Welcome to the April edition of BH
Consulting's Security Watch Newsletter. In this month's issue we
provide some updates to what has been going on in BH Consulting, alert you to
some upcoming events and provide you with some updates on the latest
news happening in the world of information security.
If you have found any items in our
Security Watch Newsletter to be of use to you we ask that you
make a donation to
Focus Ireland who
work tirelessly supporting the homeless throughout Ireland. Focus Ireland
aims to advance the right of people-out-of-home to live in a place they call
home through quality services, research, and advocacy. The objectives of
Focus Ireland are to respond to the needs of people out-of-home and those at
risk of becoming homeless, through a range of appropriate high quality services,
to provide emergency transitional and long-term accommodation for people
out-of-home, to campaign and lobby for the rights of people out-of-home
and the prevention of homelessness. No sum is too small and all is
put to excellent use.
About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting
firm to assist clients gain a competitive edge by achieving IT Operational
excellence in deploying, managing and securing their IT infrastructure. With
over 20 year’s experience, we provide you with access to in-depth expertise,
experience and technical know-how. Backed with our quality processes and
commitment to deliver, BH Consulting provides clients with quality solutions at
cost effective rates.
BH CONSULTING NEWS
Information Security with ISO 27001" Training Course
“Managing Information Security with the ISO 27001
Information Security Standard”
is scheduled to take place in the
Centre for Software Engineering
on June the 17th and 18th. There are still a number of places
left on the course, if you are interested in attending or
require more information you can
contact us or find details on the course
Centre For Software Engineering’s website.
Brian Honan Quoted on Bank of Ireland
Data Loss by the Irish Times
Our senior consultant, Brian Honan, was interviewed for the April
edition of the Irish Times regarding the loss of four laptops and the
resulting exposure of over 30,000 customer confidential details. Brian
commented that while encryption provides a high level of security it is not a
"silver bullet" and should be used in conjunction with other controls, processes
and procedures to ensure the security of sensitive data.
Focus Ireland Annual Golf Tournament.
The time of year is upon us again when Focus Ireland will be running their
annual golf tournament. This is a great event that provides lots of fun and
opportunities for you to reward customers, staff or indeed to simply support
this worthwhile cause. BH Consulting has entered a team in his event for the
past number of years and will be sponsoring a team once more this year.
The event is on Thursday the 3rd of July in
Luttrellstown Castle Golf and Country Club and it will be a four person
shotgun team event with two tee off times. The first is at 9 a.m. with
breakfast before tee off and a lunch at 2 p.m. There will also be an afternoon
tee off time at 2 p.m. with lunch beforehand and dinner and an auction later
More details are available at Focus Ireland’s
website. I hope to see some of you there even if it is to laugh at my
attempts to play golf.
Brian Honan Addresses SANS Dublin
As part of SANS Dublin 2008 our senior consultant Brian Honan took part in the
SANS Community Night. Brian spoke on the topic of building a community of
information security professionals who can share experiences and knowledge to
enable everyone better protect their networks. Brian also highlighted the
array of free resources available at SANS for anyone to use. Brian argued
that as the criminals are sharing information to improve their attacks we need
to also communicate regularly so that we all can better protect our systems.
BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is
relevant and useful in securing and running your business. To this end we
provide a range of free whitepapers available for download
free from our
white papers page.
LATEST THREAT LEVELS
Get more information on the latest updates on current threats at
our online resources page;
Irish Data Protection Commissioner Releases
Annual Report for 2007
The Data Protection Commissioner
recently published his
annual report for 2007. Since 2006 the number
of new complaints registered increased from 659 to 1,037, these are in addition
to the 20,000 phone and 4,000 email enquiries received by his office. Within
report the commissioner highlights a number of
case studies that make worthwhile reading for us all to ensure we do not make
the same mistakes;
- The use made by Baxter Healthcare of two
medical reports relating to a former employee;
- The inappropriate use of CCTV footage by
the West Wood Club in Sandymount and covert CCTV by the Gresham Hotel in
- Suspension of the operations of a
cold-call marketing operation by Newtel communications;
- Inappropriate disclosure of employee
information by Aer Lingus;
- A very serious case of inappropriate
access to personal information held by the Revenue Commissioners;
- The failure to supply a reasonable means
for opting-out from email direct marketing by Ryanair.
- Extensive engagement with Eircom following
the receipt of a large number of complaints in relation to unwanted
marketing telephone calls. This resulted in a €35,000 donation by Eircom to
charity to resolve the complaints.
- Excessive information of local residents
retained by Croke Park
- Unsolicited email marketing by Tesco
arising from technical difficulties
In the report the Data Protection Commissioner
also outlines what he see as the top ten threats to privacy. The report is
available for download
Call for Comments on "Security Economics
and the Internal Market"
ENISA has extended the deadline for comments on the report “Security
Economics and the Internal Market” until May 30th. The paper is the work
of Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore
(University of Cambridge, UK). The report and guiding questions for comments
can be downloaded from
Study Shows Information Security a
Major Concern for SMEs.
A recent survey by UK based ISP, STAR, shows that nearly 60% of SME business
owners fear that their networks are not secure enough to cope with the
increasing array of Internet threats such as spam. In addition over half
of those surveyed responded that they do not have the resilience build into
their infrastructure to survive an outage.
Microsoft Windows XP Service Pack 3
Microsoft has released the latest service pack for Windows XP. Service Pack 3
includes all the updates and hot-fixes released since Service Pack 2 and also a
number of new security features. most notably;
- “Black Hole” Router Detection, whereby Windows XP
will now by default detect routers that silently discarding packets.
- Network Access Protection (NAP) which is currently
in Windows Vista and Windows Server 2008 and is now also available for
Windows XP. NAP can enable you to enforce compliance on end user computers
before they join the network ensuring that items such as anti-virus
signatures and patches are up to date.
Microsoft Windows XP Service Pack 3 is available for
download and comes in at 316 MB. The release
notes for the service pack are also
Over Half of Dublin WiFi Networks Are
SiliconRepublic.com covers a
study by Deloitte which highlights that
over half of the 1,107 surveyed wireless networks had security switched on.
Companies with insecure wireless networks leave themselves open for potential
problems such as unauthorised access to sensitive data and third parties using
the company's Internet infrastructure for their own gain. As well as not
securing their wireless connections many companies also broadcast their SSID
based on the company name making it easy for unauthorised users to target
specific companies. More details of the report are available
FREE SECURITY SCAN
In partnership with
Qualys, BH Consulting
are offering a free Network Security Scan so you can check how healthy
your network is. To find out more about what this service can do for you, visit
Network Security Scan.
us or visit our website to get more details on our
risk assessment service.
This issue of Security Watch is being brought to you by BH Consulting.
If you have found this issue to be of use please support our drive to raise funds
Security Watch eNewsletter, and the special Security Alert issues, are produced
independently by the Windows IT Pro Custom Media Group and is distributed by
various Microsoft security partners. Each eNewsletter contains up-to-date
information about security strategies, technologies, and alerts. Each Security
Alert contains the latest information about security threats.
Additional news courtesy of
To update your subscription to our newsletter
here. To unsubscribe click