CYBER SECURITY INFORMER - news and tips to help you stay safe online and protect your network

Everything I Know About Security, I Learned From Barack Obama

I bet you didn't know that Barack Obama was a cyber security expert.

The popular American President has been many things throughout an impressive career: community leader, best-selling author, political machine. And on further analysis of some of his statements he's made over the years, it's clear that he's got network security and online protection for business on the brain. To demonstrate:

"Effective international police actions require the highest degree of intelligence sharing, planning and collaborative enforcement." 

Obama recognizes that if we're going to take out the cyber criminals, we're going to have to take out their sanctuaries. 

On a local level, this means ensuring that our own systems and those of our business partners are covered by a range of security measures we've often talked about in Cyber Security Informer: network security audits, regular web code reviews,  professional firewall configuration, patching and updating of systems and all of the other little things tha companies big and small must do. The bad guys mustn't be allowed to operate from our own territory.

He's also talking about the international situation. Hackers and phishers can operate from certain countries far away from North America without fear of getting caught, much less getting punished. Really sticking it to the bad guys will require an unprecedented level of international cooperation and knowledge sharing. In the short term, it seems unlikely. But leave it to an American President to make grandiose statements about taking down the cyber-terrorists.

"Money is not the only answer, but it makes a difference." 

Obama has clearly been in on more than a few IT department budget meetings. When it comes to protecting your customers' information, throwing money at a problem isn't necessarily the best option. 

But some elements of effective security do cost money. A professional Network Security Assessment or Web Security Assessment that helps you keep your vulnerabilities locked down isn't free. But the judgement companies investing in security have to make is that this budget outlay will help protect the company's revenue stream and also avoid the cost of a data security breach; typically many times the cost of proactive security.

A stimulus package for security can help your company's economy in the long run.

"I don't care whether you're driving a hybrid or an SUV. If you're headed for a cliff, you have to change direction." 

Obama is making a point here about the difference between the technology you choose and the processes you have in place for protecting your customers' information, avoiding the cliff-diving disaster of a data breach.

For instance, privacy policies aren't just boiler-plate placeholders on your website - these are rules that will actually help keep private data out of the hands of cyber criminals. 

The brand of firewall you have in place or the type of anti-virus software you're using can be secondary. First you have to make sure you've got clear direction for your company and employees in terms of protecting what's important.

"You know, my faith is one that admits some doubt." 

Here, Obama is talking about business owners doing their best to implement cyber security while recognizing that there is no such thing as a 100 per cent solution.

His statement is a reminder that business owners and managers need to take on data privacy and security measures with the knowlege that the game is about mitigating risk, not eliminating it entirely.

Do what you need to do to protect your network and lock down your web applications. Talk with your experts to monitor and ensure that your security measures are configured correctly and patched. And if you do that, your business may have earned the right to the audacity of hope.

Free Web Application Security Webinar April 8

More companies are using web applications to run their business. For some companies, the web application IS their business. How can companies build security into their web applications and protect their revenue stream?

The Web Application Security Fundamentals Webinar by PCIS aims to help the time-and-resource strapped departments in charge of security cope with a complex and ever-changing web application security landscape. This webinar happens on April 8, from 8:30-8:45 am Pacific Time. 

This webinar is a great opportunity for IT managers, web developers, webmasters and other professionals. Future PCIS webinars will also provide information for CEOs and people in charge of risk management to understand web security.

For more information and to see the full agenda for this webinar, see the Web Application Security Fundamentals webinar event page

To be registered for this webinar, email info@pcis.com and PCIS will send your registration confirmation information.

April 7, 2009

Cyber Security Informer is distributed by:

Pacific Coast Information Systems Ltd. (IT Consulting)

Boonbox, a division of PCIS (Security Packaged Services)

Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Everything I Know About Security, I Learned From Barack Obama

* Free Web Application Security Webinar April 8

* Hacker Bait 

* Ask A Security Expert

Cyber Security Informer provides security news and tips to help organizations protect their business and their customers. 

Give us your feedback about Cyber Security Informer

Name

*

Company

*

Phone

*

Email

*

Feedback

Please tell us how you found out about PCIS

Please Select One - - - - - - - - - - - - - - - - - - - We've done business with PCIS before A PCIS representative contacted meWord of MouthSearch EngineLink on another websiteNews Article or PublicationPrint AdvertisementOther

 Resources Links:

• Get more IT Security Resources
• Experience and join the discussion about tech trends and IT security on the Pacific Coast Informer Blog
• Managers’ Cheat Sheet for PCI DSS
• Types of IT Security Threats and their Consequences
• This Site May Harm Your Computer - How to Remove the Google Website Warning

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

Hacker Bait

The latest Hacker Bait list contains highly trafficked websites that have been found to have vulnerabilities that hackers and cyber criminals could exploit. 

This is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days. These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

Ask A Security Expert

"What is PCI DSS and how does this affect me?"

PCI DSS (Payment Card Industry Data Security Standard) is a set of requirements that companies that process credit card information must follow in order to protect private customer account data. It was developed by the PCI Security Standards Council, consisting of credit card companies and financial institutions, to facilitate these protections on a global basis.

What does that mean for your company? If your organization processes credit card transactions, you are regulated by PCI DSS. The company should follow guidelines to protect information. 

For instance, cardholder data should not be stored unless absolutely necessary. Sensitive authentication data such as that contained on a card's magnetic strip should not be stored at all. Payment card data should not be stored on any payment card terminals, or unprotected PCs, laptops or smart phones. Server rooms need to be locked and fully-secured. Data that is stored should be protected by encryption. 

Those are just some of the rules. PCI DSS-compliant companies will also undertake network security audits to ensure that security is built in on a pro-active basis. Web applications will need to be locked down as well. It is recommended to seek expert help in preparing your company for PCI DSS compliance. 

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Cyber Security Informer, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Cyber Security Informer, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558