Malta Info Security - Articles

Malta Electronic Identity Password Information

nospam@example.com (Donald Tabone) — Mon, 02 Aug 2010 13:21:26 -0700

In 2004 Government launched the Electronic Identity (e-ID) as part of its programme to create a strong eGovernment infrastructure based on sound identity management. Government drives the initiative in collaboration with the private sector by championing a strong and secure authentication mechanism that can evolve from the key to eGovernment to the trust behind eCommerce. (1)

Malta's eGovernment services portal relies on the e-ID (the single most trusted authentication mechanism) to provide a one-stop-shop for all eGovernment services. The portal allows the management of the user’s e-ID profile which contains personal details as well as functions for assignment and delegation. Citizens may “delegate” their eServices to other citizens (who have an e-ID) or to registered organisations. Through www.mygov.mt, the e-ID may also be used by organisations (e.g. businesses and administrations) which may “assign” the management of the eServices to an “Organisation Manager” who has an e-ID.(2)

Over the coming 6 months, the governments e-ID system will be implementing a new password policy which will help increase the security of the system for the benefit of its users.

The effect of this new policy is that you will have to reset your password every 90 days.

The e-ID system requires you to provide a strong password that meets the following criteria.
The password must not contain your full e-ID number, first or last name
The password must be at least 8 characters in length
The password must contain English uppercase characters (A through Z)
The password must contain English lowercase characters (a through z)
The password must contain base 10 digits (0 through 9)
The password must not be the same as any of your previous passwords

Here at maltainfosec.org we thought of providing four easy steps to achieve the above:

1. Read-up on how to choose a secure password
2. Avoid common password pitfalls
3. Access a random password generator and pick a password that's secure and easy to remember
4. Finally, cross-check how secure the password you chose actually is

Read on for some more suggestions on how to choose a secure password..
Continue reading "Malta Electronic Identity Password Information"

Site news

nospam@example.com (Donald Tabone) — Sun, 01 Aug 2010 09:13:01 -0700

A few updates on what's happening on maltainfosec.org

We realised that we tend to retweet a lot of tweets from HelpNetSecurity due to the obvious relevance of their articles --- as such instead of RT their posts, we added a new column to the right of our webpage linking to the RSS article feed of HelpNetSecurity. 'Caps off' to the guys at HelpNetSecurity!

We have new competition rules in the pipeline --- we'll be releasing a short article on this shortly --- thanks to our Sponsors!

Meanwhile, a short note to promote an excellent magazine which has released its fourth issue just today.

Digital Forensics Magazine, one of the fastest growing resources available for IT security specialists, launches its fourth edition. With a global coverage, the print and online magazine is fast establishing itself as the must-have magazine for practitioners and students of digital forensics.

Being a subscriber from issue 1 and a DF tutor on behalf of NCC, another 'caps off' & kudos to this excellent magazine which focuses on very relevant topics hitting the nail on the head by striking the right balance between legal aspect of Information Security and Forensics and technical review content. If you haven't subscribed yet, we recommend you visit their website and sign-up - http://www.digitalforensicsmagazine.com/

Issue 4, released online on August 1st 2010, takes a look at how effective traditional digital forensic techniques are at obtaining forensically sound data in scenarios where computer misuse has been used in attempts to frame the innocent. The DFM team also investigates and details the state of digital forensics in law enforcement around the world identifying which countries are doing well and which have much to do, highlighting the disparity in skills and qualifications between each. In a world that is getting ever more interconnected and one in which international online crime is on the increase, the industry should look to establish and apply minimum standards .

The rest of the article gives some more information and article tasters from Issue 4...
Continue reading "Site news"

Information Security Basics

nospam@example.com (Donald Tabone) — Sat, 24 Jul 2010 10:08:57 -0700

An article focused around security principles, security standards and the CIA triad by Brad C. Johnson echoed from the ISSA Journal

Information security programs are built on the building blocks of information security basics. This article will describe these basics and give tangible examples of the types of topics and decisions you must grapple with to build such a program.

Abstract

IT information security programs are built on the building blocks of information security basics. The mortar for these blocks are the basic principles of security: confidentiality, integrity, and availability. The blocks that form the foundation are a variety of fundamental security topics such as risk assessments, security policies, asset management, physical security, operational management, and incident management to name a few. Understanding the concepts that define the basics of information security is critical to building a robust security program. This article will describe these basics and give tangible examples of the types of topics and decisions you must grapple with to build such a program.

The basics

Information security means the protection of both information and information systems. We want to protect these things to ensure that access to them is controlled. We want to make sure that only authorized people and processes can access them and only at appropriate times. We want to make sure that the information is only disclosed in ways that we control, that access to it is not disrupted, and that data is only changed – created, modified, or removed – under the conditions we define.

Information, as we all know, is stored in a variety of ways: on paper, in voicemail systems, in people’s minds, and on a variety of electronic technologies. Information systems can take the form of a group of people (e.g., the Information Security Group), a collection of policies, or a collection of electronic devices (routers, firewalls, security software). All in all, information security is an expansive topic that affects virtually everyone within an enterprise.

The word basic also needs to be put in the appropriate context. Some people assume that it means something trivial or achieved quickly or without a lot of effort. In fact, it is the exact opposite. It is about fundamentals: actions that are rehearsed, acted on, refined, and monitored on a regular basis. In the sport of football, blocking and tackling are considered basic skills that are necessary to succeed at any level. No matter what kinds of offense or defensive schemes are used, they can only be successfully executed with sound blocking and tackling techniques. These techniques are rehearsed continuously throughout the season. These techniques are uniquely coached to fit the special needs of the plays you are trying to run. Information security basics are the same thing. They are practiced continuously.

As we all know, security is not an end-game but an ongoing process: a way of thinking. The more ingrained that security is within the corporate culture, the more likely it is you can succeed at meeting the needs of your business. Security is an iterative process with the goal of continually improving each of your policies, procedures, or controls.
Whether you know it or not, the roots for information security within an IT organization are built on the well-known CIA triad for security policy development[1]# Briefly put, the CIA Triad is a security model built around three critical areas: integrity, confidentiality, and availability. Those concepts are handled within the confines of your hardware, software, and communications information systems. Those information systems and critical areas are therein executed by people, products, and procedures.
Continue reading "Information Security Basics"

GFI Software Enhances its Security Product Offering with the Acquisition of Sunbelt Software

nospam@example.com (Donald Tabone) — Wed, 14 Jul 2010 13:34:12 -0700

The company’s VIPRE technology will allow GFI to offer its own established antivirus product

GFI Software, a market leading provider of software infrastructure products for small and medium-sized enterprises, announced today that it has acquired Sunbelt Software and specifically its VIPRE® product suite. Terms of the transaction were not disclosed. The acquisition will allow GFI to merge VIPRE technology into GFI’s email security and web security solutions group, and will provide GFI with new security products consisting of world-class and innovative technology. The assets of Sunbelt's software distribution business, started over 16 years ago and separate from the technology side of the company (focused on selling DoubleTake high-availability software), will be divested into a separate entity and the company is exploring other strategic partnerships.

Catch the full article here

ISACA Conference & Educational Event

nospam@example.com (Donald Tabone) — Mon, 17 May 2010 14:13:24 -0700

Conference Reminder: 21st May 2010.
If you have not yet registered and plan to attend, make sure you log on http://www.itgovernancemalta.com/index.php/book-here to reserve a seat.

Educational Event

Tuesday 25th May 2010 from 17:15 to 19:15 at the Radissson Blu Resort, St. Julians

Book Here

The concept of continuous auditing has been around for many years. It has been talked about, researched and theorised. Many organisations have made significant investments of time and money, yet for most organisations it is nothing more than an unrealised dream. As a matter of fact, one organisation's version of continuous auditing may differ dramatically from another organisation's implementation. This event will look at the reasons for this. It will look at how organisations and auditors can breach the gap and turn the concept into reality.

The educational event will also provide an understanding of the concepts and strategies required for continous auditing. During this session you will discover the benefits to be gained from continuous auditing and the practicalities of implementing it in your own organisation.

Speaker Profile

Derek J. Oliver is an Information Audit & Security specialist with over 27 years experience and is qualified as a Certified Information Systems Auditor (CISA), a Certified Information Security Manager (CISM), a Fellow of the British Computer Society (FBCS) and a BCS Chartered IT Professional (CITP). His background in the IT Infrastructure Library (ITIL) is represented by Fellowship of the Institute of IT Service Management (FISM) and he has been recognized as a Member of the Institute of Information Security Professionals (MInstISP). In 1996, he was admitted a Freeman of the City of London and he is a CHIP registered Health Informatics Practitioner at Level 3 (highest).

Following a Master of Science (MSc) degree in Information Technology, awarded for his work on disaster recovery and business continuity planning, he received a Doctorate (PhD) for research into the various elements of executive policies contributing to information security management. He has since been awarded an Honorary DBA by Belford University in recognition of his work in the development of the CISM designation. He is internationally regarded as an expert in Information Security Governance, especially using CobiT, ITIL and ISO27001 and is a regular presenter at many international conferences and training courses on a variety of security, fraud and audit topics.

ISACA MALTA CHAPTER members attend for free to this educational event.

Reduced Fee: €15* *Members of Malta Institute of Accountants, Malta Institute of Management, IEEE, and British Computer Society are eligible for the reduced fee.
Others €20

Watching your online customs..

nospam@example.com (Donald Tabone) — Mon, 12 Apr 2010 09:48:27 -0700

SANS has an excellent website with a collection of Security Awareness Tips coming from various contributors. Amongst them are nifty ways to ensure you do not fall as a victim to identity theft or worse. I've collected some of them below:

- Always lock your computer (by pressing CTRL + ALT + DELETE and hitting "Enter") before walking away from it. Find the section that explains how to create a simple desktop shortcut to lock your PC.
- Use variations on a strong "core" password
- Don't Investigate a Security Problem Unless You Are Authorized by the System Owner
- Protect Yourself from Identity Theft
- Check for encryption or secure sites when providing confidential information online
- Patch and update on a regular basis
- Don't Trust Links Sent in Email Messages.. Phishing with a 'Ph'
- Don't click on links in pop-ups or banner advertisements
- "Can you hear me now?" Do NOT trust your cell phone Bluetooth earpiece - think its unlikely.. see the below YouTube video..

Take a moment to browse through the SANS site when you next get a chance..!
Continue reading "Watching your online customs.."