jump to navigation

The world of Information Security this week (Feb. 12th to 19th, 2010) February 19, 2010

Posted by Michael Stephenson in Cloud Computing, Cloud Computing Security, compliance, Data Loss Prevention, Identity Management, Information Security, Risk Mamagement.
Tags: , , , , , , , , , , , , , , , , , ,
add a comment

A quick look at the highlights of the news in the world of Information Security this week for busy Security people.

If you don’t have the time to scan through lots of newsletters and news feeds to pick up the interesting Information Security news of the week then read on.

In this post I have picked out what I think are the key news items and included the links to the sources at the end of each piece so you can get more detail on them if you need it.

Please let me have your views – Do you find this valuable and worth my time continuing?  Will it save you time? Please let me know if you think anything should be added or I have missed something.

This weeks topics include Cloud Computing; Government; Security Risks; IAM and M&A

Cloud Computing

The Shortcut Guide to Prioritizing Security Spending, This provides some useful information on security requirements for cloud computing from Realtime Nexus.  Author Dan Sullivan reviews the data security and compliance benchmarks that must be established between you and your cloud provider.

http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1374883_mem1,00.html?track=NL-430&ad=749528&asrc=EM_NLT_10897201

ISC2 says IT security professionals must work out how to implement cloud computing securely before it is too late. If they don’t it will go ahead anyway insecurely and put business data at risk so it is important that professionals encourage their businesses to consider the security implications of moving into the cloud, and be ready to provide solutions to the security problem.

http://www.computerweekly.com/Articles/2010/02/10/240258/security-professionals-must-embrace-cloud-or-fail-says.htm>

The U.S. Air Force and IBM have teamed up to develop and demonstrate a secure cloud computing infrastructure capable of supporting defence and intelligence networks. This is bound to put IBM in an excellent position to gain defence contract around the world and the experience will also position them well for provision of cloud solutions to everyone.

http://gcn.com/articles/2010/02/04/air-force-ibm-cloud-computing.aspx>

Microsoft recently called for Cloud Computing laws. Microsoft have called for greater government oversight for the fast-growing, yet largely unregulated, cloud computing sector, citing the need to protect business and consumer information.

http://www.industryweek.com/articles/microsoft_to_congress_time_for_new_cloud_computing_laws_21051.aspx?SectionID=4>

Government Both UK and US governments are taking steps to tackle computer crime.

The US Department of Justice today set up a task force to battle computer crime. The task force will focus exclusively on battling US and international intellectual property crimes.  It will also bolster efforts to combat crimes through close coordination with state and local law enforcement partners as well as international counterparts.

http://www.networkworld.com/community/node/57486?source=NWWNLE_nlt_security_identity_2010-02-15

The UK Office of Fair Trading team and trading standards officers to get £4.3m funding over three years for a taskforce to tackle online crime. The money will go to a team within the Office of Fair Trading (OFT) that will focus on fake product suppliers and ticket scams. Some funds will also be directed to improve the capabilities of Trading Standards Officers to deal with such scams.

http://www.computing.co.uk/computing/news/2257862/unit-tackle-online-consumer

New Hampshire House of Representatives are considered a bill to ban the use of biometric data for either state or privately issued IDs. The legislation would forbid the use of biometric data coupled with IDs as a condition to obtain services from businesses or government agencies. The lone exception to the ban would include employee identification cards.

http://www.infosecurity-us.com/view/7360/new-hampshire-seeks-to-outlaw-biometric-ids/>

UK provides largest new intake of security boffins for ENISA , which has chosen 30 leading security experts for Permanent Stakeholders’ Group  (PSG). Seven UK boffins have been chosen as part of the new intake.

http://www.computing.co.uk/computing/news/2258009/uk-provides-largest-contingent

Security Risks and data losses

Major flaw discovered in Chip and PIN technology that could allow a fraudster to make purchases with a dummy login. A report by security researchers at Cambridge University has described a flaw in Chip and PIN technology. It said that the flaw would allow a fraudster to use a genuine card to make a payment without knowing the card’s PIN, and to remain undetected even when the merchant has an online connection to the banking network.

http://www.scmagazineuk.com/major-flaw-discovered-in-chip-and-pin-technology-that-could-allow-a-fraudster-to-make-purchases-with-a-dummy-login/article/163787/

http://www.theregister.co.uk/2010/02/12/chip_pin_security_unpicked/

Over 75,000 systems compromised in cyberattack Security researchers at Herndon, Va.-based NetWitness Corp. have unearthed a massive botnet affecting at least 75,000 computers at 2,500 companies and government agencies worldwide. The Kneber botnet, named for the username linking the affected machines worldwide, has been used to gather login credentials to online financial systems, social networking sites and e-mail systems for the past 18 months. A 75GB cache of stolen data discovered included 68,000 corporate login credentials, login data for user accounts at Facebook, Yahoo and Hotmail.

http://www.computerworld.com/s/article/9158578/Over_75_000_systems_compromised_in_cyberattack?source=CTWNLE_nlt_security_2010-02-18

Identity and Access Management (IAM)

Gartner talk about  (IAM) Intelligence: Smart IAM for smart governance. They believe IAM intelligence represents the ability of IAM tools and process to (a) build effective repositories of identity information for IAM systems to use, (b) collect and correlate information about the IAM events that occur throughout the system with other important security events and information, and (c) provide a means to monitor, analyze and report on what is happening within the IAM world for a number of constituents.

http://blogs.gartner.com/earl-perkins/2010/02/12/identity-and-access-management-iam-intelligence-smart-iam-for-smart-governance/

Merger & Acquisition

IBM has acquired network management vendor Intelliden for an undisclosed sum.  Intelliden’s intelligent network automation is seen as an important addition to IBM’s portfolio to extend automation across all business and IT assets. It will be integrated into the IBM software Group as part of the Tivoli Software arm.

http://www.computing.co.uk/computing/news/2258008/big-blue-strengthens-network

Please let me have your viewsadd a comment below

Do you find this valuable?           Will it save you time?        Should I continue to publish?

Please let me know if you think anything should be added or I have missed something.