This is a great article (Computer World), discussing the benefits of banks and financial institutions meeting compliance and governance codes, as they will be able to offer security as a value-added service to their competitors, thats right competitors. As banks are racing to comply with the Sarbanes-Oxley Act’s internal reporting requirements by the July 15, 2006 there may be a move to share infrastructure information and processes to not only meet compliance, but cover the costs of doing so.
March 31, 2006
Can compliance be a selling point?
March 30, 2006
Ex-Hacker talks internal security
In the 1980s Robert Schifreen was the first man in the UK to face trial by jury for crimes connected with computer hacking. His ultimate acquittal on all charges led directly to the introduction of Britain’s Computer Misuse Act 1990.
Twenty years on and Schifreen is a respected writer, broadcaster and trainer specializing in IT security. To coincide with the launch of his latest book, Schifreen has teamed up with security vendor Centennial Software to host an online seminar entitled “Defeating The Internal Hacker“.
This 40-minute webinar will take place at 12.30GMT on Thursday 20th April and will explore the key issues around internal security, considering different ways organizations can combat the main risks. Registration for the seminar is free.
Your entire life on a USB stick
It may be a techno-geek’s wet dream, but can a 64GB USB flash drive really be a good thing? OK, so you really could carry your entire life around on a key chain; but then a device like this could also be used to steal a multi-national’s entire customer database in one fell swoop.
Just imagine losing this little beauty down the back of the sofa, or in a hire car, or on a plane…. Not only would the $5,000 loss leave you in tears, just how much data would be left at risk? Well, 64GBs worth, potentially.
As we have seen in the media time and time again, these devices are inherently insecure, being so easily lost, stolen or used for ill purposes. Is this perhaps a case of technology evolving because it can, not because it should?
Police hunt data thief
A systems manager caught on security CCTV making illegal copies of customer records is being hunted by Japanese police after the stolen data was used to make withdrawals of 31 million yen (US$256,000, £151,000) in October 2005 and February 2006.
The victims are said to be 17 account holders at Orix Credit Corp. The stolen data, was used to forge Orix loan cards.
Police say the 54-year-old male wanted for questionning has gone into hiding.
March 29, 2006
Data theft leads to intelligent lockdown
Imagine a disgruntled employee taking the data from your network, burning it onto a CD and then selling that disk to a competitor. It’s not a nice thought.
Jeff Schmitt at Motor Information Systems doesn’t need to imagine it; his company suffered at the hands of a data thief, leading them to overhaul their internal security policies and measures.
The company has implemented DeviceWall from Centennial Software to help prevent a repeat data theft, by automatically blocking all unauthorized attempts to copy data from company PCs to devices (including CDs, iPods, USB thumb drives etc.).
Although DeviceWall does allow Schmitt to enable certain users to access specified devices, he says these are few and far between, and is unapologetic for his strict approach to data security. Even with 100 years of data on the network, a single 300GB external USB drive could suck up the vast majority of the organization’s files in a single sitting.