Category Archives: Security

commissum Sponsorship of Open University Student Prize

commissum is proud to again be the sponsor of the prize for the Open University Post Graduate module for Information Security Management; the M886 module. This is the second year that commissum has sponsored this prize.

The winner of the prize this year is Canadian student Sara Maharaj, from Ontario. Sara took the Information Security Management module as a standalone course for her professional development. The Information Security Management module is very focused on taking a practice-based approach; this encourages the student to base what they do upon an organisation that they are familiar with.

The course provides the foundation knowledge, understanding, analysis and synthesis needed to develop a practical information security management system (ISMS), to the standard set by the ISO/IEC 27001:2005 and BS ISO/IEC 17799:2005. It also targets helping the students acquire the personal development skills that they need to keep abreast of important developments in the rapidly changing field of Information Security.

Sara, having successfully undertaken the course as the top student, said:

“The course provides valuable insights into how to strategically manage information security within the organization. The practical exercises force you to think through a methodical implementation of the ISO 27001 standard, which facilitates excellent learning.”

Managing Director at commissum, Martin Finch, is a keen advocate of this practical approach to learning. He said:

“When students are given the opportunity to apply what they learn during the course of the module, it not only reinforces the lesson and benefits them and their respective organisations, but also instils a sense of great satisfaction”.

Last year’s joint winners were Ian Knight and Sally Anderson. Ian Knight who graduated with a BA/BSc Open Degree took the Information Security Management course as the last step in his degree journey. Ian works for a major Telecoms provider, with responsibility for Information Assurance on large client contracts. He said:

“The course materials were some of the best that I have encountered in the OU and in other study; I found the course to be of immediate practical use in my work almost from the start of the first unit”.

Sally Anderson, who is Head of Web and IT in a leading University, also commented on the practical nature of the course, saying “I have directly applied the new knowledge and skills to my work already and have the confidence now to advise and manage information security on behalf of my organisation”.

Via EPR Network
More Internet & Online press releases

commissum at Infosec Europe 2011

Another Infosec Europe has come and gone. Once again, commissum had a strong presence; the company’s sixth year of exhibiting at this premier event.

Information Security experts commissum managed to make the even a great success, despite visitor numbers being reported as 15% down on the previous year owing to the timing falling immediately before the Easter and Royal Wedding holiday weekends. We had over 500 visitors to the commissum stand asking for information on the company and arranging follow-up meetings after the show.

The commissum stand this year will have been familiar to regular attendees of the event. Our corporate colour of deep yellow once again stood out with our smartly dressed stand staff in their white shirts and yellow ties. Our credentials as a CREST company and CLAS consultancy provider were once again prominent.

At this year’s show, as usual, members of the commissum team were on hand to discuss our visitors’ requirements, provide advice, and also explain the services we offer. This naturally covered our complete portfolio across security management, penetration testing, consultancy and technology services; however, this year we also put some emphasis on two areas; both attracting strong interest:

Project/software development lifecycle (SDLC) security; and Managing Governance Risk & Compliance (GRC) through true unified governance.

We were supported in the above areas by our partners DB3, who demonstrated the HiScout Unified Governance suite, and Checkmarx, one of the leading innovators in the field of static code security analysis. Both partners received a lot of attention with their industry leading tool suits.

Via EPR Network
More Internet & Online press releases

Risks Of Using Social Networking In Business

Social Networking sites such as Facebook, Myspace and Youtube have gained popularity among the younger population. Sites such as LinkedIn, Plaxo and Xing have followed quickly in their footsteps to provide the business friendly social network opportunities.

More recently, companies large and small are exploring ways to use social network site to support and improve sales (Youtube), to find new employees and business partners (LinkedIn) or to monitor their performance and respond to critics (Yelp and increasingly Facebook and Twitter).

However, for information security experts commissum.com, businesses looking to embrace these social media channels and tools in their business need to understand and calculate the benefits and risks before engaging them.

To consider the risks of using social media for your business consider the following:

Be careful using social media for employment vetting purposes for the same reasons that employers should not ask about religion, preferences, age, race etc.

Once a business takes the step of using social media, they are opening up a channel that in most cases you have very limited control of; in fact almost handing over control to the public. How would the business deal with both fair and unfair criticisms and opinions expressed on social media websites and how could its reputation be affected?

Would your employees know what business information can be disclosed on social media websites and could the business therefore be at risk of involuntary information leakage?

Could information on the size, structure of the business and operational details such as IT infrastructure details be used for initial data gathering activities for targeted attacks?

Could the business IT infrastructure be vulnerable to malicious software downloaded from social network sites?

And lastly consider whether the business should monitor the activities of its employees to ensure that security is maintained and resources are not being wasted by social networking activities.

“The risks of using social media encompass all aspects of the business; legal, employment, technical, operational and reputation”, according to a commissum spokesperson.

Via EPR Network
More Internet & Online press releases

GRC (Governance, Risk and Compliance) is a recent acronym that has quickly spread among the senior management community around the world

Initially this was sparked by the fallout from a number of major corporate governance scandals, including those affecting Enron, Tyco and WorldCom; all of which led to the enactment of the US Sarbanes-Oxley Act and the concept of a more holistic view of Governance, Risk and Compliance. Interest has also grown rapidly in the UK as legislation and compliance requirements have increased.

Traditionally, most organisations ensure compliance with legislation, regulations and standards by instructing each department to determine the requirements for compliance and specify actions and controls to achieve this. Organisations will therefore have a number of organisational departments for business continuity (possibly aligning with BS25999), for IT security (in many cases aligning with ISO27001), for quality management, etc.

They will certainly have risk management carried out by these various departments, all identifying risks and controls and also individually reporting on these. Managing all of this and pulling it all together into a coherent picture upon which business decisions can be made and priorities can be based in an efficient and effective way is a complex challenge.

commissum’s Principal Assurance Consultant André Coner noted that as the number of legislation, regulatory and compliance requirements increases, the number of departments involved also increases, each defining their own controls and measures. This silo approach causes each department to “re-invent the Wheel”, wasting valuable time and increasing costs while introducing duplication, redundancy and confusion.

commissum’s approach to Unified Governance, Risk management and Compliance creates a common source of information. It creates a common model of the organisation; a unified methodology for managing risk, controlling deficiencies and measurement.

Via EPR Network
More Internet & Online press releases

Free PDF Protection Tool

While some companies struggle to protect their PDF eBooks and PDF documents from unauthorized access, many are protecting their PDF documents and files easily and inexpensively. Largely because they have mastered the proven (but little-known) process of protecting their PDF documents with quick and efficient PDF protection methods.

That’s the opinion of BookGuard Pro, PDF eBook security company, and designer of this new free tool, the PDF Protection Analyzer.

“Small and medium sized businesses and individual PDF publishers today need solid, reliable information on what works in PDF security- and what doesn’t,” says Roger Hall, PDF security specialist. “As a freelance online author and PDF security specialist, I have hundreds of people contacting me asking questions such as:

– How can I structure my PDF security process to protect my PDF so my new PDF eBook won’t be copied?
– How can I get more cost-effective results from PDF security?

“I designed the free PDF Protection Analyzer, to give these folks some of the answers. What makes this PDF tool different is this: it’s not based upon theories or untested ideas. Each of the methods built into the PDF tool has been thoroughly tested, and proven in real-world online book and PDF document launches.”

Unlike many of today’s PDF services, Hall points out, this new PDF process tool has been released at no charge. “A lot of companies and individuals can’t afford to hire online security consultants. And it takes time to read an entire security book, listen to a CD or attend an online security seminar,” notes Hall. “This free PDF Protection Analyzer has been created for them, and takes less than 2 minutes to get.”

PDF protection methods analyzed in the free PDF tool include:

– how PDF passwords may be easily compromised
– why PDF security, PDF wrapping and live monitoring of PDF access is essential for most commercial PDF documents
– where to get effective, free help on boosting your PDF protection

Via EPR Network
More Internet & Online press releases

A Free Trial Security Scanner That Identifies Security Weaknesses In Web Applications

GamaSec has launched a free trial option of its web vulnerability scanner, which allows companies to check for Cross Site Scripting (XSS), SQL injection, Code Inclusion etc.. ) as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure

Security Scanner

The GamaSec Free trial of Web Vulnerability Scanner (WVS) is available immediately at: https://www.gamasec.com/gsf/FreeTrial.aspx

According to the Gartner Group, “97% of the over 300 web sites audited were found vulnerable to web application attack,” and “75% of the cyber attacks today are at the application level.”

Everyday there are thousands of new internet users online. Despite the fact that more people all the time are making purchases on the internet, there are a great deal of consumers who remain uneasy about the process and because of that are timid about the internet. Consumers are becoming more and more smarter, more savvy and more guarded about what can put them at risk. Online customers need to be confident that their personal information is safe and that their privacy will be upheld at all times.

“Companies don’t realize the danger their web sites are under and are therefore reluctant to invest in web vulnerability scanners. Consequently, security officers don’t have the tools to protect their websites. The GamaSec free trial scanner will give security officers access to a professional security tests of web applications and detects Cross Site Scripting, SQL Injection and other web application vulnerabilities and produces recommended solutions that can fix or provide a viable workaround to the identified vulnerabilities, when you need them, not when it is already too late,” said Avi D.Bartov, GamaSec CEO.

GamaSec vulnerabilities scan requires no installation, no set-up, no hardware purchases, no software development, and no IT security expertise. Customers do not need any special training to use it.

About GamaSec Web Vulnerability Scanner
GamaSec web application scanner crawl the entire website, analyze in-depth each & every file, and display the entire website structure. The GamaSec Scanner built from the ground up on a completely different technology backbone than its competitors; GamaSec goes beyond signature-based tools to find more “real” vulnerabilities.

Via EPR Network
More Internet & Online press releases

The New Next Generation Security Features Ensure Your Data Is As Secure As The Gold In Fort Knox

“Over the last decade, web based threats have become a major cause of concern for businesses globally. Built on our years of intense research on web based security, the Next Generation Security Features on the Proactive Protection module provide strong and powerful preventive measure against such attacks. Unlike the traditional ‘reactive’ way of handling threats, Next Generation is ‘Proactive’ and can be used by anyone”.

– Sergey Rizhikov, CEO of Bitrix, Inc.

As web based threats continue to increase, your data is vulnerable. In fact, data security features significantly influence the choice of a Content Management System. After all, your data is precious as gold to you, right?

Bitrix Inc., a leading CMS and Intranet Portal development company, today announced the new Next Generation security features on its suite of web based applications, including the Bitrix Site Manager and the Bitrix Intranet Portal. The Next Generation security add-ons are additional layers of security features that mitigate web based threats and allow portal owners to freely host content and media on their portals, without any fear of security breach.

Part of the Proactive Protection module, these cutting-edge technical and organizational measures allow combating malicious programs that have either been identified or those that are still unknown.

The new module includes number of tools:

Web Application FireWall (Proactive Filter) protects the system from most known web attacks. The filter recognizes dangerous threats within incoming requests and blocks intrusions accordingly. The Proactive Filter is the most effective way to guard against possible security defects in any web project implementation (XSS, SQL Injection, PHP Including etc.)

One-time Password Technology (OTP) empowers the standard authorization scheme. It requires a physical hardware token such as Aladdin eToken PASS, ensuring that only the authorized have access to the administrator panel.

Security Panel with Security Levels allow choosing a security level appropriate for your web project. This ensures only relevant individuals have access to relevant parts of the portal.

Authorized Sessions Protection. Most web attacks are designed to steal an authorized user session data. However, Authorized Session Protection makes such session hijacking ineffective since they cannot access the browser session.

Activity Control protects from DDoS attacks and bots.

Intrusion Log. All events occurring in the system, including the unusual or malicious, are logged. This gives the administrator the power to discover attacks and intrusion attempts while they occur, so he can riposte immediately and prevent intrusion.

IP-based Control Panel pages. This type of protection strictly regulates secure networks from which the users are allowed to access control panel. By specifying restrictive IP ranges, only specific nodes in the network can access the control panel.

Stop Lists contain parameters used to restrict access to a site and possibly redirect to a specified page. Any visitor matching the stop list criteria (e.g. an IP address), will be blocked.

Script Integrity Monitor verifies script integrity for any changes. Only authorized script changes will be accepted.

Phishing Protection protects from scripts attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

The Proactive Protection module is included in all the edition of Bitrix Site Manager (except for Start) and Bitrix Intranet Portal.

You can test the new functionality online in the Bitrix Intranet Portal Virtual Lab and Bitrix Site Manager Virtual Lab or download the 30-day Trial versions of Bitrix Site Manager or Bitrix Intranet Portal.

Users with the copies of the software with active updates period can get all the updates through the SiteUpdate system for free.

 

Bitrix Intranet Portal Virtual Lab:
http://www.bitrixsoft.com/products/intranet/demo.php#tab-demo-link

Bitrix Site Manager Virtual Lab:
http://www.bitrixsoft.com/products/cms/demo.php#tab-demo-link

Bitrix Intranet Portal Trial:
http://www.bitrixsoft.com/products/intranet/demo.php#tab-trial-link

Bitrix Site Manager Trial:
http://www.bitrixsoft.com/products/cms/demo.php#tab-trial-link

Proactive Protection:
http://www.bitrixsoft.com/products/cms/features/proactive.php

 

About Bitrix
Bitrix, Inc. specializes in the development of content management systems and portal solutions for managing web projects and multifunctional information systems on the Internet. Bitrix specialists, by their considerable efforts and skill, developed the Bitrix Site Manager software—a standalone application that provides complex web solutions. This software tech-corp was established in 1998 by a group of IT specialists. Bitrix continues to hold a leading position in the web development market, always offering high-standard solutions to its clients and partners.

Via EPR Network
More Internet & Online press releases

 

 

UK’s Leading Online People Search Facility Establishes A New Affiliate Marketing Campaig

Tracesmart, the UK’s leading online people search facility continues to go from strength to strength despite the economic conditions, as the company sees year on year growth approaching 25%. Tracesmart provides a quick and easy way to search the electoral roll to conduct an address search or people search and thousands of their customers have been able to find relatives or long lost friends using the service.

This week Tracesmart will launch its new affiliate program whereby partners or affiliates will promote the company’s service by way of banner advertising on their respective websites and receive commission based on sales attributed to their banner link. The aim is to attract as many websites as possible to sign up to the program to increase the company’s brand awareness and drive traffic. It will, in addition, generate income for our affiliate members, as leads are converted into sales.

Matthew Hopkins, Tracesmart’s Internet Marketing Executive and Affiliate Manager commented, This affiliate program is an important development for our people search, address search and electoral roll search facilities. This project will help deliver my key objectives over the next twelve months and we are hopeful of witnessing further sales growth from our online people search service.”

Hopkins added, “Following exhaustive research, online marketing company, Deal Group Media or ‘DGM’ were chosen to deliver and administer the project on our behalf. DGM is probably the UK’s most experienced affiliate network, specialising in affiliate and search engine marketing. It’s important to get the right partnership in place to manage such a key program as this.”

The internet has become a far bigger proposition nowadays, becoming a key consumer authority, a means of discovery, research, reference, discussion and help. For many, the internet is now the first port of call for many activities including people searching and genealogy and Tracesmart are proactively tapping into it.

Affiliate marketing has become an essential channel for driving customer growth. As broadband penetration and consumer online spending continues to rise, so does the importance of a successful affiliate program. The online sector is changing dramatically as traditional TV and radio revenue declines. The online medium is taking the lead as a new generation of consumer is emerging, influencing the significance of affiliate marketing.

Owen Roberts, Tracesmart’s Communications Manager stated, “We are confident that the affiliate program will significantly add value, to help promote our services, generate brand awareness, and increase traffic to our online people search facility, and ultimately boost sales. It’s an exciting period for us at the moment.”

  • Tracesmart Ltd – Since the launch of its website in 2004, Cardiff based Tracesmart has established itself as one of the UK’s leading providers of online people tracing tools. www.tracesmart.co.uk combines state of the art search technology with an extensive collection of consumer data, providing one of the most powerful and successful systems to trace people.
  • Matthew Hopkins has been working within the field of Internet Marketing since 2002. He is currently responsible for driving high volumes of traffic to the Tracesmart website through SEO, PPC and Social Networking. Matthew has now taken on further responsibility as the Tracesmart Affiliate Manager.
  • Owen Roberts has worked in the creative, advertising and communications industries for over 25 years and is the voice of Tracesmart. Heading up the communications team, he raises the public awareness of the company through various media driven PR campaigns.

PC Net & 85 Under announce the launch of their new brand identities to more effectively communicate their breadth of IT and data security services to the marketplace

PC Net & 85 Under announce the launch of their new brand identities to more effectively communicate their breadth of IT and data security services to the marketplace.

“We’ve been in business for over 20 years in the Springfield market,” said Greg Clift, owner of PC Net/85 Under. “We attribute this success to the fact that we’re always innovating and expanding our services to stay ahead of our customers’ growing needs.”

Because the PC Net and 85 Under companies have a symbiotic relationship, the branded identities needed to family. The result is a clean, powerful branding and icon structure that quickly and easily communicates a comprehensive array of services. “Some clients know us for IT, some as a data center, but not everyone sees the whole picture,” said Clift.

This was an important connection to make with customers since organic growth is important to their company prosperity. For example, a small start-up business may first establish a relationship with PC Net. “We’ll help new businesses solve connectivity, networking and systems,” said Clift. As the company grows, they may tap PC Net’s Pulse IT Management Services to help them manage their growing IT needs. And as they become even larger, the company will need a data center solution to service their back-up and collocation needs. Customers need to know that they can grow without having to deal with multiple IT and data security partners.

To deliver the new image with clarity and impact Clift identified all key branding touch points, from technician apparel and company vehicles to their web site, collateral and presentation materials. An icon language was designed and incorporated to not only reinforce the visual identity but to facilitate site navigation. The new http://www.pcnetinc.net and http://www.85under.com web sites were designed with a content management back-end to facilitate communication between technicians and clients as well as between management and technicians.

The result is a powerful branding system that clearly communicates all that PC Net and 85 Under can offer clients.

PC Net, Inc. has been providing best-in-class IT services to the Springfield community for more than 20 years. The company’s new Pulse IT Management offers growing businesses a cost-effective yet highly responsive way to outsource IT services that feel like they’re in-house. Located in Springfield Underground, 85 Under is a state-of-the-art data center offering data security, backups and collocation services to businesses throughout the country. For more information, contact Greg Clift at (417) 831-1700 or log on to http://www.pcnetinc.net and http://www.85under.com.

Via EPR Network
More Internet & Online press releases

Tracesmart now associate member of the BBA

Cardiff based Tracesmart, leading supplier of asset reunification and identity verification services, has announced it is now a professional associate member of the British Bankers’ Association (BBA). Tracesmart has joined the BBA to gain a deeper insight into the financial sector and share its expert knowledge with the banking community.

Tracesmart currently supplies a wide range of services to the financial sector which are used for a variety of purposes – from specialist tracing and data cleansing services which drive asset reunification campaigns, to electronic identity checks which are used in anti-money laundering and know your customer exercises. Becoming a professional associate member of the BBA will ensure Tracesmart is fully aware of challenges the industry faces and allow the company to share its extensive specialist knowledge. Mike Trezise, Managing Director at Tracesmart, highlighted the company’s long tradition of working with professional organisations,

“We are already members of, and work with, numerous professional bodies to the benefit of both parties – we now hope that in working with the BBA we can continue this practice and expand our knowledge of the banking industry. A better understanding of the sector inevitably allows us to further tailor our service offerings and can only lead to better service provision for our clients.”

In addition to information sharing, the company aims to raise the awareness of the Tracesmart brand in the banking community – the BBA has members all over the globe and its member banks together form the biggest international banking centre on the planet. On welcoming Tracesmart as a professional associate member, Jason Cole, Commercial Director of the BBA, noted the diverse array of companies that support the BBA,

“The BBA is the leading UK banking and financial services trade association and acts on behalf of over 200 members from 60 different countries. We are pleased to welcome Tracesmart as a professional associate member of the BBA. This membership consists of a variety of firms including companies from the legal, accounting, consultancy and technology sectors. All have one thing in common – a desire to participate and share information amongst their peers from the banking community.”

About Tracesmart

Tracesmart Limited was formed in 1999 and supplies a diverse range of consumer data cleansing, identity check and people tracing tools to a wide variety of industries. The company’s client base ranges from SME to Blue Chip, who are all recipients of bespoke solutions, built around their specific needs.

About BBA

The BBA is the leading association for the UK banking and financial services sector, speaking for 223 banking members from 60 countries on the full range of UK or international banking issues and engaging with 37 associated professional firms.

About Mike Trezise

Mike Trezise is the founder and Managing Director of Tracesmart. With over 25 years tracing and fraud analysis experience his unrivalled knowledge provides the company with a distinct competitive advantage.

About Jason Cole

Jason Cole is the Commercial Director for the BBA and is responsible for the management of BBA’s commercial services, including marketing, publications, qualifications & training, venue hire and developing and running over 100 conference and seminar programmes annually.

Via EPR Network
More Internet & Online press releases

Netmasterclass Choose Locklizard DRM To Secure Their Online Training Courses, Preventing Intellectual Property Theft

“In recent years, education and training have increasingly been delivered by electronic means,” said Dr Trevor Mathews, Chairman of LockLizard. “What started 20 years ago with television courses and VCR services has become much more sophisticated and much more packaged today. Distance learning courses are now so advanced that in some cases a live instructor is no longer needed, and examinations to follow training can also be taken electronically.”

NetMasterClass, a leading Cisco Certified Learning Partner, has protected its Cisco training courses using the LockLizard DRM service in order to make them readily accessible and deliverable over the Internet, whilst remaining secure against intellectual property theft. “We had previously had the unfortunate experience of seeing our training materials posted on public web sites, effectively giving away the work and expertise that we had used to create new and novel training techniques, and you cannot operate a training business in that kind of environment,” commented NetMasterClass.

“Now we are able to deliver on-demand, 24×7 training to customers globally when and where they want it. And without having the underlying worries about what will happen to our proprietary materials.”

Whilst DRM has been seen as a negative addition in the music and video industries, DRM in the online training industry has been welcomed with open arms by many users. The reasoning behind this is that when you are paying upwards of $1000 for a course, you do not want to see others bidding $5 for it on auction sites.

Using Lizard Safeguard or Lizard Protector, publishers of electronic training materials can protect their intellectual property published in the PDF or HTML formats. Courses can be made available for a specific length of time or number of uses, and the number of prints can be limited or prevented altogether. Publishers can now price their courses according to the functionality enabled or limitations imposed, offering more attractive options to customers. Better still, updates can be delivered instantly over the web without fear of them getting into the wrong hands.

“Looking forwards,” said Dr Mathews, “We can see that there will be a rapid and significant move towards complete electronic delivery of training, course materials, lectures and notes, without a physical instructor ever needing to be present. The pressures that the current recession is bringing on the need to increase manpower effectiveness and reduce overall costs are going to accelerate the use of computer based training and education systems, always provided that the content can be adequately secured so that only those who have actually paid for the courses are those who benefit from them.

All of our publishers have noticed a significant increase in their bottom line and many have been amazed at the new revenue streams that have opened up, whilst at the same time benefitting from reduced costs in terms of overheads and distribution. A win-win situation if ever I saw one.”

About LockLizard
LockLizard is a DRM vendor that produces document security, pdf security, elearning security, ebook security, copy protection, and web content encryption products that use DRM technology to protect information from intellectual property theft. Our DRM software prevents copying, printing, screen grabbing, and sharing of information without the use of insecure passwords. http://www.locklizard.com

Via EPR Network
More Internet & Online press releases