age“, and features articles such as “Emerging Cyber Threats” and “Securing the Vault.”

Read the rest of this entry »

Gaps in Corporate Security Policies and Data Leakage


Cisco has released a second set of findings from a global study on data leakage, revealing the prevalence and effectiveness of corporate security policies within companies and the reasons employees break or comply with them. The study enables information technology teams in various parts of the world to understand employee risk factors so they can effectively tailor policies that fit the reality of what their users need to do their jobs.

Read the rest of this entry »

IT wary of insider attacks as economy slows down


Disgruntled employees and ex-workers pose increased threats to corporate systems.

October 27, 2008 (Computerworld), By Jaikumar Vijayan.

About a year ago, a senior manager at Pilz GmbH left the company to work at a rival firm — and took some classified data about an unfinished vision-based camera safety system with him.

If it hadn’t been for the honesty of executives at the rival business, more than five years of research and development work would have gone down the drain, said Steve Farrow, managing director at Pilz, which is in Ostfildern, Germany. “It would have impacted our product development and allowed one or two competitors to catch up with us much more quickly,” he said. Farrow didn’t identify the rival company.

Read the rest of this entry »

Ernst & Young 2008 Global Information Security Survey


The Ernst & Young 2008 Global Information Security Survey shows that a growing number of organizations recognize the link between information security and a strong brand and reputation.

Read the rest of this entry »