The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations Breaking Global News
Global Compliance and Privacy News – Breaking News, updated every 30 minutes
• Compliance, Privacy and Security
• Money Laundering
• Regulatory Issues
• SOX, Basel 2, MiFID News
How the New EU Rules on Data Export Affect Companies in and Outside the EU – Thomas Helbing
Farmers’ Data Leak Highlights Old Technology Use – Wick Hill
Saving Money with SFTP – Wick Hill
UK Information Commissioner targets firm selling vetting data – Eversheds e80
12 Key Steps to Internet Security – Wick Hill
Telephone Monitoring Legality in the UK – Dechert
Firewall or UTM – Wick Hill
UK Information Commissioner demands mobile device encryption – Eversheds e80
Data loss – liability, reputation and mitigation of risk – Eversheds e80
Phorm, Webwise and OIX – BCS Security Forum
The challenges of PCI DSS compliance – Thales, Russell Fewing
“Quality” Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 – Wick Hill
Unified Threat Management – Watchguard Technologies
Trust is not about SSL, It’s about Domains – ComplianceAndPrivacy Survey
Centralised UTM – a Wick Hill White Paper
Mobile & Remote Working – Is it secure? Wick Hill
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]Industry Blogs
• Tim Berners Lee’s Blog
• Tim Callan’s SSL Blog
• Davis Wright Tremaine’s Privacy & Security Law Blog
• Emergent Chaos Blog
• Michael Farnum’s Blog
• Phillip Hallam-Baker’s Blog – The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
• Stuart King’s Security and Risk Management Blog
• David Lacey’s IT Security Blog
• Metasploit Official Blog
• Jeff Pettorino’s Security Convergence Blog
• Jeff Richards’s Demand Insights Blog
• David Rowe’s Risk ManagementBlog
• Bruce Schneier’s Security Blog
• Larry Seltzer’s Security Weblog
• Mike Spinney’s Private Communications Blog
• Richard Steinnon’s Threat Chaos Blog
• The TechWeb Blog
• Tim Trent’s Marketing by Permission Blog
• Rebecca Wong ‘s DP Thinker Blog Newsletters
23 February Newsletter
Newsletter Archives are located in “News” Industry Update
Internet Security Intelligence Briefing – November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/SpywareReports
Phorm, Webwise and OIX – BCS Security Forum
‘The Any Era has Arrived, and Everyione has Noticed‘ – Stratton Sclavos – VeriSign
Identity Security – Time to Share
Malicious code threats – iDefense
Public Alerts – updated as they happen from Stopbadware.org
Public Alerts – updated as they happen from Websense
dvisories – updated as they happen, from iDefense
Phoraging – Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60 Security Reviews
February 2007 – VeriSign Security Review
The security review archive is here Case Studies
Case Study Example
A case study on a Finance industry company.White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service – description of the service
Life of a Threat – Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance – Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library Legal Notices
Current News Updates
By Ian Kilpatrick, chairman of Wick Hill Group, specialists in secure infrastructure solutions
Unstoppable move towards remote and mobile working Mobile working is not adequately secured. Organisations are concerned about security for mobile and remote workers and how to enforce company security policies outside the gateway. Companies want to protect against data leakage and data loss from such problems as stolen laptops. There is no one solution to securing remote working. The range of solutions includes strong authentication, end point security, remote unified threat management (UTM) systems, low-cost encryption and VPNs.
The move towards remote and mobile working seems to be an unstoppable trend. Research by ZDNet.co.uk and market intelligence company Rhetorik found that the penetration of mobile workers across the UK workforce is significant. Nearly a quarter of all organisations considered more than half their staff to be mobile workers.
Mobility, the research found, is an upward trend with nearly two-thirds of the research sample reporting an increasing proportion of mobile workers.
Mobility is clearly where users and companies want to go and it undoubtedly has major benefits. It brings freedom and reduced costs, but you still need to secure it. Security deployment, as is often the case, has lagged behind the rapid growth of technology and a significant number of staff are now working outside the protection of the company network gateway.
Organisations worry that mobile working will get beyond their control and cause problems both inside and outside the gateway, resulting in data loss and introducing malware.
They are increasingly keen to ensure that the same policies and security they deploy at their corporate gateway are also provided for their mobile users. This is for compliance and legal requirements, as well as for security reasons. Another issue around mobile use, very topical at the moment, is that of organisations wanting to protect against data leakage and data loss, from such problems as stolen or mislaid laptops.
There is no one hard and fast solution to securing mobile and remote workers. Strong two-factor authentication, which ensures the identity of the mobile user connecting to the network or using the laptop/mobile device, is a basic requirement. Static passwords are woefully inadequate, with huge identity theft risks (particularly for wireless). Low-cost strong authentication solutions are available from vendors such as CRYPTOCard and VASCO.
Increased remote working implies increased security at the end points and there is a wide range of solutions available including remote firewalls and specific end point solutions, which can be administered centrally. Such solutions can extend network protection strategies to mobile and remote users. They can also ensure that firewall, anti-virus and security patches are used by remote and mobile users when they should be.
Check Point provides ?End Security’, an end point security solution which combines a firewall, network access control, program control, anti-virus, anti-spyware, data security and remote access. It allows security policies at end points to be viewed and modified from a single management console.
Branch offices can install low-cost remote unified threat management systems (UTMs) which incorporate VPNs and these can be centrally administered, typically by the head office, providing the same levels of gateway protection as there is at the centre. SSL VPNs can provide security of data in transit for mobile users connecting into head office or between branches.
Solutions such as WatchGuard’s Firebox SOHO Edge (available in wired and wireless versions) and Check Point’s UTM-1 Appliance are UTMs suitable for remote/branch offices which combine a firewall, VPN, zero day protection, anti-virus, anti-spyware, anti-spam, intrusion prevention and URL filtering.
Low cost encryption can protect remote laptop users and safeguard against data loss. In the past, poor performance and high costs prevented the use of encryption software, but today’s high performance and low cost solutions make it impossible to justify not encrypting laptops. Low cost solutions from encryption specialists such as Utimaco can protect network data, laptops and removable media.
Finally, wireless is high risk and all mobile wireless traffic should be over VPNs and be encrypted, with the use of strong authentication.
Ian Kilpatrick, the author, is chairman of Wick Hill Group plc, specialists in secure infrastructure solutions for ebusiness. Kilpatrick has been involved with the Group for over 30 years and is the moving force behind its dynamic growth. Wick Hill is an international organisation supplying most of the Times Top 1000 companies through a network of accredited resellers.
Kilpatrick has an in-depth experience of computing with a strong vision of the future in IT. He looks at computing from a business point-of-view an
d his approach reflects his philosophy that business benefits and ease-of-use are key factors in IT. He has had numerous articles published in the UK and oveseas press, as well as being a regular speaker at IT exhibitions.
CRN 2008 channel awards winnder of ‘ Channel Personality of the Year’, he is never afraid to voice his opinions on all aspects of the industry and on IT security issues in particular. He has an in-depth experience of computing with an excellent understanding of the industry from the vendor, distributor, reseller and end user point-of-view.
He has a strong vision of the future in IT and IT security. His approach reflects his philosophy that business benefits and ease-of-use are key to successful infrastructure deployment.
This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.
View the original article here