The world of Information Security this week (Feb. 8th to 12th, 2010) February 12, 2010
Posted by Michael Stephenson in Cloud Computing, Cloud Computing Security, compliance, Data Loss Prevention, Information Security, Risk Mamagement.Tags: 27003, Azure, Cloud Computing, Cloud security, compliance, data loss, Data Protection Act, encryption, ENISA, European Network and Information Security Agency, IBM, ISO/IEC, IT Security, ITIL, Microsoft, online Banking, Oracle, Risk Management, social networking, Sun, Valentine's Day
1 comment so far
A quick look at the highlights of the news in the world of Information Security this week for busy Security people.
I have always found that keeping up with what is happening in the world of information security was very time consuming. There are lots of newsletters and publications to read through leaving no time to get on with the day job if you read it all thoroughly and try to pick out what is really interesting and relevant.
In this post I have picked out what I think are the highlights and given the links to the sources so you can get more detail on each of them if you want it.
Please let me have your views – Do you find this valuable and worth my time continuing? Have I missed anything important? Will it save you time?
Cloud Computing
Microsoft’s Azure cloud is officially open for business from February 1st , Microsoft officially jumps into cloud-computing and now is charging customers for developing and running apps in its Azure cloud. http://blogs.zdnet.com/microsoft/?p=5085>
Standards
ISO/IEC27003:2010 – The International Standard for the implementation of an information security management system, is now available. This is the first standard to offer comprehensive guidance on implementing an ISO/IEC 27001:2005 ISMS. Using this standard during an ISMS implementation will improve your organisation’s chances of becoming ISO/IEC 27001 certified.
The cost for this standard in the UK is £130.00 http://www.itgovernance.co.uk/news_detail.aspx?news_id=836&utm_source=Email&utm_medium=WeeklyRoundUp&utm_term=ViewOnline&utm_content=Text&utm_campaign=WC_01-02-10>
Information Security Management with ITILv3 is a new title that looks at information security from the ITIL perspective. It describes how to use the strengths of both ITILv3 and the ISO/IEC 27001 family of standards to build a higher level of information security, and gain improvements in efficiency. http://blog.itgovernance.co.uk/543/?utm_source=Email&utm_medium=WeeklyRoundUp&utm_term=Body&utm_content=Text&utm_campaign=WC_01-02-10>
ISO 31000:2009 Risk Management Guidance is now available. It provides principles and generic guidelines on risk management. It can be used by any public, private or community enterprise, association, group or individual, so it is not specific to any industry or sector. It can be applied to any type of risk, whatever its nature, whether having positive or negative consequences. http://blog.itgovernance.co.uk/579/?utm_source=Email&utm_medium=WeeklyRoundUp&utm_term=Body&utm_content=Text&utm_campaign=WC_01-02-10>
Security Risks and data losses
Valentine’s Day brings out the cyber crooks Security experts have issued warnings of fresh web-based attacks as Valentine’s Day approaches. Attackers are using search engine optimisation techniques to achieve high rankings on results pages for common Valentine’s Day searches. Clicking on these results will take you to sites where items such as screen savers, wallpapers and e-cards, containing malware designed could infect your system. http://www.v3.co.uk/v3/news/2257686/valentine-day-brings-cyber>
Enisa report highlights dangers of social networking via mobile phones The European Network and Information Security Agency has released a new report into the dangers of using social networking sites, particularly from mobile phones. They outline a number of risks and threats associated with using the sites, and advised individuals and organisations to follow 17 golden rules.
The report with its 17 golden rules can be found here Online as soon as it happens
Top search results riddled with malware similar to the Valentines day warning, a Websense report warns you to be cautious about search engine results, which may lead to sites infected with malware. http://www.v3.co.uk/v3/news/2257412/top-search-results-malware>
Alzheimer’s Society in breach of the Data Protection Act Following notification of this breach the Information Commissioner’s Office (ICO) has reminded charities that personal information must be handled securely. The Alzheimer’s Society reported three separate breaches involving personal information during 2009. This included several unencrypted laptops that were stolen during a burglary at their office in Cardiff last August, which included the names, addresses, national insurance numbers and salary details of around 1,000 staff across England, Wales and Northern Ireland. http://www.scmagazineuk.com/charities-reminded-about-secure-handling-of-personal-information-after-ico-finds-alzheimers-society-to-be-in-breach-of-the-data-protection-act/article/163650/>
Legal
US Judge dismisses Windows anti-piracy software lawsuit A federal judge last week dismissed a three-year-old lawsuit that accused Microsoft of duping customers when it pushed its Windows Genuine Advantage (WGA) anti-counterfeit software to Windows XP as a “high priority” update that was automatically downloaded to and installed on most machines. Microsoft relies on WGA, and its successor, Windows Activation Technologies (WAT), to detect bootlegged copies of Windows. If the software sniffs out a counterfeit, it posts nagging messages on the screen. http://www.computerworld.com/s/article/9154178/Judge_dismisses_Windows_anti_piracy_software_lawsuit?source=CTWNLE_nlt_security_2010-02-09>
Encryption vendor files patent lawsuit against IBM, Sun, Oracle and others TecSec, an encryption vendor based in McLean, Virginia, has filed a patent infringement lawsuit against several large vendors, including IBM, Sun Microsystems, Cisco Systems, eBay, Oracle and Adobe Systems. The lawsuit claims that the companies have infringed 11 of TecSec’s patents covering encryption technology used by the defendants’ customers to protect commercial data, such as credit card information and health care information. http://www.computerworld.com/s/article/9154319/Encryption_vendor_files_patent_lawsuit_against_tech_giants?source=CTWNLE_nlt_security_2010-02-10>
Cybersecurity Enhancement Act The Cybersecurity Enhancement Act has been passed by the US House of Representatives by a huge margin. The 422:5 vote was higher than expected, and should make it easier to pass through the Senate. The legislation calls for the National Science Foundation (NSF) to spend $396m (£252m) over the next four years to fund cyber security research. http://www.v3.co.uk/v3/news/2257369/cybersecurity-enhancement-act>
Best Practice or not!
Online banking customers reuse their online-banking login credentials Online security firm Trusteer reports that 73 per cent of bank customers use their online account password to access at least one other, less sensitive website, even worse, around half (47 per cent) use the same online banking username and password for other website logins. http://www.theregister.co.uk/2010/02/02/e_banking_password_fail_survey/>
A third of Apple iPhone users do not apply patches and application updates regularly In a survey by ESET, it has been found that many iPhone users do not connect to iTunes regularly to get updates and patches leaving their phones and therefore anything they connect to at risk of attack. http://www.scmagazineuk.com/a-third-of-apple-iphone-users-do-not-connect-to-itunes-to-apply-patches-and-application-updates/article/163554/>
Social Media risk to the business A new report by Forrester urges security professionals to take measured steps to reduce social media risks, rather than outright ban employees from visiting social websites. http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1380945,00.html?track=NL-358&ad=748030&asrc=EM_NLN_10855607&uid=1457049>
Mike Stephenson's Blog 