Helping you Piece IT Together

 

Home Previous About Us Our Services Whitepapers Resources Links News Contact Us Search
 

Visit Our Blog

 


 

 

Issue April 2008

Welcome to the April edition of BH Consulting's Security Watch Newsletter.   In this month's issue we provide some updates to what has been going on in BH Consulting, alert you to some upcoming events and provide you with some updates on the latest news happening in the world of information security.

Focus Ireland

 

Support Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

BH CONSULTING NEWS
"Managing Information Security with ISO 27001" Training Course
The next “Managing Information Security with the ISO 27001 Information Security Standard” is scheduled to take place in the Centre for Software Engineering on June the 17th and 18th. There are still a number of places left on the course, if you are interested in attending or require more information you can contact us or find details on the course on the Centre For Software Engineering’s website.

Brian Honan Quoted on Bank of Ireland Data Loss by the Irish Times
Our senior consultant, Brian Honan, was interviewed for the April 23rd edition of the Irish Times regarding the loss of four laptops and the resulting exposure of over 30,000 customer confidential details.  Brian commented that while encryption provides a high level of security it is not a "silver bullet" and should be used in conjunction with other controls, processes and procedures to ensure the security of sensitive data.

Focus Ireland Annual Golf Tournament.
The time of year is upon us again when Focus Ireland will be running their annual golf tournament.  This is a great event that provides lots of fun and opportunities for you to reward customers, staff or indeed to simply support this worthwhile cause.  BH Consulting has entered a team in his event for the past number of years and will be sponsoring a team once more this year.

The event is on Thursday the 3rd of July in Luttrellstown Castle Golf and Country Club and it will be a four person shotgun team event with two tee off times.  The first is at 9 a.m. with breakfast before tee off and a lunch at 2 p.m. There will also be an afternoon tee off time at 2 p.m. with lunch beforehand and dinner and an auction later that evening. 

More details are available at Focus Ireland’s website.  I hope to see some of you there even if it is to laugh at my attempts to play golf.

Brian Honan Addresses SANS Dublin 2008.
As part of SANS Dublin 2008 our senior consultant Brian Honan took part in the SANS Community Night.  Brian spoke on the topic of building a community of information security professionals who can share experiences and knowledge to enable everyone better protect their networks.  Brian also highlighted the array of free resources available at SANS for anyone to use.  Brian argued that as the criminals are sharing information to improve their attacks we need to also communicate regularly so that we all can better protect our systems.

BH CONSULTING WEBSITE UPDATE
 We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of free whitepapers available for download free from our white papers page.

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

Irish Data Protection Commissioner Releases Annual Report for 2007
The Data Protection Commissioner recently published his annual report for 2007.  Since 2006 the number of new complaints registered increased from 659 to 1,037, these are in addition to the 20,000 phone and 4,000 email enquiries received by his office.  Within the report the commissioner highlights a number of case studies that make worthwhile reading for us all to ensure we do not make the same mistakes;

  • The use made by Baxter Healthcare of two medical reports relating to a former employee;
  • The inappropriate use of CCTV footage by the West Wood Club in Sandymount  and covert CCTV by the Gresham Hotel in Dublin;
  • Suspension of the operations of a cold-call marketing operation by Newtel communications;
  • Inappropriate disclosure of employee information by Aer Lingus;
  • A very serious case of inappropriate access to personal information held by the Revenue Commissioners;
  • The failure to supply a reasonable means for opting-out from email direct marketing by Ryanair.
  • Extensive engagement with Eircom following the receipt of a large number of complaints in relation to unwanted marketing telephone calls.  This resulted in a €35,000 donation by Eircom to charity to resolve the complaints.
  • Excessive information of local residents retained by Croke Park
  • Unsolicited email marketing by Tesco arising from technical difficulties

In the report the Data Protection Commissioner also outlines what he see as the top ten threats to privacy.  The report is available for download here

Call for Comments on "Security Economics and the Internal Market"
ENISA has extended the deadline for comments on the report “Security Economics and the Internal Market” until May 30th.  The paper is the work of Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore (University of Cambridge, UK).  The report and guiding questions for comments can be downloaded from ENISA’s website here.

Study Shows Information Security a Major Concern for SMEs.
A recent survey by UK based ISP, STAR, shows that nearly 60% of SME business owners fear that their networks are not secure enough to cope with the increasing array of Internet threats such as spam.  In addition over half of those surveyed responded that they do not have the resilience build into their infrastructure to survive an outage. 

Microsoft Windows XP Service Pack 3 Now Available.
Microsoft has released the latest service pack for Windows XP.  Service Pack 3 includes all the updates and hot-fixes released since Service Pack 2 and also a number of new security features. most notably;

  • “Black Hole” Router Detection, whereby Windows XP will now by default detect routers that silently discarding packets.
  • Network Access Protection (NAP) which is currently in Windows Vista and Windows Server 2008 and is now also available for Windows XP.  NAP can enable you to enforce compliance on end user computers before they join the network ensuring that items such as anti-virus signatures and patches are up to date.

Microsoft Windows XP Service Pack 3 is available for download and comes in at 316 MB.  The release notes for the service pack are also available.

Over Half of Dublin WiFi Networks Are Insecure
SiliconRepublic.com covers a study by Deloitte which highlights that over half of the 1,107 surveyed wireless networks had security switched on.  Companies with insecure wireless networks leave themselves open for potential problems such as unauthorised access to sensitive data and third parties using the company's Internet infrastructure for their own gain.  As well as not securing their wireless connections many companies also broadcast their SSID based on the company name making it easy for unauthorised users to target specific companies.  More details of the report are available here.

FREE SECURITY SCAN
 In partnership with Qualys, BH Consulting are offering a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.