Helping you Piece IT Together

 

Home Previous About Us Our Services Whitepapers Resources Newsletter Links News Contact Us Search
 

Visit Our Blog

 


 

 

Issue September 2007

Welcome to the September edition of BH Consulting's Security Watch Newsletter.   In this month's issue we provide some updates to what has been going on in BH Consulting, talk about best practises for wireless security, discuss cross platform identity management, provide an overview of backup and recovery appliances and outline how to use the correct certificate template for client certificates.  We also provide some other interesting resources together with some free material from this year's Global Security Week seminar.

 

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

 Focus IrelandSupport Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

BH CONSULTING NEWS

BH Consulting's New Offices
In response to the increasing demand for our services and to facilitate future growth, we have moved premises to the LINC Centre on the Institute of Technology Blanchardstown's campus.  If you are in the area feel free to call in and pay us a visit.

Brian Honan Attended ENISA Workshop on CERTs.
Through his work with the Department of Communications in researching how best Ireland should establish a Computer Emergency Response Team, Brian Honan recently attended an "invitation only" seminar hosted by ENISA in Porto.  The focus of the seminar was the "Mitigation of Massive Cyberattacks" and proved to be very informative and beneficial.  It is hoped the information gathered will assist in the further development of a Computer Emergency Response Team here in Ireland.

Brian Honan Presented at COSAC 2007.
Our Senior Consultant, Brian Honan, addressed the 14th COSAC International Computer Security Symposium in September of this year.  Brian presented to the symposium the lessons learnt from his work trying to establish an independent, trusted and vendor neutral Computer Emergency Response Team to provide services to businesses, organisations and citizens in the Irish Republic.

BH Consulting Take Part in Enterprise Ireland's Podcast Series on Information Security.
Enterprise Ireland run a series of podcasts aimed at SMEs to help them better understand some of the issues they face with regards to deploying and managing technology.  Brian Honan was invited to take part in the latest podcast to discuss IT security and how it can be addressed by SMEs.  SMEs face the same security challenges that larger organisations face but often with fewer or indeed no resources in-house.  The other speaker invited to attend was Mike Harris, Director in Ernst & Young’s Risk Advisory Services practice.

In this podcast Brian and Mike discuss some of the key challenges facing SMEs and provide pointers on how to address those challenges.  Issues discussed include;

  • Spam
  • In-House IT & Outsourcing
  • Instant Messaging
  • Viruses, Zombies and protecting SMEs
  • Customer Data
  • Setting policies & the Data Protection Act
  • What should SMEs Address?

The podcast is available at Enterprise Ireland’s OpenUP website

Don’t forget our free whitepaper, the “Computer Security Assurance Checklist”, which is designed for managers as a checklist to determine if their Information Security is being addressed.

Brian Honan Addressed the Leinster CPA Society
The Leinster Certified Public Accountants Society invited our senior consultant, Brian Honan, to address their September meeting with a talk on the current state of information security.  Brian presented to the society the latest trends in computer crime and how the society members can best defend themselves and their customers from these new threats.  The presentation is available for download from the whitepapers section of our website.

Brian Honan to be Keynote Speaker at Microsoft Events
October sees Brian Honan being the keynote speaker for two Microsoft Ireland seminars focusing on information security.  On October 11th, Microsoft is running a IT Professional Security Training Event, while the seminar on October 12th will be a Developer Security Training Event.  These seminars are free of charge and Microsoft have an interesting line up for both days.

BH Consulting Published in Running Your Business Magazine.
The recent issue of the Small Firm's Association's magazine, Running Your Business, contains an article written by our Senior Consultant, Brian Honan.  Brian provides the readers of Running Your Business with a "Guide to Securing Information Systems".

"Managing Information Security with ISO 27001" Training Course Scheduled for November 2007
BH Consulting and the Centre for Software Engineering are hosting a two day course “Managing Information Security with the ISO 27001 Information Security Standard”. This course provides a framework that will enable those responsible for securing sensitive information assets using a quality based approach to identify key assets and how best to manage the associate threats and risks.

The subjects covered include:

  • Overview of information security
  • Introduction to the ISO 27001 Information Security Standard
  • Identifying key information assets
  • Identifying risks
  • Strategies for mitigating and managing risk
  • Implementing appropriate security controls
  • Monitoring the effectiveness of security controls

Anyone interested in the above course can contact us or find more information available on the Centre For Software Engineering’s website

Global Security Week Seminar Held In Dublin
 This year's Global Security Week seminar on the theme of “Privacy in the 21st Century” was held on 5th September 2007 at Jurys Croke Park.  We had an excellent seminar with great contributions from the speakers and those who attended.  We would like to express out thanks to the keynote speakers Tony Delaney, Assistant Commissioner - Office of the Data Protection Commissioner and Caspar Bowden,  Chief Privacy Advisor - Microsoft EMEA.

The following are copies of the presentations in PDF format;

The occasion was also used by Brian Honan to call on the Irish Government to implement Data Security Breach Disclosure Laws in Ireland.

BH Consulting's Involvement
As part of BH Consulting's involvement with Global Security Week, we are offering a free vulnerability scan.   If you wish to avail of this offer, please contact us for more information or click here.

BH CONSULTING WEBSITE UPDATE
 We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of free whitepapers available for download free from our white papers page.

The following whitepapers have been uploaded to our website;

Information Security, What is it and Why Should I Care? - Presentation to Leinster CPA Society. (pdficon_small.gif 392KB)
 Global Security Week Seminar Introduction - Brian Honan (pdficon_small.gif 353KB)
 Privacy and the ISO 27001 Information Security Standard - Brian Honan (pdficon_small.gif 538KB)
A Standards Based Approach to Ensuring Customer Privacy (pdficon_small.gif 538KB)


LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

CIS Release Benchmarks for Virtual Machines
The Center for Internet Security have released version 1.0 of their benchmarks for securing Virtual Machines.  CIS produce many excellent resources on how to secure various operating systems and devices on your network and this is another valuable guide in that series.  Anyone considering deploying Virtual Machines in their environment would do well to review this guide first...  Click Here for more

Cross-Platform Identity Management Solutions for Single Sign-On
Heterogeneous authentication software solves many companies' basic need for single sign-on (SSO) functionality in all their IT systems. If your company is subject to regulations that require SSO—some companies, for example, have interpreted the Sarbanes-Oxley (SOX) Act as a requirement for this functionality—you'll want to learn the ins and outs of this software. The three applications that we chose to evaluate in... Click Here for more.

Wireless Best Practices
Chances are, you've got a wireless network that you're not entirely in control of. Or perhaps you've carefully deployed wireless in your environment, and you've mistakenly believed that you could just set it and forget it. You can do that with many computing technologies, but beware doing it with wireless! I spoke recently with Charles Thompson, manager of sales engineering at Network Instruments, and he gave me some best practices to share... Click Here for more.

Using the Correct Certificate Template for Client Certificates
Q: Can Encrypting File System (EFS) certificates and Web application client certificates conflict with one another? In our environment, we use EFS to secure the My Documents folder on laptops. We also have a key business partner whose extranet requires some of our users to install a client certificate for secure Web-based access to logistics information. One such user’s client certificate recently expired, so I deleted it and requested a new... Click Here for more.

Backup and Recovery Appliances
Web Abstract: Backup and recovery appliances ensure that you can recover lost or corrupted data. Backup and recovery appliance features to consider include whether the appliance requires agents, supports a heterogeneous environment, offers point-in-time/point-of-failure... Click Here for more.

FREE SECURITY SCAN
 In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here

Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.