Click here to load reader
Upload
brian-mckenna
View
215
Download
1
Embed Size (px)
Citation preview
(ISC)2 scholarship winner aims to please usersn
ew
s6
Info
security To
day
July/August 2006
Ana Ferreira, a Portuguese
information security re-
searcher specializing in health-
care, has won an (ISC)2 schol-
arship to develop and imple-
ment an access control model
for complex environments.
She’ll do this work at the
University of Kent.
She will use her (ISC)2
scholarship money (£9,400) to
expand on work previously
done on Electronic Patient
Record Security at the Faculty
of Medicine at the University
of Porto and, for the UK's NHS,
at HP Research Labs in Bristol.
“There are similarities be-
tween the information systems
in healthcare in Portugal and
the UK”, commented Ferreira,
“all on the bad side.You still
see a lot of paper in hospitals
in both countries.
“A lot of that has to do with
building systems separate from
the people who have to use
those systems – in this case
doctors and nurses.
“IT people don’t really
know medical processes,
while medical people are only
starting to know what to ask
of information systems.They
want to be able to register in-
formation about patients, but
find it is not there as a possi-
bility as easy as it is with pen
and paper.
“The aim of my research is
to design an access model that
is closer to use needs”.
Ms Ferreira has been a spe-
cialist at the Informatics
Department at the Faculty of
Medicine of Porto in Portugal.
She took an MSc in
Information Security, with
Distinction, from Royal
Hollway, Univesity of London
in 2002.
Away from information
security, but of a piece
with it, Ms Ferreira has a
Piano degree from Porto’s
Music Conservatory. Her
favourite composer, because
of his mathematical quality,
is Bach.
Can you trust your partner?Brian McKenna
The security posture of com-
panies’ business partners
has become a bigger headache
than ever because of the pres-
sures of compliance regulations.
Not only do IT security man-
agers have to worry about their
own networks being secure and
in compliance, but they increas-
ingly have to ensure auditors
that their supply chain is as
clean as a whistle.
Security company Cybertrust
says its forthcoming ‘business
partner assessment’ programme
will address this.Wade Baker,
one of the company’s re-
searchers’ detailed the scale of
the problem in an article pub-
lished at the end of 2005 in
Infosecurity Today — ‘Business
partnerships increase info risk
to three quarters of European
companies’.
The service, scheduled for of-
ficial release in September, will
package up compliance-deter-
mining questions to customers’
partners, and then feed back da-
ta in a ‘dashboard’ that will,
Cybertrust says, facilitate reme-
diation by suggesting “compen-
sating controls”.
The supplier’s SVP, Global
Services, Kerry Bailey said:“I’ve
seen more interest in this than
in anything we’ve done.The
business problem of how you
manage the extended enter-
prise is real and mandated, and
customers are crying out for a
solution”.
At present, contends
Cybertrust, companies who
wish to verify the trustworthi-
ness of partners and customers
connecting to their networks,
have to contract a professional
services company to do the job.
“Typically”, states Kerry Bailey
SVP of Global Services at
Cybertrust,“what the service
will offer is a reduction in cost
by 10% in relation to the profes-
sional services style engage-
ment cost from one of the Big
Four or equivalent.”
The service is, said Bailey, be-
ing used by a payment process-
ing company in New York —
for internal use across 80 busi-
ness units, as well as externally
— and a UK bank.
John Holland, general manag-
er and SVP, EMEA, for the com-
pany added:“This will have rele-
vance across all industry sec-
tors, not just financial services.
Think of Tesco’s – imagine their
supply chain!”
Microsoft makes stealthyprogress into security marketSarah Hilley
Microsoft has released an
all-in one security pack-
age for home users to challenge
traditional security vendors.The
new product – OneCare, which
costs nearly $50 a year, provides
a firewall and tackles spyware
and viruses.
Pure security players Symantec
and McAfee are reportedly play-
ing catch-up by working on simi-
lar ‘do it all’ software. McAfee’s
upcoming product is code-
named ‘Falcon’ and Symantec’s is
known as ‘Genesis’.
Dr. Gene Schultz, of Global
Integrity Corporation believes
that Microsoft will not overshad-
ow the other security compa-
nies, but will have some success.
However, he thinks that
Microsoft should concentrate
more on developing secure
products.
“It troubles me that this com-
pany has invested all the time
and resources it has in coming
out with a new security prod-
uct instead of putting this effort
into making its products more
secure in the first place.” But
OneCare “will undoubtedly
help those who use it,” he said.
Schultz said that companies
such as Symantec, McAfee,
Trend Micro and Sophos are “al-
ready well established and well
known … and their products
for the most part work very
well. Microsoft will have to
compete in an already very
competitive market.”
Even the branding of
Microsoft’s new product,
‘OneCare’, is radically different to
the conventional brand names
given to anti-malware products.
Symantec’s offerings are branded
Norton Anti-Virus and Norton
Internet Security while McAfee’s
products are called VirusScan
and Personal Firewall Plus.
Microsoft’s OneCare doesn’t
have a whiff of a virus in its
name. It doesn’t bother con-
sumers with details of spyware
or firewalls – just a promise of
care. Neither does the name
suggest scare tactics, which
have long been associated with
the security industry.
At present, only American
consumers can download or
buy the software The company
plans to release it outside the
US later in the year.