Opinion

Opinion

IT security

• My phone stole my identity

  Mobile phones can now store vast amount of information such as contacts, SMS, and e-mails. However, if your mobile phone fell into the wrong hands, your phone could give your identity away.  Continue Reading

• Virtualisation: the indomitable gall of thrifty business continuity

  Business continuity can take many forms, from simply making sure key personnel are contactable at all times to having an separate facility built to relocate...

   Continue Reading

• Reaching cloud nine: how to select the right partner

  Over the past year, cloud computing ...  Continue Reading

• Remote working for SMEs can be low-cost and safe if done well

  Remote working is commonplace in the corporate world, but many small business have still to take advantage of a secure method to permit their staff to connect back to the office when they are working at home or travelling. Whilst there are low-cost,...  Continue Reading

• SMEs at risk from casual remote working practices

  Most organisations have remote workers, whether teleworkers working from a home office, or mobile workers who work from a variety of locations. However, some organisations do not know who is working remotely, how much of the time, or which tools and...  Continue Reading

• Remote working is not all or nothing

  Remember looking out of the window and being greeted with a blanket of snow? The very hint of no school and a day in the snow is every kid's dream. This attitude changed one day, and the only thought was the impending journey into work because a day...  Continue Reading

• Remote working is a challenge for companies of all sizes

  Even large organisations struggle to secure remote working - and that is with multi-million pound budgets, 24x7 support and dedicated technical teams. Small businesses are exposed to the same risks, may not have any of these controls, yet would ...  Continue Reading

• Remote working need not be feared

  Remote working should be encouraged and embraced, not feared, in companies where the actual work can be done remotely.  Continue Reading

• Delivering the ICO's Personal Information Promise

  The Personal Information Promise, a bid to encourage safer data handling practices, is a superb idea conceptually. This voluntary charter, which permits businesses and government departments to "demonstrate their organisation's senior level ...  Continue Reading

• How to defend against data integrity attacks

  There are standards, methodologies and audit guidelines for managing risks to data availability and data confidentiality, but there seems to be no such guidance for managing threats to data integrity, writes Sarb Sembhi, president of the London ...  Continue Reading

• Flexible working makes stronger businesses

  You need to adopt flexible working practices not just because employees increasingly expect them, but because they make your business much more resilient to disruptive events  Continue Reading

• If you outsource your virtualisation, thoroughly check your provider’s security

  How secure is the current practice in virtualisation? In seeking to provide a detailed response for the above question, views have been sought from...  Continue Reading

• Guard physical and hypervisor layers against unauthorised access

  How secure is the current practice in virtualisation? Virtualisation technology makes best use of available processor and memory resources which is...  Continue Reading

• Leverage the benefits of virtualisation, but in a secure way

  How secure is the current practice in virtualisation? The key driving force behind virtualisation is the promise of reduced costs resulting from server...  Continue Reading

• Set up virtual machines with extra caution

  How secure is the current practice in virtualisation? The stampede to employ virtualisation sees no sign of waning in 2009, writes Raj Samani, vice-president...  Continue Reading

• Beyond encryption

  Collaborative business communities are on the rise as businesses seek to gain competitive advantage by sharing sensitive information outside traditional...

   Continue Reading

• Implemention and management must be done properly

  Security as a service: how are the patterns of risk and reward changing?

  Security as a service, if implemented and managed properly, can allow...

   Continue Reading

• Poor implementation presents the greatest risk – failure

  Security as a service: how are the patterns of risk and reward changing?

  Security as a service can provide cost savings and accelerated implementation...

   Continue Reading

• Higher rewards for the client mean higher risks for the security service provider

  Security as a service: how are the patterns of risk and reward changing?

  Overall, both the sum of risks and the sum of rewards stay constant,...

   Continue Reading

• Managing the risk is essential when outsourcing security

  Security as a service: how are the patterns of risk and reward changing?

  In seeking to provide a detailed response for the above questions, views...

   Continue Reading

• Data leakage protection: how to secure your most vital assets

  There is a huge amount of hype in the industry regarding data loss prevention.  Continue Reading

• How IT businesses can survive the downturn

  Tony Pullen, managing director of Experian's business information division, examines what IT businesses should be doing to manage risk.  Continue Reading

• Building regulations for IT

  Did poorly-functioning IT systems contribute to the recent financial crisis? We must ask the question: was the Basel II regulatory framework properly implemented in banks' IT systems? That set of regulations was supposed to provide improved ...  Continue Reading

• Secure employee access to prevent insider threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Be vigilant of saboteurs' revenge cybercrime

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Don't let turmoil distract attention from security

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• How to implement network access control

  In spite of the billions of dollars spent each year on IT security, companies still suffer data leaks, security breaches, and virus outbreaks, writes Chris Boscolo, CTO and founder of Napera Networks.  Continue Reading

• Guard business assets against increased threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• NCC: Beware employees' "exit strategies" during downturn

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Security is not primarily a technical issue

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Drop in staff morale increases security threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Why bother with policy and procedure?

  Policies and procedures are important tools in the information security toolbox and they are most important when they apply to the IT department.  Continue Reading

• Security Zone: why 'need-to-know' is not always best practice

  I was recently reviewing an article which argued that in the absence of a clearly defined set of confidentiality requirements one should apply the concept of "need-to-know". Indeed it recommended this approach as following best practice!  Continue Reading

• Computer security when travelling by train – an expert’s observation

  Like many others, I endure a daily commute into London by train. Until recently I passed my time reading a newspaper. Lately though I have restricted myself...

   Continue Reading

• Real time threats demand real time security

  Some 30 billion text messages and 40 billion e-mail messages are transmitted across the network every day and it only takes one to wreak havoc. The annual...  Continue Reading

• How do we tackle political cyber-crime?

  Politically motivated computer crime has been growing steadily since the late 1980s. How should we deal with it? Kent Anderson, managing director at Encurve, LLC and member of ISACA’s Security Management Committee, offers his opinion.  Continue Reading

• Data loss: how to minimise risk, liability and reputational damage

  As public awareness of the dangers of data loss by businesses increases, Phil Sherrell and Vinod Bange from the technology team at international law firm Eversheds offer advice on mitigating the risks.  Continue Reading

• Will ID cards ever be in demand?

  As the private sector around the world adopts ID cards for various uses, will voluntary demand for such schemes ever happen in the UK? Home Secretary...  Continue Reading

• Expert opinion: e-tailers should copy online fraudsters' tactics

  It is credit crunch time, the belts are tightening whether you are a consumer or a business. Well for the consumer it is how they use their cash that is at the forefront of their minds: where can we save? Where can we go for the big bargains?  Continue Reading

• The danger within

  The insider threat issue is undoubtedly creating a stir in the technology world, but do organisations actually take it seriously, and what are they doing...

   Continue Reading

• Another data loss, another lax response

  When TV crews went into the offices of PA Consulting in London last week the staff looked as if they thought they were in the midst of an armed raid.  Continue Reading

• Internet crime? Global justice?

  This week we feature two stories that show how ICT intersects with national legal systems to produce very novel scenarios of crime and punishment.

  A...

   Continue Reading

• Top 10 information security tips for C-level executives

  Vernon Poole, head of business consultancy Sapphire , and former security manager for Deloitte...  Continue Reading

• ERP to grow in utilities, says Deloitte

  More than £500m is expected to be invested in enterprise resource planning (ERP) services in the UK utilities industry over the next two years, looking at...

   Continue Reading

• Hijacking blog strikes

  Christoph Alme, Team lead of Secure Computing's Anti-Malware Research Labs Hijacking blog strikes The infamous Storm...  Continue Reading

• Modern leadership techniques hinder crisis management

  There is evidence that modern management techniques can make it more difficult to respond to a data security breach, writes Jonathan Armstrong, partner at international law firm Eversheds.  Continue Reading

• Plug your zero-day vulnerability gap

  While a lot of time and effort goes into ensuring that networks are patched, the gap between vulnerability announcements and patch availability remains a serious and often costly issue for too many companies.  Continue Reading

• IT security blogs: ComputerWeekly.com IT Blog Awards 08

  Help us to identify the best IT blogs in the UK by voting for your favourite in the IT Security category.  Continue Reading

• Banks should collaborate with customers to fight fraud

  New provisions to the Banking Code means banks can now pass responsibility for card fraud to consumers if they do not have antivirus software or firewalls....

   Continue Reading

• Everyday superheroes

  Everyday superheroes John Dovey President UK corporates BT Global Services Among all the items about the sub-prime crisis and the credit crunch, one news story really caught my attention.  Continue Reading

• Hardware reputation and the online fraud arms race

  Banks are used to arms races. In the 1960s and 1970s the easiest way to for thieves to get hold of a bank's money was to turn up in person at branches with a gun and demand cash. So banks placed their workers behind bulletproof glass. This forced ...  Continue Reading

• PCI: a matter of timing

  PCI is a subject on which reams have been written already, but in my recent work I have seen it in a different light. For all the technical advice given - and to a large extent practiced - the one thing a project manager should be most aware of ...  Continue Reading

• Is data the CIO's responsibility?

  The challenge of maintaining high-quality data has been around since the proliferation of the database, but it is still an issue that affects a wide variety of businesses and the public sector, writes Colin Ricard of DataFlux.  Continue Reading

• Web 2.0 blows a hole in business

  The explosion in Web 2.0 applications - social networking, blogs, wikis, Second Life sites, and so on - has made them a key target for cyber criminals...  Continue Reading

• ISF: Extend the security perimeter

  By and large, corporates have solved the problem of protecting the security of workstations against malware in their own internal environment...  Continue Reading

• ISACA: Constantly mutating challenge

  The idea that enterprises have made great progress in locking down their infrastructure to protect end-users from malware may not be totally accurate...  Continue Reading

• ISSA: Traditional controls inadequate

  There is a common misconception that because an organisation has anti-virus, it must be safe, writes Raj Samani, vice president of ISSA  Continue Reading

• Gartner: Control devices and encrypt data

  As new and improved technologies appear in the mobile markets, and are adopted by businesses, so new threats...  Continue Reading

• Tif: Boundaries are blurring

  The idea that a boundary exists between "locked down" IT systems inside the corporate network and everything else operating outside it does not make as much sense as it once did...  Continue Reading

• BCS: Audit and educate

  Attend the likes of InfoSec to ensure you are up to date with the latest products and then seek the advice of an expert consultant to help in cutting through the snake oil ...  Continue Reading

• NCC: It's all about layers

  Working outside an organisation's physical domain brings certain responsibilities with it and the road warrior must take caution along in the kit bag...  Continue Reading

• If film directors can insure against failure, why not project managers?

  What's the difference between an IT project and bungee jumping? Answer: they are both pretty scary experiences,...  Continue Reading

• Electronic information sharing is key to effective government

  Over the past few years, the government has launched a number of initiatives to promote data sharing between public organisations including the NHS, Whitehall departments and police services. The government's determination to overhaul information ...  Continue Reading

• Security Zone: managing your organisation’s social network footprint

  As well as helping to minimise the chances of data theft and the ensuing bad publicity, information security professionals have a more proactive role in helping to protect their organisations in the 21st century, writes Paul Maloney, managing ...  Continue Reading

• Infosecurity 2008 - Developing infosecurity career paths

  Today more young professionals are choosing information security as a first career, bringing a post-graduate degree but little experience, writes John Colley, managing director EMEA of the International Information Systems Security Certification ...  Continue Reading

• Infosecurity 2008 - New defence strategy in battle against e-crime

  E-crime has evolved into a booming business. Viruses, malware and online crime have moved from hacking vandalism into a major shadow economy that closely mimics the real business world, including profit-driven organised cybercrime, writes Yuval ...  Continue Reading

• Infosecurity 2008 - Complying with security regulations is not enough

  The various legislation and industry standards that require businesses to protect sensitive data may drive us all a little nuts - the extra expense, investing the time to understand the new rules, business disruptions during the deployment process, ...  Continue Reading

• Infosecurity 2008 - Spam techniques reach new levels of sophistication

  Despite the proliferation of anti-spam solutions on the market, spam volume has reached epidemic proportions, writes Dan Hubbard, vice-president of security research at Websense.  Continue Reading

• Infosecurity 2008 - IT governance critical to addressing information risk

  Information and its conduits provide the lifeblood of the modern business, writes Alan Calder of IT Governance ....  Continue Reading

• Infosecurity 2008 - Seamless security for roaming workers

  Work for many of today's employees is no longer restricted to the traditional 'nine-to-five' work day or the office environment. In our age of high-speed internet communications, more and more people can travel routinely for work or telecommute from...  Continue Reading

• The battle for internet advertising

  The massive market for online advertising is one that affects every internet user. Many ISPs, search engines and websites depend on advertising revenue for funding, and in the absence of those funding sources would either have to pass on additional ...  Continue Reading

• Be sure of making the complete case

  Governments and administrations are transient. And however complex, they are simple when compared with the complexities that surround how ID cards may be taken to and applied by the population. ID cards are only part of the identity management ...  Continue Reading

• Benefits to the citizen have yet to be proven

  In asking whether the government has got the business case for ID cards right, we need to understand precisely what that business case is, writes Geraint Price of Information Security Group, Royal Holloway, University of London.  Continue Reading

• Now is the time for action

  The key to this topic for me was a quote from Home Secretary Jacqui Smith: "Individuals to have as much control and ownership of their own data as possible," writes Andrea Simmons, consultant forum manager, BCS Security Forum.  Continue Reading

• Database administration security strategy

  Given the vital importance of the information held within corporate and government databases it is surprising that the security of these databases is often of unknown provenance.  Continue Reading

• Infosecurity Europe 2008: Inside threat greater risk to data protection

  IT security has fast become a data-centric issue. Data is the most valuable asset in an organisation and the IT department must protect it or find itself in the headlines like HMRC and the Ministry of Defence. But as companies adjust their data ...  Continue Reading

• Security forecast: smartphones

  The modern mobile phone comes in two basic varieties. The more secure version is a stripped down 2G phone with very little data functionality. There are still some issues related to 2G confidentiality. First is the possibility that someone will ...  Continue Reading

• Catching the authorised hacker

  A threat looming ever larger in the minds of IT leaders is the risk of data loss through inappropriate behaviour or...  Continue Reading

• Seamless security for roaming workers

  Work for many of today's employees is no longer the traditional nine-to-five day or the office environment...  Continue Reading

• Secret questions blow a hole in security

  It's a mystery to me why websites think "secret questions" are a good idea, writes Bruce Schneier, chief...  Continue Reading

• Security is a management issue

  Many people in the UK still see security predominantly as an IT problem. But it's not it's a business one...  Continue Reading

• Sometimes the real threat is right under your nose

  Organisations often believe they need procedures to protect their databases from misuse by hackers outside the organisation, writes Jimmy Desai of law firm...  Continue Reading

• Infosecurity Europe to showcase latest technology

  Infosecurity Europe is Europe's number one dedicated information security event and yields a comprehensive convergence of information security professionals. It addresses today's strategic and technical issues in an education programme, and ...  Continue Reading

• IBM patent row: ensure protection at the agreement stage

  You do not expect to get sued when you buy IBM software, but that is exactly what happened to one US customer.  Continue Reading

• RFID, data security and the law

  The European Commission's new consultation on RFID...  Continue Reading

• System administrators are biggest risk to corporate data

  My baby is leaving home, aged 23. We are now negotiating what he is legitimately allowed to take with him. First up is the TV. When you're setting up your own home, it's important to get your priorities right. The other main item is the door keys. ...  Continue Reading

• Information security: learn the lessons of the Sumo

  Over the course of my career, it has become clear to me that Japan's national sport offers a perfect analogy for the current state of information security.  Continue Reading

• UK firms report jump in spend on e-discovery systems

  Corporate attitudes and spending on the management of electronically stored information (ESI) for legal and regulatory matters are changing.  Continue Reading

• Information commissioner seeks greater powers

  The recent reported loss of HMRC discs containing child benefit details has once again thrown back into the spotlight whether the information commissioner should be given greater powers to deal with breaches of the Data Protection Act 1998, say ...  Continue Reading

• Information security: the story of the suicidal kangaroo

  The Information Security Forum (ISF) has designated 2008 the "Year of Security Awareness", but saying something new can be tricky. Here Rob Hadfield, a security awareness specialist for ISF member British Airways, shares his struggle for inspiration  Continue Reading

• Royal Holloway: Control the controllers

  So what really happened at Société Générale?  Continue Reading

• Management buy-in essential

  Until the management of large organisations understands the need for the ongoing maintenance of IT security systems, and fully supports it, employees will continue to evade controls and commit fraud.  Continue Reading

• Protect controls as well as systems

  Vigorous and independent audits are key in underpinning the controls that safeguard your systems against fraud.  Continue Reading

• Take a holistic approach

  People, motive, opportunity and means: you need to cover all the angles if you're serious about protecting the organisation.  Continue Reading

• Control is the key

  You need to get the security fundamentals right, and then ensure your controls can be (and are) effectively enforced.  Continue Reading

• Access management comes first

  Sure, tools are useful, but only after you have identified which staff need which information, and you have processes in place that can deliver and control that access.  Continue Reading

• Put your faith in standards to keep staff on the straight and narrow

  Implementing the right security standards is the best way to stop insider fraud.  Continue Reading

• Meet the business continuity manager's new best friend

  IT and information security professionals have a new best friend. That indispensable buddy is, believe it or not, a standard: business continuity management standard BS 25999 to be precise.  Continue Reading

• Security Zone: information security economics for the individual

  Security, like news, is sexy when it's sensational: the hackers are coming, the country will succumb to cyber attack any day now, and anyone can steal your identity. But how many people have given their password some real thought?  Continue Reading

• The boundaryless network

  The idea of "my network" and "your network" is effectively obsolete.  Continue Reading