This week will prove to be very exciting for all of us involved in the information security scene. The excellent Source Conference is coming to Dublin. Source already hosts conferences in Boston, Seattle, Barcelona and now Dublin.
Having spoken at the Source Conference in Barcelona I can attest that it is one of the better conferences available. It is unique in that it offers an opportunity for those with a technical background to mix with those from the non-technical side of information security.
There is a great lineup for the first Source Dublin Conference. If you want the chance to hear some top rate speakers and a place where everyone can mingle and chat then come along. You can register for the conference here.
I will be speaking at the conference and I hope to see you there.
The SC Magazine Awards are held each year during the Infosec conference in London. It is one of the most prestigious events in the information security field and the awards are one of the most coveted. Having been selected as one of the finalists for the award last year, I was honoured when I first heard I had been selected again as a finalist this year.
On the night of the event I was delighted and honoured to hear the announcement that I was selected as the Information Security Person of the Year for 2013. Below is a picture of the moment itself;
I would like to thank all my family, friends, colleagues, and clients who have supported me over the years and helped make the above award possible. I see the award as a reflection as to how the information security field is growing here in Ireland. We have many excellent indigenous security companies growing here, a large number of industry giants in the security field have selected Ireland for their European HQs, and we have many skilled professional supporting the financial and pharmaceutical sectors. On top of that Irish people have been involved in security in various forms for centuries, so you could say security is part of our heritage. Hopefully we can build on all this and make Ireland a recognised centre of excellence for information security.
More highlights of the night are available in this video,
The year 2013 is of to a great start. Not only has this blog been shortlisted in the finals of the RSA Security Blogger Awards under the category of Most Educational Blog, I found out last week that I have been selected as a finalist in the SC Magazine Awards for Information Security Person of the year 2013.
Last year I was also nominated for this award and it is a great honour to be selected for the final again this year. As well as being a finalist last year for Information Security Person of the year, BH Consulting received an award in the finals of Information Security Consultancy of the year.
I am looking forward to another excellent night at the awards dinner which will be held during the Infosec Europe exhibition in April and fingers crossed I could be coming back from London again this year with an award.
I recently appeared on the Morning Show on TV3 to discuss the issue of Irish mobile phone subscribers being targeted by a phone scam. It appears that those behind the scam would place a call to a victim’s phone but hang up before they could answer thereby creating a missed call on the person’s phone. The prefix for the missed call number is 386 which if you look at quickly looks to be the prefix for the 086 Irish mobile phone number. However, the number 386 is actually the international dialing prefix for the country Slovenia. Anyone dialing the number, curious to see who they missed the call from, would end up facing a hefty charge as the number actually turned out to be a premium rate number. Some people actually reported the number went to a sex line. Comreg are investigating the case and have reportedly stated that anyone impacted by the scam should not have to pay any incurred charges.
I was invited onto the Morning Show to discuss this scam and indeed to cover other common scams. The show is available online on the TV3 Player my interview starts about 14 minutes and 50 seconds into the show.
Here are some of the other typical type of scams that are out there;
You Have Won a Prize Text or Email Message You receive a text message claiming that you have won a prize, either cash or some high value item. To receive your prize you have to pay a shipping fee for it to be sent to you. However after spending your money you never receive the prize.
Give Me Your Bank Account Details
You may receive an SMS message telling you that there is a problem with your bank account and you need to log into your account straight away to rectify the problem. There will be a link in the SMS message that claims to take you to your bank account. This is an attempt by criminals to get you to log into a website they have set up to look like your bank’s website and steal your login credentials to your account. Once you enter your details the criminals will then take those details and log into your account and take your money.
This scam is where you can enter a competition by answering questions via text messages. However what they omit to tell you is that the number you text is a premium number and you end up paying a lot of money – the more questions you answer they claim will increase your chances of winning the prize but will also cost you a lot of money.
Ring Tone Scams
You may be offered access to a free or cheap ring tone to install on your phone. However, what you may not realise by accepting the offer is that you are subscribing to an expensive service.
How to Identify a Scam
You receive a call or text from a number you do not recognise or know
There are no clear indications in the message as to what company or organisation you are dealing with
There are no mention of costs in relation to services offered by the text message
There are no clear instructions on how to stop receiving these text messages.
Numbers given in messages are premium rate numbers.
How To Protect Yourself
Read the messages clearly and try to identify if it is a scam
Your bank or financial institution will never ask for your login details via email or text If in doubt do not ring back
If you did not enter a competition then consider how could you win it?
Read terms and conditions of any offers very carefully
Do not give your financial details (e.g. credit card information) to anyone you have not verified
Be careful of messages that just contain a link. This could be a link to an infected website and the scammer is hoping you will click on the link out of curiosity
Remember, if it sounds too good to be true then it probably is !!
It is a great honour to have been nominated and shorlisted for these awards, especially when you look at the other nominees in each of those categories.
Information Security Person of the Year
Neira Jones – Barclaycard
Brian Honan – BH Consulting
Tim D.W. Wilson – NHS East London and City
Stephen Bonner – KPMG
Information Security Consultancy of the Year
Finally, to top it all the IRISSCERT team were nominated as a finalist for the “Information Security Team of the Year” award.
Information Security Team of the Year
Its an honour to be included amongst the other respected and reknowned nominees. Whatever the outcome this is a great achievement for all involved. I wish all the nominees the best of luck on the night of the awards and look forward to the event.
Earlier this morning I took part in RTE Radio 1′s Morning Ireland show. I was invited onto the show to talk about the arrest of an alleged member of Anonymous and Lulzsec. The person arrested is an 18 year old teenager called Jake Davis, also known by the online alias Topiary. He was arrested by the London Metropolitan Police on the Shetland Islands off the coast of Scotland last Wednesday. He appeared in court yesterday and has now been released on bail on condition that he wear an electronic tag, is not allowed to access the Internet either directly or indirectly and must obey a curfew between 10:00 p.m. and 7:00 a.m.
He is not the first person alleged to be a member of the Lulzsec or Anonymous groups that has been arrested. Earlier this summer UK police arrested a young man called Ryan Cleary in Essex. They have also recently arrested 17 year old boy in Lincolnshire.
The interview can be found on the Morning Ireland podcast and starts approximately 26 minutes and 20 seconds into the podcast. The interview was shorter than planned due to the issues surrounding the presidential campaign for Senator Norris.
If you are planning to roll implement ISO 27001 in your organisation I think you will find the book of interest. The purpose of the book is to provide you with insight into how you can implement many of the controls outlined in the standard by using many of the inbuilt features of Windows and other Microsoft tool. Given that many organisations have a substantial Windows footprint this could result in your being able to implement ISO 27001 in a cost effective way.
Here is a picture of me receiving my award from Alan Calder of IT Governance;
Ever have a question on information security but did not have the opportunity or facility to ask someone that question? Well you will have that chance next week at the Infosecurity Europe in London. The publisher of my book “ISO 27001 In A Windows Enviroment“, IT Governance, are hosting an “Ask the Expert” session on their stand and have invited me to sit on the panel. So if you have a question about ISO 27001 or information security in general then do come along to stand B91 and we can see if we can find an answer to your question.
You may remember that in 2008 I was challenged by technical journalist Marie Boran to steal her identity using only information I could get online. I subsequently spoke at a number of conferences on the subject and you can find a copy of that presentation online.
Last Thursday both Marie and I were invited onto the Daily Show to discuss that project and the implications for people’s online privacy. It was an interesting talk and fun to watch Claire Byrne’s face when I mentioned I had been following her twitter stream. The interview is now available online (the interview begins 17 minutes and 50 seconds into the show). Also the tips I gave are available on the Daily Show’s website.
I will be speaking at the 5th Annual Privacy & Data Protection Conference this year on the 27th of October. The theme for the event is “Data Protection: Global Compliance Management” and I will be speaking on “Building an Information Security Culture and Policy”. I will also be taking part in a panel discussion in information security.
The conference promises to be very informative and the organisers, Transatlantic Events, have brought together experts from the regulators, the lawmakers and the legal community from Ireland, the US, the EU, and the UK in order to debate the full range of issues that make up data protection compliance. The conference will enable you to hear from experts as well as debate in open forum a range of issues from multi-jurisdictional compliance to niche areas such as outsourcing, monitoring, cloud computing, children’s privacy and data security breach management.
I am looking forward to hearing many of the other speakers at the event and hopefully meeting with some of you as well.