(No Ratings Yet)
Loading ...Entrust, GET Group do up ePassports
Entrust has partnered up with the GET Group to integrate its PKI capabilities with GET Group’s ePassport products. (The PKI is based on basic access control and extended access control.)
GET Group will be the first ePassport provider to do Entrust’s training in Ottawa.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...SecTor 2008 – Security Education Conference - Unique Training Coming to Canada
Ok. You likely noticed that I blog mostly about the latest happenings in security. It fascinates me, and frankly I think it’s very important. Canada has a rather limited number of security events and most of the content we get here is based out of the United States. Guess what? Canada is different. We have a different culture and different laws, but we’re attached to the same Internet as the rest of the globe. That means what we really need is Canadian perspective on new and developing issues.
With this in mind, I’m involved in a group bringing what we feel is a uniquely Canadian yet world class security event to Toronto.
SecTor Training – This is brand new this year. We’ve brought the best of the best from literally around the world. Need depth training on wireless and Bluetooth security? We have Dino coming from Telespace in South Africa. Interested in penetration testing? You’ll need to learn Metasploit, and who better to learn it from than the guy that started it all? HD Moore will be teaching “PowerSploiting” a course no pentester should miss. You think you already know security? You’re probably too technical. Johnny Long, “godfather of google hacking” and the author of “No Tech Hacking” is teaching his course by the same name (he has really interested low-tech techniques). And finally, who better to teach the latest hacking techniques than the SANS Institute? They’re coming to do their “Cutting Edge Hacking Techniques” course.
I’m very excited about the training, perhaps even a little star struck with who’s teaching it.
SecTor Conference – What can I say; it’s going to be amazing. We’re currently buried in speaking proposals, many of which are truly bleeding edge. You’ll have to wait until September to see the final round of speakers. But that’s what makes this conference great – we accept submissions right up til very close to the event so attendees are presented with only the newest and freshest content.
Ps. We’re still accepting speaking submissions til August 31st. So if you know someone with new research, or something you think the Canadian security professional needs to hear about, please send them to the CFP link.
pps. If you want to attend, you’ll save $250 by registering by August 31.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...McAfee coming to an Intel laptop, MID near you
Security vendor McAfee announced yesterday its plans to extend its products to Intel-based laptops and mobile Internet devices (MIDs).
Integrated data encryption and integrated mobile content security will be provided for laptops and MIDs using Intel Atom processor Z5XX series and Moblin-based software.
Intel’s Anti-Theft Technology and Active Management Technology will also be integrated with McAfee security encryption.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson’s Security Resources: #14
Risk management – where the rubber hits the road.
Tracking the latest guidance regarding risk management is always productive as the next big event might just happen under your watch. Managing outsourced arrangements is a huge challenge for both IT and IT security, whether its entire services being outsourced or specific project efforts.
Finally, implementing robust change management processes is one of those proactive, stabilizing activities that dramatically improves the reliability and effectiveness of Security and IT, check it out.
Good luck and have another great week.
1. IT Compliance Institute (ITCi) – “IT Audit Checklist for Risk Management”.
Are you prepared for your next risk management audit? Know what to expect.
Note – a brief registration is required (to download the free white paper).
http://www.itcinstitute.com/display.aspx?id=2499
2. Keeping Up Your SOX Compliance and Turning IT into a High Performer by Improving Change Control. Study the extensive benefits of establishing a robust change management and change auditing practices including the latest research by ITPI (IT Process Institute).
http://www.tripwire.com/resources/asset_request.cfm?aid=2184
http://csrc.nist.gov/groups/SMA/fisma/framework.html
Other NIST white papers - csrc.nist.gov/sec-cert/ca-library.html#fisma-white-paper
4. The Risk Management and Governance (RMG) Board develops practical, easy-to-read documents about governance issues. A review of all the publications is regularly conducted to ensure that they remain current and relevant.
http://www.rmgb.ca/index.cfm/ci_id/243/la_id/1.htm
5. Information Technology Outsourcing
This paper presents a perspective on the matters that an organization addresses when considering IT outsourcing as an option. It is intended to provide topics for the consideration of business managers and auditors when they make or examine outsourcing decisions.
6. 20 Questions Directors Should Ask About Information Technology Outsourcing
http://www.rmgb.ca/index.cfm/ci_id/3083/la_id/1.htm
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...McAfee partners with ArcSight
McAfee Inc. has signed ArcSight Inc. to be part of its McAfee Security Innovation Alliance.
As a result of the partnership, ArcSight will integration its SIEM Platform with McAfee’s ePolicy Orchestrator (ePO). The Santa Clara, Calif.-based security vendor said that its customers will benefit from ArcSight’s ability to monitor, filter and send critical security events to McAfee’s ePO platform. For example, McAfee said, a worm attack observed by the ArcSight SIEM Platform could be updated with new anti-virus signatures, software or policies.
“The ArcSight event management and log management offerings are very complementary to the McAfee portfolio, but more importantly, we believe that the way that we are tightly integrating them with ePO will help our joint customers reduce their total cost of security and compliance operations,” Joe Gottlieb, vice-president of corporate strategy and technology alliances for McAfee, said in a release.
The agreement will also combine the compliance auditing of McAfee Policy Auditor with the compliance event archiving, alerting, and reporting of ArcSight Logger.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson’s Security Resources: #13
This posting is about learning from best practice guidance and leading papers and studies that have been published by a diverse group of organizations.
1. The GAO web site is one of my favorite places to visit for IT and IT Security guidance although their research effort is much much broader than just these two activities.
2. The IIA is funding a long term effort to develop a series of global technology audit guides which are useful to both auditors and IT practitioners. The GTAGs are published only after an extensive review process is completed.
3. Finally, while people either are very for or very against Wikipedia as a source of good information visiting this repository periodically can be useful. This week I highlight its efforts regarding information technology governance.
Good luck and have another great week.
Dan Swanson
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson’s Security Resources: #10
I generally highlight publicly accessible resources each week, pointing out leading articles, papers, studies, etc, to support your professional development. This week’s feature item (EDPACS) is a subscription based publication which I have the honor to be the managing editor. There are a few articles available for free download to help your decision-making regarding subscribing.
Two of the resources highlighted this week are comprehensive repositories in of themselves, that is, ISACA’s KNET and FFIEC’s Guidance repositories.
Finally, when looking to “recharge” after a tough day, week, month, whatever, visit Neal’s “power snippets” to go back at it the next day.
Enjoy.
Good luck and have another great week.
EDPACS: The EDP Audit, Control, and Security newsletter.
For 35 years, audit, control, and security professionals have turned to EDPACS, The EDP Audit, Control, and Security newsletter, for helpful and timely guidance.
http://www.informaworld.com/smpp/title~content=t768221793~db=all
Information Systems Audit and Control Association (ISACA).
K-NET contains over 6,000 peer-reviewed web site resources pertaining to knowledge covering IT Governance, Assurance, Security and Control. Full access to K-NET is reserved for association members. Reference items are organized into logical categories of interest and concern. Partial access is possible for non members.
FFIEC Information Technology Examination Handbook
The Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) provides guidance to examiners and financial institutions on the characteristics of an effective information technology (IT) audit function. The examination guidance and procedures in this handbook focuses on IT audit and supplement other, more general, internal and external audit guidance provided by the FFIEC agencies.
http://www.ffiec.gov/ffiecinfobase/html_pages/audit_book_frame.htm
Norwich University Journal of Information Assurance
The NUJIA was created by Norwich University to fill an essential function in the field of information assurance: to publish peer reviewed articles on the practical aspects of information assurance. The mission of the NUJIA is “to advance understanding within the information assurance field by publishing original, high-quality, practical research into the management of information assurance.”
http://nujia.norwich.edu/
Information Systems Security (ISS).
ISS provides essential information for managing the security of a modern, evolving enterprise. It is written for information security managers and other technical managers and staff who are the first-line support responsible for the daily, efficient operation of security policies, procedures, standards, and practices. The journal covers: Access Control; Application Security; Business Continuity and Disaster Recovery Planning; Operations Security; Cryptography; Information Security and Risk Management; Legal, Regulations, Compliance, and Investigations; Physical (Environmental) Security; Security Architecture and Design; and Telecommunications and Network Security. http://www.informaworld.com/smpp/title~db=all~content=g769589197~tab=toc
The Neal Whitten Group specializes in leading the advancement of project management and human resource development by way of products and services of speaking, training, and writing.
http://www.nealwhittengroup.com/ Neal’s “Power Snippets” are truly priceless - http://www.nealwhittengroup.com/snippets.asp
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...Dan Swanson joins our blogging team
I’m pleased to let you know that security expert Dan Swanson has joined our blogging team. Dan is a 25-year internal audit and information security veteran and currently a senior Information Security consultant at Seccuris Inc. He’s done consulting projects for more than 30 different organizations; spent almost 10 years in government auditing at the federal, provincial, and municipal levels; and in the private sector, worked mainly in the financial services, transportation, and health sectors. He’s written more than 125 articles on information security, internal auditing, security and other management topics, and is a regular columnist for ComplianceWeek between freelance writing and consulting assignments.
Dan’s MO is to put you in touch with the online security resources you need. You’ll find at least half a dozen useful links each week. He’ll be posting each Wednesday in our Security Insider blog. In fact, he would have posted this Wednesday, but his editor (that would be me) dropped the ball, so the post was cleared on Friday. (Let the flogging commence.)
Check back each week for more security resources.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(2 votes, average: 8.5 out of 10) Loading ...ShmooCon 4
Last weekend was the 4th annual Shmoocon. Tickets for the event sell out very quickly as they limit attendance. This year, 1200 self-proclaimed hackers came to the event that promised “less moose than ever”. Far from the formality of a regular conference, Shmoocon runs talks by researchers presenting new findings and new tools. Attendees are encouraged to throw “Shmoo-balls” (soft stress balls) at any speaker they disagree with, spawning spirited debate and keeping everyone honest. It’s all done in the best of humour, and results in a gathering of some of the smartest minds in the business working on very difficult problems. There is a true connection and sense of camaraderie among everyone I meet. Great event. Read the rest of this entry »
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(1 votes, average: 8 out of 10) Loading ...Is your enterprise environment full of data leaks?
Your company’s IT security profile may be like an old leaky ship. Data and information might be dangerously exposed and seeping into an outside malicious world – without you or your organization even knowing it. How secure is your IT security? Do you routinely test its robustness? Do you know how? Do you know the warning signs of “data leakage” – what to look for and where? Could your current risk exposure be sinking your business?
These issues of data security will be the topic of discussion I’ll be hosting on January 31 as part of IT World Canada’s Frankly Speaking series in Toronto, with special guest, security analyst David Senf of IDC Canada plus another yet-to-be-announced expert from Symantec Canada. Among other things, we’ll be discussing strategies for how to recognize the symptoms of data leakage, how to stop the bleeding, and ways to ensure a secure and protected IT environment.
It’s the things that you don’t know that can hurt you and your business. Where are your organization’s IT security holes?
I’ll be reporting on the key highlights of our upcoming discussion in a future posting in early February. Stay tuned.
