BH Consulting Security Watch Newsletter

Helping you Piece IT Together

Issue February 2008

Welcome to the February of 2008 of BH Consulting's Security Watch Newsletter. In this month's issue we provide some updates to what has been going on in BH Consulting, alert you to some upcoming events in 2008 and provide you with some updates on the latest news happening in the world of information security.

Support Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland. Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy. The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to campaign and lobby for the rights of people out-of-home and the prevention of homelessness. No sum is too small and all is put to excellent use.

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

BH CONSULTING NEWS
"Managing Information Security with ISO 27001" Training Course
Further to the recent success of the “Managing Information Security with the ISO 27001 Information Security Standard” course that we hosted with the Centre for Software Engineering, the next course has been scheduled for the 15th and 16th Of April 2008. If you are interested in attending or require more information you can contact us or find details on the course on the Centre For Software Engineering’s website.

Security Watch Blog Finalist at Irish Blog Awards.

For the second year in a row our Security Watch Blog was nominated in the category for Best Business Blog in the Irish Blog Awards. A sincere thank you to those of you who nominated us and to the judges who felt our Blog worthy of being entered into the final of the competition. While we did not win the award, that honour fell once again to Ice Cream Ireland, being nominated and selected for the final were a cause of great celebration to us. Who knows, maybe next year we can prove that three times is a charm?

Brian Honan Interviewed for Secured Magazine
Our senior consultant, Brian Honan, took part in an interview for Secured Magazine on the topic of protecting your company against the trusted insider threat. In light of the recent breach of information security by the Société Générale rogue trader, Jérôme Kerviel, the article serves as a timely reminder as to how those entrusted with protecting and managing organisational assets can sometimes be the ones to betray the trust placed in them.

BH Consulting Supported Safer Internet Day
For the second year in a row BH Consulting proudly supported Safer Internet Day which fell on the 12th of February 2008. Safer Internet Day is organised by Insafe, a network of 23 nodes in 21 countries funded through the EU Safer Internet Programme, and is aimed at children and younger Internet users. Each year a series of events are run to promote safer use of the internet and draw younger people’s attention to the skills required to use computers and the internet as safely as possible.

This year the theme for Safer Internet Day was “Life online is what YOU make of IT” and was aimed at helping young people better understand the impact the online world can have on their lives, both positively and negatively. More information about this year's event is available on our Security Watch Blog.

BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of free whitepapers available for download free from our white papers page.

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

SANS Training Coming To Dublin
SANS is returning to Dublin in April 2008 to provide three training courses.

The event will run from April the 7th to the 12th. This year's event was very successful. Not only is the quality of the training superb, the networking opportunities to meet with information security professionals from all around Europe, and indeed the World, are fantastic.

SANS Dublin 2008 should be even better, and with the current euro to dollar rate the courses are particularly good value for those of us based in Europe.

Data Breach at IBTS Was Not in Breach of Data Protection Act
The loss of an encrypted CD in New York containing the data on over 170,000 people who used the services of the Irish Blood Transfusion Board between July and October of 2007 was not in breach of the Data Protection Act according to the office of the Data Protection Commissioner. The IBTS state that the data were sent to a US software development company based in New York as part of a software upgrade of the IBTS systems. The data were sent by disc and encrypted with 256 AES encryption. The investigations by the Data Protection Commissioner concluded that the IBTS had taken all the necessary precautions to ensure the confidentiality of the information sent.

Data breaches cost £47 per record
A recent report from the Ponemon Institute, and sponsored by PGP and Symantec, highlights that the average cost of a security breach within the United Kingdom STG£47 per record. The survey found that the largest portion of the cost is attributed to lost business resulting in customers moving to competing companies upon becoming aware of the breach. In all, this accounted for 46% of the cost, other costs included detection, notification and clean up costs.

Researchers Break Disk Encryption
The Wired Blog highlights research conducted by the Electronic Frontier Foundation and Princeton University have discovered a way to circumvent full disk encryption on computers, even when they are turned off.... Click here for more

MakeITsecure 2008
February saw the launch of Ireland’s third national security awareness campaign, makeITsecure. The makeITsecure website has been revamped with updated content to help people understand the threats they face and provides hints and tips on how to keep themselves secure online. For the first time this year’s campaign is also an all-Ireland event with activities happening on both sides of the border with the culmination of events leading to the national security day on February 15th... Click here for more

FREE SECURITY SCAN
In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan.

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting. If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here. To unsubscribe click here