CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

Critical Security Questions for Owners, Executives and Developers

From business owners, CEOs and the rest of the executive team to project managers, IT professionals, developers and analysts, we've found that the role of someone in an organization affects the kinds of questions they ask about how to protect their organization.

In the newly-updated Boonbox website, we now provide a section, Supporting Your Security Role (click the appropriate link on the right side of the page), which answers common security questions for professionals in different roles. This is provided to help them understand their requirements and objectives and communicate better with their colleagues on how to achieve their aims. Here are some some of the most common questions we get:

Business Owner/Executive Question: How can we maintain data privacy and security compliance? Since our own IT people are already too busy with incident support, can we outsource this?

Boonbox Answer: It is not only possible, but recommended to outsource network, website and application security to security specialists. They have the expertise to understand your compliance requirements (eg. PIPEDA, HIPAA, PCI DSS). Security specialists helps organizations meet security needs according to international standards such as ISO 17799 / 27002.

Webmasters/Application Developers Question: Security and compliance are two different things. We need to be able to show regulators that we've taken approved steps to meet compliance rules like PIPEDA. How do we show compliance?

Boonbox Answer: A Web Security Assessment can provide an assessment report on the state of your organization's compliance with a wide range of security regulations including PIPEDA, HIPAA and PCI DSS. Where gaps exist in your compliance framework, securiy specialists can undertake fixes to applications and infrastructure and provide security awareness training and processes to ensure your organization meets your compliance requirements.

For more answers to common security questions appropriate to your role in the organization, feel free to contact Boonbox directly at info@boonbox.net

Cyber Security and Your Business - BBB Seminar

A security breach could even lead to the closing of your business, so you need to know how to protect your business and customers at the same time. Vaclav Vincalek, Pacific Coast Information Systems (PCIS) Ltd. President, will equip you with these protective tools.

At this presentation, you will learn:

• How and why cyber criminals target your business
• The consequences of a web security breach
• How effective network security, web security and identity management tools and practices can protect your business assets and your customers' privacy

Date: Thursday, May 28
Agenda: 8—8:30 am: Registration and refreshments
8:30—10:30 am: Seminar and Q&A
Cost: BBB Accredited: $25/person
Non BBB Accredited: $45/person
Location: 150 900 Howe Street, Vancouver, BC
Register: Call 604.685.7226 Fax 604.681.1544 Email Susanh@mbc.bbb.org

Need for Network and Web Application Security Webinar May 20

The Need for Network and Web Application Security Webinar by PCIS aims to help managers understand the complex and changing cyber-threat landscape and how they can maintain business continuity through better security.

Date/Time: Wednesday, May 20 / 8:30-8:45 am
Cost: Free!

Register: To register for this free webinar, go to http://boonbox.webex.com/meet/boonbox Click the "Register" link on the right in the Status column for Need for Network and Web Application Security and fill in the short registration form. You will be sent your registration confirmation information and instructions on how to participate.

May 12, 2009

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Critical Security Questions for Owners, Executives and Developers

* Cyber Security and Your Business - BBB Seminar

* Need for Network and Web Application Security Webinar May 20

* Hacker Bait

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers.

Give us your feedback about Cyber Security Informer

Resources Links:

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit.

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

blessingsonthenet.com

dragonballworld.it

freegamesclub.blogspot.com

freeretromovies.com

freewebsitehosting.com

friendstertutorials.com

gamingpromo.com

geocities.com

globalpaymentsinc.com

happybirthday.com

harpercollins.co.uk

higherbalance.com

netsquare.com

northern-element.com

punchlinemagazine.com

speakout.com

spencersretail.com

sportsontheweb.net

starwars-universe.com

stockinfo.com.cn

Ask A Security Expert

"Why does it take so long for some organizations to discover a security breach?"

First, some background. There are plenty of examples of what a lot of people would consider an unreasonable time lag between the breach and its discovery. For instance, UC Berkeley officials announced this week that hackers have been exploiting the social security numbers and other ID of students since at least October. Meanwhile, Lexis Nexis and Investigative Professionals are only now able to disclose to up to 40,000 people that their records were compromised sometime between 2004 and 2007.

Why does this happen? Unfortunately, hackers have many tactics they can use to hide their presence on networks and databases. Their objective is to keep their presence hidden for as long as possible to extract the maximum possible data.

Some organizations may keep less regular schedules for monitoring against known threats, which allows hackers a longer window of opportunity. One way to mitigate the risk is by outsourcing audits and fixes to security specialists, if an organization finds it simply doesn't have the resources to carry out these time-intensive tasks on their own.

If you need more information about how to take pro-active action to prevent a security breach, contact PCIS.

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558