|
|
 |
|
| |
Welcome to February's edition of The Security Spotlight,
Setec Security's monthly newsletter.
Although it is still early in 2004, significant developments and events continue
to advance the information security industry, aiding organization's in reducing
their risk, safeguarding assets, and assuring protection from the threat of a
security breach.
We hope that this month's newsletter will help you stay informed and feel free
to visit Setec Security's
website to learn more about our commitment to help organizations effectively
and efficiently address information security.
Best wishes,
Setec Security |
| |
 |
| |
View the newest articles showcasing intelligent strategies
and valuable insights surrounding vital security issues and market trends:
 No
Silver Bullet for Information Security
The evolution of technology has changed the manner in which society must address
and handle the security of information and other assets. Assets that once only
existed in pure physical form now extend to new mediums and transmission mechanisms.
However, the need to safeguard the security and privacy of assets and information
has not changed dramatically, as cutting-edge security in today's world...
Information
Security Management: Criticality of Security Policies
A strong information security risk management framework is paramount to proactive
security controls, a robust security posture, and dynamic security awareness that
spans all levels of an organization. Management must actively strike a balance
between business and security goals...
Responsibilities
after a Security Breach: Implications of SB1386
September 2002 brought a groundbreaking law to California. SB1386, effective July
1, 2003, requires organizations to fully disclose any and all information regarding
computer security breaches they have suffered that resulted in personal customer
data...
Addressing
Security Through HIPAA
The integrity, availability, and confidentiality of patient information for health
related organizations is of vital importance due to the initiation of The Health
Insurance Portability and Accountability Act (HIPAA), which has forced healthcare
organizations to reevaluate business practices and information handling...
|
| |
 |
| |
| View the top news stories and events of the month influencing
information security and affecting businesses:
Fallout
from the Microsoft Windows Source Code Leak
Microsoft Corporation and the Information Security Industry suffered a setback
earlier this month as a selection of the highly secretive source code for the
popular operating systems Windows 2000 and Windows NT was leaked and made public
online...
WiFi
Opens Doors For Crooks, Identity Thieves
Wireless technology is exploding in popularity, however, high-tech criminals love
it even more than you do...
Red
Hat Unveils Linux Security Upgrades
Red Hat is enhancing the security model in the next version of Red Hat Enterprise
Linux to include support for Security-Enhanced Linux (SE Linux)...
Hacker
Puts Job Agency Data at Risk
A computer hacker broke into a state Employment Development Department computer
last month, potentially accessing sensitive personal information of some 90,000...
Global
Software Security at Risk
The pervasiveness of global software threatens computer security as a single vulnerability
exploited through a virus...
Cracks
Appear in Bluetooth Security
Be careful the next time you turn on your Bluetooth-enabled phone: You could unknowingly
be opening the door to a nasty intruder...
Mydoom.A:
Timeline of an Epidemic
Mydoom.A is the fastest spreading malicious code in history, causing the greatest
epidemic ever seen. It is now estimated that over half a million computers...
Bush
Budget Sweeps in Tech, Cybercrime
President George W. Bush on Monday proposed a $2.4 trillion federal budget that
boosts spending on information technology and on computer crime investigation... |
| |
 |
| |
| As security information is of a time critical nature, Setec
Labs' Alerts & Advisories provide immediate threat research and analysis regarding
newly identified vulnerabilities and security issues, as well as Setec Security's
response to the situation:
Multiple
Vulnerabilities in Microsoft ASN.1 Library
The presence of multiple vulnerabilities in the ASN.1 library allows a remote
attacker to exploit integer overflows resulting in the ability to execute arbitrary
code with super user privileges...
HTTP
Parsing Vulnerabilities in Check Point Firewall-1
The Application Intelligence (AI) and HTTP Security Server component of Check
Point Firewall-1 contain a HTTP parsing vulnerability that allows a remote to
execute arbitrary code with super user privileges...
Multiple
Vulnerabilities in Microsoft Internet Explorer
Three new vulnerabilities in Microsoft Internet Explorer (IE), Microsoft's web
browser, have been released. The most significant vulnerability allows a remote
attacker... |
| |
 |
| |
| Setec Security's extensive experience in providing information
security solutions across a broad range of industries is communicated through
the following Case Studies that discuss and describe information security challenges,
objectives, and benefits in real world applications and scenarios:
Security
Breach in an Academic Institution
The following case study is a real-world example of an engagement performed between
Setec Security and a state college in New England that services approximately
5,000 students with a technology infrastructure to support both simultaneous online
and classroom-based curriculums.
Gramm-Leach
Bliley Motivated Information Security Assessment
The following case study is a real-world example of an engagement performed between
Setec Security and a financial institution providing on-line banking services
and home equity loans. |
| |
 |
| |
About Setec Security
Setec Security, founded in 1997, is a pioneer and industry leader in information
security solutions, bringing together leading human capital, information security
expertise, in-depth research, and extensive real-world experience to help organizations
strike a balance between business and security goals.
Setec Security's multi-disciplinary information security professionals are industry
leaders and established researchers who help organizations effectively identify,
assess, implement, and manage security solutions through the use of proven methodologies,
creative tools, and industry best practices.
Setec Security provides organizations with the ability to trust that their information
security needs are being met in the most cost-efficient and timely manner and
ease the information security burden by helping them concentrate on what they
do best: innovate, profit, and grow.
To unsubscribe to The Security Spotlight, please click
here.
Copyright © 2004 Setec
Security Technologies, Inc.
8391 Beverly Blvd. #167, Los Angeles, CA 90048 |
|
