Brake Theory and Jet Theory

October 1, 2009

Explaining security to those in the security industry can be hard enough at the best of times without having to try and convince a board to spend on security during harder times.  Traditional Brake Theory is sometimes deployed by security managers at this point but I’m going to introduce a new and improved theory that might help you sometime, and I call that theory Jet Theory…

Read the rest of this entry »

Work from Home Scams and Security

December 9, 2008

There are many legitimate reasons to be working from home, especially as Australian cities get busier, the roads become more congested, and we try to be more conscious of the environment.  If you’ve ever been curious to know how work from home scams work, the Australian government SCAMwatch can fill you in.

And if you are already working from home the things to consider are; protecting printed information, encrypting portable media, connecting to the office through a Virtual Private Network (VPN) and disabling split tunneling that allows a user to connect an insecure network at the same time as the work network.

Equally important to setting a home worker up, is helping them work from home without growing isolated.  Unified Communications (VoIP and a webcam) along with Web 2.0 technologies such as corporate wikis and blogs allow the home worker to communicate with the office, and of course, other home workers.

Terrorism in India and Information Security

December 1, 2008

In a recent article in The Australian senior lecturer Mervyn Bendle of James Cook University writes about terrorism and the shift from hard military targets, the “near enemy”, to softer targets, private citizens known as the “far enemy”.  In the case of Mumbai, the country was host to the far enemy of a far militant organisation.  Worth noting, the primary US and UK targets — people — were not under the protection of their home country.  These types of events demand continued, and elevated, co-operation of governments and intelligence agencies world-wide.

Parallels can also be drawn to cyber-security and the protection of information assets within the corporate environment.  Information is more likely to be exposed when it is outside the direct control of the organisation, i.e. when it is being stored, processed or transmitted by a third party.  This underpins the importance of industry standards such as SAS 70 and ISO 27001, in demonstrating control, and in fostering trust between business partners.

Read the full article in The Australian on the recent events in India.

The cost of doing security: free or priceless?

November 24, 2008

I have spoken with people who think that security should be included within products, within projects, within organisations; free.  Whilst a keen web surfer will be able to pickup some good open-source security software for free, along with the next incarnation of Microsoft Windows Live OneCare, the astute manager knows there is much more to an effective security programme than free software…

Read the rest of this entry »

Would you like to win the lottery?

November 3, 2008

In the current economic climate it is being reported that more people than usual are falling victim to phishing attacks — especially those based on winning the lottery!  InternetNews has written about Yahoo! and Microsoft teaming up at the 6th German Anti-Spam Summit to 1) identity and mitigate such attacks appearing in the mailboxes of their users, and 2) to try and stop abusers using their systems to send spam.  Previous attempts to stifle similar attacks have focused on transfer agencies such as Western Union.

Read the full article.

Top Business/IT Issues Survey Results

August 5, 2008

ISACA has released the results of a survey to identify current business issues, supported by technology.  The top seven business issues identified are:

1. Regulatory Compliance
2. IT Management/Governance
3. Information Security Management
4. Disaster Recovery / Business Continuity
5. IT Value Management
6. Challenges of Managing IT Risks
7. Financial reporting standards

The report provides a “drill-down” of each of the seven business issues, for Information Security Management the specific points were:

1. Lack of top management involvement in setting direction and objectives for information security
2. Performance and effectiveness of information security controls not regularly measured, monitored or improved
3. Information security risks either not known or only partially assessed
4. Lack of enterprise-wide information security awareness and training
5. Information security perceived as belonging exclusively to the IT realm

Download the report here