Malta Info Security

St Martin’s Institute of IT is pleased to announce the organization of a seminar open to the general public with special interest for students, professionals, researchers and lecturers of ICT

When: Friday, 15th June, 2012
Time: 6:00 pm
Where: St Martin’s Foundation Building, Schembri Street, Hamrun.
UPDATED, ADDED seminar brochure.

Two eminent professors (Bio's below) and a number of readers will be speaking during the seminar with the general theme of ‘Who is spying through the devices in your pocket'?

Professor Keith Martin’s presentation is titled The Little Thief in your Pocket: Cybercrime and Mobile Devices where he will highlight recent and emerging threats to mobile devices including a review of the main classes of threat and security incidents against mobile devices.

Dr. Hancke’s presentation is titled What's in your wallet? Security of everyday smart tokens where he will be dealing with the integration of Radio Frequency Identification (RFID) technology into numerous systems such as payment cards, travel and event tickets, access control cards and travel documents that we use every day, which have been embedded with 'contactless' technology. There are some specific concerns about the security of RFID technology, but there is also an increasing focus on the security in general of tokens used in security sensitive systems. This talk will cover some basic concepts of RFID technology and then examines the main practical security issues with regards to smart tokens, illustrated with some real-world events.

Attendance is free and open to the general public, yet it is advisable to reserve a seat by phoning St Martin’s Information Desk on 21235451 or email [email protected] or facebook.com/StMartinsInstituteMalta or visit www.stmartins.edu.

St Martin's Institute of IT is an Affiliate Centre of the University of London International Programme.

Continue reading "Seminar: Who is spying through the devices in your pocket?"

Posted by Donald Tabone

The ISACA MALTA CHAPTER is holding a full day conference on Friday 11 May 2012 titled "Emerging Information Technology Risks”. The conference shall be addressed by Prof. Josef Bonnici, the Governor of the Central Bank of Malta and the key note address shall be delivered by Reuben Portanier, Chief Executive Officer of the Lotteries and Gaming Authority.

The content delivered by the international speakers shall address the challenges being faced by organisations that are experiencing tremendous pressures from the fuelled use of social media, from the explosion in the use of mobile devices, from an increasing use of data centres and from the challenges being experienced in moving systems and data to the Cloud.

The conference should be of interest to:

Chief Executive Officers;
Chief Finance Officers;
Chief Information/Technology Officers;
IT Governance Professionals;
Assurance and Compliance Professionals;
Risk Management Professionals;
Business Managers responsible for Information Technology.

When: 11 May 2012
Where: Corinthia Hotel, St Georges Bay - St. Julians, Malta
Cost: ISACA member €120, Delegates €150

Further conference details are included on www.itgovernancemalta.com

Posted by Donald Tabone

Having tried out other GFI software and been truly happy with them, we decided to try out another one of their products, GFI LanGuard. GFI LanGuard offers patch management, software deployment, vulnerability assessments, auditing and inventory, and more, and is just the sort of product to automate the heavy lifting for any IT shop. I wanted to share some of our experiences with using GFI LanGuard for our patch deployment and network security tasks.

GFI LanGuard is extremely easy to install, and you can start using it almost immediately. The web browser based console is slim, intuitive, and puts all the common tasks at your fingertips.

Continue reading "Review: GFI LanGuard - An enterprise solution on an SMB budget"

Posted by Donald Tabone

Today, Google changes its Privacy Policy to consolidate 60 or so odd privacy policies it currently has for its individual products. In doing so, the message Google wants to pass on to its user is that it will help them provide a better user experience through a more efficient advertising mechanism. So in essence what this means is that they intend to build a better profile of your online habits by employing a consolidating mechanism that does online behaviour analysis across all of their products. Geez.. bold move.

From a practical point of view, this also means that if you're logged into your gmail, your searching habits on Google search engine will contribute to what type of adverts you will see in your gmail.

The issue here is that the user doesn't really have much choice in all of this. You either continue to use their products or you stop. Once again, I believe the user should be in a position to decide if he/she is ok with this without having to resort to the decision of whether to stop using their services or not.

On whether the search engine market is still profitable or not for Google, I would say that since their share price hovers around the $600 mark they aren't really doing badly after all - so why this drastic change in mentality?

Previously Google upheld privacy through its separate privacy policies, however with this decision; now that they have so many users using their various products; they make a uturn and decide to forge ahead with this new concept of information consildation in the name of a better user experience.

Google's past with privacy issues is also not short of violations such as in the Google StreetView project wherein Google collected WiFi data of people it wasn't supposed to. Google Buzz also had integration issues that violated certain privacy issues.

So Where does this leave us? We can surely opt for another search engine and/or stop using certain services if we're concerned about our privacy. However Google is playing its cards based on the dependency people have come to have using their various 'free' services. Some privacy advocates are arguing that this goes against privacy rights and data protection laws. France certainly seems to think so.

We stand to see how this plays out - perhaps Google will offer the user an opt-out feature after all.

You can read more on this topic here.

Posted by Donald Tabone

One conference to watch out for on the Maltese islands next June is the 24th annual Forum of Incident Response and Security Teams (FIRST) information security conference. Spread over 5 intensive days, this conference will be held at the Hilton, Malta.

Who is FIRST?

The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

What does the conference cover?

The FIRST Annual Conference covers a broad range of security related topics such as (but not limited to):

- Advanced techniques in security incident prevention, detection and response
- Latest advances in computer and network security tools
- Shared views, experiences, and resolutions in the computer security incident response field

Continue reading "Event: FIRST Conference in Malta"

Posted by Donald Tabone

Amidst the flurry of security conferences going on around this time of the year, Black Hat (BH) Europe 2012 is happening again in Amsterdam and is less than a month away. The line-up of speakers is nothing short of great including some which I recall meeting personally back in 2008 such as Felix ‘FX’ Lindner and Didier Stevens. The opening keynote presentation is being given by none other than Whitfield Diffie himself known for the discovery of the concept of public key cryptography which in 1975 he developed along with Professor Martin Hellman.

The schedule of talks is impressive with three tracks of topics over three days covering areas such as mobile security, offensive threat modelling and HTML5 attacks across different levels making them ideal for a wide audience. The talks will take you from 9 in the morning to 6pm with one of the biggest benefits being the opportunity to network with people from Google and Microsoft during the breaks!

In the words of the organisers of BH themselves, the Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world – from the corporate and government sectors to academic and even underground researchers. The environment is strictly vendor-neutral and focused on the sharing of practical insights and timely, actionable knowledge. Black Hat remains the best and biggest event of its kind, unique in its ability to define tomorrow's information security landscape.

Back in 2008, I distinctly recall dining next to (then) keynote speaker Professor Angell. Attending the excellent briefings and bridging with the likes of the ‘Angell of Doom’ was in itself worth the buck, so if you haven’t yet checked out BH yet, I recommend you get cracking!

Black Hat Europe 2012 will be held March 14-16 at the NH Grand Krasnapolsky Hotel in Amsterdam, Netherlands. For more information visit www.blackhat.com.

Posted by Donald Tabone

The next two educational event organised by the ISACA MALTA CHAPTER are the following:

January 26th 2012: The evolution of electronic evidence under Maltese Law by Martin Bajada http://goo.gl/Uf0rI

February 23rd 2012: Talking security – opportunities, lessons learnt by Rodney Naudi
http://goo.gl/G3CkV

Follow the links above to book your place.

Posted by Donald Tabone

ISACA EDUCATIONAL EVENT entitled Project Risk Management Techniques

Date: Thursday 15th December 2011
Time: 17:00 to 19:00
Where: Radisson Blu, St.Julians

There are a few questions that every project manager should ask at the beginning of a project?

What do we hope to gain from this project-end goal?
What factors can keep that from happening?
How should we respond if those events occur?

Every project involves some degree of risk. Identifying potential risks and having a plan for dealing with them can spell the difference between a project that reaches a successful conclusion and one that does not.

This session will focus on the essential techniques in project risk management.

Further details are available directly on the ISACA Malta website here.

Posted by Donald Tabone

CYBER SECURITY SEMINAR jointly organised by ICT Gozo Malta and BCS Malta

When: WEDNESDAY 23rd November 2011
Time: 6pm
Where: MITA’s offices - Gattard House, Blata l-Bajda, MALTA

We are linking this seminar with the Security Leaders Congress being held in Brazil. Benjamin Gittins, CTO, Synaptic Laboratories, speaking at our seminar, has been invited to participate in the Annual Brazil Security Leaders Congress on the 23 Nov. 2011. This 2 day Congress is attended by some 300 CEO/CIO/CTO level executives from public and industry sectors.

• Details on the security Leaders Panel
• Details on the seminar can be found here
• Attendees can register here or email [email protected] or [email protected]

Synaptic Labs participation will take place remotely from Malta and will be the first such international participation in the history of the Congress. The invitation to participate is the result of outreach by Synaptic Labs and the ICT Gozo Malta project, creating new international relationships and drawing international attention to Malta as a source of ICT innovation.

The Congress will be streamed live onto the Internet with translation into English. In the panel called "Securing Legitimate Access", Benjamin Gittins will participate along with several prominent Brazilian Information Security Leaders from Government, Industry and Academia.

The seminar will start with participation in the International Panel event, which takes place promptly at 6:30pm. There will be a live link to the Congress for the duration of the Panel event.

This will be followed by a remote webcast presentation to our audience from Fabian Martins (see below), one of the Congress Security Panel participants. We have had strong interest from a range of Synaptic Labs International Collaborators, from other countries, to participate remotely as speakers.

Some of our speakers include:

Fabian Martins (Scopus/Bradesco Bank) – addressing our seminar live from the Security Leaders Congress in Sao Paulo, Brazil.

Bob Quick, CEO Blue Light Systems (London, England). Ex chief officer of Police in the UK with extensive strategic and operational experience in counter terrorism, intelligence, serious and organised crime reduction and business improvement.

Brian Snow, (Maryland, USA) recognised Mathematician and Computer scientist, is former Technical Director of the Information Assurance Directorate,US National Security Agency (Washington).

as well as other Experts from major real-time operating system companies from USA, UK and elsewhere.

The official flyer can be downloaded here.

Posted by Donald Tabone

ICT GOZO MALTA is organizing a webinar entitled "A Practitioner's Guide to Achieving Safe and Secure Software"

When: 2 November 2011
Duration: 1 hour
Time: 9.30am(UK), 10.30am(Europe), 3pm(India)

Green Hills Software (a company that offers an operating system with the highest security level certification ever achieved in the world: CC EAL6+ and DO-178B Level A) and LDRA are hosting a joint one-hour webinar on Wednesday 2nd November 2011 at the times above.

With the evolution of computing, devices incorporate an ever-increasing amount of software. Software is key to bettering the user interface, boosting device responsiveness, and adding more features to your product. Software complexity increases the risk of programming and security errors—a risk companies cannot afford.

This one-hour webinar is suitable for security experts and software engineers and engineering managers, students and educators interested in learning about developing software in compliance with industry specific standards; Systems engineers interested in learning about the interface between systems & software in a safety-critical environment.

Because of our dependence on software-driven devices, they must be as safe or safer. Software complexity increases the risk of programming and security errors—a risk companies cannot afford.
This webinar will help you produce quality software, obtain compliance, or follow a nationally-mandated safety certification such as IEC 61508 (general industrial), ISO/DIS 26262 (automotive), EN 50128 (railway/transportation), IEC 61513 (nuclear).

For further information and links to register please follow the source link below.

Source

ICT GOZO MALTA is a project to create and enhance international ICT collaboraton and related economic activity in the Maltese islands founded by The Gozo Business Chamber & Synaptic Laboratories Ltd.

Posted by Donald Tabone