Opinion

Opinion

IT security

• Poor implementation presents the greatest risk – failure

  Security as a service: how are the patterns of risk and reward changing?

  Security as a service can provide cost savings and accelerated implementation...

   Continue Reading

• Higher rewards for the client mean higher risks for the security service provider

  Security as a service: how are the patterns of risk and reward changing?

  Overall, both the sum of risks and the sum of rewards stay constant,...

   Continue Reading

• Data leakage protection: how to secure your most vital assets

  There is a huge amount of hype in the industry regarding data loss prevention.  Continue Reading

• How IT businesses can survive the downturn

  Tony Pullen, managing director of Experian's business information division, examines what IT businesses should be doing to manage risk.  Continue Reading

• Building regulations for IT

  Did poorly-functioning IT systems contribute to the recent financial crisis? We must ask the question: was the Basel II regulatory framework properly implemented in banks' IT systems? That set of regulations was supposed to provide improved ...  Continue Reading

• Secure employee access to prevent insider threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Guard business assets against increased threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• How to implement network access control

  In spite of the billions of dollars spent each year on IT security, companies still suffer data leaks, security breaches, and virus outbreaks, writes Chris Boscolo, CTO and founder of Napera Networks.  Continue Reading

• NCC: Beware employees' "exit strategies" during downturn

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Security is not primarily a technical issue

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Be vigilant of saboteurs' revenge cybercrime

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Don't let turmoil distract attention from security

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Drop in staff morale increases security threat

  With the bank failures of recent weeks, more pending redundancies and a continuation of the downward slide, should we be concerned about lax security? Is...  Continue Reading

• Why bother with policy and procedure?

  Policies and procedures are important tools in the information security toolbox and they are most important when they apply to the IT department.  Continue Reading

• Security Zone: why 'need-to-know' is not always best practice

  I was recently reviewing an article which argued that in the absence of a clearly defined set of confidentiality requirements one should apply the concept of "need-to-know". Indeed it recommended this approach as following best practice!  Continue Reading

• Computer security when travelling by train – an expert’s observation

  Like many others, I endure a daily commute into London by train. Until recently I passed my time reading a newspaper. Lately though I have restricted myself...

   Continue Reading

• Real time threats demand real time security

  Some 30 billion text messages and 40 billion e-mail messages are transmitted across the network every day and it only takes one to wreak havoc. The annual...  Continue Reading

• How do we tackle political cyber-crime?

  Politically motivated computer crime has been growing steadily since the late 1980s. How should we deal with it? Kent Anderson, managing director at Encurve, LLC and member of ISACA’s Security Management Committee, offers his opinion.  Continue Reading

• Data loss: how to minimise risk, liability and reputational damage

  As public awareness of the dangers of data loss by businesses increases, Phil Sherrell and Vinod Bange from the technology team at international law firm Eversheds offer advice on mitigating the risks.  Continue Reading

• Will ID cards ever be in demand?

  As the private sector around the world adopts ID cards for various uses, will voluntary demand for such schemes ever happen in the UK? Home Secretary...  Continue Reading

• Expert opinion: e-tailers should copy online fraudsters' tactics

  It is credit crunch time, the belts are tightening whether you are a consumer or a business. Well for the consumer it is how they use their cash that is at the forefront of their minds: where can we save? Where can we go for the big bargains?  Continue Reading

• The danger within

  The insider threat issue is undoubtedly creating a stir in the technology world, but do organisations actually take it seriously, and what are they doing...

   Continue Reading

• Another data loss, another lax response

  When TV crews went into the offices of PA Consulting in London last week the staff looked as if they thought they were in the midst of an armed raid.  Continue Reading

• Internet crime? Global justice?

  This week we feature two stories that show how ICT intersects with national legal systems to produce very novel scenarios of crime and punishment.

  A...

   Continue Reading

• Top 10 information security tips for C-level executives

  Vernon Poole, head of business consultancy Sapphire , and former security manager for Deloitte...  Continue Reading

• ERP to grow in utilities, says Deloitte

  More than £500m is expected to be invested in enterprise resource planning (ERP) services in the UK utilities industry over the next two years, looking at...

   Continue Reading

• Hijacking blog strikes

  Christoph Alme, Team lead of Secure Computing's Anti-Malware Research Labs Hijacking blog strikes The infamous Storm...  Continue Reading

• Modern leadership techniques hinder crisis management

  There is evidence that modern management techniques can make it more difficult to respond to a data security breach, writes Jonathan Armstrong, partner at international law firm Eversheds.  Continue Reading

• Plug your zero-day vulnerability gap

  While a lot of time and effort goes into ensuring that networks are patched, the gap between vulnerability announcements and patch availability remains a serious and often costly issue for too many companies.  Continue Reading

• IT security blogs: ComputerWeekly.com IT Blog Awards 08

  Help us to identify the best IT blogs in the UK by voting for your favourite in the IT Security category.  Continue Reading

• Banks should collaborate with customers to fight fraud

  New provisions to the Banking Code means banks can now pass responsibility for card fraud to consumers if they do not have antivirus software or firewalls....

   Continue Reading

• Everyday superheroes

  Everyday superheroes John Dovey President UK corporates BT Global Services Among all the items about the sub-prime crisis and the credit crunch, one news story really caught my attention.  Continue Reading

• Hardware reputation and the online fraud arms race

  Banks are used to arms races. In the 1960s and 1970s the easiest way to for thieves to get hold of a bank's money was to turn up in person at branches with a gun and demand cash. So banks placed their workers behind bulletproof glass. This forced ...  Continue Reading

• PCI: a matter of timing

  PCI is a subject on which reams have been written already, but in my recent work I have seen it in a different light. For all the technical advice given - and to a large extent practiced - the one thing a project manager should be most aware of ...  Continue Reading

• Is data the CIO's responsibility?

  The challenge of maintaining high-quality data has been around since the proliferation of the database, but it is still an issue that affects a wide variety of businesses and the public sector, writes Colin Ricard of DataFlux.  Continue Reading

• Web 2.0 blows a hole in business

  The explosion in Web 2.0 applications - social networking, blogs, wikis, Second Life sites, and so on - has made them a key target for cyber criminals...  Continue Reading

• BCS: Audit and educate

  Attend the likes of InfoSec to ensure you are up to date with the latest products and then seek the advice of an expert consultant to help in cutting through the snake oil ...  Continue Reading

• Tif: Boundaries are blurring

  The idea that a boundary exists between "locked down" IT systems inside the corporate network and everything else operating outside it does not make as much sense as it once did...  Continue Reading

• ISF: Extend the security perimeter

  By and large, corporates have solved the problem of protecting the security of workstations against malware in their own internal environment...  Continue Reading

• ISACA: Constantly mutating challenge

  The idea that enterprises have made great progress in locking down their infrastructure to protect end-users from malware may not be totally accurate...  Continue Reading

• ISSA: Traditional controls inadequate

  There is a common misconception that because an organisation has anti-virus, it must be safe, writes Raj Samani, vice president of ISSA  Continue Reading

• Gartner: Control devices and encrypt data

  As new and improved technologies appear in the mobile markets, and are adopted by businesses, so new threats...  Continue Reading

• NCC: It's all about layers

  Working outside an organisation's physical domain brings certain responsibilities with it and the road warrior must take caution along in the kit bag...  Continue Reading

• If film directors can insure against failure, why not project managers?

  What's the difference between an IT project and bungee jumping? Answer: they are both pretty scary experiences,...  Continue Reading

• Electronic information sharing is key to effective government

  Over the past few years, the government has launched a number of initiatives to promote data sharing between public organisations including the NHS, Whitehall departments and police services. The government's determination to overhaul information ...  Continue Reading

• Security Zone: managing your organisation’s social network footprint

  As well as helping to minimise the chances of data theft and the ensuing bad publicity, information security professionals have a more proactive role in helping to protect their organisations in the 21st century, writes Paul Maloney, managing ...  Continue Reading

• Infosecurity 2008 - Developing infosecurity career paths

  Today more young professionals are choosing information security as a first career, bringing a post-graduate degree but little experience, writes John Colley, managing director EMEA of the International Information Systems Security Certification ...  Continue Reading

• Infosecurity 2008 - New defence strategy in battle against e-crime

  E-crime has evolved into a booming business. Viruses, malware and online crime have moved from hacking vandalism into a major shadow economy that closely mimics the real business world, including profit-driven organised cybercrime, writes Yuval ...  Continue Reading

• Infosecurity 2008 - Complying with security regulations is not enough

  The various legislation and industry standards that require businesses to protect sensitive data may drive us all a little nuts - the extra expense, investing the time to understand the new rules, business disruptions during the deployment process, ...  Continue Reading

• Infosecurity 2008 - Spam techniques reach new levels of sophistication

  Despite the proliferation of anti-spam solutions on the market, spam volume has reached epidemic proportions, writes Dan Hubbard, vice-president of security research at Websense.  Continue Reading

• Infosecurity 2008 - IT governance critical to addressing information risk

  Information and its conduits provide the lifeblood of the modern business, writes Alan Calder of IT Governance ....  Continue Reading

• Infosecurity 2008 - Seamless security for roaming workers

  Work for many of today's employees is no longer restricted to the traditional 'nine-to-five' work day or the office environment. In our age of high-speed internet communications, more and more people can travel routinely for work or telecommute from...  Continue Reading

• The battle for internet advertising

  The massive market for online advertising is one that affects every internet user. Many ISPs, search engines and websites depend on advertising revenue for funding, and in the absence of those funding sources would either have to pass on additional ...  Continue Reading

• Be sure of making the complete case

  Governments and administrations are transient. And however complex, they are simple when compared with the complexities that surround how ID cards may be taken to and applied by the population. ID cards are only part of the identity management ...  Continue Reading

• Benefits to the citizen have yet to be proven

  In asking whether the government has got the business case for ID cards right, we need to understand precisely what that business case is, writes Geraint Price of Information Security Group, Royal Holloway, University of London.  Continue Reading

• Now is the time for action

  The key to this topic for me was a quote from Home Secretary Jacqui Smith: "Individuals to have as much control and ownership of their own data as possible," writes Andrea Simmons, consultant forum manager, BCS Security Forum.  Continue Reading

• Database administration security strategy

  Given the vital importance of the information held within corporate and government databases it is surprising that the security of these databases is often of unknown provenance.  Continue Reading

• Infosecurity Europe 2008: Inside threat greater risk to data protection

  IT security has fast become a data-centric issue. Data is the most valuable asset in an organisation and the IT department must protect it or find itself in the headlines like HMRC and the Ministry of Defence. But as companies adjust their data ...  Continue Reading

• Security forecast: smartphones

  The modern mobile phone comes in two basic varieties. The more secure version is a stripped down 2G phone with very little data functionality. There are still some issues related to 2G confidentiality. First is the possibility that someone will ...  Continue Reading

• Catching the authorised hacker

  A threat looming ever larger in the minds of IT leaders is the risk of data loss through inappropriate behaviour or...  Continue Reading

• Seamless security for roaming workers

  Work for many of today's employees is no longer the traditional nine-to-five day or the office environment...  Continue Reading

• Secret questions blow a hole in security

  It's a mystery to me why websites think "secret questions" are a good idea, writes Bruce Schneier, chief...  Continue Reading

• Security is a management issue

  Many people in the UK still see security predominantly as an IT problem. But it's not it's a business one...  Continue Reading

• Sometimes the real threat is right under your nose

  Organisations often believe they need procedures to protect their databases from misuse by hackers outside the organisation, writes Jimmy Desai of law firm...  Continue Reading

• Infosecurity Europe to showcase latest technology

  Infosecurity Europe is Europe's number one dedicated information security event and yields a comprehensive convergence of information security professionals. It addresses today's strategic and technical issues in an education programme, and ...  Continue Reading

• IBM patent row: ensure protection at the agreement stage

  You do not expect to get sued when you buy IBM software, but that is exactly what happened to one US customer.  Continue Reading

• RFID, data security and the law

  The European Commission's new consultation on RFID...  Continue Reading

• System administrators are biggest risk to corporate data

  My baby is leaving home, aged 23. We are now negotiating what he is legitimately allowed to take with him. First up is the TV. When you're setting up your own home, it's important to get your priorities right. The other main item is the door keys. ...  Continue Reading

• Information security: learn the lessons of the Sumo

  Over the course of my career, it has become clear to me that Japan's national sport offers a perfect analogy for the current state of information security.  Continue Reading

• UK firms report jump in spend on e-discovery systems

  Corporate attitudes and spending on the management of electronically stored information (ESI) for legal and regulatory matters are changing.  Continue Reading

• Information commissioner seeks greater powers

  The recent reported loss of HMRC discs containing child benefit details has once again thrown back into the spotlight whether the information commissioner should be given greater powers to deal with breaches of the Data Protection Act 1998, say ...  Continue Reading

• Information security: the story of the suicidal kangaroo

  The Information Security Forum (ISF) has designated 2008 the "Year of Security Awareness", but saying something new can be tricky. Here Rob Hadfield, a security awareness specialist for ISF member British Airways, shares his struggle for inspiration  Continue Reading

• Royal Holloway: Control the controllers

  So what really happened at Société Générale?  Continue Reading

• Management buy-in essential

  Until the management of large organisations understands the need for the ongoing maintenance of IT security systems, and fully supports it, employees will continue to evade controls and commit fraud.  Continue Reading

• Protect controls as well as systems

  Vigorous and independent audits are key in underpinning the controls that safeguard your systems against fraud.  Continue Reading

• Control is the key

  You need to get the security fundamentals right, and then ensure your controls can be (and are) effectively enforced.  Continue Reading

• Access management comes first

  Sure, tools are useful, but only after you have identified which staff need which information, and you have processes in place that can deliver and control that access.  Continue Reading

• Put your faith in standards to keep staff on the straight and narrow

  Implementing the right security standards is the best way to stop insider fraud.  Continue Reading

• Take a holistic approach

  People, motive, opportunity and means: you need to cover all the angles if you're serious about protecting the organisation.  Continue Reading

• Meet the business continuity manager's new best friend

  IT and information security professionals have a new best friend. That indispensable buddy is, believe it or not, a standard: business continuity management standard BS 25999 to be precise.  Continue Reading

• Security Zone: information security economics for the individual

  Security, like news, is sexy when it's sensational: the hackers are coming, the country will succumb to cyber attack any day now, and anyone can steal your identity. But how many people have given their password some real thought?  Continue Reading

• The boundaryless network

  The idea of "my network" and "your network" is effectively obsolete.  Continue Reading

• UK has lessons to learn from Hong Kong on ID cards

  Whether citizens like it or not, their governments are anxious to know everything about them.  Continue Reading

• Pressure to perform can lead to abuse of IT in finance houses

  If ever a reminder were needed that technology is not context-free, the case of Société Générale trader Jérôme Kerviel has provided one.  Continue Reading

• CIO strategies for thriving in an economically uncertain world

  In the Gartner Executive Programs 2008 CIO survey, the average CIO's expectation was that their IT budget would be rising by just more than 3% in 2008, writes Dave Aron, vice-president and research director in Gartner Executive Programs.  Continue Reading

• A greater social networking threat on the horizon

  How long will it be before one of the social networking sites gives simple remote access from PC to PC?  Continue Reading

• Gartner’s at-a-glance guide to social networking risks

  Gartner research director Andrew Walls sets out the security risks in using social networks.  Continue Reading

• Limit your liability from social networking

  Although Tif members find that allowing staff to use social networking sites can have advantages in terms of knowledge sharing and market research, they also see that the risks of using such sites must be understood and managed  Continue Reading

• Policies hold key to social networking security threat

  Certain personal online activities can help maintain employee productivity. The question is, when does fair use become a concern for the HR department and line management?  Continue Reading

• Social networking security is a people issue

  For the corporate body of knowledge, social networking sites can be a leech - is your health and safety record with HR or YouTube is appraisal information best gleaned from FaceBook?  Continue Reading

• Social networking: corporate risks, individual risks

  As a result of the strong human desire to connect, social networking websites have encouraged online behaviour where security and privacy are not always the first priority  Continue Reading

• Social networking: would you shout your details in the street?

  By using social networking sites, are you not providing potential attackers with a virtual Post-it note to your information, and ultimately your identity?  Continue Reading

• The road ahead for IT security leaders

  If CIOs are going to make the most of opportunities for using IT to fuel business transformations and become engaged in experimentation with software as a service, virtual worlds, Web 2.0 and the full realm of other new and emerging technologies, ...  Continue Reading

• Don't panic over 'ban' on security tools

  Oh, dear golly gosh, are they going to make computer security tools illegal? Spare me.  Continue Reading

• The positive side of regulatory compliance

  When I was working at MCI WorldCom - now Verizon - at the end of 2004, talking to yet another auditor about controls, I did not think that I would ever be looking back with nostalgia.  Continue Reading

• How to combat the Sans Institute's top 10 security threats

  Timothy Mullen, vice-president of consulting services at NGS Software, offer advice on protecting your systems from the most pressing cyber threats of 2008  Continue Reading

• Security zone: the trouble with testing anti-malware

  Testing products that detect malware are important to the integrity of anti-virus products, but there are several problems that need to be overcome  Continue Reading

• Data privacy must become a corporate priority

  Breaching data privacy can cause substantial financial loss The data breach at HM Revenue & Customs (HMRC), which placed 25 million people at risk...  Continue Reading

• The construction industry is waking up to the Benefits of IT

  In general, the construction industry has been reluctant to embrace the benefits of IT. However, builders are now beginning to be dragged into the 21st century by the need to collaborate more closely with their more IT-savvy colleagues, the ...  Continue Reading

• Companies Act 2006 will bring IT closer to business

  The Companies Act 2006, which comes into force in October 2009, is reminiscent of the 2002 Sarbanes-Oxley Act in the US. Sarbanes-Oxley has impinged mightily on the working lives of British IT professionals working for companies listed in the US, so...  Continue Reading