(ISC)2 scholarship winner aims to please usersn

ew

s6

Info

security To

day

July/August 2006

Ana Ferreira, a Portuguese

information security re-

searcher specializing in health-

care, has won an (ISC)2 schol-

arship to develop and imple-

ment an access control model

for complex environments.

She’ll do this work at the

University of Kent.

She will use her (ISC)2

scholarship money (£9,400) to

expand on work previously

done on Electronic Patient

Record Security at the Faculty

of Medicine at the University

of Porto and, for the UK's NHS,

at HP Research Labs in Bristol.

“There are similarities be-

tween the information systems

in healthcare in Portugal and

the UK”, commented Ferreira,

“all on the bad side.You still

see a lot of paper in hospitals

in both countries.

“A lot of that has to do with

building systems separate from

the people who have to use

those systems – in this case

doctors and nurses.

“IT people don’t really

know medical processes,

while medical people are only

starting to know what to ask

of information systems.They

want to be able to register in-

formation about patients, but

find it is not there as a possi-

bility as easy as it is with pen

and paper.

“The aim of my research is

to design an access model that

is closer to use needs”.

Ms Ferreira has been a spe-

cialist at the Informatics

Department at the Faculty of

Medicine of Porto in Portugal.

She took an MSc in

Information Security, with

Distinction, from Royal

Hollway, Univesity of London

in 2002.

Away from information

security, but of a piece

with it, Ms Ferreira has a

Piano degree from Porto’s

Music Conservatory. Her

favourite composer, because

of his mathematical quality,

is Bach.

Can you trust your partner?Brian McKenna

The security posture of com-

panies’ business partners

has become a bigger headache

than ever because of the pres-

sures of compliance regulations.

Not only do IT security man-

agers have to worry about their

own networks being secure and

in compliance, but they increas-

ingly have to ensure auditors

that their supply chain is as

clean as a whistle.

Security company Cybertrust

says its forthcoming ‘business

partner assessment’ programme

will address this.Wade Baker,

one of the company’s re-

searchers’ detailed the scale of

the problem in an article pub-

lished at the end of 2005 in

Infosecurity Today — ‘Business

partnerships increase info risk

to three quarters of European

companies’.

The service, scheduled for of-

ficial release in September, will

package up compliance-deter-

mining questions to customers’

partners, and then feed back da-

ta in a ‘dashboard’ that will,

Cybertrust says, facilitate reme-

diation by suggesting “compen-

sating controls”.

The supplier’s SVP, Global

Services, Kerry Bailey said:“I’ve

seen more interest in this than

in anything we’ve done.The

business problem of how you

manage the extended enter-

prise is real and mandated, and

customers are crying out for a

solution”.

At present, contends

Cybertrust, companies who

wish to verify the trustworthi-

ness of partners and customers

connecting to their networks,

have to contract a professional

services company to do the job.

“Typically”, states Kerry Bailey

SVP of Global Services at

Cybertrust,“what the service

will offer is a reduction in cost

by 10% in relation to the profes-

sional services style engage-

ment cost from one of the Big

Four or equivalent.”

The service is, said Bailey, be-

ing used by a payment process-

ing company in New York —

for internal use across 80 busi-

ness units, as well as externally

— and a UK bank.

John Holland, general manag-

er and SVP, EMEA, for the com-

pany added:“This will have rele-

vance across all industry sec-

tors, not just financial services.

Think of Tesco’s – imagine their

supply chain!”

Microsoft makes stealthyprogress into security marketSarah Hilley

Microsoft has released an

all-in one security pack-

age for home users to challenge

traditional security vendors.The

new product – OneCare, which

costs nearly $50 a year, provides

a firewall and tackles spyware

and viruses.

Pure security players Symantec

and McAfee are reportedly play-

ing catch-up by working on simi-

lar ‘do it all’ software. McAfee’s

upcoming product is code-

named ‘Falcon’ and Symantec’s is

known as ‘Genesis’.

Dr. Gene Schultz, of Global

Integrity Corporation believes

that Microsoft will not overshad-

ow the other security compa-

nies, but will have some success.

However, he thinks that

Microsoft should concentrate

more on developing secure

products.

“It troubles me that this com-

pany has invested all the time

and resources it has in coming

out with a new security prod-

uct instead of putting this effort

into making its products more

secure in the first place.” But

OneCare “will undoubtedly

help those who use it,” he said.

Schultz said that companies

such as Symantec, McAfee,

Trend Micro and Sophos are “al-

ready well established and well

known … and their products

for the most part work very

well. Microsoft will have to

compete in an already very

competitive market.”

Even the branding of

Microsoft’s new product,

‘OneCare’, is radically different to

the conventional brand names

given to anti-malware products.

Symantec’s offerings are branded

Norton Anti-Virus and Norton

Internet Security while McAfee’s

products are called VirusScan

and Personal Firewall Plus.

Microsoft’s OneCare doesn’t

have a whiff of a virus in its

name. It doesn’t bother con-

sumers with details of spyware

or firewalls – just a promise of

care. Neither does the name

suggest scare tactics, which

have long been associated with

the security industry.

At present, only American

consumers can download or

buy the software The company

plans to release it outside the

US later in the year.