SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
Planet SDA-India
Information insecurity is costing us billions. There are many different ways in which we pay for information insecurity. We pay for it in theft, such as information theft, financial theft and theft of service. We pay for it in productivity loss, both when networks stop functioning and in the dozens of minor security inconveniences we all have to endure on a daily basis. We pay for it when we have to buy security products and services to reduce those other two losses. We pay for the lack of security, year after year.
In this age of global networking, full and thorough information security is essential. That is why Crypto develops and produces its security solutions itself for all common network technologies and protocols. High-security solutions from Crypto are always individually tailored to the customer's security policy. The symmetric encryption is done in a tamper-proof hardware security module with a customer specific encryption algorithm. The flexible security architecture allows complex, protected group-relationships to be formed and managed with a user-friendly security management at the same high level of security.
Information Week recently ran an interesting cover article about the hacker economy. Hacking is no longer a teenager hobby sport. It’s organized crime. Lots of money is at stake. According to the article, the market for stolen identities has reached $1 Billion (citing statistics from IDC). Talk about a trend.
The Role of Legal Counsel in Information Security Risk Assessment ...
John R. Christiansen
| Link to this blogLegal counsel can and should play an important role in information security legal compliance and risk management. While the implementation of many security safeguards requires substantial technical knowledge, the development and selection of specific security policies, procedures and technical requirements for purposes of legal compliance and risk management requires the integration of such technical knowledge with legal interpretation and strategic risk management insight.
Information insecurity is costing us billions. There are many different ways in which we pay for information insecurity. We pay for it in theft, such as information theft, financial theft and theft of service. We pay for it in productivity loss, both when networks stop functioning and in the dozens of minor security inconveniences we all have to endure on a daily basis. We pay for it when we have to buy security products and services to reduce those other two losses. We pay for the lack of security, year after year. Fundamentally, the issue is insecure software. It is a result of bad design, poorly implemented features, inadequate testing and security vulnerabilities from software bugs. The money we spend on security is to deal with the myriad effects of insecure software. Unfortunately, the money spent does not improve the security of that software. We are paying to mitigate the risk rather than fix the problem. The only way to fix the problem is for vendors to improve their software. They need to design security in their products from the start and not as an add-on feature. Software vendors need also to institute good security practices and improve the overall quality of their products. But they will not do this until it is in their financial best interests to do so. And so far, it is not.
Cybertrust and CoreStreet Launch Government Smart Card Credential ...
Smart Card Alliance
| Link to this blogCybertrust®, the global information security specialist, and CoreStreet, a leader in software for smart credential and convergence programs, today announced collaboration around government smart card credentialing. Aimed at validating Federal Information Processing Standard (FIPS) 201-compliant smart cards, the U.S. Department of Defense Common Access Card (DoD CAC) and smart cards issued as part of numerous national ID and health card programs around the globe, this service provides customers with a cost-effective end-to-end alternative to deploying their own Public Key Infrastructure. Cybertrust is offering a validation service that enhances the deployment of CoreStreet’s PIVMAN™ System for government smart credential checking. The PIVMAN System consists of server software and handheld devices designed to allow authorized personnel the ability to control access to any site by quickly authenticating and validating the roles and identities of individuals wishing to enter an area. It provides those on the frontlines with the ability to immediately check and verify the status of any FIPS 201-compliant credential. Performing mobile validation, particularly in a communications-out environment, is critical in emergencies and first responder situations, such as natural disasters, as credentials can be verified across federal, state and local agencies and among jurisdictions.
I use Skype every weekend to talk to and see my son’s family. Ironically at work I am plotting to block it because of the potential security threat. Our CIO does not mind but asks for some substantiation coming from reputable source, like Gartner or alike. Unfortunately Gartner and other sources are talking really focusing more on Skype usage then the potential threat or known P2P vulnerabilities.I could not find any strict warning or firm recommendation to ban it from the corporate environment based on the real break. May be you have stumbled on this subject during your constant quest for truth?
