Agape Blog

The field of information security has grown and evolved significantly in recent years. Every organization that provides services to people, be it governments, military, corporates, financial institutions, hospitals, or private businesses, amass a great deal of confidential information about their employees, customers, products, research, etc. Today, most of this information is collected, processed and stored on electronic computers and transmitted across networks to other computers. This increases the risk of unauthorized access or use of the sensitive information. And this is where implementation of the information security policies becomes very important.

There are many information security professionals around the globe, serving their best for safeguarding their client information. And awards and recognition by your peers always boosts you confidence and helps to take on more challenges.

Recently, Executive Alliance announced the winners for the Information Security Executive (ISE) of the Year and Project of the Year North America Awards for 2008. Executive Alliance is the creator and provider of premium leadership recognition forums worldwide. Over 50 industry leaders and project teams from across the United States were honored in the areas of Academic, Government, and Commercial for their achievements in information security. Christopher Leach, Chief Information Security Officer and Senior Vice President of ACS, was awarded with the ISE People’s Choice Award. He received the award from the community of peers attending the event who voted him as the executive with the most exemplary attributes of a leader in the security industry.

Such awards always help any individual or team as their work is acknowledged and judged by someone who knows the industry inside out. More such initiatives would definitely help in promoting Information Security as a strong career option for the next generation.

The Information Security Summit (ISS 2008) is organized by major information security organizations in Hong Kong with the aim to give information security practitioners practical insights into the latest development and trends of information security. The summit will run through 17 - 21 November 2008. Experts in various areas of security will share their experience and knowledge. The theme for the summit is Enhancing Mobility Security in an Information Collaboration World.

This summit has been successfully organized in the previous five years. And hence, this year’s summit will include a one-day conference and a number of workshops demonstrating management and technical theory, applications and practical experiences on all aspects of information security - convergence, compliance and certification topics.

The summit will include expert speakers like Wilson Fung, Jeremy Godfrey, Mike Johnson, Richard Stagg and many more. Organizations like IEEE, WTIA, IET and BCS have actively supported this summit.  More details about this summit can be had from ISS 2008 website.

ISACA is organising its 4th annual European Information Security Management Conference from November 10 through November 12. This year’s conference will be held at Amsterdam, The Netherlands. The tag line for this conference says, “Providing Strategic Vision for Information Security Managers.”

As the tag line says, this event is designed for experienced information security managers and those who have information security management responsibilities. The combination of management focus and highly detailed content will provide you with an opportunity to customise your conference experience to meet your specific interests and professional needs. Experienced professionals as well as new or aspiring Certified Information Security Manager (CISM) holders will find great value in the conference.

The conference will provide modern day solutions to address various issues like:

1. Skills Necessary to be an Effective Security Leader
2. Security Knowledge Management
3. Transforming Information Security to Information Risk Management
4. Data Loss Prevention: Concepts and Solutions
5. Designing and Implementing Vendor Security Compliance Programmes
6. Threat and Vulnerability Analysis

New way of fraud and internet scam (Internet Service Provider Consortium fraud)

This is to aware the chief executives of every company about the new way of fraud and internet scam. They might receive an mail (sample given below) which is scam and completely trying to compromise the system as well as network. The sender poses itself as a part of Internet Service Provider Consortium fraud team.

Here’s how the email would look like:

From: Monitoring Team
Date: 11/08/08 08:33:29
To: client
Subject: Your internet access is going to get suspended

Your internet access is going to get suspended.

The Internet Service Provider Consortium was made to protect the rights of software authors, artists.

We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet which were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.

Sincerely
ICS Monitoring Team

The analysis of cases reveal that these are new way of social engineering techniques to enter into the secure network or system. They provide attachment which is Trojan dropper, which will install after opening the detail attachment.  After installation system will be in a compromised state and the whole information of the system will be sucked  passively.

Remedial method to safeguard yourself from such an email is by deleting such an email straightaway. Also do not open the attachments.

For further assistance please mail to advice [at] agapeinc [dot] in

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information Systems Security Certification Consortium (commonly known as (ISC)²). And CISSP education is a means of educating individuals about how information security works, how to go about making information secure, and how to ensure that it stays that way.

CISSP Education has to do with keeping information secure. When you want to maintain the integrity and private nature of information in the age of the internet, you need people who are trained to do just that. They have to be able to protect your information by creating a system that can defend itself against unauthorized entry from outside sources. This is the essence of CISSP Education.

Imagine the consequences of intercepted credit card numbers, social security numbers, and bank accounts that are openly accessible to anyone with enough knowledge of computer hacking. Without the existence of information security, the results would be disastrous.

Remember, a security guard may be able to protect information that is stored in a warehouse but to protect your network, you need someone with CISSP education. It is a way of policing the network.

For more information on CISSP certification, visit: http://www.isc2.org/cissp/default.aspx

Did you know that Data loss is now being reported almost on a weekly basis. And our natural assumption is that the cause of these breaches is due to criminal or malicious intent. Of course, this is one of the reasons but have you ever considered that with more flexible and mobile working conditions, employees are putting data at risk too.

With companies facilitating their employees with the ability to work from home can lead to serious threats to sensitive data. Imagine what would happen if:
1. An employee leaves his or her laptop on the reception after a long day out seeing customers?
2. A memory stick falls out of the pocket of an employee while catching the last train.
3. A kid of an employee sends a drafted email to unwanted recipient.
4. Or maybe the kid deletes some important data accidentally?

So the obvious question is: How can technology be adopted to protect the company’s assets but at the same time not impact upon the employee’s productivity? To answer this and many other related questions, Julian Jago, security solutions director, Netstore will be addressing via a webcast today. The time for the same is 14:30 - 15:30 (UK Time).

Registration for the webcast is free and Paul Fisher would be chairing the discussion.