Latest Security management and policies News

Improper risk assessment can have disastrous consequences
posted on 28/04/2009

With all the doom and gloom of the past few months and billions of whatever currency you like being poured into the economy I have to report on a ray of hope. I think my son may have hit on the solution completely inadvertently. He’s not a renowned economist, just an honest, hard working car mechanic. However having written off the fifth car in the last three years, although credit where it’s due, this time it was his fiancée that managed it, not only is he trying to save the motor industry single handedly but at the same time his insurance premiums have reached a level where he may be also saving the financial sector. Not only that, but out of sympathy I’ve had to break open the reserves and help finance number six which of course means that what money I had left is now circulating. But what may you ask does this have to do with IT. Actually quite a lot because his latest accident triggered a chain reaction that we’re all too familiar with. Firstly a lack of Risk Assessment resul... [more]

A third of company workers would give over their company secrets for the right price
posted on 27/04/2009

Researchers from Infosecurity Europe asked workers what it would take to tempt them to download and hand over sensitive company information to a stranger, offering incentives ranging from a ‘slap up meal’ to offers of over ten million pounds. Would you sell your company’s secrets to a stranger for a million pounds? That’s the question put to 600 commuters last week at busy London railway stations and a third (37%) admitted that they would give over their company’s secrets for the right price. Of the 37% of workers who could be corrupted 63% would only hand over sensitive data for at least one million pounds, 10% would do it if their mortgage was paid off, 5% would do it for a holiday, 4% for getting rid of their credit card debt and 5% would do it for a new job. The surprised researchers couldn’t believe their ears when 2% of the workers admitted that they would hand over their company’s crown jewels just for a free slap up meal. The types of information that the workers had ... [more]

Network Defence network-scanning solution will help NHS Trusts improve network security and prevent data loss
posted on 23/04/2009

Network Defence has announced the launch of the UK's first N3 network vulnerability scanning service for NHS Trusts. The service will ensure that NHS Trusts fully comply with Information Governance standards and regularly assess systems and networks for malicious threats and potential data loss. This brand new service is the first of its kind in the UK and is set to kick off a new trend in N3 network security for NHS organisations looking to further protect their network. David Beesley, managing director for Network Defence, said: "We are really excited about our new service as not only does it rigorously scan the N3 facing network for any weaknesses or potential threats, but it does this while the system is live - enabling us to identify any vulnerabilities without disrupting business continuity. This is crucial for busy organisations, such as NHS Trusts, who need to have access to their data at all times." "The service is already being used by one NHS organisation and with more... [more]

SMEs focus too much on external threats
posted on 22/04/2009

According to GFI Software's SME Security Report, whilst the basics of IT security have been implemented widely (96% have installed anti-virus, 85% possess anti-spam measures and 92% assign user passwords), only a worryingly low 45% of respondents have any form of portable storage device network access management measures in place. Walter Scott, CEO of GFI Software, comments, “Too much emphasis has historically been placed upon the need for anti-virus and anti-spam applications – external threats – and this has led to the common belief that with these, your network is secure enough. A secure network depends on many other factors and, unfortunately, the internal threat is far too often being ignored. There is a pervasive indifference towards monitoring the whereabouts of data and its ability to accessed or copied.” Scott continues, “Endpoint security is absolutely critical even in the best financial times, but with the economy prompting more and more redundancies, there are more disgrun... [more]

Implementing Network Access Control
posted on 08/04/2009

When done right, Network Access Control (NAC) offers a myriad of benefits. These include on-the-fly authentication of appropriate users and ensuring that all end-point devices get access only after they’re proven to be compliant to internal security policies. However, many NAC solutions are designed in such a way that they require significant, and often convoluted, changes to existing network infrastructure. Whether it’s network appliances that need to be installed at each location, or client-side agents that must reside on each end-point, many NAC solutions require not only significant up-front investment and system and network changes — but also continuous feeding and caring. All of this overhead reduces the cost benefits that should be realized from a NAC solution. As you are considering a NAC solution, you should select one that limits the number of hardware, configuration, and network changes. By minimizing the alterations to your organization, you’ll save on your deployment cos... [more]

Other Security news and resources