Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Uninformed staff pose security threat: Expert

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Uninformed staff pose security threat: Expert
Date: Tue, 29 Nov 2005 00:46:20 -0600 (CST) 
http://www.computerworld.com/securitytopics/security/story/0,10801,106565,00.html

By Brian Eaton
NOVEMBER 28, 2005
ITWORLDCANADA

TORONTO -- All it takes is one employee to unknowingly compromise a
network's hard outer shell.

And when that happens, all other security measures could simply melt
away, said Clemens Martin, founder of the Hacker Research Lab at the
University of Ontario Institute of Technology (UOIT).

"The reality is many businesses are operating under a false sense of
security," said Martin, who is also director of IT Programs at UOIT.  
"All too often, we see corporate networks that become compromised by
an 'igloo effect' of sorts."

The good news is that many corporate executives are becoming
increasingly aware of this risk.

Most business leaders polled as part of a recent Fusepoint/Sun
Microsystems/Leger Marketing survey stated that the greatest threat to
their data security was not likely to come from a malicious external
attack, but rather from the hands of an uninformed employee.

Martin also believes the private and public sectors have similar
security concerns.

He said that in both sectors the infrastructure used is similar, and
malicious attackers are keen to infiltrate both.

There is a common interest among the "bad guy community" to get inside
networks in both sectors, and attacks designed to fool uninformed or
undereducated employees and public servants are becoming more
sophisticated, Martin said.

Depending on an individual's e-mail settings, and security products in
use, an e-mail may just have to be clicked on -- without any
attachments whatsoever being opened -- for the attacker to get in, he
said.

"If you look at HTML-formatted e-mails, just like a Web page, there
can be embedded code that can download," Martin said. "There is a
risk, but there is also protection."

Martin pointed to products from Cupertino, Calif.-based Symantec, but
also noted that security software and conventional insurance are two
different things.

"You can buy an insurance policy for almost anything," Martin said.  
"But you can't buy insurance to hedge against IT security risks
because the problems are not understood as well as earthquakes or
fires or car theft. Those [problems] have been well studied over years
and years."

Most IT security problems are studied in computer science departments,
he said.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Uninformed staff pose security threat: Expert, InfoSec News <=
Previous by Date:  [ISN] Expert: Cyber-crime Yields More Cash than Drugs, InfoSec News
Next by Date:  [ISN] Inside Symantec's security bunker, InfoSec News
Previous by Thread:  [ISN] Expert: Cyber-crime Yields More Cash than Drugs, InfoSec News
Next by Thread:  [ISN] Inside Symantec's security bunker, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]