NEWS. July I FROM THE BOARD CHAIRMAN S CORNER 02 I NEWS FROM THE EICAR LEGAL ADVISORY BOARD

Size: px
Start display at page:

Download "NEWS. July I FROM THE BOARD CHAIRMAN S CORNER 02 I NEWS FROM THE EICAR LEGAL ADVISORY BOARD"

Transcription

1 6 01 NEWS EDITORMAY I EICAR European Expert Group for IT -Security Office Hauptstrasse 4 D Neubiberg Germany I FROM THE BOARD CHAIRMAN S CORNER 02 I NEWS FROM THE EICAR LEGAL ADVISORY BOARD July 03 I HANDLE WITH CARE - BUT DON T PANIC 04 I MICROSOFT SECURITY INTELLEGENCE REPORT, VOLUME 4 05 I FIVE STEPS TO IMPROVE YOUR ANTIVIRUS DEFENSE 06 I EICAR VIRUS PREVALENCE TABLE FEBRUARY I WHY WE DON T HAVE FEDERATED CONSUMER ONLINE IDENTITY 08 I STRATEGIES FOR ITIL SUCCESS OVERCOMING RESISTANCE TO CHANGE 09 I MOBILE AND REMOTE WORKING: IS IT SECURE? 1 0 I LITIGATION HOLDS 08 CONSULTING EDITOR: Rainer Fahs, Manuel Hüttl Eddy Willems CONTRIBUTORS Prof. Dr. Nikolaus Forgo, Dennis Jlussi, University Hanover; Richard Saunders, Microsoft; Mike Davies, VeriSign; George Spalding, Pink Elephant; Ken Turbitt & Atwell Williams, BMC Software; Ian Kilpatrick, Wick Hill Group; Ralph Kreter, Mimosa Systems EDITORIAL ADRESS Ter Borchtstraat 17 B-1982 Elewijt (Zemst) Belgium DESIGN

2 1 FROM THE BOARD CHAIRMAN S CORNER Rainer Fahs The EICAR Conference 2008 is just ahead of us and we all are looking forward to meeting with Birds of a Feather from all over the world to come together in a small French city called Laval. We have to be grateful for the arrangements Eric Filiol did with the French Forces for EICAR. Remembering the financial fiasco of 2007 and the uncertainties of not knowing when and how it would be resolved and how much financial damage would have been left, it was a tough decision to be made to go ahead and plan and arrange for a 2008 conference. Like a true military leader, used to make decisions, Eric stepped in and proposed to hold the EICAR 2008 conference in facilities offered by the French Forces at Rennes. Later on, due to internal decisions of the French Forces, which could not be influenced by Eric, the venue had to be changed to Laval. Recognising that Laval is not exactly a major city and a tourist attraction, we had to consider the advantage of the offer, the use of the facilities with no charge to EICAR, which was certainly the main driving factor for having a conference at all and accepting the generous offer from the French Forces. After the decision was made and Eric also volunteered to take on the responsibility as conference organiser, Vlasti Broucek, though already withdrawn from his position, offered his support and we gratefully accepted his offer. Eric and Vlasti did a great job in publishing the Call for Papers, establishing the paper review team and the procedures resulting in high quality papers submitted for our conference. More papers have been submitted as could have been accommodated in the program enabling us to select based on sheer quality of the papers. Unfortunately, papers had to be rejected and I would like to thank the authors for their efforts to submit the papers and encourage them to submit again at the next opportunity. In parallel Manuel Hüttl was busy finding sponsors for the conference and we noted a considerable change in the attitude of potential sponsors. It seems that the time of opulent budgets for the PR people in industry are over. Budgets are tight and the reasoning for spending have to be very sound and must be based on value added effects for the companies. Since the EICAR conference is not and never was a marketing event, it is extremely difficult to convince industry partners to sponsor our even. Having said this, we are even more grateful for those partners sponsoring the event in Laval On the same token, we noticed another trend and that is in the attendance of the conference. This trend is even worse! The number of paying participants is decreasing and it looks at the moment as if we will not be able to cover the actual expenses for the conference within the conference budget, meaning that EICAR members will have to pay in the end. EICAR has always waived the conference fee for presenters on the conference. This has been a long time tradition and I would fully support this for future events since it is a bit of a reward to those going through the efforts of preparing a presentation and, putting it under the scrutiny of a high level audience. However, this regulation was always limited to presenters and it is somehow regrettable to note that people cancelled their plans to enlist for the conference after it was clear that EICAR would not waive their conference fees. This trend is fatal for EICAR and its conference. It is not rocket science to plan a conference, but there are some basic arithmetic s involved. It is very simple and a matter of fact that a conference has some costs that need to be covered and there are limited options to get the funding. we can either try to cover the conference as a whole from the member s fees, which

3 2 NEWS FROM THE EICAR LEGAL ADVISORY BOARD will lead to higher fees, or we will have to get sufficient sponsoring for the conference, which was the case for the last years but seems to be not that easy any more. The third option is to cover the conference costs from the conference fees and here is the problem. If we have a conference with about thirty speakers and about 5 10 Board members and admin supporters or conference organising staff, all not paying conference fees, we would need at least the same number (30 40) paying the conference fee. If that is not the case (and that is obviously the case for this year), we will produce a deficit. The arguments about the location being an attractive location or not have been given some preference that I do not support. It always was our attempt to put a conference with high quality presentations together in support of research in the AV and other areas of IT security and our conference committee has been successful in succeeding this path for his year. It looks however, as if a great number of potential EICAR conference attendees are giving preference to the quality of the conference venue rather to the quality of presentations. EICAR members have to make a decision for the future. If preference is given to the location, it is questionable whether or not an organisation like EICAR is required to satisfy this requirement. EICAR was not established as a conference organising organisation and members at the next annual members meeting will have to make a decision on the future of EICAR and the conference organisation for the upcoming years. NEWS FROM THE EICAR LEGAL ADVISORY BOARD led by Prof. Dr. Nikolaus Forgo The EICAR Legal Advisory Board was founded upon the increasing role of legal issues in the context of information technology. Legislation does have an important impact on information security. It is crucial for the interaction between technology, organization and psychology that legislation is well understood and clearly transferred within the business workflow as well as the development lifecycle. The purpose of the EICAR Legal Advisory Board is to contribute to a better understanding of the problems involved in mastering information technology and their impacts on criminality and to propose elements of solution for individuals, organisations and society as a whole. The Legal Advisory Board will react on latest issues in terms of IT law that do either have an impact on the society as a whole or on the IT security industry and its protagonists. The Board will not provide legal counsel but will develop neutral and factual statements, position papers or comments. There is a team of experts representing the EICAR Legal Advisory Board that will be lead by Prof. Dr. Nikolaus Forgo. The Legal Advisory Board recently announced its first comment on the 202 of the German StGB. It describes the usage of hacker tools and the legal issues around it. Prof. Dr. Nikolaus Forgo

4 HANDLE WITH CARE - BUT DON T PANIC HANDLE WITH CARE BUT DON T PANIC CRIMINALISATION OF HACKER TOOLS IN GERMAN CRIMINAL LAW AND ITS EFFECT ON IT SECURITY PROFESSIONALS 3 Dennis Jlussi, University Hanover Implementation of 202c StGB 202c StGB (StGB = Strafgesetzbuch, German Criminal Code) has been implemented by the 41st amendment to the Criminal Code (41. StrÄndG) and is in effect as of August 11, The 41. StrÄndG also amended 202a, 202b, 303a and 303b StGB, which in substance criminalise illegal access to, and interception and interference of data and sabotage of computer systems and so make up the core computer crimes. 202c criminalises the preparation of those computer crimes, as committed by the production, procurement or distribution of hacker tools. 202c is Germany s transposition of Article 6 of the Council of Europe s Convention on Cybercrime, but the express exception for IT security tests, as in Article 6 (2) of the Convention, has not been transposed. Therefore, there is legal uncertainty among IT security professionals and concern about possible criminal proceedings. These concerns are not without any reason, because Article 6 (2) was not transposed into the wording of 202c and the German legislation could not be based on a constant legal practise, as there is no relevant higher jurisdiction about long existing similar preparation crimes (i.e. devices for counterfeit of banknotes or passports). Nevertheless, the risks of acting criminal can be minimised by complying with a few guidelines. So, in summary, there is no reason for panic, but hacker tools should be handled with care. Avoid the use of hacker tools 202c names two classes of hacker tools: Passwords (etc.) on the one hand and, on the other hand, computer programs that are primarily designed for committing computer crimes ( 202a, 202b, 303a, 303b). This is determined by an objective intended purpose, which is the purpose that would become obvious to a neutral and competent person. Therefore, IT security tools that are commonly recognised are not hacker tools, even not if the tools can also be used with bad intent (dual use tools). On the other hand, malware and exploits are in the scope of 202c, as the objective purpose of those programs is harmful, even though those tools can also be used for testing. Also, sharing information in human language is not a crime; descriptions of algorithms and procedures can be legally distributed among IT security professionals. Therefore, common IT security tools and descriptions in human language should be used preferably, if possible. Get an explicit authorisation If a hacker tool has to be used, an explicit authorisation is needed for justification. But, in German criminal law, 202c protects against abstract endangerments already. When a crime is only prepared, there is no effect on any intended victim s individual rights. Therefore, a consent to the acts of 202c as such is legally impossible. Nevertheless, 202c requires the preparation act to be promotive for an intended computer crime ( 202a, 202b, 303a, 303b). A justification by consent in terms of those sections is possible; if there is such consent, there cannot be any intent of committing a computer crime, and therefore, the preparation is legal. The authorisation has to be issued by a person with respective authority or procuration; if corporate computer systems may be used by staff for private use, the works council should also be involved. Journalise and secure the usage To be able to come up against any criminal proceedings, the procuration (including free downloads) and the intended use of hacker tools should be journalised as well as the actual use; the journal should be permanent and inalterable. Furthermore, unauthorised use of hacker tools should be avoided by secure storage and file access permissions.

5 4 MICROSOFT SECURITY INTELLEGENCE REPORT, VOLUME 4 There is no and has never been a way to prevent prosecutors from being overeager. But, by complying to this guidelines, IT security professionals can continue doing their jobs without worry. Situation in other countries The Cybercrime Convention has been signed by 43 member and observer states of the Council of Europe, including all EU member states, Japan and the US. Although the transpositions into national criminal law can be unique, it is likely that analogue problems occur and similar measures have to be taken by IT security professionals. A detailed statement by the author (in German) can be downloaded at JLUSSI_LEITFADEN_web.pdf MICROSOFT SECURITY INTELLIGENCE REPORT, VOLUME 4 Richard Saunders, Microsoft W W W Microsoft Corporation has made a significant investment over the past few years researching and combating malicious and potentially unwanted software, and in developing technology to help customers mitigate the security risk that it creates. As part of this investment, Microsoft created a dedicated antimalware team that is responsible for researching malicious software (or malware ) and potentially unwanted software. In addition, this team is responsible for the release and maintenance of the Microsoft Windows Malicious Software Removal Tool (MSRT) and Windows Defender. This report provides Microsoft Corp. s view of the security threat landscape over the six-month period of July through December Like previous editions, this report examines software vulnerabilities (both in Microsoft and third-party software), software exploits, malicious software and potentially unwanted software. In addition, this volume of the report provides insight into spam and phishing, and includes a detailed look at Win32/Nuwar also known as the storm worm. This volume also includes a section on security breaches. Below is a summary based on the report s key findings; the full report is available at Further information about Microsoft s security research and response efforts is available at Key Findings The total amount of malware removed from computers worldwide via the Microsoft Malicious Software Removal Tool (MSRT) continued to increase during the second half of By the end of this period, the MSRT executed on more than 450 million unique computers per month worldwide, resulting in the removal of malware from one out of every 123 computers each month. The second half of 2007 showed a decline in new vulnerability disclosures by 15 percent, the fewest disclosures since the second half of In addition, total vulnerability disclosures decreased by 5 percent overall in In a product-by-product comparison during the last report period, newer Microsoft products appear to be at less risk to publicly available exploit code than older products. This is especially notable for Microsoft Office. During the second half of 2007, there was a 300 percent increase in the number and proportion of trojan downloaders and droppers that were detected and removed. This increase is larger than the significant increase observed between the second half of 2006 and the first half of 2007, which suggests that this malware category is becoming the tool of choice for some attackers.

6 MICROSOFT SECURITY INTELLEGENCE REPORT, VOLUME 4 5 Between July 1 and Dec. 31, 2007, million pieces of potentially unwanted software were detected by the MSRT, resulting in 71.7 million removals. These figures represent increases of 66.7 percent in total detections and 55.4 percent in removals over the first half of Additional Findings S o f t w a r e Vu l n e r a b i l i t i e s The second half of 2007 marked a decline in the disclosure of high-severity vulnerabilities, while the full 2007 calendar year s high-severity disclosures continued to rise relative to previous years. Vulnerabilities requiring a low level of complexity to exploit continued to decrease in the second half of 2007, meaning the high-severity vulnerabilities disclosed are relatively harder to exploit, requiring at least some level of specialization. S e c u r i t y B r e a c h e s Exploits, malware and hacking accounted for no more than 23 percent of all security breach notifications recorded from 2000 through 2007, and they accounted for only 13 percent of security breach notifications during the second half of In the second half of 2007, 57 percent of the security breaches publicly disclosed involved lost or stolen equipment. M a l i c i o u s S o f t w a r e Malicious software has become an established tool for criminals, in pursuit of profit, to target hundreds of millions of computer users worldwide. The MSRT has proportionally cleaned malware from 60 percent fewer Windows Vista-based computers than those running Windows XP Service Pack 2. Similarly, the MSRT has proportionally cleaned malware from 91 percent fewer Windows Vista-based computers than those running Windows XP without any Service Pack installed. The prevalence of rogue security software continues to increase, with many common families delivered by trojan downloaders and other malware, as well as by conventional social engineering methods. The most prevalent rogue security software detected in the second half of 2007 was Win32/Winfixer, with more than five times as many detections as any other single family. As a general rule, more malware is found by the MSRT in developing countries and regions than in developed countries and regions. Win32/Nuwar, called the storm worm by some antivirus vendors, is a family of sophisticated trojan droppers and associated components discovered in early By continually updating and adapting Win32/Nuwar to thwart detection and removal efforts, its authors have created a botnet estimated to consist of more than a half million infected systems worldwide. Malware detections by country/region

7 6 FIVE STEPS TO IMPROVE YOUR ANTIVIRUS DEFENSE During the second half of 2007, the Win32/Nuwar authors continued to adapt their attacks both technically (by updating and developing the binary components that make up the Nuwar family of malware) and socially (by tailoring ed pitches and finding different ways to leverage the botnet s ability to send spam). The second half of 2007 was a period of consistent permutation and innovation for this threat. P h i s h i n g Phishing is still predominantly an English-language phenomenon. Typically, between 75 percent and 80 percent of the active phishing pages tracked by the Microsoft Phishing Filter in the second half of 2007 were English language pages, with European languages such as Italian, Spanish, German, French and Turkish accounting for much of the remainder. The top potentially unwanted software family detected in the second half of 2007 was Win32/Hot bar. Similar to malware infection trends observed across Windows operating systems, significantly less potentially unwanted software such as spyware and adware was found on Windows Vista-based systems than those with Windows XP Service Pack 2. Potentially unwanted software detections by country/region[1] Once predominantly -based, phishing attempts are increasingly being posted to social networks, exploiting the trust users place in these networks and in the social contacts developed through them. P o t e n t i a l l y U n w a n t e d S o f t w a r e Adware remained the most prevalent category of potentially unwanted software in the second half of 2007, increasing by more than 66 percent, from 20.6 million to 34.3 million detections. [1] Microsoft Security Intelligence Report volume 4, www. microsoft.com/sir <http://www.microsoft.com/sir> Note: the disinfection figures in this table include figures for disinfections of a comprehensive list of categories of potentially unwanted software beyond the top five list used in other parts of this document; this difference explains the differences you may see between this table and other figures in this report. FIVE STEPS TO IMPROVE YOUR ANTIVIRUS DEFENSE Eddy WillemsW W W One of the most important security issues service providers and value-added resellers (VARs) can discuss with customers is their antivirus protection strategy. After all, viruses are an indiscriminate security threat. A lot of smaller companies don t worry about security because they are not likely targets for hackers. Viruses are so common, though, that infections can occur in big companies, small companies and at home. This Checklist provides five steps to walk through with customers to gain a better understanding of their antivirus protection strategy and to help correct deficiencies. 1. Verify that customers are using antivirus software.

8 FIVE STEPS TO IMPROVE YOUR ANTIVIRUS DEFENSE 7 This one sounds obvious, but the first step to take with customers is to find out whether or not they are using antivirus software. When Microsoft released Windows Vista, most of the antivirus protection programs written for Windows XP no longer worked. I know of at least one major company that temporarily did away with its antivirus software so that it could move forward with a Vista deployment. I m sure that this is by no means common, but it does happen. Vista-compatible antivirus programs are plentiful now, and there is simply no excuse for leaving a PC unprotected. You may find, though, that you have customers who have simply forgotten that some of their PCs are unprotected. 2. Make sure antivirus software is up to date After you verify that your customer has antivirus protection software, make sure it s up to date. Smaller companies without a dedicated IT department often lack a true understanding of antivirus software. In such environments, you may find that people assume that once they are protected, they will always be protected. It s important that your customer understands that new viruses are constantly being discovered, and they must routinely update their antivirus software in order to remain protected. 3. Check to see how updates are being applied Next, check to see how antivirus updates are being applied. This may sound trivial at first, but this is a very important step in an antivirus protection strategy. Some organizations centrally manage antivirus definitions and automatically push them to the desktop; others allow each PC to download antivirus protection updates individually. If individual workstations are configured to download AV updates, it s important that updates are being applied in a reliable manner. I ve seen plenty of cases where end users are ultimately responsible for approving updates. In this situation, there are always a few machines left unprotected. I ve also seen situations where PCs are configured to download updates late at night. Unfortunately, half of the users turn off their PCs at the end of the day, and the updates are never downloaded. Today, most of the antivirus protection software on the market has evolved to the point that the situations I ve described don t apply. Even so, these types of situations are still sometimes an issue, and service providers need to make sure that customers are being adequately protected. 4. Use multiple scanning engines or defenses You need to find out whether customers are using multiple antivirus scanning engines. The basic idea behind using multiple scanning engines is to apply new virus signatures as soon as possible. When a new virus is discovered the antivirus vendors eventually come out with a signature for it, but you never know which antivirus company will be first. By using scanning engines from multiple vendors, you improve your chances of getting signatures for newly discovered viruses as quickly as possible. Most antivirus programs are designed so that they cannot be run alongside one another. But try to eventually have one other product or engine at another level. Another option is to use one antivirus protection product on desktops and a product from a different company on servers. When you use this type of model, no one machine is actually running multiple scanning engines, but you are still creating a two-tier protection model. 5. Check your customers antivirus licences product on desktops and a product from a different company on servers. When you use this type of model, no one machine is actually running multiple scanning engines, but you are still creating a two-tier protection model. One more important antivirus issue to take up with your customers is whether or not they have enough licenses to cover all of the antivirus software in use.

9 8 WHY WE DON T HAVE FEDERATED CONSUMER ONLINE IDENTITY Most companies add additional PCs and additional servers over time, and it s easy to forget that these new machines require software licenses. You can increase revenue while protecting your customers from piracy-related legal issues by helping them to understand the importance of purchasing a sufficient number of software licenses. QUESTIONS & ANSWERS Within this new column you can get answers from the specialists themselves. If you have some questions or some problems related to Anti-Virus or Security please send them to and we will try to give your questions to the most respected specialists in the Anti-Virus and Security world. No questions received this time. WHAT MEMBERS COULD DO! We ask you to send your statistics or incidents to us. Also, if you are looking at a new undetected specimen or if you have some problems with a document, spreadsheet or executable which could be infected, please send us this in a zipped file to the address vsample at wavci dot com. We can provide you with a solution within a few days from receiving this sample in case of infection. The samples or reporting of the statistics or incidents will be used for input for our report to the WildList. VIRUS PREVALENCE TABLE TOP 10 (TOP 10 February 2008 Version) 1. W32/Netsky 2. W32/Bagle 3. W32/ Mytob 4. W32/ MyWife 5. Psyme Trojan 6. Small Trojan 7. W32/ Mydoom 8. W32/Lovgate 9. W32/Stration 10. W32/Zafi - Virus Families - WHY WE DON T HAVE FEDERATED CONSUMER ONLINE IDENTITY Mike Davies, VeriSign What is a federated consumer online Identity? The general idea is that a consumer would have the ability to log on to one site and then automatically be able to log on to the different site with the same credentials (i.e. his or her identity would be transferable across multiple sites without the need to prove who that person was all over again). This of course makes the whole online commerce experience much easier and safer for the consumer and reduces the fraud that online companies experience. Why don t we have it now? I was involved in consumer authentication as far back as We were going to change the world with federated consumer online identities based on Public Key Infrastructure (PKI) technology. We didn t.

10 WHY WE DON T HAVE FEDERATED CONSUMER ONLINE IDENTITY 9 The reasons that my organisation at the time, and others since, failed are multiple but the major reason I think is something called Identity Proofing. Identity proofing Identity proofing refers to the process for deciding that the person who wants to start an online account at a site is really who they say they are. Think about an online book reseller such as Amazon. They ID proof a consumer by asking for valid credit card details with accompanying address data. That is fine for Amazon, but if that consumer then wanted to apply for a loan at an online bank they had no previous relationship with, the details provided to Amazon would not be enough for that bank to approve the loan. In other words the ID proofing needed for consumers at different sites varies. And ID proofing is expensive / time consuming. Imagine buying that book at Amazon, would you want to have to go through the same process that you did for an online loan to buy a book? What isn t different at the online book reseller and the online bank is the way that account is accessed after the account has been set up. Usually a username and password, sometimes referred to as a 1st factor of authentication. At sites such as online banking companies, the consumer might also be asked for second factor of authentication such as a password which can only be used once generated from a token (i.e. PinSentry from Barclays in UK) or a password from a number grid (i.e. TAN system in Germany). This second factor adds another layer of security which makes it very hard for a consumer to have his or her account taken over by a fraudster through techniques like Phishing. with the weakest security. So given that, I think it is fair to say that almost any online site where there is a value to the fraudster in gaining access to an account will start to experience This means that although the ID proofing element on each site may be different, the authentication methods used to access that account are starting to be a shared problem. Now when we take ID proofing out of a federated online identity, we can start to see that the remaining authentication elements can actually be federated. Look at Open ID. This federates the first factor of authentication (user name and password) across any site a consumer interacts with. Look at OATH (openauthentication.org) which federates the second factor of authentication across any site a consumer interacts with. I don t believe we will see a federated consumer online identity anytime in the near future, but like any problem, by breaking it down into smaller chunks we can start to see some major progress towards our goal of making it easy for a consumer to have secure online relationships which are easy for them to manage. About the Author Mike Davies is Director, Identity and Authentication services for VeriSign in Europe. To hear more about Mike s thoughts on Consumer Authentication go to his Blog at As the banks around the world have started to introduce second factor authentication the fraudsters have started to move towards other easier phishing targets like national tax revenue agencies, online gaming / gambling and even motorists associations! This trend will continue as fraudsters go for the sites

11 1 0 STRATEGIES FOR ITIL SUCCESS STRATEGIES FOR ITIL SUCCESS OVERCOMING RESISTANCE TO CHANGE George Spalding, Pink Elephant; Ken Turbitt, BMC Software; Atwell Williams, BMC Software According to Sharon Taylor, chief architect of IT Infrastructure Library (ITIL ) Version 3 (V3), ITIL is more than a series of processes that can be automated. She said the cultural part of ITIL cannot be automated. What Taylor is saying is that you cannot achieve instant success by simply building an ITIL-based repertoire of processes and deploying technology to support them. Success happens only if you also address the people side of the ITIL equation, along with the process and technology-related issues. ITIL V3 focuses on how organizations can adopt consistent, repeatable IT management processes for managing IT, integrate them across the IT organization, and understand how they touch business processes and services. Unfortunately, many organizations are so bogged down with day-to-day tasks that they don t often have the resources to develop standardized, repeatable, integrated processes for operations and support. In these environments, IT staff members may tend to create their own processes, and they are reluctant to give them up. This approach, unfortunately, promotes solo acts instead of teamwork, so it undermines integration and efforts at collaboration. Moreover, it reinforces a siloed approach to IT management. The resistance to change is perhaps the biggest obstacle to ITIL success. Promoting behavioral change is important to increasing the adoption of ITIL. Fortunately, it doesn t have to be a big-bang cultural change. In fact, a phased approach to ITIL adoption is best because it allows you to address people-related challenges through incremental behavioral changes. Business Service Management (BSM), an approach based on managing IT from a business perspective, facilitates ITIL adoption and promotes culture change. Defined and recommended within ITIL V3, BSM is an approach to running IT that combines best-practice IT processes and automated technology management with a shared view of how IT services support basic business priorities. With a BSM-focused approach and our six strategies for success, you can guide your IT staff through ITIL adoption with minimum disruption and pain. Strategy #1. Tackle Resistance to Change The key to getting people past resistance to change is managing objections effectively. To do that, you must first find out what the objections are, and then address and counter them in positive ways. You ll need a mandate from top management because it tells people that the change is inevitable. However, you still need to motivate people by showing them how the change will benefit them. An ITIL-based approach supported by BSM technology offers numerous advantages: Automating repetitive tasks and approaching more activities with business impact in mind enables IT people to perform their jobs more effectively and more easily, and with measurable and demonstrable results. IT staff add valuable skills to their repertoire when they learn industry best practices and gain a higher view of IT that enables them to better relate IT to the business. IT staff can demonstrate their contributions to business value using metrics that business managers understand. This raises visibility of IT value and the individual contributor s value to the organization, increasing job security.

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY? Contents Introduction.... 3 What Types of Network Security Services are Available?... 4 Penetration Testing and Vulnerability Assessment... 4 Cyber

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

Towards a Comprehensive Internet Security Strategy for SMEs

Towards a Comprehensive Internet Security Strategy for SMEs Internet Security Strategy for SMEs Small and medium-sized enterprises (SMEs) need a comprehensive Internet security strategy to be able to protect themselves from myriad web-based threats. Defining and

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information

Top Four Considerations for Securing Microsoft SharePoint

Top Four Considerations for Securing Microsoft SharePoint Top Four Considerations for Securing by Chris McCormack, Product Marketing Manager, Sophos is now the standard for internal and external collaboration and content management in much the same way Microsoft

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

By Ian Kilpatrick, chairman Wick Hill Group, specialists in secure infrastructure solutions.

By Ian Kilpatrick, chairman Wick Hill Group, specialists in secure infrastructure solutions. FEATURE AUTHENTICATION MARKET UPDATE 1540 words May 07 By Ian Kilpatrick, chairman Wick Hill Group, specialists in secure infrastructure solutions. USummary of feature * Breakdown of network security perimeter.

More information

Top five strategies for combating modern threats Is anti-virus dead?

Top five strategies for combating modern threats Is anti-virus dead? Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

NATIONAL GATEWAY SECURITY SURVEY

NATIONAL GATEWAY SECURITY SURVEY NATIONAL GATEWAY SECURITY SURVEY REPORT SUMMARY The National Gateway Security Survey 2008 was carried out for value added distributor Wick Hill, specialists in secure infrastructure solutions, and sponsored

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

End-user Security Analytics Strengthens Protection with ArcSight

End-user Security Analytics Strengthens Protection with ArcSight Case Study for XY Bank End-user Security Analytics Strengthens Protection with ArcSight INTRODUCTION Detect and respond to advanced persistent threats (APT) in real-time with Nexthink End-user Security

More information

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web

More information

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

InsightCloud. www.insightcloud.com. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS? What is InsightCloud? InsightCloud is a web portal enabling Insight customers to purchase and provision a wide range of Cloud services in a straightforward and convenient manner. What is SaaS? Software

More information

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

More information

Unified Threat Management, Managed Security, and the Cloud Services Model

Unified Threat Management, Managed Security, and the Cloud Services Model Unified Threat Management, Managed Security, and the Cloud Services Model Kurtis E. Minder CISSP Global Account Manager - Service Provider Group Fortinet, Inc. Introduction Kurtis E. Minder, Technical

More information

Security for NG9-1-1 SYSTEMS

Security for NG9-1-1 SYSTEMS The Next Generation of Security for NG9-1-1 SYSTEMS The Challenge of Securing Public Safety Agencies A white paper from L.R. Kimball JANUARY 2010 866.375.6812 www.lrkimball.com/cybersecurity L.R. Kimball

More information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security ITSC Training Courses Student IT Competence Programme SI1 2012 2013 Prof. Chan Yuen Yan, Rosanna Department of Engineering The Chinese University of Hong Kong SI1-1 Course Outline What you should know

More information

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit. Juniper Networks Next Generation Security for a Cybercrime World Lior Cohen Principal Solutions Architect Scott Lucas Director of Product Marketing, Branch Solutions Service Layer Technologies Business

More information

STRONGER ONLINE SECURITY

STRONGER ONLINE SECURITY STRONGER ONLINE SECURITY Enhanced online banking without compromise Manage your business banking efficiently and securely Internet banking has given business leaders and treasurers greater control of financial

More information

Securing Endpoints without a Security Expert

Securing Endpoints without a Security Expert How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

More information

WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments

WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com WHITE PAPER Malicious Code and Mobile Devices: Best Practices for Securing Mobile Environments Sponsored

More information

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper

Email Security: A Holistic Approach for SMB. 041: Email Security. Insight White Paper Implementing the latest anti-virus software and security protection systems can prevent many internal and external threats. But these security solutions have to be updated regularly to keep up with new

More information

Keystroke Encryption Technology Explained

Keystroke Encryption Technology Explained Keystroke Encryption Technology Explained Updated February 9, 2008 information@bluegemsecurity.com (800) 650-3670 www.bluegemsecurity.com Executive Summary BlueGem Security is introducing keystroke encryption

More information

Reducing the cost and complexity of endpoint management

Reducing the cost and complexity of endpoint management IBM Software Thought Leadership White Paper October 2014 Reducing the cost and complexity of endpoint management Discover how midsized organizations can improve endpoint security, patch compliance and

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

Protecting Your Organisation from Targeted Cyber Intrusion

Protecting Your Organisation from Targeted Cyber Intrusion Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology

More information

Proven LANDesk Solutions

Proven LANDesk Solutions LANDesk Solutions Descriptions Proven LANDesk Solutions IT departments face pressure to reduce costs, reduce risk, and increase productivity in the midst of growing IT complexity. More than 4,300 organizations

More information

Spyware: Securing gateway and endpoint against data theft

Spyware: Securing gateway and endpoint against data theft Spyware: Securing gateway and endpoint against data theft The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation

More information

Cisco SAFE: A Security Reference Architecture

Cisco SAFE: A Security Reference Architecture Cisco SAFE: A Security Reference Architecture The Changing Network and Security Landscape The past several years have seen tremendous changes in the network, both in the kinds of devices being deployed

More information

CA Host-Based Intrusion Prevention System r8.1

CA Host-Based Intrusion Prevention System r8.1 PRODUCT BRIEF: CA HOST-BASED INTRUSION PREVENTION SYSTEM CA Host-Based Intrusion Prevention System r8.1 CA HOST-BASED INTRUSION PREVENTION SYSTEM (CA HIPS) BLENDS ENDPOINT FIREWALL, INTRUSION DETECTION,

More information

How to Practice Safely in an era of Cybercrime and Privacy Fears

How to Practice Safely in an era of Cybercrime and Privacy Fears How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS

5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 5 DEADLY MISTAKES THAT BUSINESS OWNERS MAKE WITH THEIR COMPUTER NETWORKS AND HOW TO PROTECT YOUR BUSINESS 1 Introduction As small and mid-sized companies rely more heavily on their computer networks to

More information

10 Hidden IT Risks That Threaten Your Financial Services Firm

10 Hidden IT Risks That Threaten Your Financial Services Firm Your firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your business without IT. Today,

More information

UNCLASSIFIED. UK Email Archiving powered by Mimecast Service Description

UNCLASSIFIED. UK Email Archiving powered by Mimecast Service Description UNCLASSIFIED 11/12/2015 v2.2 UK Email Archiving powered by Mimecast Service Description Cobweb s UK Email Archiving, powered by Mimecast, provides businesses with a secure, scalable cloud-based message

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

Advantages of Managed Security Services

Advantages of Managed Security Services Advantages of Managed Security Services Cloud services via MPLS networks for high security at low cost Get Started Now: 877.611.6342 to learn more. www.megapath.com Executive Summary Protecting Your Network

More information

Top 10 Tips to Keep Your Small Business Safe

Top 10 Tips to Keep Your Small Business Safe Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

The PCI Dilemma. COPYRIGHT 2009. TecForte

The PCI Dilemma. COPYRIGHT 2009. TecForte The PCI Dilemma Today, all service providers and retailers that process, store or transmit cardholder data have a legislated responsibility to protect that data. As such, they must comply with a diverse

More information

always on meet the it department PROPHET managed services ebook Business Group Meet the Always On IT Department

always on meet the it department PROPHET managed services ebook Business Group Meet the Always On IT Department managed services ebook Meet the Always On IT Department meet the always on it department PROPHET Business Group 1 MEET THE ALWAYS ON IT DEPARTMENT As IT gets more complicated it gets easier for the daily

More information

Need to be PCI DSS compliant and reduce the risk of fraud?

Need to be PCI DSS compliant and reduce the risk of fraud? Need to be PCI DSS compliant and reduce the risk of fraud? NCR Security lessens your PCI compliance burden and protects the integrity of your network An NCR White Paper Experience a new world of interaction

More information

E Commerce and Internet Security

E Commerce and Internet Security E Commerce and Internet Security Zachary Rosen, CFE, CIA President, ACFE Czech Republic Chapter Introduction The Internet has become a global phenomenon reshaping the way we communicate and conduct business.

More information

What Do You Mean My Cloud Data Isn t Secure?

What Do You Mean My Cloud Data Isn t Secure? Kaseya White Paper What Do You Mean My Cloud Data Isn t Secure? Understanding Your Level of Data Protection www.kaseya.com As today s businesses transition more critical applications to the cloud, there

More information

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious

More information

The Key to Secure Online Financial Transactions

The Key to Secure Online Financial Transactions Transaction Security The Key to Secure Online Financial Transactions Transferring money, shopping, or paying debts online is no longer a novelty. These days, it s just one of many daily occurrences on

More information

Information Security Incident Management Guidelines

Information Security Incident Management Guidelines Information Security Incident Management Guidelines INFORMATION TECHNOLOGY SECURITY SERVICES http://safecomputing.umich.edu Version #1.0, June 21, 2006 Copyright 2006 by The Regents of The University of

More information

Data Centre. Business Intelligence. Enterprise Computing Solutions United Kingdom. Security Solutions. arrow.com

Data Centre. Business Intelligence. Enterprise Computing Solutions United Kingdom. Security Solutions. arrow.com Business Intelligence Data Centre Cloud Mobility Enterprise Computing Solutions United Kingdom Security Solutions arrow.com Safeguarding Data, Securing Business At Arrow, we work in a unique world that

More information

Microsoft Security Intelligence Report volume 7 (January through June 2009)

Microsoft Security Intelligence Report volume 7 (January through June 2009) Microsoft Security Intelligence Report volume 7 (January through June 2009) Key Findings Summary Volume 7 of the Microsoft Security Intelligence Report provides an in-depth perspective on malicious and

More information

BEST PRACTICE GUIDE TO SMALL BUSINESS PROTECTION: BACKUP YOUR SMALL BUSINESS INFORMATION

BEST PRACTICE GUIDE TO SMALL BUSINESS PROTECTION: BACKUP YOUR SMALL BUSINESS INFORMATION BEST PRACTICE GUIDE TO SMALL BUSINESS PROTECTION: BACKUP YOUR SMALL BUSINESS INFORMATION ENTER YOUR BUSINESS depends on electronic customer lists, confidential information and business records. Protecting

More information

10 Hidden IT Risks That Might Threaten Your Business

10 Hidden IT Risks That Might Threaten Your Business (Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine

More information

Instant Messaging and Security

Instant Messaging and Security Strategic Guide Instant Messaging and Security Businesses recognise that instant messaging can help to improve employee productivity, but are often reluctant to sanction its use due to concerns about security.

More information

Incident Response Plan for PCI-DSS Compliance

Incident Response Plan for PCI-DSS Compliance Incident Response Plan for PCI-DSS Compliance City of Monroe, Georgia Information Technology Division Finance Department I. Policy The City of Monroe Information Technology Administrator is responsible

More information

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements

Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Securing Wireless Networks for PCI Compliance Using Fortinet s Secure WLAN Solution to Meet Regulatory Requirements Introduction In the wake of many well-documented data breaches, standards such as the

More information

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology

ARCHITECT S GUIDE: Comply to Connect Using TNC Technology ARCHITECT S GUIDE: Comply to Connect Using TNC Technology August 2012 Trusted Computing Group 3855 SW 153rd Drive Beaverton, OR 97006 Tel (503) 619-0562 Fax (503) 644-6708 admin@trustedcomputinggroup.org

More information

Streamlining Web and Email Security

Streamlining Web and Email Security How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

More information

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS

THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS THREE KEYS TO COST-EFFECTIVE SECURITY FOR YOUR SMALL BUSINESS Learn more about Symantec security here OVERVIEW Data and communication protection isn t a problem limited to large enterprises. Small and

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management RECORDS MANAGEMENT RECORDS MANAGEMENT SERVICES Cost-Effective, Legally Defensible Records Management Does This Sound Familiar? A data breach could send our share price tumbling. I need to minimise our

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate

More information

Building a Business Case:

Building a Business Case: Building a Business Case: Cloud-Based Security for Small and Medium-Size Businesses table of contents + Key Business Drivers... 3... 4... 6 A TechTarget White Paper brought to you by Investing in IT security

More information

IT Security. Securing Your Business Investments

IT Security. Securing Your Business Investments Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information

More information

Malware & Botnets. Botnets

Malware & Botnets. Botnets - 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

Global IT Security Risks: 2012

Global IT Security Risks: 2012 Global IT Security Risks: 2012 Kaspersky Lab is a leading developer of secure content and threat management solutions and was recently named a Leader in the Gartner Magic Quadrant for Endpoint Protection

More information

High Speed Internet - User Guide. Welcome to. your world.

High Speed Internet - User Guide. Welcome to. your world. High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

More information

Clean VPN Approach to Secure Remote Access for the SMB

Clean VPN Approach to Secure Remote Access for the SMB Clean VPN Approach to Secure Remote Access for the SMB A clean VPN approach delivers layered defense-in-depth protection for the core elements of business communications. CONTENTS Extending Business Beyond

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

Network Security. Intertech Associates, Inc.

Network Security. Intertech Associates, Inc. Network Security Intertech Associates, Inc. Agenda IT Security - Past to Future Security Vulnerabilities Protecting the Enterprise What do we need in each site? Requirements for a Security Architecture

More information

How to reduce the cost and complexity of two factor authentication

How to reduce the cost and complexity of two factor authentication WHITEPAPER How to reduce the cost and complexity of two factor authentication Published September 2012 48% of small and medium sized businesses consistently cite technical complexity and cost of ownership

More information

McAfee Total Protection Reduce the Complexity of Managing Security

McAfee Total Protection Reduce the Complexity of Managing Security McAfee Total Protection Reduce the Complexity of Managing Security Computer security has changed dramatically since the first computer virus emerged 25 years ago. It s now far more complex and time-consuming.

More information

Neoscope www.neoscopeit.com 888.810.9077

Neoscope www.neoscopeit.com 888.810.9077 Your law firm depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine your practice without IT. Today,

More information

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs IBM Global Technology Services Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs Achieving a secure government

More information

Security Practices for Online Collaboration and Social Media

Security Practices for Online Collaboration and Social Media Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate

More information

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril. Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

More information

We ve got the UK covered

We ve got the UK covered We ve got the UK covered Be Better Together Do more with less IT security for Local Government and the Emergency Services To find out more visit: Sophos.com/BeBetterTogether A Sophos Whitepaper: We ve

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS

YOUR HIPAA RISK ANALYSIS IN FIVE STEPS Ebook YOUR HIPAA RISK ANALYSIS IN FIVE STEPS A HOW-TO GUIDE FOR YOUR HIPAA RISK ANALYSIS AND MANAGEMENT PLAN 2015 SecurityMetrics YOUR HIPAA RISK ANALYSIS IN FIVE STEPS 1 YOUR HIPAA RISK ANALYSIS IN FIVE

More information

10 Steps to Establishing an Effective Email Retention Policy

10 Steps to Establishing an Effective Email Retention Policy WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION

More information

Strategies for Developing a Document Imaging & Electronic Retention Program

Strategies for Developing a Document Imaging & Electronic Retention Program Is it okay to destroy the paper source records? Are there any exceptions? Strategies for Developing a Document Imaging & Electronic Retention Program How do we ensure the program will stand up in court?

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

The Four-Step Guide to Understanding Cyber Risk

The Four-Step Guide to Understanding Cyber Risk Lifecycle Solutions & Services The Four-Step Guide to Understanding Cyber Risk Identifying Cyber Risks and Addressing the Cyber Security Gap TABLE OF CONTENTS Introduction: A Real Danger It is estimated

More information

Key Steps to a Secure Remote Workforce

Key Steps to a Secure Remote Workforce Key Steps to a Secure Remote Workforce Telecommuting benefits the employee and the company, the community and the environment. With the right security measures in place, there s no need to delay in creating

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

BOYD- Empowering Users, Not Weakening Security

BOYD- Empowering Users, Not Weakening Security BOYD- Empowering Users, Not Weakening Security Table of Contents Exec summary... 3 Benefits of BYOD... 4 Threats that BYOD Harbours... 5 Malware... 5 Data Leakage... 5 Lost or Stolen Devices... 5 Public

More information

Are Mailboxes Enough?

Are Mailboxes Enough? Forensically Sound Preservation and Processing of Exchange Databases Microsoft Exchange server is the communication hub for most organizations. Crucial email flows through this database continually, day

More information

Statistical Analysis of Internet Security Threats. Daniel G. James

Statistical Analysis of Internet Security Threats. Daniel G. James Statistical Analysis of Internet Security Threats Daniel G. James ABSTRACT The purpose of this paper is to analyze the statistics surrounding the most common security threats faced by Internet users. There

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information