Opinion

Opinion

IT security

• Security Zone: Setting security boundaries for de-mergers

  There are many texts explaining how information security can be affected by company mergers. But what happens when part of your organisation is being sold off, or spun off as a separate company? Michael Pike, CISSP, an information security ...  Continue Reading

• Security zone: Application security spans IT and information security

  Web application security is an area of IT security that deals primarily with the security of applications - are we vulnerable to SQL injection, cross-site scripting, XSRF, session fixation and a smorgasbord of other nasty Open Web Application ...  Continue Reading

• Collaboration is key to ensuring digital data security

  The iPad is the latest addition to a variety of mobile devices that can change the way we interact with people, businesses and, in some cases, government....

   Continue Reading

• (ISC)2: Crime scene must be protected

  Just because I carry a first aid kit in my car, does that make me equipped to deal with a road traffic incident? Probably not, writes Cheryl Hennell, ISC2 member and head of IT and information assurance LRE, Openreach.  Continue Reading

• BCS: First step is to recognise the threat

  The problem of the internal "black hat" (person intent on doing harm to a computer system) is not a new one. Many organisations choose to implement a system in which they escort staff from the premises when they are made redundant or fired, in order...  Continue Reading

• ISACA: Rigorous approach is required

  More than 70% of UK homes have a computer, with over 93% connected to always-on broadband. In the majority of criminal and corporate cases, somewhere in the background a computer, PDA or cell phone may be lurking - hence the case for computer ...  Continue Reading

• ISSA UK: Organisations must be prepared

  The scouting motto "be prepared" saved Maldives president Maumoon Abdul Gayoom from assassination in 2008 when a local Boy Scout stepped in to foil his attacker. Being prepared for a security incident affecting computer systems may not produce such ...  Continue Reading

• ISACA Security Advisory Group: Organisations must be forensic ready

  The phrase "Crouching tiger hidden dragon" is a Chinese proverb that has many possible interpretations. My favourite is "everyone conceals their strengths from others to preserve the element of surprise", writes ISACA Security Advisory Group member ...  Continue Reading

• Corporate IT Forum: Downturn has changed employee attitudes

  The plotting of terrorist activity is an extreme example of employee misuse of access, but there is little doubt that the deteriorating economy has impacted on the quality of internal business relationships and, ultimately, heightened employee ...  Continue Reading

• Security Zone: Consider human ability in your IT security policy

  A user who consistently has problems remembering their password may have a learning difficulty such as Dyslexia or poor recall. If this is the case, the problem is not the user, it is the company's password policy.  Continue Reading

• Effective way for organisations to tackle ‘porn in the office’

  For too long, the "porn in the office" issue has been the elephant in the room - a genuine corporate concern but one that organisations had no idea how to address and so have just ignored, writes Andrew Millington, managing director of Exclaimer ...  Continue Reading

• Opinion: The impact of Google's trademark victory

  The European Court of Justice (ECJ) has delivered its judgment in the landmark case of Google France versus Louis Vuitton Malletier.  Continue Reading

• Security Zone: Ensuring security in offshoring

  For some time, many large corporates have been offshoring and smaller companies have followed suit. But how do you ensure that your company's data remains secure?  Continue Reading

• A security expert’s checklist for deploying software as a service

  As the person responsible for the security of your enterprise data, you need more than faith as assurance that SaaS providers will meet your security requirements  Continue Reading

• How can organisations guard against phishing scams?

  What should information security professionals be doing to ensure their organisations are protected from phishing scams aimed at private enterprise? John...  Continue Reading

• Security Zone: Enterprise architecture is too often a missed opportunity for security

  As more and more organisations use enterprise architecture as a tool to fight IT complexity and increase business alignment and agility, security is often...

   Continue Reading

• Think Tank: What should corporate IT managers do to ensure data protection?

  Hacks of Google and at least 20 other companies in December prove that sophisticated cyber espionage attacks are a real and present danger. But in the light of the fact that most commercial security tools are ineffective against these attacks, what ...  Continue Reading

• Security Zone: Oracle follows Sun in search of hardware

  Within a sector dominated by well-established titans, hardware is one of Sun's traditional core business areas, with servers and workstations based on its...

   Continue Reading

• Portable data security - ebb and flow

  Ten years ago the dawn of a new decade brought with it a trickle of employees requiring the ability to access information while away from the office. Today...

   Continue Reading

• Information overload: lessons from the Christmas Day terror attack

  The foiled Christmas Day attempt to blow up a plane over Detroit has once again sparked debate about international security and how data relating to passengers...

   Continue Reading

• Social media needs a social security strategy

  There are plenty of stories about companies using social networking, micro-blogging and online collaborative services to generate business leads, build sales...

   Continue Reading

• Security Zone: How to complete a security questionnaire

  Michael Pike discusses the rules of responding to a security questionnaire when bidding for IT work from a large company.  Continue Reading

• Preparing your IT security for the mobile information boom

  Hardly a day goes by without a new innovation in mobile technology. Mobile banking and transactions will soon be commonplace, and organisations such as hospitals and councils increasingly rely on mobile devices to access sensitive information from ...  Continue Reading

• Data encryption is simple safeguard against data breaches

  The government has introduced legislation that enables the Information Commissioner's Office to issue fines of up to £500,000 for serious data security breaches,...

   Continue Reading

• Do we need a single cyber-security organisation to secure the internet?

  A poll by Infosecurity Europe has found that 60% of organisations think that the internet needs a cyber-security organisation to oversee it. Here industry experts have their say  Continue Reading

• Security Zone: why we should be more concerned about password authentication

  Passwords as the last means of protection beyond physical control have remained essentially unchanged for more than half a century. From a technology perspective, this single control is no weaker than it was when it was created during World War II. ...  Continue Reading

• What is the best thing Santa could bring the IT security manager?

  Security leaders from the ISF, BCS, ISACA, (ISC)2, Tif and ISSA present a wishlist for securing corporate systems in 2010  Continue Reading

• Save blushes and blame with firewall policy analysis

  It happens in a moment - I put my mobile down and suddenly my client is standing in front of me ready for a meeting. Two hours later I am desperately searching...

   Continue Reading

• A sorry tale of a CEO and his laptop

  As the CTO of a data protection and encryption company I hear many tales of woe from senior executives who have confessed to losing their laptops. Here is...

   Continue Reading

• HBOS power failure highlights importance of business continuity planning

  Neil Stephenson, CEO of Onyx Group, discusses the recent HBOS crisis and explains why disaster recovery will remain a business bugbear if not managed properly.  Continue Reading

• Security Zone: can you prevent scraping or data harvesting?

  We have all innocently copied and pasted text and images from websites, but scripts and bots have made it possible to lift content of websites to industrial mining proportions in a practice known as 'data scraping'  Continue Reading

• Gartner: Users need to use multiple PCs

  Why is corporate adoption of the trusted computing standard still very low when over 70% of new computing devices have built-in trusted platform modules (TPMs)?  Continue Reading

• Guardian jobs database attack demonstrates difficulties of database security

  Job hunting is a tough job in itself - battling with 8% unemployment, rehearsing for job interviews, adding relevant yet interesting hobbies to your CV - and then you receive an e-mail from The Guardian's job site to say that your personal details ...  Continue Reading

• Challenges and benefits of physical IT security

  There has been much talk in the physical security market concerning the imminent arrival of IT manufacturers and the likely impact it will have on the...

   Continue Reading

• IT security crisis management: looking beyond the magic bullet

  The main threats that organisations and their customers are facing today are the same ones that have always been around: ignorance, apathy and poverty....

   Continue Reading

• What happens when cloud data is lost?

  Everywhere you turn somebody somewhere is extolling the virtues of cloud computing, writes Tom Greenbank of international law firm Pinsent Masons.  Continue Reading

• Security Zone: Secure by design?

  With nearly every aspect of our lives becoming reliant on computer technology, how do we know we can trust the systems we are using are secure and cannot be easily exploited?  Continue Reading

• Passwords and encryption strengthen printer security

  When we conduct a penetration test of a corporate network, we typically find dozens of printers offering management pages without passwords. This means that anyone on the network could not only print to the machine, but also control it, change the ...  Continue Reading

• Security managers must keep pace with weak points in connected devices

  Restrictions provide a back door into organisational networks through [the lack of] security in embedded devices.  Continue Reading

• Risk assessment enables targeted security management

  Businesses affected by the economic downturn, suffering a reduction in resources and an increase in threats, need to risk assess their vulnerabilities and think carefully about how and where to focus their attention.  Continue Reading

• Responsibility for security of end-point devices must be shared across the business

  Network scanning technology needs to be capable of addressing the end points to ensure that anti-virus or software updates are run on printers and other connected devices to keep them virus-free and "healthy".  Continue Reading

• Security Zone: Checklist for winning IT security funding

  I sometimes wonder what it is that makes otherwise rational security folk seem to ignore the most fundamental aspect of any corporate IT security strategy when they convene to talk , discuss and architect the why, how and where security fits into ...  Continue Reading

• Five best practices for mitigating insider breaches

  I am confronted every day with companies who have suffered some kind of security breach, mostly internal and it often comes down to the mismanagement...

   Continue Reading

• The Obama approach to reducing IT opex

  If you have as a key goal on your MBOs to achieve a significant reduction in your IT opex costs then listen carefully to the subplot in US president Barack...  Continue Reading

• Meeting regulations is key security advantage

  The business case for information security has finally been recognised. Rather than being viewed as an unwanted necessity and expense, information security is now seen as a valuable contributor for protecting and managing brand image.  Continue Reading

• Protection of customer data makes a strong selling point

  There is no doubt that security will play an increasingly important role in enabling business growth, but it requires those in the boardrooms of Great Britain to wake up to the real challenges that will threaten their business over the next decade.  Continue Reading

• Security bridges the divide between IT and business

  As information security grows in stature within the organisation, we in the profession must be careful not to develop any delusions of grandeur. No matter how crucial our efforts may be, we must recognise that we are very firmly cast in a supporting...  Continue Reading

• Seven ways to align security with the business

  There is no single tactic or strategy that guarantees success in improving business alignment of security. Rather, a number of varied but interrelated actions need to be identified and executed to improve alignment over time.  Continue Reading

• Strong security builds trust; trust builds business

  The first challenge in attempting to articulate the extent to which security can help business growth is for the enterprise to recognise that security is a business issue, not just a technical one.  Continue Reading

• Good security and security governance can win business

  By applying appropriate security within a company, risks can be taken, and by taking risks, business will grow.  Continue Reading

• Cloud computing faces security storm

  A storm-front is brewing for cloud computing, writes Paul Zimski, vice-president of market strategy at Lumension. As developers continue to reach towards the sky with insecure infrastructure, the chances for a disastrous squall increase every day.  Continue Reading

• Raise the profile of security's risk management potential

  The name "Paul Moore", ex-head of risk for HBOS, is not synonymous with information security, but perhaps it should be.  Continue Reading

• Security Zone: Forensics - don’t hamper the investigation

  All too often investigations are compromised by the involvement of a "helpful" IT department, writes Matthew Parker of Ernst & Young. The common mistake is to attempt to perform the investigation yourself without understanding the ramifications of ...  Continue Reading

• How to prevent data leaking in transit

  The number of incidents involving data intentionally or unintentionally leaving corporate networks is on the rise, writes Yuval Ben-Itzhak, chief technology...

   Continue Reading

• Developing flexible instant messaging guidelines

  From its beginnings in the early 1990s, instant messaging (IM) has developed into a powerful business tool, giving internet users access to a simple presence facility, as well as acting as a linchpin for online conferencing, whiteboarding and other ...  Continue Reading

• Security Zone: Keep IT security separate

  Roles, teams and even entire departments are often combined to streamline efficiency and reduce costs, but this is not always as straight-forward as it...  Continue Reading

• Best practice for IM security

  Corporate IT Forum members collectively believe that the triangle of trust around security is policy, enforcement and education. Obviously, individual organisations must decide how far they want to go with each of these, depending on the nature of ...  Continue Reading

• IM security: the triangle of trust

  Corporate IT Forum members collectively believe that the triangle of trust around security is policy, enforcement and education. Obviously, individual organisations must decide how far they want to go with each of these, depending on the nature of ...  Continue Reading

• Mitigate IM risks with security awareness and access control

  Instant messaging (IM) is one of those applications that is seen as either the best thing since sliced bread, greatly improving productivity, or the bane of a manager's life because it is perceived that staff waste a lot of time using it.  Continue Reading

• No silver bullet for instant messaging security

  A 2006 Ostermen Research survey found 93% of North American businesses were using instant messaging (IM). Commercial offerings such as Reuters Messaging Interchange will only increase demand  Continue Reading

• Real-time data sharing is key to swine flu control

  The swine flu outbreak emphasises the global, connected challenges facing today's healthcare professionals - but technology can help, writes...

   Continue Reading

• Instant messaging: educate, monitor and block

  I have not yet encountered a work situation where employees could not accomplish their objectives or daily workload because they could not use IM.  Continue Reading

• Protect your corporate image on social media

  In April 2009, employees of a Domino's Pizza store posted videos on YouTube of staff performing offensive and possibly illegal actions with ingredients and implements used in the preparation of pizzas and other foods, write Andrew Walls, research ...  Continue Reading

• Opinion: Dealing with a changing threat landscape

  The threat landscape in information security is in a constant state of flux, with new threats emerging and existing threats becoming ever more sophisticated,...

   Continue Reading

• Opinion: How to avoid losing staff with ERP for IT

  Cost-cutting can hit any department, andIT often tops the list. IT leaders are underhuge...

   Continue Reading

• Deloitte: Facebook and Twitter DoS a major challenge to social networking

  If it is proved to be true that yesterday's cyber attacks on Google, Twitter, Facebook and other sites were aimed at closing down the activities of one individual…  Continue Reading

• IT executives prepare for disaster

  Executive involvement in disaster planning doubles as fear of viruses and natural disasters keep CEOs awake at night.  Continue Reading

• Cloud computing – the legal risks

  While it is clear that the cloud has the potential to offer a great deal for end-users, there are an assortment of potential legal risks and issues that should be considered and, where possible, mitigated, writes Dan Burge, partner at Denton Wilde ...  Continue Reading

• Government’s cyber security strategy is a lost opportunity

  Shortly after the publication of the US Cyberspace Policy Review the government released its own strategy: "The Cyber Security Strategy of the United Kingdom", writes Crispin Blunt, shadow minister for home affairs and counter-terrorism.  Continue Reading

• Security Zone: Push for the use of centralised data

  "You make a child, but you don't make its mind," is an old saying from Trinidad. I am reminded of this when I think of how data changes as it migrates...

   Continue Reading

• Don’t forget to protect the knowledge

  The concept of knowledge management is an alien one within the majority of organisations, however harnessing the experience of employees is the essence of all business and why we pay, sometimes extortionate amounts of money, for certain key ...  Continue Reading

• How to recognise and fix access governance issues

  The business risks associated with providing users with access to information resources can include lost revenue, increased expense, damage to customer relationships and the corporate brand.  Continue Reading

• How far should IT managers go to protect corporate data?

  The privacy/freedom debate brewing in the UK is providing IT departments with new and tough challenges. How far can they go to protect data?  Continue Reading

• Recruiting hackers to defend the UK is lunacy

  Lord West, the UK's first cyber security minister, recently announced that the new Cyber Security Operations Centre (CSOC) has recruited former hackers to defend national security, as part of the new government cyber security strategy aimed at ...  Continue Reading

• Malicious targeting exposes serious gaps in corporate defences

  In the past 15 years, organisations have built up defensive barriers for the servers and databases that house their most sensitive data. But today's threats...

   Continue Reading

• Reality check your outsourcing risk

  Are information security risks really increasing with offshoring and outsourcing and how can the IT security professional assess and mitigate the risk?  Continue Reading

• Legal input is vital to meet data privacy challenge of outsourcing

  For firms and organisations embracing offshoring and outsourcing, the challenges of data privacy and data protection are real.  Continue Reading

• Remember you are outsourcing process, not legal responsibility

  Intuitively, the belief is that security risks are raised when outsourcing or offshoring. But, if you analyse it, I doubt that there is any real increase in risk  Continue Reading

• Balancing cost and risk for outsourcer information assurance

  In the film Meet the Parents, the character played by Robert De Niro unveiled his new invention dubbed the nanny camera. It had a motion-activated camera positioned within a teddy bear that would record the babysitter for later viewing.  Continue Reading

• Define a process to protect data when offshoring

  Offshore outsourcing is an emotive topic, and the security and privacy risks specific to offshoring can often be perceived, rather than real. Indeed, many companies have significant challenges managing security requirements with third parties ...  Continue Reading

• Get in early to mitigate outsourcing data risks

  Outsourcing and offshoring have been part of the business toolset for some time. The security risks associated with outsourcing and offshoring should now be well understood and easy to mitigate.  Continue Reading

• Security Zone: understanding why staff break the rules

  High-profile cases of sensitive data loss from government have led to calls for even tighter security controls. However, in most of these cases it appears to be the human element that is at fault, not the technological solutions that protect the data  Continue Reading

• Security Zone: Catalogue security systems to improve their management

  A plethora of articles have explored the challenges of managing systems in a market downturn. The one common message is that information security professionals...

   Continue Reading

• Application security – moving from folklore and feelings to facts

  The mobile rang, the question all CIOs dread: "Have you seen the news today? Could this happen to us?" And so began Sam's day.  Continue Reading

• Technologies for application-level security

  As attacks become more financially motivated and as organisations get better at securing their network, desktop and server infrastructures, there has...  Continue Reading

• Build security into the entire software development life cycle

  Application software is always going to contain flaws. The trick is to catch the mistakes as early as possible, by building security into the entire software...  Continue Reading

• Defence in depth is key to application-level security

  Making the decision to part-exchange the two-door sports car and purchase something more practical is often determined by two factors. We need a car that...  Continue Reading

• Opinion: BBC Click exploited world’s poor and vulnerable

  By purchasing and using an illegal computer botnet, BBC’s “Click” programme chose to educate their affluent English-speaking technically savvy audience about computer security by exploiting 21,000 poor and vulnerable computer users in the developing...  Continue Reading

• Give users an alternative to breaching security controls

  Unless you believe everything depicted in the TV show 24 , employees are not recruited by foreign intelligence services, and data exfiltration is due...  Continue Reading

• Opinion: Why BBC Click violated the Computer Misuse Act

  In my previous discussions of BBC Click’s BotNet programme I avoided a detailed discussion of the law. Whatever the law says, I believe their actions were irresponsible.  Continue Reading

• How the IT department can help prevent lorry crime

  According to the freight intelligence unit Truckpol, lorry crime incidents have almost doubled from 2,284 in 2007 to 4,171 in 2008, with a cost to the economy...  Continue Reading

• Accountability is key to security

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• Security must be compatible with working practices

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• Opinion: The unanticipated consequences of BBC Click's botnet crime

  After I described the actions of BBC Click’s production team in broadcasting their botnet special as “irresponsible, unethical, and almost certainly illegal” (ComputerWeekly 17 March 2009) I heard more than a few questions.  Continue Reading

• Ensure employee buy-in to security measures

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• Get processes right, and the security will follow

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls? Gary...  Continue Reading

• Golden rules to stop redundant staff accessing sensitive data

  Redundancies are an unfortunate reality in today's economic climate. Too often, businesses leave themselves vulnerable to a data breach by not immediately revoking the network and application access points of terminated employees  Continue Reading

• Raise awareness of security measures

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• GhostNet and state-sponsored cyber espionage: combatting the invisible threat

  The notion that governments utilise specialised malware to capture commercial secrets is seen by the masses as pure fiction. However, state-sponsored cyber espionage is a much wider spread problem than organisations accept…  Continue Reading

• My phone stole my identity

  Mobile phones can now store vast amount of information such as contacts, SMS, and e-mails. However, if your mobile phone fell into the wrong hands, your phone could give your identity away.  Continue Reading