Monthly Archives: March 2013
- March 28th, 2013
Singapore’s central bank, The Monetary Authority of Singapore (MAS), is preparing to issue new guidelines for IT technology risk management that will replace its previous Internet Banking Technology Risk Management (IBTRM) guidelines, last updated in June 2008. MAS acts on behalf of the government to regulate financial institutions operating in Singapore. What is even more interesting is that a large number of international banking organizations are using MAS as their compliance foundation for a risk management framework.
- March 25th, 2013
An apparently small change in one authority could have important implications for financial services.
If you haven’t heard of the new Technology Risk Management (TRM) guidelines issued quietly by the Monetary Authority of Singapore (MAS), this is a good moment to ponder the way that apparently small regulatory changes in distant corners of the world can suddenly ripple across global IT security as if from nowhere.
- March 21st, 2013
Computer security is a field where the goal posts are constantly moving, as malware morphs in an attempt to outsmart the defenses you put in place. While security professionals have recognized for a long time that unwanted software, often in the form of Trojans and worms usually installed by users when tricked by some form of social engineering, presents the biggest risk to security, it’s only now that compliance mandates are catching up and being developed using real-world attack data.
Australia’s Department of Defense Intelligence Agency produced a report of mitigation strategies using research on attacks carried out in 2010, and later updated in 2011. It concluded that 85 per cent of attacks could have been prevented if its top 4 recommendations had been followed. These top 4 recommendations are known as the security ‘sweet spot’:
- March 13th, 2013
We are thrilled to announce that we’ve been honored for the second year in a row by Info Security Products Guide, which recently named our Privilege Guard (now Defendpoint) a Silver winner of the 2013 Global Excellence Awards in the Identity Management category. We are pleased to again be recognized by the esteemed awards for our leadership in the least privilege management sector. It is our goal to continue providing deep visibility and control over corporate desktops and servers, enabling enterprises to strike the balance of user empowerment with corporate security.
- March 11th, 2013
Keeping malware off your network is like a never-ending game of space invaders, except that you need more than one weapon to ward off criminals from cyberspace. But deploying the right security solutions in the right places is crucial if your lines of resistance are to be effective.
A report published in November 2012 by NSS Labs, Cybercrime Kill Chain vs. Defense Effectiveness – subversion of layered security, analyses the effectiveness of security systems, concluding that many attacks successfully penetrate layered security defenses. Network edge firewalls, intrusion protection systems (IPS), endpoint protection suites/antivirus and browser protection, as commonly deployed by large organizations, all fail to live up to expectations.