InfoSec Manager’s Journal

ComputerWorld’s J.F. Rice puts out a great series called the Security Manager’s Journal.  Real people submit their experiences, and they are published with anonimty for others to learn from.  Excellent resource that I have been sipping from for the past few years, and no, I have not submitted an article (yet).  This month’s “The way we’ve always done it” resonates with me from so many past engagements.  We all tend to fall back on the old familiar ways when time is a factor, or we simply don’t realize there has been a change of direction. 

Most definitely worth a read if you are involved in IT, Development, Project Management or Security.  In my career I have had to wear several of these hats, and walk in the shoes of each.  Funny how perspective can change with time to reflect on and understand how the same issue can be viewed from different sides of the business.


MSE A-V FREE To Small Business

Microsoft Security Essentials (MSE) will be released free for small businesses beginning in early October.  MSE is an antimalware solution designed to protect against viruses and spyware on Windows-based PCs.  MSE is currently only free for consumers.  Microsoft will extend that free protection to small businesses with 10 or fewer PCs and “genuine” Windows licenses in place. Microsoft remotely runs a check of the user’s computer for a genuine copy of Windows before allowing the MSE installation to take place.

There are some shortcomings to be aware of if this will be your A/V protection of choice.  MSE lacks centralized management control and other security features that enterprise IT pros require.   According to a report by competitor Symantec, hackers have already created false alerts, imitating MSE.  The idea is that users will trust those alerts, click a button and unwittingly drop malware onto their PCs. 

However, it also has some benefits.  The software runs in the background with little interaction required by the end user.  It alerts the user only when a threat has been detected, but otherwise it conducts antimalware scans quietly. 

An MSE panel shows “good” security conditions with the green color, whereas yellow and red colors indicate that an action is required by the user, as explained in a video.   If you have nothing else available, and no budget, then this is a good starting point for protecting your small business assets.

Canadian Privacy Commission Ends Facebook Investigation

ComputerWorld reports that Canada’s privacy commissioner has ended their investigation into Facebook’s privacy practices saying the social-networking site has resolved issues raised in a May 2008 complaint.

The privacy group complained that Facebook had violated Canadian privacy law by not explaining its policies on sharing information with third-party developers to users.  The complaint also accused Facebook of not identifying all the purposes for which it collects users’ information, not getting express consent to collect sensitive information, not allowing users who have deactivated their accounts to easily withdraw consent to share information, failing to destroy the personal information of users who deleted their accounts, and of failing to safeguard personal information from unauthorized access.

6 Cisco IOS Patches

Cisco has released a set of security updates for its switches and routers.  There are 6 advisories in all, fixing 12 vulnerabilities, each patch covers a different component of the Cisco IOS, including components such as Cisco’s VPN software, the Session Initiation Protocol (SIP), Internet Group Management Protocol, and Network Address Translation (NAT) software.