|
Issue
August 2007
Welcome to the August edition of BH
Consulting's Security Watch Newsletter. In this month's issue we provide some
updates to what has been going on in BH Consulting, provide a brief overview of
the upcoming seminar for Global Security Week, highlight a number of resources
to help you write secure PHP code, discuss storage for small businesses, discuss
how to protect locked workstations when they lose connectivity to the network,
examine why some Linux vendors are not cooperating with Microsoft and finally we
provide a guide on how to use virtual machines to run multiple operating systems
on one machine.
About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting
firm to assist clients gain a competitive edge by achieving IT Operational
excellence in deploying, managing and securing their IT infrastructure. With
over 20 year’s experience, we provide you with access to in-depth expertise,
experience and technical know-how. Backed with our quality processes and
commitment to deliver, BH Consulting provides clients with quality solutions at
cost effective rates.
 Support
Focus Ireland
If you have found any items in our
Security Watch Newsletter to be of use to you we ask that you
make a donation to
Focus Ireland who
work tirelessly supporting the homeless throughout Ireland. Focus Ireland
aims to advance the right of people-out-of-home to live in a place they call
home through quality services, research, and advocacy. The objectives of
Focus Ireland are to respond to the needs of people out-of-home and those at
risk of becoming homeless, through a range of appropriate high quality services,
to provide emergency transitional and long-term accommodation for people
out-of-home, to campaign and lobby for the rights of people out-of-home
and the prevention of homelessness. No sum is too small and all is
put to excellent use.
BH CONSULTING NEWS
Global Security Week Seminar to be Held In Dublin
Global Security Week, in conjunction
with
VigiTrust and
BH Consulting, is pleased to announce a
seminar on the theme of “Privacy in the 21st Century” to be held on 5th
September 2007 at Jurys Croke Park from 2:00 p.m. The theme this year is
intended to highlight how businesses and individuals can better protect personal
information however it might be stored (paper or any type of electronic format
such as mobile computing devices, portable storage devices and multiple types of
servers).
To discuss this
topic, we are delighted to confirm the following key note speakers:
-
Office of the Data Protection Commissioner – Tony Delaney, Assistant
Commissioner
-
Microsoft EMEA, Caspar Bowden, Chief Privacy Advisor EMEA
A panel
discussion will follow, whereby the speakers will answer questions from the
audience.
The seminar
will be hosted at Jurys Croke Park on Wednesday the 5th of September from 2:00
p.m. Registration is open to anyone concerned with Privacy issues and places can
be booked by contacting either Brian Honan on 01-4404065,
brian@globalsecurityweek.com or Mathieu
Gorge on 01-4100864,
Mathieu@globalsecurityweek.com.
Agenda
|
Time |
Topic |
Speaker |
|
14:00-14:15 |
Introduction |
Brian Honan, BH Consulting |
|
14:15 - 15:15 |
Data Protection - Businesses rights and
responsibilities |
Tony Delaney, Assistant Commissioner, Office of the Data
Protection Commissioner |
|
15:15 - 15:30 |
Coffee |
|
|
15:30 - 16:00 |
Privacy and User-Centric Identity Management: The Laws of
Identity and the Identity Metasystem |
Caspar Bowden, Chief Privacy Advisor EMEA, Microsoft |
|
16:00 - 16:20
|
How do security standards help increase privacy of personal and
business information: PCI DSS. |
Mathieu Gorge, VigiTrust |
|
16:20 - 16:40
|
How do security standards help increase privacy of personal and
business information: ISO 27001. |
Brian Honan, BH Consulting |
|
16:40 - 17:00 |
Privacy and Data Protection – How can businesses comply and
follow best practice? |
Panel Discussion with all speakers Chaired by Mathieu Gorge,
VigiTrust |
|
17:00 - 17:10 |
Close |
Mathieu Gorge, VigiTrust |
BH Consulting's Involvement
As part of BH Consulting's involvement with Global Security Week, we are
offering a
free vulnerability scan. If you wish to avail of this offer,
please
contact us for more information or click
here.
BH Consulting Calls for Breach Disclosure
Laws in Ireland
The Friday edition of the Irish Times dated the 31st
of August 2007 contains an article where Brian Honan, Senior Consultant for BH
Consulting, states that at the forthcoming "Privacy in the 21st Century"
seminar, which is part of Global Security Week, he will be calling on the Irish
Government to look at implementing breach disclosure laws similar to those in
place within certain states within the United States. In the article Brian
highlights that while we have very effective data protection laws in Ireland
there are no laws compelling organisations to inform clients if their data has
been accessed as a result of a security breach. The full article is
available online on the
Irish Times website (paid subscription required) or a summary is
available on
ElectricNews.Net (ENN).
Brian Honan to Speak at COSAC 2007.
Our Senior Consultant, Brian Honan, has been selected to address
the 14th COSAC
International Computer Security Symposium in September of this year.
Brian will present to the symposium the lessons learnt from his work to
establish an independent, trusted and vendor neutral Computer Emergency Response
Team to provide services to businesses, organisations and citizens in the Irish
Republic.
Brian will share with attendees the various steps and pitfalls that can face
anyone looking to set up their own CERT team, be that at a departmental,
company, sector level or larger. More details on Brian's presentation are
available at the
COSAC website.
COSAC is a
highly prestigious event with many quality speakers and topics scheduled over
the three days. Best of all it is located in Ireland which provides Irish
professionals with easy access to some of the industry’s best speakers.
Registration for the event is available on the
COSAC
registration page.
Brian Honan to Address the Leinster CPA
Society
The Leinster Certified Public Accountants Society has
invited our senior consultant, Brian Honan, to address their upcoming September
meeting with a talk on the current state of information security. Brian
will present to the society the latest trends in computer crime and how the
society members can best defend themselves and their customers from these new
threats.
"Managing
Information Security with ISO 27001" Training Course Scheduled for
September 2007
Due to the demand and interest generated in the above training course another
date to host the event is being scheduled for September of this year.
BH Consulting and the
Centre for Software Engineering are hosting a
two day course
“Managing Information Security with the ISO 27001
Information Security Standard”. This course provides a framework that
will enable those responsible for securing sensitive information assets using a
quality based approach to identify key assets and how best to manage the
associate threats and risks.
The subjects covered include:
- Overview of information security
- Introduction to the ISO 27001 Information Security
Standard
- Identifying key information assets
- Identifying risks
- Strategies for mitigating and managing risk
- Implementing appropriate security controls
- Monitoring the effectiveness of security controls
Anyone interested in the above course can
contact us or find more information available
on the
Centre For Software Engineering’s website.
BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is
relevant and useful in securing and running your business. To this end we
provide a range of free whitepapers available for download
free from our
white papers page.
The following whitepaper has been uploaded to
our website "ISO
27001 - A Standard to Maintain"
This whitepaper is a copy of the article written by Brian
Honan and published in the July/August issue of
Knowledge Ireland
magazine, published by Silicon Republic Publishing.
LATEST THREAT LEVELS
Get more information on the latest updates on current threats at
our online resources page;
FEATURES
Virtual Machines and BackTrack
Executive Summary: Virtual machine software lets you run
Windows and Linux from the same machine. Learn how to download and install VM
software to use a Linux distribution on a bootable CD-ROM. VMware Server is
ideal for... Click
Here
for more
Flexible Storage for Small Businesses
Small businesses and flexible storage rarely go together. Because
small businesses tend to lack internal IT support and therefore rarely perform
backups, making storage solutions flexible for a small company can be difficult.
In addition to technical issues, you might also need to consider budgetary
constraints. Most small businesses are loath to spend money on technology that
doesn’t provide an immediate benefit. One of my clients... Click
Here for more.
Some Linux Vendors Are Rejecting Microsoft Overtures
Although the list of high-profile Linux vendors who've signed
intellectual property cross-licensing agreements with Microsoft has grown
quickly in the past few months, the list of those who've refused to collude with
the software giant has gotten less press. Nonetheless, the list of companies
that have refused to sign with Microsoft is growing, and these companies are
sure... Click
Here
for more.
Requiring DC Authentication to Unlock Workstations
Q: Does a Windows workstation contact the domain controller (DC) to
authenticate a user’s credentials when he or she attempts to unlock the
workstation, or does Windows rely on information collected at the time the user
originally logged on? ...
Click
Here
for more.
Hackers @ Microsoft
“Welcome to a new Blog from Microsoft.” is the first sentence in a
new Blog launched by Microsoft called ”Hackers @
Microsoft”. This interesting new
Blog is aimed at “white hat” hackers and promises to provide posts from the
various hackers and security researchers employed by Microsoft. ... Click
Here
for more.
Hacker Case Study
The
Harvard Business Review has published a very interesting case study on a
security breach titled
“Boss, I Think Someone Stole Our Customer Data”. The case study centres on
a fictitious company that discovers client credit card data has been
exposed, despite the company’s compliance with the PCI
DSS Data Security Standard. You can also debate how best to handle this
issue on our
Blog.
Resources for Writing Secure PHP Code
If you have PHP installed, then obviously you’re going to run PHP code. Some of
that code might be written by third-party developers and some of it you might
write yourself. Either way, you should learn about secure coding practices for
PHP. Doing so can help you write better code and help you audit third-party code
for potential problems. To help you write your own secure PHP code, I went
looking for resources and found several decent... Click
Here for more.
On a Lighter Note
Those of
you familiar with the
BOFH series in The Register will enjoy this posting
“Introducing the BSOFH” from the
Layer 8 blog. Enjoy. Click
Here for more.
FREE SECURITY SCAN
In partnership with
Qualys, BH Consulting
are offering a for a free Network Security Scan so you can check how healthy
your network is. To find out more about what this service can do for you, visit
our free
Network Security Scan.
Alternatively contact
us or visit our website to get more details on our
risk assessment service.
This issue of Security Watch is being brought to you by BH Consulting.
If you have found this issue to be of use please support our drive to raise funds
for
Focus Ireland.
Each
Security Watch eNewsletter, and the special Security Alert issues, are produced
independently by the Windows IT Pro Custom Media Group and is distributed by
various Microsoft security partners. Each eNewsletter contains up-to-date
information about security strategies, technologies, and alerts. Each Security
Alert contains the latest information about security threats.
Additional news courtesy of
Silicon Republic,
Cnet,
Silicon and
Zdnet
To update your subscription to our newsletter
click
here. To unsubscribe click
here
| 
