Nov 06 2012

New Tools for IT and Security professionals

Category: BCP,Information SecurityDISC @ 11:40 am

IT Governance continually striving to create, source and deliver products that can help IT and Information Security professionals in the real world. Check out their latest on Business Continuity, ITIL & ITSM and Information Security products below to help you in your current and future projects. This is a perfect time of the year to start adding some of these tools in your wish list and stay abreast in your area of expertise.

ISO22301 BCMS Implementation Toolkit
New release

 

ITIL Lite: A Road Map to Full or Partial ITIL Implementation – ITIL 2011 Edition
New release

 

ITIL Foundation Essentials: The exam facts you need
Published on 6th November

 

Resilient Thinking: Protecting Organisations in the 21st Century
Published on 8th November

 

ISO19770 SAM Process Guidance: A kick-start to your SAM programme
Published 13th November

 
 
Related articles

Tags: Business, business continuity, Information Security, Information Technology, Information Technology Infrastructure Library, it service management, SAM, Software asset management

Oct 11 2012

Make October YOUR Cyber Security Month

Category: cyber security,Information SecurityDISC @ 12:50 pm

 

The US Government has declared this October is the National Cyber Security Awareness Month (NCSAM).

The aim of this campaign is to:
 • Promote cyber security awareness amongst citizens and businesses
 • Educate individuals and businesses through a series of events and initiatives
 • Raise cyber awareness and increase the resilience of the nation in the event of a cyber incident

Cyber security is not just about protecting your critical assets, it can also help improve your internal systems and help you win new business.

 

Make October YOUR Cyber Security Month with these essential reads:

Above the Clouds: Managing Risk in the World of Cloud Computing

Assessing Information Security: Strategies, Tactics, Logic and Framework

IT Governance: An International Guide to Data Security and ISO27001/ISO27002 

21st Century Chinese Cyberwarfare

CISSP All-in-One Exam Guide, 6th Edition

More than 50 InfoSec topics in books available at DISC InfoSec store

Find out more on National Cyber Security Awareness month at Homeland Security's website

DISC online store for recommended InfoSec services/products

 

 

Additional online safety information:

What Teens Shouldn’t Put in Their Social Media Profiles


Child Safety Guide: How to Keep Kids Safe When They're Home Alone


Ways to Check if You’re Visiting a Safe Site


Internet Safety Tips for Seniors


How to Shop Safely Online


Things You Should Never Post Online but Probably Are


11 Photos You Should Never, Ever Post on Social Media
 

Online Safety tips for kids:

Less screen, More Green: Outdoor Safety Tips for Kids

 

The Parents’ Guide to Teaching your Teen Online Safety
 
Guide to screen addictions and responsible digital use
 

Keeping Kids Safe Outdoors as the World and the Roads Reopen

Tags: Computer security, Federal government of the United States, Homeland Security, National Cyber Security Awareness Month, NCSAM, October, Security, U.S. government

Sep 21 2012

Build resilience into your management system

Category: Information Security,ISO 27kDISC @ 10:15 am

 

Related BCP titles

ISO22301 and ISO27001 – The building blocks of organization management system resilience

The importance of mitigating the disruption to information technology services has been at the heart of disaster recovery and business continuity plans for many years. With the growth and dependency on IT and the increased risk of attack from outside sources (cyber-attack), the survival of all organisation will depend upon the protection of their critical information assets and building security at every layer.

The idea of cyber resilience – that an organisation’s IT systems and processes should be resilient against natural disaster or outside attack is a key principle underlining the best practice and compliance to the ISO22301 and ISO27001 standards.

ISO 22301:2012 (formerly BS25999) is the international standard for business continuity within organisations and defines the specification and best practice for developing and implementing a robust business continuity management system.

ISO/IEC 27001:2013 helps businesses throughout the world mitigate the risks associated with cybercrime and provides the security assurance demanded by your board, shareholders, regulators and most importantly, your customers.

Related articles




Sep 10 2012

5 Reasons Why Patch Management Is Vital To Your Information Security

Category: Information SecurityDISC @ 10:53 am

Related Patch Management titles

Patching is a critical part of systems administration. I don’t think anyone would argue that. But if your patching regimen consists of turning on Automatic Updates and calling it a day, or staying up until the middle of a Saturday night logging on to each server at a time to apply patches, you are missing the point. Patching is a task; patch management is how to perform that task easily, completely and in a scalable way. Patch management is vital to your information security because it is the only way to be sure you have taken care of all of the patching needs in your environment, and that you can audit and confirm that. Let’s look at some of the reasons why patch management is so important.

1. Patch management is about more than just operating systems
While it’s extremely important to ensure you have patched your operating systems, there are dozens of other applications out there that your users are running, which could be exploited by an infected attachment, a malicious script, and/or a compromised web page. Patch management applications can go beyond a Windows Update, addressing patches for operating systems, Microsoft and other third party applications, web browsers, media players and more. Patch management helps you ensure that no vulnerable apps are on your network.

2. Patch management is the most efficient way to handle both servers and workstations
You could probably manage to patch by hand all of your servers, and there’s a limited number of apps running on them, but trying to patch all your workstations and all the third party apps would be an impossible task without a patch management application to assess all the systems and their software, delivering those critical updates to each and every system that needs it. 100% compliance is the surest way to avoid incidents.

3. Patch management makes testing easy
Patching involves testing, and that’s why so many admins don’t patch regularly. They fear a patch might introduce an incompatibility, and would rather take their chances since they don’t have to time test. Patch management applications make it easy to push a patch to a group of systems for testing, before deploying to the rest of the network.

4. Patch management makes rollbacks easy
Sometimes, a patch needs to be rolled back, and doing that manually is out of the question. You are much more likely to deploy patches fully and on time if you can easily roll back if something turns out to be incompatible with a critical app, and a patch management application can uninstall patches from any or all systems just as easily as it can push them out.

5. Patch management makes reporting easy
One of the scariest things about relying on Automatic Updates is that you have no idea whether or not systems are actually patched, until you check them, one by one. With a patch management application, you can quickly and easily run reports to confirm that critical update for the zero day exploit really did get out to all your servers and workstations, and if one was missed, you can immediately identify and remediate it, before something bad happens.

Patch management is not a silver bullet. It won’t stop users from sharing passwords and it cannot prevent an admin from leaving a default configuration in place, but what it will do is enable you to keep your workstations, servers and critical applications up-to-date, fully patched and as secure as possible from hackers looking to exploit vulnerabilities in the software. That way you can spend more time on training users and verifying configs, and less time running around trying to update Flash for the tenth time this year.

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

Related articles




Tags: GFI, Patch (computing), Security, Windows Update

Aug 15 2012

Staff awareness training – an essential component of ISO27001

Category: Information Security,ISO 27kDISC @ 1:53 pm

Staff awareness and training are key for effective information security management and for achieving compliance with the ISO/IEC 27001:2005 standard.

As clause 8.2.2 of ISO 27002 (the Code of Practice for Information Security Management) sets out, it is imperative that security issues are addressed at the employee level and that a firm foundation is built for an employee to understand the implications of his/her actions and be mindful of these in their daily activities.
More importantly, you need to keep evidence that you have conducted formal staff awareness training.

What better way to obtain this evidence than deploying Information Security Staff Awareness eLearning within your organization?

The software enables your own corporate e-learning management portal to automatically retain records of which staff have accomplished the course. You can easily monitor the compliance status of the organization and see hard evidence of each employee’s level of understanding.

Information Security & ISO27001 Staff Awareness eLearning course offers you tangible benefits whilst enabling you to impart basic, and yet fundamental training on information security within your organization

Benefits of this eLearning include:
• Massive financial cost savings in comparison to traditional training options
• Minimal office disruption – staff train at their desks
• Minimal administration – comprehensive reports available
• Systematic evidence that training has actually been provided – underpinning disciplinary actions
• Simple to use with relevant and informative content

Related articles




May 25 2012

10 essential books for IT Professionals

Category: Information SecurityDISC @ 11:54 am

All books are available in softcover, eBook and Kindle-compatible formats at a better price than Amazon! *

Below are 10 latest publications from IT Governance:

  1)      30 Key Questions that Unlock Management
by Brian Sutton and Robina Chatham
     

 

  2)      The Concise PRINCE2
by Colin Bentley
     

 

  3)      50 Top IT Project Management Challenges
by Premanand Doraiswamy and Premi Shiv
     

 

  4)      Everything you wanted to know about Business Continuity
by Tony Drewitt
     

 

  5)      Everything you wanted to know about Agile
by Jamie Lynn Cooke
     

 

  6)      Cloud Computing: Assessing the Risks
by Jared Carstensen, Bernard Golden and JP Morgenthal
     

 

  7)      The ITSM Iron Triangle: Incidents, Changes and Problems
by Daniel McLean
     

 

  8)      Managing Business Transformation: A Practical Guide
by Melanie Franklin
     

 

  9)      Running IT like a Business: Accenture’s Step-by-Step Guide
by Robert E. Kress
     

 

  10)  21st Century Chinese Cyberwarfare (Pre-order)
by Lieutenant Colonel Hagestad

 
 
 




May 21 2012

Organisations can achieve ISO9001 QMS certification quicker with a bespoke toolkit

Category: Information SecurityDISC @ 1:40 pm

Check out the ITG site for details

Ely, England, 21 May 2011 – IT Governance Ltd, the global leader in management system standards, information, books and tools, is advising organisations that the quicker they implement the Quality Management System standard ISO9001, the bigger their chances are to attract new customers in the current economic conditions.

Vendors who have been asked by their clients to implement the ISO9001 standard can now achieve this quickly and effectively by using the ISO9001 QMS Quality Management System Documentation Toolkit. It contains over 60 separate documents that will help organisations accelerate the development and implementation of an ISO9001 quality management system. The toolkit can be downloaded immediately here: QMS-ISO9001 Toolkit

ISO9001 is the best practice specification that helps businesses and organisations throughout the world to develop a best-in-class Quality Management System (QMS). According to BusinessLink UK Government more than 1 million organisations are currently certified against ISO9001. The advantages to businesses from implementing ISO9001 include:

•greater efficiency and less waste
•consistent control of major business processes, through key processes lists
•regulation of successful working practices
•risk management
•increased customer satisfaction
•greater consistency in the quality of products and services through better control of processes
•differentiation of your business from its competitors
•increased profits

The ISO9001 QMS Toolkit, developed by IT Governance, contains a quality management manual, and a full set of policies and procedures, in addition to the necessary forms, records and work instructions to underpin those policies and procedures. It is the complete toolkit for implementing an ISO9001 quality management system.

ISO9001 in Plain English




Tags: iso 9001, QMS

Mar 10 2012

Security Controls and Principles

Category: Information SecurityDISC @ 11:01 pm

For security controls to be effective, apply the pillars of information security

— Principle of least privilege
— Separation of duties
— Economy of mechanisim
— Complete mediation
— Open design

  • Least privilege is Need to Know principle or default deny -essentially, don’t permit more then required to meet the business requirement to avoid extra risk
  • For separation of duties we don’t want to give any individual so much control that they become a security risk without proper check and balance inplace
  • The principle of economy of mechanism basically says that more complexity we introduce into security system, creates potential for failures
  • Complete Mediation says that control cannot be bypassed – no unofficial back doors
  • Open design – the securty of the system must not be based on the obscurity of the mechanism

    • Information Security: Principles and Practice




    Feb 21 2012

    50 Top IT Project Management Challenges

    Category: Information Security,ISO 27kDISC @ 10:58 pm

    A summary of the challenges facing today’s IT project manager
    Discussions on project management forums highlight many of the challenges facing a project manager during the course of a project. Unclear requirements, scope creep and undefined roles are well-trodden issues that can derail a project. Other challenges are less obvious, often more subtle, but equally destructive.

    Facing up to the challenges
    This book offers a focused and concise summary of 50 challenges facing today’s IT project manager. The authors draw on years of practical experience (rather than classroom theory) to outline these challenges and offer useful tips and advice on how to deal with them.

    Challenge and response
    Readers of this book will be better equipped to respond to key project management challenges, including

    • Building the team – getting the right resources, matching skills/knowledge, defining roles and responsibilities.
    • Project scope – clarifying assumptions, avoiding ambiguity, getting the time/cost estimates right.
    • Politics – communicating with management and stakeholders, dealing with conflict, handling interference and micro-managing.
    • Risk awareness – identifying inside/outside influences, recognising inbound and outbound dependencies.
    • Time management – using the right planning tools, balancing work versus meetings.
    • Failure – handling the blame game, protecting the team, rescuing the project.

    This book condenses into a handy summary much of the information and advice that can be found in project management related books and discussion forums. It is an ideal reference for anyone involved in IT project management, from professional service organisations (PSO) and project management offices (PMO), through to active project managers and studying graduates.

    Buy this book and deliver your next project on time, on budget and to specification!

    About the authors

    Premanand Doraiswamy has over 14 years’ experience working in IT project management with Fortune 500 companies in various industries and is the author of IT Project Management – 30 Steps to Success, also published by IT Governance.

    Premi Shiv is a quality assurance specialist with 7 years’ experience in IT processes and management solutions. With an optimistic approach and organisational skills, she has carved a niche in quality assurance.




    Sep 01 2011

    Information Security eBooks Download

    Category: Information SecurityDISC @ 12:14 pm

    information security eBooks download sites

    Studiesinn InfoSec eBook

    Information-Security eBookee

    Strategic-Information-Security

    The-New-School-of-Information-Security

    Insider’s Guide to Security Clearances

    Information Threats

    Information Security Risk Analysis by Thomas R. Peltier

    Information Security Risk Analysis, 2 Ed. by Thomas R. Peltier

    Information Security Risk Analysis By Tom Peltier shows you how to use cost-effective risk analysis techniques to identify and quantify the threats–both accidental and purposeful–that your organization faces. The book steps you through the qualitative risk analysis process using techniques such as PARA (Practical Application of Risk Analysis) and FRAP (Facilitated Risk Analysis Process) to:

    Evaluate tangible and intangible risks

    Use the qualitative risk analysis process

    Identify elements that make up a strong Business Impact Analysis

    Conduct risk analysis with confidence




    Jul 07 2011

    Securing the Enterprise in a Changing World

    Category: Information SecurityDISC @ 10:31 pm

    RSA Conference 2011 Keynote – Securing the Enterprise in a Changing World – Bill Veghte

    An applications transformation has begun, creating both challenges and opportunities: with users (consumers) demanding everything as a service, anywhere, how can enterprises secure critical corporate infrastructure assets and information? Building security into applications, assessing risk– even before coding begins, and applying quality and operational management using ITIL concepts to the practice of security are key.

    Enterprise Security




    Jun 29 2011

    TSA Is NOT Security It’s A JOKE!

    Category: Access Control,Information SecurityDISC @ 10:10 pm

    “Security measures that just force the bad guys to change tactics and targets are a waste of money,” said Bruce Schneier, “It would be better to put that money into investigations and intelligence.”

    The security boss of Amsterdam’s Schiphol Airport is calling for an end to endless investment in new technology to improve airline security.
    Marijn Ornstein said: “If you look at all the recent terrorist incidents, the bombs were detected because of human intelligence not because of screening … If even a fraction of what is spent on screening was invested in the intelligence services we would take a real step toward making air travel safer and more pleasant.”

    “TSA Is NOT Security It’s A JOKE!” Issac Yeffet
    http://www.youtube.com/watch?v=s7pICJ0i6Jc

    Don’t touch my Junk




    Jun 28 2011

    InfraGard Insights: Separation of Duties and…

    Category: Information SecurityDISC @ 10:31 pm

    InfraGard is a FBI partner site – which is a public-private partnership devoted to sharing information about threats to US physical and Internet infrastructure.

    Discussion of two important principles of information security:
    Separation of Duties and the concept of least privilege and the Impact on System Administration.

    Principles of Information Security




    Jun 12 2011

    U.S. Underwrites Internet Detour Around Censors

    Category: Information Privacy,Information SecurityDISC @ 11:05 pm

    By JAMES GLANZ and JOHN MARKOFF

    The Obama administration is leading a global effort to deploy “shadow” Internet and mobile phone systems that dissidents can use to undermine repressive governments that seek to silence them by censoring or shutting down telecommunications networks.

    The effort includes secretive projects to create independent cellphone networks inside foreign countries, as well as one operation out of a spy novel in a fifth-floor shop on L Street in Washington, where a group of young entrepreneurs who look as if they could be in a garage band are fitting deceptively innocent-looking hardware into a prototype “Internet in a suitcase.”

    Financed with a $2 million State Department grant, the suitcase could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet.

    The American effort, revealed in dozens of interviews, planning documents and classified diplomatic cables obtained by The New York Times, ranges in scale, cost and sophistication.

    Some projects involve technology that the United States is developing; others pull together tools that have already been created by hackers in a so-called liberation-technology movement sweeping the globe.

    The State Department, for example, is financing the creation of stealth wireless networks that would enable activists to communicate outside the reach of governments in countries like Iran, Syria and Libya, according to participants in the projects.

    In one of the most ambitious efforts, United States officials say, the State Department and Pentagon have spent at least $50 million to create an independent cellphone network in Afghanistan using towers on protected military bases inside the country. It is intended to offset the Taliban’s ability to shut down the official Afghan services, seemingly at will.

    The effort has picked up momentum since the government of President Hosni Mubarak shut down the Egyptian Internet in the last days of his rule. In recent days, the Syrian government also temporarily disabled much of that country’s Internet, which had helped protesters mobilize.

    The Obama administration’s initiative is in one sense a new front in a longstanding diplomatic push to defend free speech and nurture democracy. For decades, the United States has sent radio broadcasts into autocratic countries through Voice of America and other means. More recently, Washington has supported the development of software that preserves the anonymity of users in places like China, and training for citizens who want to pass information along the government-owned Internet without getting caught.

    But the latest initiative depends on creating entirely separate pathways for communication. It has brought together an improbable alliance of diplomats and military engineers, young programmers and dissidents from at least a dozen countries, many of whom variously describe the new approach as more audacious and clever and, yes, cooler.

    Sometimes the State Department is simply taking advantage of enterprising dissidents who have found ways to get around government censorship. American diplomats are meeting with operatives who have been burying Chinese cellphones in the hills near the border with North Korea, where they can be dug up and used to make furtive calls, according to interviews and the diplomatic cables.

    The new initiatives have found a champion in Secretary of State Hillary Rodham Clinton, whose department is spearheading the American effort. “We see more and more people around the globe using the Internet, mobile phones and other technologies to make their voices heard as they protest against injustice and seek to realize their aspirations,” Mrs. Clinton said in an e-mail response to a query on the topic. “There is a historic opportunity to effect positive change, change America supports,” she said. “So we’re focused on helping them do that, on helping them talk to each other, to their communities, to their governments and to the world.”

    For remaining article on U.S. Underwrites Internet Detour Around Censors

    A version of this article appeared in print on June 12, 2011, on page A1 of the New York edition with the headline: U.S. Underwrites Internet Detour Around Censors..




    May 24 2011

    Learn to secure Web sites built on open source CMSs

    Category: App Security,Information SecurityDISC @ 9:26 pm

    CMS Security Handbook: The Comprehensive Guide for WordPress, Joomla, Drupal, and Plone

    Open Source Software certainly does have the potential to be more secure than its closed source counterpart. But make no mistake, simply being open source is no guarantee of security.

    Learn how to secure Web sites built on open source CMSs (Content Management Systems)

    Web sites built on Joomla!, WordPress, Drupal, or Plone face some unique security threats. If you’re responsible for one of them, this comprehensive security guide, the first of its kind, offers detailed guidance to help you prevent attacks, develop secure CMS-site operations, and restore your site if an attack does occur. You’ll learn a strong, foundational approach to CMS operations and security from an expert in the field.

    • More and more Web sites are being built on open source CMSs, making them a popular target, thus making you vulnerable to new forms of attack
    • This is the first comprehensive guide focused on securing the most common CMS platforms: Joomla!, WordPress, Drupal, and Plone
    • Provides the tools for integrating the Web site into business operations, building a security protocol, and developing a disaster recovery plan
    • Covers hosting, installation security issues, hardening servers against attack, establishing a contingency plan, patching processes, log review, hack recovery, wireless considerations, and infosec policy
    CMS Security Handbook is an essential reference for anyone responsible for a Web site built on an open source CMS.




    Tags: CMS, Drupal, Joomla, Open source, Plone, web security, WordPress

    May 19 2011

    Paying attention to basics is key to healthy security ecosystem, says panel

    Category: Information Security,Security AwarenessDISC @ 11:01 am

    Employee security awareness, firewalls, data leakage protection, and collaboration are all key components of a healthy information security ecosystem, according to a panel at the MIT Sloan CIO Symposium held Wednesday.

    The moderator, Owen McCusker of Sonalysts, asked the panel to describe what companies can do to create a healthy information security ecosystem.

    Michael Daly, director of IT security services at Raytheon, said that his company has developed information security guidelines that include employee security awareness training, firewalls and data segregation, and “command and control blocking” that focuses on outbound traffic.

    “There are always going to be vulnerabilities on your systems that are unpatched. There is nothing you are going to be able to do about it. So you ask yourself, ‘If I’m attacked, what am I going to do next?’ Watch for the traffic that is leaving your network. That is a key point”, Daly told conferences attendees.

    Defense in depth is a key information security strategy, noted David Saul, chief scientist at State Street, a Boston-based financial institution. “You need to use all of the tools you have available”, he stressed.

    “You need to have firewalls, you need to have data leakage protection….You need to have a combination of technologies…as well as employee awareness”, he said.

    Saul also recommended information security collaboration across industries. He noted that there is an organization in New England called the Advanced Cyber Security Center that brings together information security experts from the financial, defense, health care, energy, and high-tech industries to share best practices and threat information and expertise.

    Kurt Hakenson, chief technologist for Northrop Grumman’s Electronic Systems, added that collaboration should be not only across industries but also among industry peers.

    “Security folks tend to be protective about information about breaches. There is always a balance about sharing that information with your industry peers. You will find that for the operational folks that are involved in the day-to-day work, relationships are critical. Being able to get on the phone is so important, because the adversaries who are targeting you are using the same techniques. They are socially aware”, Hakenson said.

    Daly noted that Raytheon and Northrop Grumman are involved with the US government in Project Stonewall, a defense industry group that shares threat information in real time.

    Allen Allison, chief security officer at cloud service provider NaviSite, said that providers also share information about security threats. “We undertake analysis of what traffic should look like, does look like, or can look like compared to the norm. We share that with all of our partners”, Allison noted.

    This article is featured in:
    Compliance and Policy • Data Loss • Internet and Network Security • Security Training and Education

    There are always going to be threats and vulnerabilities in your infrastructure that are unaddressed, there is no such thing as an absolute security. Watch for the traffic leaving your company to monitor an incident and have a comprehensive incident handling program to manage an incident.

    It’s all about priortizing risks and mitigating them in cost effective way.

    Related Titles for Information Security Awareness




    May 16 2011

    Your Security For Your Personal Finances

    Category: cyber security,Information SecurityDISC @ 10:30 am

    by Consumer Reports

    Threats to Your Personal Finances and Six ways to Stay Safer

    Banking from a public computer
    Keylogging malware that can capture account numbers, passwords, and other vital data is a risk that has been linked to use of open Wi-Fi connections and public computers such as those in hotel lobbies.

    Using unfamiliar ATMs
    Thieves have been known to put out-of-order signs on a legitimate ATM and set up nearby freestanding bogus ones that “skim” data from your card. ATMs located inside banks within view of surveillance cameras aren’t risk-free, but they pose more challenges for crooks installing skimming equipment.

    Two other important pieces of advice related to ATMs: Separate your PIN code from your ATM or debit card. Almost 1 in 10 people carry their code with the card, says ACI Worldwide, a payment systems company. And when typing your PIN into an ATM or card reader, use your free hand to shield the keypad from the view of hidden cameras or anyone nearby.

    Dropping your guard at gas pumps
    Card-skimming at gas stations is likely to increase during summer months, especially in vacation areas, so use cash or credit cards at the pumps if possible. If you must use a debit card, select the option to have the purchase processed as a credit-card transaction rather than typing in your PIN.

    Ignoring your credit or debit cards
    Monitor your accounts at least weekly to spot and report unauthorized transactions as soon as possible. Use services offered by your bank or card issuer that can help protect you, such as an e-mail or text alert if a transaction occurs for more than a certain amount.

    Abandoning your receipts
    Many transactions, such as filling up your tank and making a debit-card withdrawal, leave a paper trail. Don’t toss away receipts in the ATM lobby or leave them at the gas pump. Hold on to them until your transactions have cleared your bank account to make sure the totals match. Then shred the receipts if they have any information a thief might use.

    Trashing your bills
    Thieves harvest sensitive data from account statements and other financial documents placed in the trash and use them for ID theft, says Inspector Michael Romano of the U.S. Postal Inspection Service. Shred them first.

    6 Ways to Stay Safer

    1. Watch out for imposters

    The fastest-growing scam in the past year has been imposter fraud, according to the latest annual report on consumer complaints from the Federal Trade Commission. Thieves claiming to be someone they’re not (such as a friend or relative stranded overseas in need of cash to get home, a bill collector, or an employee of a government agency) use Facebook messages, e-mail, phone calls, and text messages to persuade people to send money or divulge personal information such as Social Security or account numbers. Last year, 60,000 people reported that they were affected by this form of fraud, up from just five cases reported in 2008.

    2. Learn to parallel park
    Car thieves are becoming more professional. They’re stealing new cars by putting them on a flatbed tow truck, our expert says. Parallel parking hinders access to the front and rear of your car, making it difficult to tow. Also, be careful about whom you bump into at the grocery store, especially if your car has keyless entry and a push-button ignition. A thief with an antenna and a small kit of electronics can transmit your key’s code to another thief standing near your car, allowing him to open it, start it, and drive it away.

    3. Hide the stuff in your car
    Don’t leave electronics and other valuables visible inside your car. GPS units are less of a magnet these days; cell phones and laptops more so. Holiday gifts are a big target, so don’t stack them up in the backseat. Is there a worse move? Yes. Leaving your stuff in the back of a pickup truck.

    4. Change your PIN
    Make it a habit to routinely change the secret code for your debit card or ATM card. That gives you better protection against any thieves or skimming schemes.

    5. Keep a financial inventory
    Once a year take out all of the cards in your wallet, make a list of the account numbers and contact information you’ll need to cancel cards if they become lost or stolen, and hide it in a safe place, says Mark Rasch, a former Department of Justice computer-crime prosecutor who is a director at CSC, a business technology firm based in Falls Church, Va.

    6. Change your Wi-Fi password
    If you have a home wireless network, choose the highest-security option. That way your Web-browsing and financial transactions will be more protected. Go a step further and create your own administrative password rather than rely on a default password supplied by the router.

    Related titles to protect your personal & private information




    8 ways to protect your Facebook privacy




    May 09 2011

    The Business Case for Information Security Management System

    Category: Information Security,ISO 27k,Security ComplianceDISC @ 2:10 pm

    Today’s economy is about protecting the information assets which is essential to existence of an organization. After a major incident or a security breach it is unthinkable to say it is not going to affect your bottom line. Most of the organization has to comply with various standards and regulations and a breach in a state of non compliance will be business limiting factor, and the organization may be liable to contractual penalties and loss of potential business from current and future customers.

    So Information Security Management System defined as a protection of information from various threats and risks on daily basis. Therefore mitigating information security risks are becoming a critical corporate discipline alongside with other business functions such as HR, IT or accounting.

    Mitigating business risks not only improve the business efficiency but also maximize the return on investment and business opportunities.

    It is a mistake to assume that information security is solely a technical problem left for IT to solve. These titles below are a non-technical discussion of security information management. It offers a framework that will help business leaders better understand and mitigate risks, prioritize resources and spending, and realize the benefits of security information management.




    Apr 29 2011

    Top Five Hollywood Hackers Movie

    Category: cyber security,Information SecurityDISC @ 11:23 am

    Hollywood Sign

    Image via Wikipedia

    In movies the hacker tries to hack into a Department of Defense computer by speed-typing passwords. We all know reality is nothing like this and we see it as the joke that it is.

    But business management don’t see the inherent risks as affecting business bottom line but a hindrance to another new project; they don’t see the research, the probing, the social engineering, risk impact, risk probability and overall risk as security professional do. It is our job as a security professional to show the risks in business terms to management so they can make a reasonable decision based on business risk threshold rather than emphasis on hinderance to bottom line. Remember the return on investment in security is part of doing business, it’s about reducing risks on ongoing basis and keep the company profitable on long term basis (keep making the money).

    Emphasize management’s accountability for the risk and most importantly for residual risks (remaining risk after implementing a control). Put the onus on the Information Asset Owner who should be at the management level not a technical staff (may delegate responsibilities in small companies). Make clear recommendations but let them make the key decisions AND make them accountable if things may go wrong.

    So yes, management is more impressed by flash and glamour, Because they know and good at analyzing the business risks but take the security risks as business inhibiting to their new project and may like to accept the risks rather than taking the time to address the issue which should be a corrective control to mitigate the existing risk to acceptable level.

    What do you think – Do the Hollywood movies add any value in a sense to emphasis the information security risks as a threat to business folks or they just fictional stories which make business people ignore the information security threat?

    Which one is your favorite hacker movie….

    Below are the top three hackers movies

    3-Hackers, 2-Untraceable, 1-WarGames






    Tags: Business, Cinema of the United States, Hollywood, Information Security, Management, Risk, United States Department of Defense, WarGames

    Mar 04 2011

    Alex Jones Exposes Google’s Plan to Dominate the Internet

    Category: Information Privacy,Information SecurityDISC @ 10:55 pm

    Net Neutrality at Stake – Check it out how it matters to your privacy and security


    Expolre the titles below if Net Neutrality matters to you




    « Previous PageNext Page »