The Global State of Information Security 2005 “A worldwide study by CIO and PricewaterhouseCoopers (PwC) reveals a digital landscape ablaze, with thousands of security leaders fighting the flames. But amid the uncertainty and crisis management, there’s an oasis of strategic thinking.” Continue Reading
Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002
Category Archives: PC Security
Report Documents Steady Rise in Cybercrime
Symantec Internet Security Threat Report, Volume VIII, September 2005 (requires free registration): “The Symantec Internet Security Threat Report is an analysis and discussion of Internet security activity over the past six months. It covers Internet attacks, vulnerabilities, malicious code, and future trends. This edition of the Threat Report, covering the first six months of 2005,… Continue Reading
Joint Gov’t, Industry and Public Interest Groups Sponsor New Consumer Web Security Service
“OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information.” Continue Reading
Anti-Spyware Vendor Recommendations for Corporate Environments
How to Combat Spyware in Corporate Environments – “A vendor contribution from Panda Soft on Spyware…Spyware downloaded to companies can steal confidential information, reduce the performance of the IT infrastructure, due to the resources used by non work-related activity and loss of employee productivity, who have to deal with changes to system settings and unwanted… Continue Reading
NIST Launches Database of Computer Vulnerabilities
“The new National Vulnerability Database (NVD) from the National Institute of Standards and Technology (NIST) will make it easier for system administrators and other security professionals to learn about vulnerabilities and how to remediate them. The NVD is a comprehensive database that integrates all publicly available U.S. government resources on vulnerabilities and provides links to… Continue Reading
Corporations Reluctant to Reveal Incidents of Cyberextortion
From the New York Times, The Rise of the Digital Thugs chronicles the under-reported, yet growing, threat to corporations from “cyber extortionists” seeking bribes in return for withholding data and information obtained by breaching networks. Related reference: Enumerating and Reducing the Threat of Transnational Cyber Extortion against Small and Medium Size Organizations, September 2004 (30… Continue Reading
10th Annual Survey of Computer Security Practitioners
From the Univ. of Maryland Center for Public Policy and Private Enterprise, The CSI/FBI Computer Crime and Security Survey, by Lawrence A. Gordon, Martin P. Loeb, William Lucyshyn and Robert Richardson, 2005 (26 pages, PDF). Continue Reading
Microsoft Security Guide for Small Business
Security Guide for Small Business – “This guide helps explain why security is important to your business and outlines steps to better security.” Continue Reading
FDIC Guidance on Mitigating Risks From Spyware
Spyware – Guidance on Mitigating Risks From Spyware FIL-66-2005, July 22, 2005 “Summary: The FDIC is issuing the attached guidance to financial institutions recommending an effective spyware prevention and detection program based on an institution’s risk profile. This guidance and the attached informational supplement discuss the risks associated with spyware from both a bank and… Continue Reading
Pharming, Phishing, Online Fraud, ID Theft, Worms, and PCs Thrown Out With the Trash
From WSJ free content, Information Security – Where the Dangers Are: The threats to information security that keep the experts up at night — and what businesses and consumers can do to protect themselves. See also Corrupted PC’s Find New Home in the Dumpster Continue Reading
GAO Report Highly Critical of DHS IT Systems
Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program GAO-05-700, June 17, 2005. Highlights. “DHS has not fully implemented a comprehensive, departmentwide information security program to protect the information and information systems that support its operations and assets. It has developed and documented departmental policies and procedures that could provide a… Continue Reading
CERT Issues Cyber Security Alert On Trojan Email Attacks
Alert Overview: “The United States Computer Emergency Readiness Team (US-CERT) has received reports of an email based technique for spreading trojan horse programs. A trojan horse is an attack method by which malicious or harmful code is contained inside apparently harmless files. Once opened, the malicious code can collect unauthorized information that can be exploited… Continue Reading
