Measure and control IT security

A misstep in preserving electronic data for litigation could mean defeat before the enemy is even engaged.

According to Greg Fordham, a founder of K&F Consulting Inc., “Just not deleting anything off the computer isn’t enough.”

“The continued use of a computer can alter important metadata such as file system date and time stamps. Similarly, continued use can overwrite dynamic system data such as virtual memory stored to a disk, or overwrite deleted data so that it is unrecoverable,” he said.

Steps Fordham recommends include: early notice to preserve evidence - even prior to filing; preserving electronic evidence in a forensically sound manner that will capture the full spectrum of data; and developing a questionnaire or guide that seeks specific details about a clients electronic and computer systems.

According to K&F Consulting.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Computer security audit software changed a lot now

How the type of computer security software has changed over the years, what about checking if your system provides sufficient security, why not pass security audit?

The system of computer security audit has changed dramatically over the years. Whereas in the beginning all of the software that was crucial was produced by giants like Hewlett Packard, and it was adjusted to suit the customer’s specific needs, now it has been almost totally replaced with ready made products, as they proved to be very cost-effective for businesses.

While the performance of these products is not the same as it used to be with the previous generation of hand-tailored software, final users have still had to put up with it as well as with the fact that they have to take all the necessary security measures, as the developing companies disclaim any liability for incurred damages.

So what is exactly a computer security audit? To put it bluntly, it is a series of tests intended to assess a company’s security policies are used and if they are effective. In order to do this, computer security auditors may conduct various procedures, like personal interviews, system vulnerability benchmark tests, and others.

Computer security auditors usually start with checking if the company has a written security policy code. The latter does not exist in a lot of even modern companies, which is very unfortunate, since unless all the staff members of the company have understood and signed the security policy agreement, the security system may be extremely vulnerable.

Furthermore, this document must be living and regulations reflected in it must be implemented daily. That is to say, a lot of employees still choose convenience over security. For instance, users must be aware that every password should be somewhat sophisticated and should include numbers as well as letters and should not be a mere word or two words together. However, many employees are simply too lazy to come up with a password of this kind, which leaves the company’s security system vulnerable.

When auditors are checking the system, they should follow some kind of a standard procedure, a list of check-ups that they generally do, but also keep their eyes open for some unexpected problems. When the check has been completed, first of all, auditors should inform the administration and the staff of the obvious errors and flaws in the system. This should be done in a way that does not show the administration that the conclusions are definitive and final.

A thorough follow-up check-up might be needed to clear up the difficulties. Some errors, though, have to be corrected right on the spot. The final audit report should be carefully considered and written in a simple logical form so that every staff member should understand it correctly. Each problem, with its background and the solution should be laid out on a separate worksheet. In the meantime, the management of the company should be constantly supervising the faulty areas, just to make sure that the recommendations provided by the auditors are being implemented.

Though even when the report has been issued, the auditors and the management should keep in mind that organizations generally evolve, they do not stay the same, and as they evolve, so do their security systems. Therefore, the auditors should always be able to consult the company workers, in case some changes are to take place.

__

If you want to learn more about security auditing software, check Sam Miller new web-site.

For fear of becomming the next victim of identity theft, 150 million U.S. consumers don’t bank online, according to experts. But the banking industry could improve profitability by as much as $8.3 billion per year if banks build consumers’ confidence in online security, according to the TriCipher Consumer Online Banking Study.

The study, which was based on online survey responses from 3,349 U.S. adult consumers, reports that 31 million customers would feel safe enough to begin banking online and another 39 million online users would increase their online banking activity if their banks offered free identity protection software.

While only 6 percent of survey respondents have been victims of identity theft or fraud, 41 percent — which translates to more than 88 million U.S. online banking customers — would change banks or reduce their online service usage if their individual institution was compromised by a data breach, the study says, making identity protection a significant competitive differentiator.

Consumers are willing to take extra steps to protect their identities, but they do not want to pay extra for these services. “Many view this as a service they should get automatically,” explains Stephen Knighten, statistical analyst, Javelin. “They are willing to take extra steps, but not at an expense.”

According to the study, 62 percent of online banking users would download and use identity protection software if their banks provided it for free. Consumers are interested in second-factor solutions, including biometrics (33 percent), one-time password tokens (20 percent) and peripheral device recognition solutions (15 percent). “The key to these solutions’ success,” says Knighten, “is that they must be convenient.”

While banks must foot the bill for these security measures, they can recover their investments by cross-selling to the lucrative online banking segment, notes TriCipher’s DeSantis. “Banks can target them with profitable lines of credit, mortgages and similar products,” he says. “The key is to reinforce trust and loyalty of account holders. … Unless you have their confidence, they will start to stray.”

See full story.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.