Helping you Piece IT Together


Home Previous Our Services Awareness Whitepapers Resources Links News About Us Contact Us Search

Visit Our
Blog

 

Issue Summer 2008

Welcome to the latest edition of BH Consulting's Security Watch Newsletter.   It has been a busy summer for us here and we have a number of exciting items in this issue and for future issues as a result.  In this month's issue we provide some updates to what has been going on in BH Consulting, alert you to the upcoming Global Security Week Cyber Crime conference and provide you with some updates on the latest news happening in the world of information security.

Focus Ireland

 

Support Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland.  Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy.  The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to  campaign and lobby for the rights of people out-of-home and the prevention of homelessness.  No sum is too small and all is put to excellent use.

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

BH CONSULTING NEWS

Cyber Crime Seminar to be Held in Dublin
Global Security Week, in conjunction with BH Consulting and Vigitrust, is pleased to announce a free seminar on the theme of “Cyber Crime – Don’t Become a Victim” to be held on the 10th of September 2008.

The theme this year is intended to highlight how businesses and individuals can become victims of Cyber Crime and what steps they can take to protect themselves from this rapidly growing crime.  In light of recent criminal attacks against various organisations in Ireland, the timing of the seminar could not come at a more opportune time.

To discuss this topic, a number of key speakers will present at the meeting on the topic.  Speakers will include members of the Garda Bureau of Fraud Investigation and the industry experts in the field of information security and cybercrime.

A panel discussion will follow, whereby the speakers will answer questions from the audience.

Location
The seminar will be hosted at
Jurys Croke Park on Wednesday the 10th of September from 2:00 p.m.

Registration
Registration is free and open to anyone concerned with Cyber Crime.  Places can be booked by contacting either Brian Honan on 01-4404065 or emailing
Brian

 "Managing Information Security with ISO 27001" Training Course
The
next “Managing Information Security with the ISO 27001 Information Security Standard” is scheduled to take place in the Centre for Software Engineering on October the 20th and 21st. If you are interested in attending or require more information you can contact us or find details on the course on the Centre For Software Engineering’s website.

In the News
The summer months brought a flurry of news items relating to information security with a number of high profile incidents being discussed on the airways and in the press.  Our senior consultant, Brian Honan, was interviewed a number of times over the summer.

Focus Ireland Annual Golf Tournament.
The Focus Ireland annual golf outing was held on Thursday the 3rd of July in the Luttrellstown Castle Golf and Country Club.

BH Consulting entered a team into the event in what I like to think of as the true Olympian spirit, that is we were there to participate rather than win.   Despite the typical Irish summer weather, i.e. it rained for the whole day, it was still a very enjoyable time.  This was thanks largely to the excellent staff in Focus Ireland who organised and ran the event and kept us all in good spirits.

While our team did not come near the prizes for the team event I am happy to say that one of the team did win the longest drive competition.  I would like to thank my fellow team members for putting up with my golf and for helping making the day as enjoyable as it was. 

BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of free whitepapers available for download free from our white papers page.

Don't forget to visit our Security Watch Blog to keep up to date with the latest information security news.

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES
Irish Data Protection Commissioner Releases Audit Report Into Department of Social & Family Affairs
The Data Protection Commissioner recently published the audit report it conducted into the Department of Social and Family Affairs.  The report highlights a number of “serious concerns” relating to the security of personal details of over 300,000 people whose avail of the services of the Department.

Some of the key findings include;

  • Claim forms stored in insecure areas.
  • Data extracts from the Department’s systems onto PCs from where it is stored in an insecure spreadsheet.  This spreadsheet in turn could easily be copied onto a USB thumb drive or simply emailed out of the organisation.
  • Weak passwords in use on systems containing sensitive information.
  • Data sent to other agencies, such as the Garda National Immigration Bureau, on CDs and not encrypted.
  • Weak auditing in systems makes it very difficult to determine who done what.
  • Lack of control over endpoint security to prevent data leakage using USB devices such as memory sticks, MP3 players and iPods.

While the report does focus on the Department of Social and Family Affairs it does contain lessons that all companies can learn and is well worth the time taken to download and read the report.

ENISA Publishes Paper on Securing USB Drives
ENISA (The European Network and Information Security Agency) has recently released an interesting whitepaper on securing USB devices.  The paper is a good read highlighting the threats that USB drives pose and listing a number of recommendations to minimise these threats.

Information Security Summer School
The European Network and Information Security Agency (ENISA) and the Institute of Computer Science of the Foundation for Research and Technology - Hellas (FORTH-ICS) are jointly hosting a week long seminar in September to bring together information and network security professionals to discuss many of the challenges that we face.

The list of speakers includes the likes of Dr. Richard Clayton and has a broad range of topics that will be of interest to many of us.

The summer school will be held from the 15th to the 19th of September on the island of Crete.  Looking out at the rain a trip to Crete looks pretty attractive at the moment.

Latest NIST Publications
Over the summer months the US National Institute of Standards and Technology, NIST, released a number of publications that are well worth reading;

The above publications are well worth taking the time to download and review.

Cyber Crime and Small Businesses in Ireland
The Small Firms Association released their 6th annual crime survey which focuses on how crime impacts on small businesses in Ireland.  An interesting point in the press release highlights that the companies surveyed reported an increase in online crime with the average cost on an incident being €2,250 and it appears the largest cost was €6,000.

Worryingly though the survey also stated that 26% of companies surveyed reported they had been the victim of online scams.  These were either 419, advance fee or business directory scams, clearly highlighting a major need for these companies to receive appropriate security awareness training.

Upcoming SANS WhatWorks Event
The SANS Institute are running a WhatWorks in Penetration Testing & Ethical Hacking Summit on September 17th 2008 at the Le Meridien Piccadilly in London.  The summit is a one day in-depth look at the latest techniques and best practises you should employ to run penetration tests against your networks.  So whether you are responsible for securing your own network or the networks of clients this is an excellent opportunity for you to enhance your knowledgebase.  You can register for the course here.

FREE SECURITY SCAN
In partnership with Qualys, BH Consulting are offering a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting.  If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here.  To unsubscribe click here


Home | About Us | Our Services | Useful Resources | Contact Us | Corporate Responsibility | Disclaimer | Privacy | Blog
Copyright © 2005 BH IT Consulting Ltd.