Opinion

Opinion

IT security

• Data encryption is simple safeguard against data breaches

  The government has introduced legislation that enables the Information Commissioner's Office to issue fines of up to £500,000 for serious data security breaches,...

   Continue Reading

• Do we need a single cyber-security organisation to secure the internet?

  A poll by Infosecurity Europe has found that 60% of organisations think that the internet needs a cyber-security organisation to oversee it. Here industry experts have their say  Continue Reading

• Security Zone: why we should be more concerned about password authentication

  Passwords as the last means of protection beyond physical control have remained essentially unchanged for more than half a century. From a technology perspective, this single control is no weaker than it was when it was created during World War II. ...  Continue Reading

• What is the best thing Santa could bring the IT security manager?

  Security leaders from the ISF, BCS, ISACA, (ISC)2, Tif and ISSA present a wishlist for securing corporate systems in 2010  Continue Reading

• A sorry tale of a CEO and his laptop

  As the CTO of a data protection and encryption company I hear many tales of woe from senior executives who have confessed to losing their laptops. Here is...

   Continue Reading

• Save blushes and blame with firewall policy analysis

  It happens in a moment - I put my mobile down and suddenly my client is standing in front of me ready for a meeting. Two hours later I am desperately searching...

   Continue Reading

• HBOS power failure highlights importance of business continuity planning

  Neil Stephenson, CEO of Onyx Group, discusses the recent HBOS crisis and explains why disaster recovery will remain a business bugbear if not managed properly.  Continue Reading

• Security Zone: can you prevent scraping or data harvesting?

  We have all innocently copied and pasted text and images from websites, but scripts and bots have made it possible to lift content of websites to industrial mining proportions in a practice known as 'data scraping'  Continue Reading

• Gartner: Users need to use multiple PCs

  Why is corporate adoption of the trusted computing standard still very low when over 70% of new computing devices have built-in trusted platform modules (TPMs)?  Continue Reading

• Guardian jobs database attack demonstrates difficulties of database security

  Job hunting is a tough job in itself - battling with 8% unemployment, rehearsing for job interviews, adding relevant yet interesting hobbies to your CV - and then you receive an e-mail from The Guardian's job site to say that your personal details ...  Continue Reading

• Challenges and benefits of physical IT security

  There has been much talk in the physical security market concerning the imminent arrival of IT manufacturers and the likely impact it will have on the...

   Continue Reading

• IT security crisis management: looking beyond the magic bullet

  The main threats that organisations and their customers are facing today are the same ones that have always been around: ignorance, apathy and poverty....

   Continue Reading

• What happens when cloud data is lost?

  Everywhere you turn somebody somewhere is extolling the virtues of cloud computing, writes Tom Greenbank of international law firm Pinsent Masons.  Continue Reading

• Security Zone: Secure by design?

  With nearly every aspect of our lives becoming reliant on computer technology, how do we know we can trust the systems we are using are secure and cannot be easily exploited?  Continue Reading

• Passwords and encryption strengthen printer security

  When we conduct a penetration test of a corporate network, we typically find dozens of printers offering management pages without passwords. This means that anyone on the network could not only print to the machine, but also control it, change the ...  Continue Reading

• Security managers must keep pace with weak points in connected devices

  Restrictions provide a back door into organisational networks through [the lack of] security in embedded devices.  Continue Reading

• Risk assessment enables targeted security management

  Businesses affected by the economic downturn, suffering a reduction in resources and an increase in threats, need to risk assess their vulnerabilities and think carefully about how and where to focus their attention.  Continue Reading

• Responsibility for security of end-point devices must be shared across the business

  Network scanning technology needs to be capable of addressing the end points to ensure that anti-virus or software updates are run on printers and other connected devices to keep them virus-free and "healthy".  Continue Reading

• Security Zone: Checklist for winning IT security funding

  I sometimes wonder what it is that makes otherwise rational security folk seem to ignore the most fundamental aspect of any corporate IT security strategy when they convene to talk , discuss and architect the why, how and where security fits into ...  Continue Reading

• Five best practices for mitigating insider breaches

  I am confronted every day with companies who have suffered some kind of security breach, mostly internal and it often comes down to the mismanagement...

   Continue Reading

• The Obama approach to reducing IT opex

  If you have as a key goal on your MBOs to achieve a significant reduction in your IT opex costs then listen carefully to the subplot in US president Barack...  Continue Reading

• Cloud computing faces security storm

  A storm-front is brewing for cloud computing, writes Paul Zimski, vice-president of market strategy at Lumension. As developers continue to reach towards the sky with insecure infrastructure, the chances for a disastrous squall increase every day.  Continue Reading

• Meeting regulations is key security advantage

  The business case for information security has finally been recognised. Rather than being viewed as an unwanted necessity and expense, information security is now seen as a valuable contributor for protecting and managing brand image.  Continue Reading

• Protection of customer data makes a strong selling point

  There is no doubt that security will play an increasingly important role in enabling business growth, but it requires those in the boardrooms of Great Britain to wake up to the real challenges that will threaten their business over the next decade.  Continue Reading

• Good security and security governance can win business

  By applying appropriate security within a company, risks can be taken, and by taking risks, business will grow.  Continue Reading

• Security bridges the divide between IT and business

  As information security grows in stature within the organisation, we in the profession must be careful not to develop any delusions of grandeur. No matter how crucial our efforts may be, we must recognise that we are very firmly cast in a supporting...  Continue Reading

• Seven ways to align security with the business

  There is no single tactic or strategy that guarantees success in improving business alignment of security. Rather, a number of varied but interrelated actions need to be identified and executed to improve alignment over time.  Continue Reading

• Strong security builds trust; trust builds business

  The first challenge in attempting to articulate the extent to which security can help business growth is for the enterprise to recognise that security is a business issue, not just a technical one.  Continue Reading

• Raise the profile of security's risk management potential

  The name "Paul Moore", ex-head of risk for HBOS, is not synonymous with information security, but perhaps it should be.  Continue Reading

• Security Zone: Forensics - don’t hamper the investigation

  All too often investigations are compromised by the involvement of a "helpful" IT department, writes Matthew Parker of Ernst & Young. The common mistake is to attempt to perform the investigation yourself without understanding the ramifications of ...  Continue Reading

• How to prevent data leaking in transit

  The number of incidents involving data intentionally or unintentionally leaving corporate networks is on the rise, writes Yuval Ben-Itzhak, chief technology...

   Continue Reading

• Developing flexible instant messaging guidelines

  From its beginnings in the early 1990s, instant messaging (IM) has developed into a powerful business tool, giving internet users access to a simple presence facility, as well as acting as a linchpin for online conferencing, whiteboarding and other ...  Continue Reading

• Security Zone: Keep IT security separate

  Roles, teams and even entire departments are often combined to streamline efficiency and reduce costs, but this is not always as straight-forward as it...  Continue Reading

• Best practice for IM security

  Corporate IT Forum members collectively believe that the triangle of trust around security is policy, enforcement and education. Obviously, individual organisations must decide how far they want to go with each of these, depending on the nature of ...  Continue Reading

• IM security: the triangle of trust

  Corporate IT Forum members collectively believe that the triangle of trust around security is policy, enforcement and education. Obviously, individual organisations must decide how far they want to go with each of these, depending on the nature of ...  Continue Reading

• Mitigate IM risks with security awareness and access control

  Instant messaging (IM) is one of those applications that is seen as either the best thing since sliced bread, greatly improving productivity, or the bane of a manager's life because it is perceived that staff waste a lot of time using it.  Continue Reading

• No silver bullet for instant messaging security

  A 2006 Ostermen Research survey found 93% of North American businesses were using instant messaging (IM). Commercial offerings such as Reuters Messaging Interchange will only increase demand  Continue Reading

• Real-time data sharing is key to swine flu control

  The swine flu outbreak emphasises the global, connected challenges facing today's healthcare professionals - but technology can help, writes...

   Continue Reading

• Instant messaging: educate, monitor and block

  I have not yet encountered a work situation where employees could not accomplish their objectives or daily workload because they could not use IM.  Continue Reading

• Protect your corporate image on social media

  In April 2009, employees of a Domino's Pizza store posted videos on YouTube of staff performing offensive and possibly illegal actions with ingredients and implements used in the preparation of pizzas and other foods, write Andrew Walls, research ...  Continue Reading

• Opinion: Dealing with a changing threat landscape

  The threat landscape in information security is in a constant state of flux, with new threats emerging and existing threats becoming ever more sophisticated,...

   Continue Reading

• Opinion: How to avoid losing staff with ERP for IT

  Cost-cutting can hit any department, andIT often tops the list. IT leaders are underhuge...

   Continue Reading

• Deloitte: Facebook and Twitter DoS a major challenge to social networking

  If it is proved to be true that yesterday's cyber attacks on Google, Twitter, Facebook and other sites were aimed at closing down the activities of one individual…  Continue Reading

• IT executives prepare for disaster

  Executive involvement in disaster planning doubles as fear of viruses and natural disasters keep CEOs awake at night.  Continue Reading

• Government’s cyber security strategy is a lost opportunity

  Shortly after the publication of the US Cyberspace Policy Review the government released its own strategy: "The Cyber Security Strategy of the United Kingdom", writes Crispin Blunt, shadow minister for home affairs and counter-terrorism.  Continue Reading

• Cloud computing – the legal risks

  While it is clear that the cloud has the potential to offer a great deal for end-users, there are an assortment of potential legal risks and issues that should be considered and, where possible, mitigated, writes Dan Burge, partner at Denton Wilde ...  Continue Reading

• Security Zone: Push for the use of centralised data

  "You make a child, but you don't make its mind," is an old saying from Trinidad. I am reminded of this when I think of how data changes as it migrates...

   Continue Reading

• Don’t forget to protect the knowledge

  The concept of knowledge management is an alien one within the majority of organisations, however harnessing the experience of employees is the essence of all business and why we pay, sometimes extortionate amounts of money, for certain key ...  Continue Reading

• How to recognise and fix access governance issues

  The business risks associated with providing users with access to information resources can include lost revenue, increased expense, damage to customer relationships and the corporate brand.  Continue Reading

• How far should IT managers go to protect corporate data?

  The privacy/freedom debate brewing in the UK is providing IT departments with new and tough challenges. How far can they go to protect data?  Continue Reading

• Recruiting hackers to defend the UK is lunacy

  Lord West, the UK's first cyber security minister, recently announced that the new Cyber Security Operations Centre (CSOC) has recruited former hackers to defend national security, as part of the new government cyber security strategy aimed at ...  Continue Reading

• Malicious targeting exposes serious gaps in corporate defences

  In the past 15 years, organisations have built up defensive barriers for the servers and databases that house their most sensitive data. But today's threats...

   Continue Reading

• Balancing cost and risk for outsourcer information assurance

  In the film Meet the Parents, the character played by Robert De Niro unveiled his new invention dubbed the nanny camera. It had a motion-activated camera positioned within a teddy bear that would record the babysitter for later viewing.  Continue Reading

• Define a process to protect data when offshoring

  Offshore outsourcing is an emotive topic, and the security and privacy risks specific to offshoring can often be perceived, rather than real. Indeed, many companies have significant challenges managing security requirements with third parties ...  Continue Reading

• Legal input is vital to meet data privacy challenge of outsourcing

  For firms and organisations embracing offshoring and outsourcing, the challenges of data privacy and data protection are real.  Continue Reading

• Remember you are outsourcing process, not legal responsibility

  Intuitively, the belief is that security risks are raised when outsourcing or offshoring. But, if you analyse it, I doubt that there is any real increase in risk  Continue Reading

• Reality check your outsourcing risk

  Are information security risks really increasing with offshoring and outsourcing and how can the IT security professional assess and mitigate the risk?  Continue Reading

• Get in early to mitigate outsourcing data risks

  Outsourcing and offshoring have been part of the business toolset for some time. The security risks associated with outsourcing and offshoring should now be well understood and easy to mitigate.  Continue Reading

• Security Zone: understanding why staff break the rules

  High-profile cases of sensitive data loss from government have led to calls for even tighter security controls. However, in most of these cases it appears to be the human element that is at fault, not the technological solutions that protect the data  Continue Reading

• Security Zone: Catalogue security systems to improve their management

  A plethora of articles have explored the challenges of managing systems in a market downturn. The one common message is that information security professionals...

   Continue Reading

• Application security – moving from folklore and feelings to facts

  The mobile rang, the question all CIOs dread: "Have you seen the news today? Could this happen to us?" And so began Sam's day.  Continue Reading

• Build security into the entire software development life cycle

  Application software is always going to contain flaws. The trick is to catch the mistakes as early as possible, by building security into the entire software...  Continue Reading

• Defence in depth is key to application-level security

  Making the decision to part-exchange the two-door sports car and purchase something more practical is often determined by two factors. We need a car that...  Continue Reading

• Technologies for application-level security

  As attacks become more financially motivated and as organisations get better at securing their network, desktop and server infrastructures, there has...  Continue Reading

• Give users an alternative to breaching security controls

  Unless you believe everything depicted in the TV show 24 , employees are not recruited by foreign intelligence services, and data exfiltration is due...  Continue Reading

• Opinion: BBC Click exploited world’s poor and vulnerable

  By purchasing and using an illegal computer botnet, BBC’s “Click” programme chose to educate their affluent English-speaking technically savvy audience about computer security by exploiting 21,000 poor and vulnerable computer users in the developing...  Continue Reading

• Opinion: Why BBC Click violated the Computer Misuse Act

  In my previous discussions of BBC Click’s BotNet programme I avoided a detailed discussion of the law. Whatever the law says, I believe their actions were irresponsible.  Continue Reading

• How the IT department can help prevent lorry crime

  According to the freight intelligence unit Truckpol, lorry crime incidents have almost doubled from 2,284 in 2007 to 4,171 in 2008, with a cost to the economy...  Continue Reading

• Golden rules to stop redundant staff accessing sensitive data

  Redundancies are an unfortunate reality in today's economic climate. Too often, businesses leave themselves vulnerable to a data breach by not immediately revoking the network and application access points of terminated employees  Continue Reading

• Ensure employee buy-in to security measures

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• Get processes right, and the security will follow

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls? Gary...  Continue Reading

• Opinion: The unanticipated consequences of BBC Click's botnet crime

  After I described the actions of BBC Click’s production team in broadcasting their botnet special as “irresponsible, unethical, and almost certainly illegal” (ComputerWeekly 17 March 2009) I heard more than a few questions.  Continue Reading

• Raise awareness of security measures

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• Accountability is key to security

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• Security must be compatible with working practices

  How can business ensure security technologies are aligned with work processes so that it is easy for end-users to do the right thing and not circumvent controls?  Continue Reading

• GhostNet and state-sponsored cyber espionage: combatting the invisible threat

  The notion that governments utilise specialised malware to capture commercial secrets is seen by the masses as pure fiction. However, state-sponsored cyber espionage is a much wider spread problem than organisations accept…  Continue Reading

• My phone stole my identity

  Mobile phones can now store vast amount of information such as contacts, SMS, and e-mails. However, if your mobile phone fell into the wrong hands, your phone could give your identity away.  Continue Reading

• Virtualisation: the indomitable gall of thrifty business continuity

  Business continuity can take many forms, from simply making sure key personnel are contactable at all times to having an separate facility built to relocate...

   Continue Reading

• Reaching cloud nine: how to select the right partner

  Over the past year, cloud computing ...  Continue Reading

• Remote working is not all or nothing

  Remember looking out of the window and being greeted with a blanket of snow? The very hint of no school and a day in the snow is every kid's dream. This attitude changed one day, and the only thought was the impending journey into work because a day...  Continue Reading

• Remote working is a challenge for companies of all sizes

  Even large organisations struggle to secure remote working - and that is with multi-million pound budgets, 24x7 support and dedicated technical teams. Small businesses are exposed to the same risks, may not have any of these controls, yet would ...  Continue Reading

• Remote working need not be feared

  Remote working should be encouraged and embraced, not feared, in companies where the actual work can be done remotely.  Continue Reading

• SMEs at risk from casual remote working practices

  Most organisations have remote workers, whether teleworkers working from a home office, or mobile workers who work from a variety of locations. However, some organisations do not know who is working remotely, how much of the time, or which tools and...  Continue Reading

• Remote working for SMEs can be low-cost and safe if done well

  Remote working is commonplace in the corporate world, but many small business have still to take advantage of a secure method to permit their staff to connect back to the office when they are working at home or travelling. Whilst there are low-cost,...  Continue Reading

• Delivering the ICO's Personal Information Promise

  The Personal Information Promise, a bid to encourage safer data handling practices, is a superb idea conceptually. This voluntary charter, which permits businesses and government departments to "demonstrate their organisation's senior level ...  Continue Reading

• How to defend against data integrity attacks

  There are standards, methodologies and audit guidelines for managing risks to data availability and data confidentiality, but there seems to be no such guidance for managing threats to data integrity, writes Sarb Sembhi, president of the London ...  Continue Reading

• Flexible working makes stronger businesses

  You need to adopt flexible working practices not just because employees increasingly expect them, but because they make your business much more resilient to disruptive events  Continue Reading

• If you outsource your virtualisation, thoroughly check your provider’s security

  How secure is the current practice in virtualisation? In seeking to provide a detailed response for the above question, views have been sought from...  Continue Reading

• Leverage the benefits of virtualisation, but in a secure way

  How secure is the current practice in virtualisation? The key driving force behind virtualisation is the promise of reduced costs resulting from server...  Continue Reading

• Set up virtual machines with extra caution

  How secure is the current practice in virtualisation? The stampede to employ virtualisation sees no sign of waning in 2009, writes Raj Samani, vice-president...  Continue Reading

• Guard physical and hypervisor layers against unauthorised access

  How secure is the current practice in virtualisation? Virtualisation technology makes best use of available processor and memory resources which is...  Continue Reading

• Beyond encryption

  Collaborative business communities are on the rise as businesses seek to gain competitive advantage by sharing sensitive information outside traditional...

   Continue Reading

• Implemention and management must be done properly

  Security as a service: how are the patterns of risk and reward changing?

  Security as a service, if implemented and managed properly, can allow...

   Continue Reading

• Managing the risk is essential when outsourcing security

  Security as a service: how are the patterns of risk and reward changing?

  In seeking to provide a detailed response for the above questions, views...

   Continue Reading

• Poor implementation presents the greatest risk – failure

  Security as a service: how are the patterns of risk and reward changing?

  Security as a service can provide cost savings and accelerated implementation...

   Continue Reading

• Higher rewards for the client mean higher risks for the security service provider

  Security as a service: how are the patterns of risk and reward changing?

  Overall, both the sum of risks and the sum of rewards stay constant,...

   Continue Reading

• Data leakage protection: how to secure your most vital assets

  There is a huge amount of hype in the industry regarding data loss prevention.  Continue Reading

• How IT businesses can survive the downturn

  Tony Pullen, managing director of Experian's business information division, examines what IT businesses should be doing to manage risk.  Continue Reading

• Building regulations for IT

  Did poorly-functioning IT systems contribute to the recent financial crisis? We must ask the question: was the Basel II regulatory framework properly implemented in banks' IT systems? That set of regulations was supposed to provide improved ...  Continue Reading

• Secure employee access to prevent insider threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading