to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations
 
sarbaines oxley ofcom communications regulator
Latest Resources      data protection register
compliance resources privacy resource center

Breaking Global News
Global Compliance and Privacy News - Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID


You Tell Us:
S
S
L

T
E
C
H
N
O
L
O
G
Y		 We use SSL Technology for web data entry points:

Always
Sometimes
Never
What is SSL?

News
Are Smartphones Endangering Security? - Wick Hill
Dealing with Internet Security Threats - Ian Kilpatrick
How the New EU Rules on Data Export Affect Companies in and Outside the EU - Thomas Helbing
Farmers' Data Leak Highlights Old Technology Use - Wick Hill
Saving Money with SFTP - Wick Hill
UK Information Commissioner targets firm selling vetting data - Eversheds e80
12 Key Steps to Internet Security - Wick Hill
Telephone Monitoring Legality in the UK - Dechert
Firewall or UTM - Wick Hill
UK Information Commissioner demands mobile device encryption - Eversheds e80
Data loss - liability, reputation and mitigation of risk - Eversheds e80
Phorm, Webwise and OIX - BCS Security Forum
The challenges of PCI DSS compliance - Thales, Russell Fewing
"Quality" Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 - Wick Hill
Unified Threat Management - Watchguard Technologies

news archives:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]

Industry Blogs
Tim Berners Lee's Blog
Tim Callan's SSL Blog
Davis Wright Tremaine's Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum's Blog
Phillip Hallam-Baker's Blog - The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King's Security and Risk Management Blog
David Lacey's IT Security Blog
Metasploit Official Blog
Jeff Pettorino's Security Convergence Blog
Jeff Richards's Demand Insights Blog
David Rowe's Risk ManagementBlog
Bruce Schneier's Security Blog
Larry Seltzer's Security Weblog
Mike Spinney's Private Communications Blog
Richard Steinnon's Threat Chaos Blog
The TechWeb Blog
Tim Trent's Marketing by Permission Blog
Rebecca Wong 's DP Thinker Blog

Newsletters
23 February Newsletter
Newsletter Archives are located in "News"

Industry Update
Internet Security Intelligence Briefing - November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/Spyware

Reports
Phorm, Webwise and OIX - BCS Security Forum
'The Any Era has Arrived, and Everyione has Noticed' - Stratton Sclavos - VeriSign
Identity Security - Time to Share
Malicious code threats - iDefense
Public Alerts - updated as they happen from Stopbadware.org
Public Alerts - updated as they happen from Websense
Public Advisories - updated as they happen, from iDefense
Phoraging - Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign

Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60

Security Reviews
February 2007 - VeriSign Security Review
The security review archive is here

Case Studies
Finance Industry
Case Study Example
A case study on a Finance industry company.

White Papers
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service - description of the service
Life of a Threat - Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance - Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library

Legal Notices
Privacy Policy
Terms of use
basel 2 sarbanes oxley
    legislation
data controller notification binding corporate rules BCR data transfer third countries third part data transfer basel 2 regualtor regulation regulate FSA banking network security RSA encryptin algorithm Bits sacked bank staff
Blogs compliance Reports compliancy Legislation Data Protection Case Studies data privacy White Papers data protection act News information commissioner Events security standards Links information security iDefense
Retail Solutions

VeirSign Security Reviews

compliance and privacy

Current News Updates

VeriSign Security Review - October 2006

In October, Symantec Corp. and VeriSign, Inc. announced plans to deliver security solutions to combat the growing threat of consumer identity theft and fraud on the Internet. Symantec plans to offer support for the VeriSign Identity Protection (VIP) Authentication Service, which allows consumers to utilize one-time passwords to protect their online identity. The VIP Authentication Service is enhanced by the VIP Shared Authentication Network which enables consumers to use one credential across multiple member websites.  In addition, the two companies intend to jointly market combined identity and security solutions to financial institutions, online retailers, and end users.  Read more here.

In this issue:

Hot Topics

Monthly Threat Summary

  • Microsoft Corp. released 10 bulletins on Tuesday, Oct. 10, covering 26 vulnerabilities, at least one of which impacts the Windows operating system and is rated as "Critical.”

Security Events

  • November 1 - 2 Secure World Expo, San Francisco, CA
  • November 7 - 9 ISPCon, Santa Clara, CA
  • November 12 – 14 ISF World Congress, Washington DC
  • November 13 – 14 BITS, Orlando, FL
  • November 29 – December 1 Gartner Identity, Las Vegas, NV

Hot Topics

VeriSign Introduces the First Fully Managed Service to Collect, Analyze, Store, and Alert on Logs

A log management strategy helps your organization improve compliance with information security regulations through more focused collection and retention of data, and increased ability to respond to cross-platform and application threats. It can also guide your decisions about technology, processes, and services.  If you have not already done so, your company should build a log management strategy that specifies what to collect, from which systems, and sets parameters for real-time alerts, periodic reviews, auditing, and future analysis.

One of the most difficult aspects of log management is the monitoring of applications. As a result, organizations often prioritize on just a few platforms and events, and hope to catch an intrusion at the network layer. This approach can leave significant gaps in network security.

But now, monitoring applications has just become easier. VeriSign recently introduced the industry's first fully managed service to help you master the complexity involved with monitoring log data. VeriSign Log Management Service extends our leading VeriSign Managed Security Services to the application level, helping you monitor and retain logs from applications, databases, and other critical infrastructure. The service makes it easier for you to collect and retain the log data you need in order to comply with information security regulations. It also enables you to leverage that data for real-time security alerting.

VeriSign Log Management Service combines the experience of our Global Security Consulting team with VeriSign's TeraGuard architecture and third party technology to help you collect, review, and store logs for better security and compliance.  The team helps you identify critical systems and the logs that need to be collected from those systems. The technology then delivers the real-time correlation and analysis capabilities that enable you to track and assess user and system activity in order to more rapidly prevent, detect, and respond to security breaches and comply more broadly with regulations.

VeriSign Log Management Service is flexible, enabling you for the first time to monitor custom applications and other sources that do not have defined types of suspicious events.  As a managed service, it eliminates the time, cost, and complexity associated with purchasing, configuring, deploying, and maintaining an in-house data collection solution. It also alleviates the burden of staffing experts 24x7 to monitor security events generated by the solution.

Back to Top

Take Charge of Compliance with VeriSign Solutions and Services

Chances are you have to contend not only with internal, federal, and industry-specific regulations and policies, but also with the security practices and requirements of your networked partners, suppliers, and customers. To complicate matters, each entity has its own standards for compliance and auditing, so you may have to implement and manage multiple compliance and reporting mechanisms. Compliance has become a significant source of expense and disruption, but non-compliance, with its financial penalties and even jail sentences, simply isn't an option.

In a recent white paper , VeriSign experts recommended the following measures in order to achieve and verify compliance:

  • Implement carefully devised technology and process controls (such as personnel controls, physical and logical access controls, and legal and contractual controls). These controls should be efficient, clear-cut, and easily duplicated, and they must be immediately transferred when a new user, technology, or information is added. Ideally, they should be automated whenever possible.
  • Demonstrate compliance by documenting and organizing compliance efforts . This includes implementing consistent, repeatable systems for quantifying, tracking, analyzing, demonstrating, and reporting on compliance.
  • Enable auditors and assessors to validate documentation (audit servicing). This includes maintaining an audit data repository and enabling validation. You must be able to collect and compile assessment data and then validate it.

Unfortunately, compliance consumes business resources that ought to be focused instead on helping your company succeed. Free up those resources: let VeriSign products and services help you with regulatory compliance, business partner requirements, and industry standards and practices. VeirSign's compliance solutions help you minimize risk, focus on your core business goals, and confidently pursue new business opportunities. They also offer a variety of services that help you maintain compliance—and that may even uncover business opportunities and process improvements that could help your bottom line.

Back to Top

Intelligent Infrastructure Enables and Protects Your Business

VeriSign enables and protects digital interactions—billions of them a day. In a business world that is increasingly defined by heterogeneous environments and digital interactions, VeriSign protects everyday transactions, such as Web surfing, multimedia messaging, RFID-based product tracking, and much more. VeriSign intelligent infrastructure comprises global registries, extensive, reliable networks, and continuously operated data centers. These work in concert to protect the networks, applications, and transactions that are at the center of the digital economy, helping enterprises minimize risks and maximize business opportunities.

What this means for you is that the VeriSign intelligent infrastructure can help you resolve many issues you may have with interoperability, scalability, and security. With VeriSign taking care of these complexities and challenges, you can focus on rapidly deploying new revenue-generating services for customers.

Enterprises around the world trust VeriSign to secure their digital assets. Every day we provide security for more than 3,000 enterprises in 60+ countries. We provide SSL to 93% of the Fortune 500 and we secure more than 450,000 Web sites. VeriSign also provides the DNS services that keep Web sites and email communications up and running—enabling a reliable and consistent global online experience. VeriSign operates the authoritative DNS service for the .com and .net top-level domains, representing over 90 percent of the world's Web, email, and FTP traffic.

Thanks to our intelligent infrastructure, we are among the first to know whenever a new threat emerges. The VeriSign® Global Network Operations Center and VeriSign® Security Operations Centers monitor thousands of enterprises around the globe, tracking 1.5 billion security events per day. This extensive visibility into the world's networks allows us to offer proactive protection against attacks and helps us provide targeted tools for conducting vulnerability assessments and threat management.

Find out more about the VeriSign Intelligent Infrastructure by reading an overview . Or, focus on the security aspect by reading our white paper on Intelligent Infrastructure for Security . If you are interested in the bigger picture of how intelligent infrastructures have always affected economic growth, check out our point-of-view white paper: POV: Intelligent Infrastructure for the 21st Century .

Back to Top

Monthly Threat Summary

Recent Events

Microsoft's latest security update is one of the largest (perhaps the largest) it has ever published, encompassing a total of 26 vulnerabilities. Even more troubling is the large numbers of vulnerabilities announced in popular Microsoft Office programs such as Excel, Word, and PowerPoint. Although the most serious vulnerabilities exist in the older “2000”versions of these programs, those versions are still in widespread use. Six of the vulnerabilities in the update affect Windows XP, even in fully patched versions.

Security experts believe that the vulnerabilities of most concern are MS06-057 (in ActiveX), MS06-058 (in PowerPoint) and MSO6-061 [in XSLT (MSXML)]. All allow remote attackers to install malicious code (Trojans, worms, etc.) on a user's computer.

At the time of this report, at least one of these vulnerabilities is reportedly being used in targeted attacks “in the wild.” The VeriSign Threat Level currently stands at 1 (LOW) due to the unexpected lack of exploitation of the issues covered in this Microsoft release. However, due to the severity of the vulnerabilities and the wide user base affected by them, exploiting these issues should prove quite popular among malicious actors. VeriSign urges all customers to view the security update .

In another report, the US Department of Commerce announced that it has been the target of ongoing attacks routed through servers located in China. According to news reports, the Bureau of Industry and Security (BIS) is being specifically targeted, and the attacks have reportedly forced the organization (which is in charge of controlling the export of items, including those that have potential military purposes) to “replace hundreds of workstations and block employees from regular use of the Internet for more than a month.”  A BIS spokesperson claims that there is no evidence of any data compromise. Details are vague, but The Washington Post quoted a source as saying that the attackers installed a rootkit on BIS's system, which enabled them to obtain “privileged access.”

Back to Top

Web Seminar

Web Seminar: Expert Advice on Effective Security Risk Management 

Chris Babel, VP and General Manager of VeriSign Managed Security Services, joins John Pescatore, Gartner VP and Distinguished Analyst specializing in Infrastructure Protection Management, to discuss information security risk management, with an emphasis on:

  • Understanding what's critical for the success of the business and its customers
  • Defining what threatens that success
  • Selecting and deploying mitigations and controls to shield the business from the impact of those threats
  • Monitoring effectiveness of controls
  • Identifying and responding to residual risks and changing risks and requirements.

Click here to register to view this on-demand web seminar.

Back to Top

Video Presentation

VeriSign Log Management Service Presentation

This brief and engaging animated presentation is the fastest and easiest way to come up to speed on VeriSign's Log Management Service, the first fully managed service to collect, analyze, store, and alert on logs to meet security and compliance requirements. In just a few minutes, you'll understand the basics of this offering, including:

  • Why log management matters
  • How it works
  • How it can help your business protect itself from security issues as they arise.

Click here to view this presentation.

Back to Top

Security Events

November 1 - 2 Secure World Expo, San Francisco, CA
SecureWorld Expo aims to foster communication between security professionals and technology leaders, to discuss best practices, and to form a public/private partnership with government. Themes include IT security, convergence of physical and digital security, and security management within the corporation.

November 7 - 9 ISPCon, Santa Clara, CA
At this reseller-focused conference, Jay Schiavo, Sr. Product Manager for Channels, GeoTrust, Inc., a VeriSign Company will present: Driving Profits with Development, E-commerce and Applications, on Wednesday, November 8, from 4:15 PM - 5:15 PM.

November 12 – 14 ISF World Congress, Washington DC
Continually rated “the best information security conference in the world” by its delegates, the ISF's Annual World Congress offers ISF Members an opportunity to come together for three days in an exclusive and confidential environment to discuss and debate the key issues facing information security professionals—and get practical advice they can take back and use.

November 13 – 14 BITS, Orlando, FL
This year's BITS/American Banker Financial Services Outsourcing Conference will focus on the critical issues financial services organizations face every day, including risk management, global outsourcing, change management, and corporate boundaries.

November 29 – December 1 Gartner Identity & Access Management Summit, Las Vegas, NV
The inaugural Gartner Identity & Access Management Summit is designed to help organizations address the growing exposure that IAM inefficiencies and lapses create. It will focus on the business impact of IAM, the practical applications of IAM organizations are using today, and the future direction of IAM technologies. 

Back to Top

 


This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.