Security Spotlight
Welcome to February's
edition of The Security Spotlight, Setec Security's monthly newsletter.
Although it is still early in 2004, significant developments and events
continue to advance the information security industry, aiding organization's
in reducing their risk, safeguarding assets, and assuring protection from
the threat of a security breach.
We hope that this month's newsletter will help you stay informed and feel
free to visit Setec Security's website to learn more about our
commitment to help organizations effectively and efficiently address information
security.
Best wishes,
Setec Security
View the newest articles
showcasing intelligent strategies and valuable insights surrounding vital
security issues and market trends:
 No
Silver Bullet for Information Security
The evolution of technology has changed the manner in which society must
address and handle the security of information and other assets. Assets
that once only existed in pure physical form now extend to new mediums
and transmission mechanisms. However, the need to safeguard the security
and privacy of assets and information has not changed dramatically, as
cutting-edge security in today's world...
Information
Security Management: Criticality of Security Policies
A strong information security risk management framework is paramount to
proactive security controls, a robust security posture, and dynamic security
awareness that spans all levels of an organization. Management must actively
strike a balance between business and security goals...
Responsibilities
after a Security Breach: Implications of SB1386
September 2002 brought a groundbreaking law to California. SB1386, effective
July 1, 2003, requires organizations to fully disclose any and all information
regarding computer security breaches they have suffered that resulted
in personal customer data...
Addressing
Security Through HIPAA
The integrity, availability, and confidentiality of patient information
for health related organizations is of vital importance due to the initiation
of The Health Insurance Portability and Accountability Act (HIPAA), which
has forced healthcare organizations to reevaluate business practices and
information handling...
View the top news stories
and events of the month influencing information security and affecting
businesses:
Fallout
from the Microsoft Windows Source Code Leak
Microsoft Corporation and the Information Security Industry suffered a
setback earlier this month as a selection of the highly secretive source
code for the popular operating systems Windows 2000 and Windows NT was
leaked and made public online...
WiFi
Opens Doors For Crooks, Identity Thieves
Wireless technology is exploding in popularity, however, high-tech criminals
love it even more than you do...
Red
Hat Unveils Linux Security Upgrades
Red Hat is enhancing the security model in the next version of Red Hat
Enterprise Linux to include support for Security-Enhanced Linux (SE Linux)...
Hacker
Puts Job Agency Data at Risk
A computer hacker broke into a state Employment Development Department
computer last month, potentially accessing sensitive personal information
of some 90,000...
Global
Software Security at Risk
The pervasiveness of global software threatens computer security as a
single vulnerability exploited through a virus...
Cracks
Appear in Bluetooth Security
Be careful the next time you turn on your Bluetooth-enabled phone: You
could unknowingly be opening the door to a nasty intruder...
Mydoom.A:
Timeline of an Epidemic
Mydoom.A is the fastest spreading malicious code in history, causing the
greatest epidemic ever seen. It is now estimated that over half a million
computers...
Bush
Budget Sweeps in Tech, Cybercrime
President George W. Bush on Monday proposed a $2.4 trillion federal budget
that boosts spending on information technology and on computer crime investigation...
As security information
is of a time critical nature, Setec Labs' Alerts & Advisories provide
immediate threat research and analysis regarding newly identified vulnerabilities
and security issues, as well as Setec Security's response to the situation:
Multiple
Vulnerabilities in Microsoft ASN.1 Library
The presence of multiple vulnerabilities in the ASN.1 library allows a
remote attacker to exploit integer overflows resulting in the ability
to execute arbitrary code with super user privileges...
HTTP
Parsing Vulnerabilities in Check Point Firewall-1
The Application Intelligence (AI) and HTTP Security Server component of
Check Point Firewall-1 contain a HTTP parsing vulnerability that allows
a remote to execute arbitrary code with super user privileges...
Multiple
Vulnerabilities in Microsoft Internet Explorer
Three new vulnerabilities in Microsoft Internet Explorer (IE), Microsoft's
web browser, have been released. The most significant vulnerability allows
a remote attacker...
Setec Security's extensive
experience in providing information security solutions across a broad
range of industries is communicated through the following Case Studies
that discuss and describe information security challenges, objectives,
and benefits in real world applications and scenarios:
Security
Breach in an Academic Institution
The following case study is a real-world example of an engagement performed
between Setec Security and a state college in New England that services
approximately 5,000 students with a technology infrastructure to support
both simultaneous online and classroom-based curriculums.
Gramm-Leach
Bliley Motivated Information Security Assessment
The following case study is a real-world example of an engagement performed
between Setec Security and a financial institution providing on-line banking
services and home equity loans.
About Setec Security
Setec Security, founded in 1997, is a pioneer and industry leader in information
security solutions, bringing together leading human capital, information
security expertise, in-depth research, and extensive real-world experience
to help organizations strike a balance between business and security goals.
Setec Security's multi-disciplinary information security professionals
are industry leaders and established researchers who help organizations
effectively identify, assess, implement, and manage security solutions
through the use of proven methodologies, creative tools, and industry
best practices.
Setec Security provides organizations with the ability to trust that their
information security needs are being met in the most cost-efficient and
timely manner and ease the information security burden by helping them
concentrate on what they do best: innovate, profit, and grow. |
