The European Network and Information Security Agency (ENISA) recently published their white paper on “How to Shop Safely Online”. It contains some good recommendations for both the consumer and the provider on how to conduct business in a secure manner while online. I was one of the contributors to the paper which is available to download free from the ENISA website.
As an aside ENISA provides many excellent white papers on different areas of information security ranging from Cloud Security, to Security Awareness and to Computer Security Incident Response. You should make it one of your New Year resolutions to become more familiar with their work.
The Irish Reporting and Information Security Service will be holding its first annual conference on Cyber Crime. The event looks to be pretty interesting especially as attendance will be free. The following is from IRISS CERT‘s website:
IRISS will hold its first annual conference on the 19th of November 2009 at the D4 Berkley Court hotel. This all day conference will focus on providing you with an overview of the current cyber threats facing businesses in Ireland and what you can do to help deal with those threats.
Experts on various aspects of cyber crime and cyber security will share their thoughts and experiences with you while a number of panel sessions will provide you with the opportunity to discuss the issues that matter to you most. There will be a number of expert speakers on cyber crime including representatives from;
In parallel to the above speaking sessions Ireland’s first Cyber Security Challenge, HackEire, will be held to identify Ireland’s top cyber security experts. HackEire will see 10 teams, up to a maximum of four people per team, compete against each other in a controlled environment to see which team will be the first to exploit weaknesses in a number of systems and declare victory. The purpose the HackEire competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.
The conference will be open to anyone with the responsibility for securing their business information assets. There is no charge for those who wish to attend.
The IRISS Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment.
If you are interested in attending please register at [email protected]
The European Network and Information Security Agency have recently released their latest position paper on “Security and Privacy in Virtual Worlds and Gaming”. The paper looks into the risks users of virtual online worlds and gamine platforms face from issues such as malware attacks, phishing and privacy issues.
The September 2008 edition of our sister publication, the Security Watch Newsletter, is now available online. For those of you who do not subscribe to our newsletter, you may find it a useful read as we highlight issues and stories that may not be applicable to our Blog
Over the summer I worked on a project with ENISA to produce a white paper “Obtaining Support and Funding From Senior Management“. The paper is now available on the ENISA website.
This is very important paper as one of the most important things to ensure the success of any information securtiy awareness programme is to have the appropriate support and funding from your senior management. If you are considering rolling out an Information Security Awareness programme then you should have a look at this white paper to ensure that you get the appropriate support from your senior management.
Two years ago ENISA published an excellent guide on how to raise information security awareness within your organisations. A new version of the guide is now available and well worth the time taken to download and read it. Security awareness can be one of the most effective defence measures you can invest in. Once you have created a culture of security within your organisation and trained users on how to identify potential threats your greatly reduce the ability of attackers to breach your organisation.
Now that the summer is here, although it is hard to believe that given the weather we are having, it is time for summer schools. As an information security professional you can join in the summer fun too.
The European Network and Information Security Agency (ENISA) and the Institute of Computer Science of the Foundation for Research and Technology – Hellas (FORTH-ICS) are jointly hosting a week long seminar in September to bring together information and network security professionals to discuss many of the challenges that we face.
The list of speakers looks good and includes the likes of Dr. Richard Clayton and has a broad range of topics that will be of interest to many of us.
The summer school will be held from the 15th to the 19th of September on the island of Crete. Looking out at the rain a trip to Crete looks pretty attractive at the moment.
ENISA(The European Network and Information Security Agency) has recently released an interesting whitepaper on securing USB devices. The paper is a good read highlighting the threats that USB drives pose and listing a number of recommendations to minimise these threats.
The Thursday the 29th of May edition of the Irish Independent had an interesting article in its Digital Ireland supplement discussing whether or not Ireland should have mandatory data disclosure laws similar to those in the United States. I am quoted in the article in support of the introduction of such legislation while Owen O’Connor and Paul C Dwyer highlight some reasons why they feel we do not need it.
The Irish Times on Friday the 30th of May includes an article where the Data Protection Commissioner, Billy Hawkes, acknowledges that Ireland is likely to see data disclosure legislation being introduced.
In its 2007 Annual Report the European Network and Information Security Agency (ENISA) also calls for data disclosure laws to be introduced.
A recent poll at the 2008 Infosec show also shows that over 70% of IT Managers surveyed believe UK companies should be required to disclose security breaches exposing personal information.
I will post at a later date outlining the reasons I believe we should have such laws introduced and countering some of the points that Owen and Paul make. In the meantime I would be interested in hearing your opinion as to why you think data disclosure laws should or should not be introduced.
ENISA has extended the deadline for comments on the report “Security Economics and the Internal Market” until May 30th. The paper is the work of Prof. Ross Anderson, Rainer Böhme, Richard Clayton and Tyler Moore (University of Cambridge, UK).
The report and guiding questions for comments can be downloaded from ENISA‘s website here.