Embed Size (px)
Citation preview
ne
ws
4
(ISC)2 4, 6Adobe 4AEP 43AP Møller 40AppScan 43ArcSight 8-17Ascertia 43Atos Origin 37Aventail 8-17, 43Bain & Co. 23Betfair 8-17Billion 43Blackspider Technologies 36Boots 26British American Tobacco 40Butler Group 29Childnet 6CipherTrust 16CipherOptics 41Cisco 8-17Computer Associates 47Cyberguard 27-28Cybertrust 36
Feitan Technologies 44ForeScout 44Fortify Software 47Fortigate 44Gartner 21Goldman Sachs 29Google 29-31,47Guardium 14HSBC 28IBM Internet Security Systems 8-17IBM 34-35ICI 8-17IDNet 30Information Security Forum 8-17, 38-40Juniper Networks 44Lloydspharmacy 25McAfee 14MessageLabs 47Microsoft 4, 13MWD Advisors 38nCipher 8-17Network Box 36Onigma 14
Pfizer 26Pinsent Masons 31PatchLink 27-28Prevx 44PricewaterhouseCoopers 23, 26Red Eye 30Reed Elsevier 8-17Safend 44Secure Computing 8-17, 21, 28Secured Email 44Security Incite 38Shavlik 45Smoothwall 45Sophos 45Symantec 40UBS 40Ultimaco Safeware 45Verdasys 14Virgin Atlantic 28Websense 45Wikipedia 6Yahoo 29ZyXEL 45
Info
security To
day
Novem
ber/Decem
ber 2006
US and UK government documents leak confidential dataBrian McKenna
The Ministry of Defence
and the US Department
of Defense are inadvertently
disclosing confidential informa-
tion, thanks to the workings of
Microsoft and Adobe software.
Ronald D. Hackett, a former
USAF major who works for SRS
Technologies, urged authori-
ties to take action to stem the
information flow at a recent CSI
(Computer Security Institute)
conference in Florida.
In a presentation about
scrubbing classified data from
documents, Hackett warned
against the ‘Ad hoc review’
feature in Windows XP and
2003. This gets triggered when
emailing an attachment using
Outlook, and applies to Excel
and Power Point documents
as well as Word. It discloses
tracked changes and documents
supposedly written over.
In response to the problem,
the US’s NSA issued a guidance
paper in December 2005 on
how to safely publish sanitized
reports when converting them
from Microsoft Word to PDF files.
However, said Hackett, “Adobe
PDF is not a safe file format.
“There is no recognition
that this is a problem among
government agencies”, he said.
Neither the MoD nor the DoD
“see the depth of the issue ...
Microsoft is getting away with
murder”.
Links to news stories on the
disclosure of hidden data at
http://www.stg.srs.com/eds/
docdet/incidents.htm
Senior infosec pros shift gears from technology to management Brian McKenna
Hardware and software
have been definitively
ousted by management, aware-
ness and HR issues in the minds
of infosec professionals world-
wide. Such is the top-line find-
ing of the third annual Global
Information Security Workforce
Study, conducted by IDC on
behalf of security education and
certification body (ISC)2.
Ed Zeitler, executive director
of (ISC)2, said that this was the
“first time that [the shift from
technology to people and proc-
ess] has been reflected in the
survey. There has also been a big
shift from the CIO to the CEO in
terms of ultimate responsibility
for information security. CISOs
are now dealing less with the
CIO’s problems and more with
the business’s problems”.
Accordingly, information
security risk management has
risen to the top, according to
the survey, as a training priority.
Zeitler said that the CISSP quali-
fication is a “first step” to meet-
ing this requirement, but under-
scored his organization’s ISSMP
(Information Systems Security
Management Professional) con-
centration as a step beyond a
base level. Business continuity
and forensics were the other
two top three areas for training
demand.
Training budgets are buoyant.
Forty-five per cent of European
respondents (just over 1,000)
say training budgets will increase
by 21%; globally the increase
figure is higher, at 30%. However,
salaries are not stratospheric. In
EMEA, 31% of survey respond-
ents earn less than 39,000, com-
pared with 6% earning less than
$39,000 in 2005.
“It looks like companies are
employing junior people and
then training them up”, said
Zeitler. He also confirmed that
the consensus picture emerg-
ing from the IDC study, a joint
(ISC)2/Information Security
Forum study, and a recent
SANS survey is that senior
information security profes-
sionals are moving up into the
business, while middle-level IT
security pros “are moving back
into IT”.
In a related development,
the IDC survey found that “or-
ganizations are engaging third
party firms who have been able
to attract qualified information
security professionals”.
Some highlights:• c.4,000 infosec professionals
from c.100 countries surveyed• Average salaries: US $81k; UK
�77k; Germany �49; France �42k
• Biometrics ranked either no. 1 or 2
Company IndexCompany page no. Company page no. Company page no.
