web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 241

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes: Five Information Security Issues We All Face Today
    for changing the way we live and do business today While the benefits are numerous however there have been challenges that come with that development Here s a look at some of the information security issues we all face Awareness A blog post by Rik Ferguson for Trend Micro says awareness and education are key issues surrounding information security today People must understand and accept the risks that come with using technology and the Internet in particular By knowing threats are present they can learn to use these luxuries carefully and not blindly accept that someone will have the solutions for any problems they may face Complacent Businesses We place considerable faith in businesses to safeguard our personal information However some companies are not always as proactive about defending files as they could be Ferguson suggested In fact some don t strengthen protective measures already in place until information breaches or near breaches occur Customers want to know their information is protected and businesses often have a legal obligation to plan ahead and monitor their client files as much as possible A Wealth of Online Possibilities Online banking smart phones credit cards bill pay and countless other Internet options open individuals to numerous hacking risks and opportunities for criminals to try stealing personal information Careful selection of account passwords safeguarding Social Security numbers and being absolutely certain that companies are reputable will help individuals handle some of these risks Recognizing Problems Not every threat can be avoided but being able to recognize the warning signs of identity theft might keep a problem from escalating as much as it could have if left unchecked Unauthorized account changes or withdrawals unexplained denials of credit and letters or phone calls about services or products you haven t requested are all good indicators that you might have a problem on your hands and that steps should be taken to stop these issues Risk Management Companies and individuals are responsible for managing the risks associated with keeping personal information in computer files People and businesses should know what information is in their files and keep only what is absolutely necessary Then plans must be made to keep those essential files safe What You Can Do If you re interested in joining the ranks of qualified professionals who work daily to keep information and technology safe and secure consider attending college for information technology training You ll learn how to prevent cyber attacks and teach people how to protect their important files Many colleges and universities offer this degree start checking for schools if this sounds like the right profession for you About the Author This guest post has been provided by Philip J Reed on behalf of Westwood College Westwood offers degrees in many programs including information technology training They have an extensive online course catalogue and are always available to answer any questions you may have about the degrees they offer Talkback and comments are most welcome Related posts Information Systems Security as a

    Original URL path: http://www.shortinfosec.net/2011/09/five-information-security-issues-we-all.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Information Systems Security as a Profession
    recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Information Systems Security as a Profession Computer hackers and cyber terrorists can wreak havoc on information systems IS Because of this looming threat the demand for cyber security specialists and information security training is on the rise Trained and certified IS security professionals are needed to combat these threats and vulnerabilities which can be incredibly costly to organizations In fact a Reuters special report noted that the market that the IS security market is estimated to be between 80 billion and 140 billion a year worldwide IS Security Opportunities Industry experts suggest that that there is a tremendous need for IS security specialists in both the commercial sector and government National Public Radio NPR recently interviewed James Gosler a veteran cyber security specialist who has worked at the CIA National Security Agency and Energy Department Gosler estimated that there are only about 1 000 people in the United States that have the necessary skills to tackle the most challenging IS security tasks but noted that some 20 000 to 30 000 highly trained security professionals are needed to meet the needs of corporations and government agencies The U S Bureau of Labor Statistics BLS projects that employment in this field will grow much faster than the average for all occupations with an increase of 20 or more between 2008 and 2018 Career Options Salaries and Job Duties If you re considering a career in IS security you ll find job openings in a variety of related areas Security specialists may be found in each of the following BLS occupational groups and often enjoy salaries in excess of 100 000 per year Computer Specialists 41 680 115 050 Database Administrators 40 780 114 200 Computer Systems Analysts 47 130 119 170 Network Systems and Data Communications Analysts 42 880 116 120 Computer and Information Systems Managers 69 900 166 400 IS security specialists with industry certification typically earn salaries at the higher end of the range For example a 2009 salary survey Certification Magazine found that professionals with the Certified Information Systems Security Professional CISSP credential earned an average annual salary of 108 630 As an IS security professional your work might involve encrypting data transmissions implementing firewalls and developing a formal strategy to protect computer files from unauthorized access You may also be charged with policing violations of security procedures and taking corrective or punitive measures Other duties include controlling granting or restricting access to files as required by user tracking and proactively addressing potential computer virus threats and performing risk assessments and tests to ensure that security protocols are functioning as intended Education and Training Most

    Original URL path: http://www.shortinfosec.net/2011/06/information-systems-security-as.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: ITILv3 Foundations Training - Experiences
    2 November 7 October 8 September 6 June 1 May 1 April 2 March 13 February 1 January 6 2009 70 December 13 November 17 October 4 July 1 June 2 April 6 March 8 February 9 January 10 2008 130 December 5 November 4 October 3 September 2 August 20 July 27 June 25 May 15 April 18 March 1 February 4 January 6 Alexa Rank Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities ITILv3 Foundations Training Experiences Last week I attended the official IT Service Management ITILv 3 Foundations training The training is a 3 day boot camp which covers the processes in the following ITILv 3 areas Service Strategy Service Design Service Transition Service Operation Continual Service Improvement The training is an excellent tutorial for everyone who wish to advance their career into IT management The topics touch both IT as well as business aspects of IT services Anyone ever working in implementation or service maintenance like

    Original URL path: http://www.shortinfosec.net/2008/06/itilv3-foundations-training-experiences.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Choosing a System Integrator - Follow the money
    Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Choosing a System Integrator Follow the money There are several aspect to choosing a good system integrator for your next corporate solution Evaluators look at number of experts references prior work years in the field price of solution But the most overlooked and very important criteria is the financial strength of an integrator While this may not seem relevant at first glance let s review the following scenario A corporation orders a large server and storage system in the price range of several millions of dollars Naturally payment is mostly upon delivery with meager 30 upon contract signing The integrator orders the solution from the manufacturer pays for the transport logistics insurance and ofcourse receives an invoice from the manufacturer to be paid within 30 days The corporation delays the implementation of the system due to internal reorganization by 2 months To compensate they agree to pay another 30 of the contract price to the integrator At this point the integrator has received 60 of the contract price and needs to settle his invoice toward the manufacturer Additionally the integrator needs to cover storage and insurance expenses for the customer In the cutthroat business

    Original URL path: http://www.shortinfosec.net/2009/02/choosing-system-integrator-follow-money.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Telco SLA - parameters and penalties
    businesses need a good Service Level Agreement SLA Usually the preparation of the SLA is dreaded by most since it is full of numbers and parameters on which the client must decide what is acceptable and whose values may be difficult to measure SLA Parameters A good SLA is not necessarily loaded with a lot of numbers You need to work with 2 3 parameters which are important to you Here are the most frequent SLA parameters with their acceptable values Availability more then 99 for internet more then 99 5 for corporate data links Packet Loss less then 0 4 for internet less then 0 2 for corporate data links Jitter less then 15ms for internet less then 5ms for corporate data links SLA Penalties And you need penalties which will hurt the provider Penalties are the big stick in the SLA Here are the penalties that you want small breach of SLA 25 to 33 of monthly fee large breach of SLA 50 to 100 of monthly fee Be aware that no provider will create an SLA that will eat much of it s profits The commited provider can be identified by the type of Service Level Agreement SLA that it s prepared to sign without special negotiations Here are three different levels of SLA s not so much by the metrics and parameters but quite different in terms of penalties Verizon is offering a very basic SLA with compensation of the daily charge for each day of SLA breach http www verizonbusiness com terms latam co sla BT is accepting a more serious approach a penaltyof a daily charge for each hour of SLA breach but with a limit of maximum 10 days of charge in penalty http business bt com assets pdf BTnet 20Service 20Level 20Agreement pdf Sprint is including some really hard penalties in their SLA including a 100 of monthly charge in penalties for some parameters http www sprint com business resources mpls vpn pdf Talkback and comments are most welcome Related posts 9 Things to watch out for in an SLA The SLA Lesson software bug blues 5 SLA Nonsense Examples Always Read the Fine Print 8 30 PM Email this post Labels information strategy SLA 3 comments nenad said hi my friends is my first time to visiting ur blog wow i think ur blog is very good blog with good articles can we link x change my friends i hope we can make a friends thanks March 1 2010 at 10 57 AM rht66 said I see this as a no brainer for a company that has enough clout to demand or ask for an SLA but where does that leave the thousands of small businesses and millions of home customers I may have misunderstood how these SLA agreements work but I am kind of figuring that a business has to sign a similar contract with say AT T Sprint or whom ever just as an individual does e g A

    Original URL path: http://www.shortinfosec.net/2010/02/telco-sla-parameters-and-penalties.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Managing the permanent security issue of Top Management
    13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Managing the permanent security issue of Top Management Regardless of procedures and policies a company can have a nearly permanent security issue in top management This issue results from the speed with which top management requires their services delivered and more than probably their lack of an information assurance degree or even an understanding of what information assurance is for that matter No top manager wants to be bothered with the problems and challenges that security and IT guys are facing with their wishes They want them resolved preferably yesterday The security issue of top management results from their lack of time and insistence that everything works when they request it Usually that means that the security request aspects of the solution have not been researched or even familiarized with All this results in a half baked workaround solution We will provide two examples of security issues that can easily arise The manager requests a new gadget like a smart phone tablet computer or a new bling computer with a different OS Procurement is quick to purchase the new device for the top manager that orders it When the new gadget arrives procurement informs him in a CYA Cover Your A s approach that they have done their job The manager expects it to run immediately so this is what usually happens the gadget is set up as fast as possible using the basic instructions from the Internet or what little experience an engineer has with the gadget help to install the gadget is solicited from any current users of the gadget who also assist in set up to the best of their knowledge but with little concern about security or compliance to corporate standards the gadget is configured to provide all or most corporate services as used by the manager on the standard corporate computers The end result is a device which can connect to most of the corporate services but which is rarely properly secured If the gadget is stolen there will be a whole lot of grief for security guys The manager wants to open photos on a foreign USB a guest arrives at the managers office and he she has an USB stick with photos The manager wants to see the photos on his computer If the manager s computer has permissions to open a USB he she will read the USB possibly opening a virus or Trojan If the manager s computer doesn t have permissions to open USB it will be rushed through operations to enable access Again the end result can be a executing a virus or a trojan If not captured properly

    Original URL path: http://www.shortinfosec.net/2011/05/managing-permanent-security-issue-of.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Protecting from the CCenter Malware and Trojan
    Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Protecting from the CCenter Malware and Trojan A very common method of distributing malware is disguising it as a useful program Most common disguises apart from games are malware removal programs This is the approach used by CCenter a k a Control Center If you find a process with the name ccenter exe running on your pc means that your pc has possibly been infected with a trojan known as infostealer lemir h Infostealer Lemir H is a Trojan horse program that attempts to steal passwords for the Legend of Mir 2 online game but can be modified to steal other information Apart from installing a trojan CCenter intimidates people into buying the paid version of this program Once it s installed CCenter loads an imitation of system scan every time a computer is started It also generates large amounts of counterfeit security alerts All these alerts are designed only to trick people into taking the program as a legitimate and reputable tool If clicked upon the pop ups demand paying for using CCenter CCenter has also been seen to redirect the web browser to malicious and fraudulent websites Depending on version and

    Original URL path: http://www.shortinfosec.net/2010/01/protecting-from-ccenter-malware-and.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Managing Antivirus Software - Keep the reinstall away
    2 4 computers in the home and they need to set up an anti virus on everyone of them The most important elements are Regular updating of signatures from the manufacturer Active real time protection Regular weekly or monthly scheduled scan In order to keep your home anti virus system in good condition you need to Set the antivirus to perform automatic cleaning with quarantine no delete this way even if you get a false positive the file isn t deleted and you can rescue it from Check the update version check whether updates are still current and there are no issues with updating Review the last scan results this way you will be alerted if malware is identified Review the quarantine to find if false positive files were captured by the anti virus and need to be rescued Choosing the product Then it s about the price and functionality The home user can choose a free product or they can buy antivirus protection Here is a sample of criteria to review when choosing the anti virus Legitimate antivirus software What you need to be very careful about when implementing a home antivirus environment is that the product be really an anti virus Wikipedia references the SpyWare Warrior that more and more malware masquerades as legitimate anti virus In order to avoid these malware decoys you can reference the Wikipedia list of anti virus software Range of malware that you are protected from Can the engine detect virus spyware rootkits etc Behavior blocking Does the antivirus monitor system calls with a heuristics engine to prevent vulnerability exploitation attempts and zero day virus breakouts Corporate Environment Managing an anti virus in corporate environment is a lot more work There are hundreds even thousands of computers that need to be protected In such an environment you need to battle the following battles Keeping clients up to date when updating hundreds of computers there will be issues computers that are off computers where the antivirus software has failed for any reason issues in communication with the update server Keeping clients compliant to policy same as above updates to policy may fail or be in significant delay Preventing the anti virus servers from overloading updating hundreds of systems can cause hogging of the update server or the Internet link In order to keep your corporate anti virus system in good condition you need to Set up updating frequency according to corporate policy updating the anti virus in a corporate environment needs to be planned updates may be needed more then once per day but if you make the updates too frequent you ll end up overloading the antivirus server with requests Balancing the load of management and updates in a distributed environment When you have branches it is wise do distribute the burden of updates and management to branch servers and administrators Implement additional policy elements anti virus software may also be used to enforce corporate policies of not running some software in certain

    Original URL path: http://www.shortinfosec.net/2010/09/managing-antivirus-software-keeps.html (2016-04-27)
    Open archived version from archive