Tag Archives: information security

B2b, Internet, ISPs, Online, Security, Services, Social Networking, Software

commissum Sponsorship of Open University Student Prize

Leave a comment

commissum is proud to again be the sponsor of the prize for the Open University Post Graduate module for Information Security Management; the M886 module. This is the second year that commissum has sponsored this prize.

The winner of the prize this year is Canadian student Sara Maharaj, from Ontario. Sara took the Information Security Management module as a standalone course for her professional development. The Information Security Management module is very focused on taking a practice-based approach; this encourages the student to base what they do upon an organisation that they are familiar with.

The course provides the foundation knowledge, understanding, analysis and synthesis needed to develop a practical information security management system (ISMS), to the standard set by the ISO/IEC 27001:2005 and BS ISO/IEC 17799:2005. It also targets helping the students acquire the personal development skills that they need to keep abreast of important developments in the rapidly changing field of Information Security.

Sara, having successfully undertaken the course as the top student, said:

“The course provides valuable insights into how to strategically manage information security within the organization. The practical exercises force you to think through a methodical implementation of the ISO 27001 standard, which facilitates excellent learning.”

Managing Director at commissum, Martin Finch, is a keen advocate of this practical approach to learning. He said:

“When students are given the opportunity to apply what they learn during the course of the module, it not only reinforces the lesson and benefits them and their respective organisations, but also instils a sense of great satisfaction”.

Last year’s joint winners were Ian Knight and Sally Anderson. Ian Knight who graduated with a BA/BSc Open Degree took the Information Security Management course as the last step in his degree journey. Ian works for a major Telecoms provider, with responsibility for Information Assurance on large client contracts. He said:

“The course materials were some of the best that I have encountered in the OU and in other study; I found the course to be of immediate practical use in my work almost from the start of the first unit”.

Sally Anderson, who is Head of Web and IT in a leading University, also commented on the practical nature of the course, saying “I have directly applied the new knowledge and skills to my work already and have the confidence now to advise and manage information security on behalf of my organisation”.

Via EPR Network
More Internet & Online press releases

B2b, Internet, ISPs, Online, Security, Services, Social Networking, Software

commissum at Infosec Europe 2011

Leave a comment

Another Infosec Europe has come and gone. Once again, commissum had a strong presence; the company’s sixth year of exhibiting at this premier event.

Information Security experts commissum managed to make the even a great success, despite visitor numbers being reported as 15% down on the previous year owing to the timing falling immediately before the Easter and Royal Wedding holiday weekends. We had over 500 visitors to the commissum stand asking for information on the company and arranging follow-up meetings after the show.

The commissum stand this year will have been familiar to regular attendees of the event. Our corporate colour of deep yellow once again stood out with our smartly dressed stand staff in their white shirts and yellow ties. Our credentials as a CREST company and CLAS consultancy provider were once again prominent.

At this year’s show, as usual, members of the commissum team were on hand to discuss our visitors’ requirements, provide advice, and also explain the services we offer. This naturally covered our complete portfolio across security management, penetration testing, consultancy and technology services; however, this year we also put some emphasis on two areas; both attracting strong interest:

Project/software development lifecycle (SDLC) security; and Managing Governance Risk & Compliance (GRC) through true unified governance.

We were supported in the above areas by our partners DB3, who demonstrated the HiScout Unified Governance suite, and Checkmarx, one of the leading innovators in the field of static code security analysis. Both partners received a lot of attention with their industry leading tool suits.

Via EPR Network
More Internet & Online press releases

B2b, Internet, ISPs, Online, Security, Services, Social Networking, Software

Risks Of Using Social Networking In Business

Leave a comment

Social Networking sites such as Facebook, Myspace and Youtube have gained popularity among the younger population. Sites such as LinkedIn, Plaxo and Xing have followed quickly in their footsteps to provide the business friendly social network opportunities.

More recently, companies large and small are exploring ways to use social network site to support and improve sales (Youtube), to find new employees and business partners (LinkedIn) or to monitor their performance and respond to critics (Yelp and increasingly Facebook and Twitter).

However, for information security experts commissum.com, businesses looking to embrace these social media channels and tools in their business need to understand and calculate the benefits and risks before engaging them.

To consider the risks of using social media for your business consider the following:

Be careful using social media for employment vetting purposes for the same reasons that employers should not ask about religion, preferences, age, race etc.

Once a business takes the step of using social media, they are opening up a channel that in most cases you have very limited control of; in fact almost handing over control to the public. How would the business deal with both fair and unfair criticisms and opinions expressed on social media websites and how could its reputation be affected?

Would your employees know what business information can be disclosed on social media websites and could the business therefore be at risk of involuntary information leakage?

Could information on the size, structure of the business and operational details such as IT infrastructure details be used for initial data gathering activities for targeted attacks?

Could the business IT infrastructure be vulnerable to malicious software downloaded from social network sites?

And lastly consider whether the business should monitor the activities of its employees to ensure that security is maintained and resources are not being wasted by social networking activities.

“The risks of using social media encompass all aspects of the business; legal, employment, technical, operational and reputation”, according to a commissum spokesperson.

Via EPR Network
More Internet & Online press releases

B2b, Internet, ISPs, Online, Security, Services, Software

GRC (Governance, Risk and Compliance) is a recent acronym that has quickly spread among the senior management community around the world

Leave a comment

Initially this was sparked by the fallout from a number of major corporate governance scandals, including those affecting Enron, Tyco and WorldCom; all of which led to the enactment of the US Sarbanes-Oxley Act and the concept of a more holistic view of Governance, Risk and Compliance. Interest has also grown rapidly in the UK as legislation and compliance requirements have increased.

Traditionally, most organisations ensure compliance with legislation, regulations and standards by instructing each department to determine the requirements for compliance and specify actions and controls to achieve this. Organisations will therefore have a number of organisational departments for business continuity (possibly aligning with BS25999), for IT security (in many cases aligning with ISO27001), for quality management, etc.

They will certainly have risk management carried out by these various departments, all identifying risks and controls and also individually reporting on these. Managing all of this and pulling it all together into a coherent picture upon which business decisions can be made and priorities can be based in an efficient and effective way is a complex challenge.

commissum’s Principal Assurance Consultant André Coner noted that as the number of legislation, regulatory and compliance requirements increases, the number of departments involved also increases, each defining their own controls and measures. This silo approach causes each department to “re-invent the Wheel”, wasting valuable time and increasing costs while introducing duplication, redundancy and confusion.

commissum’s approach to Unified Governance, Risk management and Compliance creates a common source of information. It creates a common model of the organisation; a unified methodology for managing risk, controlling deficiencies and measurement.

Via EPR Network
More Internet & Online press releases