Malta Info Security

Another week, yet another Monday as exams draw in closer.

This morning my thin client (Epatec/ebox 3850 w/Debian) has shown me the hand all of a sudden and refuses to power on. My linksys router (WRT54GL with DDWRT v24 SP2 Eko 10600) also seems to be playing up. Every so often whilst streaming from my Dreambox (500S) connected over a WPA_WDS connection I would get suddenly disconnected !?!?! Disabling the WiFi adapter and re-enabling it kinda gets me to reconnect but it's d**n frustrating when it happens during the best part of a film you're really into. (wife hates it too and give me bad looks)

Nevertheless - yes - I've spent several hours researching, troubleshooting and tweaking to no avail Curiously it is not a case of WiFi drivers on my netbook (EeePC 901) playing up -- as even my NokiaN95 seems to disconnect right at the same time my netbook got disconnected. I really don't feel like reverting to the original Linksys firmware -- so we'll wait and see... patience is a virtue (or so they say)

On to something more positive this morning ... everybody likes lists - especially top 10 lists. This morning I encountered an article which talks about the coolest security jobs. Well I come in ranking @ number 7 and number 1 seeing that I also teach Computer Forensics for the NCC Advanced Diploma course ... Not bad ! -- according to a survey conducted by the SANS Institute.

Here a summary of the list according to Sans:

1. Information security crime investigator/forensics expert.
2. System, network and/or Web penetration tester.
3. Forensics analyst
4. (Tie) Incident response, incident handler
4. (Tie) Security architect
6. Vulnerability researcher
7. (Tie) Network security engineer
7. (Tie) Security analyst
7. (Tie) Sworn law enforcement officer specializing in information security crime
10. (Tie) CISO/ISO or director of security
10. (Tie) Application penetration tester

The top-ranking "coolest" IT security jobs according to non-government security employees:

1. (Tie) System, Network, and/or Web penetration tester
1. (Tie) Information security crime investigator/forensics expert
3. Forensics analyst
4. Vulnerability researcher
5. Application penetration tester
6. Security architect
7. CISO/ISO or director of security
8. (Tie) Incident response, incident handler
8. (Tie) Sworn law enforcement officer specializing in information security crime
10. Security evangelist

Catch the full article here...

Reading up on this months ISSA Journal, comes an good article by Yuval Ben-Itzhak entitled Organised Cybercrime. Yuval interestingly compares the strategic ways cybercrimes are carried out to the hierarchy of the crime organisations like the Cosa Nostra or Mafia.


What is even more interesting though are the figures he presented in a section entitled The Effects of Cybercrime.
We know it exists, we know breaches happen -- but to what extent are we really effected?

Target attacks perpetrated by organized crime are on the increase due to the high return on investment.(MArcus Alldrick, March 13 2008)

Some figures...

Master or VISA credit cards can be purchases for $15 each while a stolen EU or UK VISA credit for sale is priced at $90 each. These figures should begin to put things in perspective.

According to the 2007 Annual Survey: Cost of Data Breach by the Ponemon Institute, the average cost per reported incident in 2007 amounted to $6.3 million, while the cost of lost business per reported incident was estimated at $4.1 million in 2007 - an increase of 30% compared to 2006.

The average cost of each compromised record was $197 while the cost of a data breach in the highly regulated financial sector was $239 per compromised record.

Compromised records per data breach are also on the increase.. TJX parent of TK Maxx --> 45.7 million credit/debit cards stolen by 11 cyber criminals --- total cost for TJX so far, a whopping $500 million - including litigation fees and government fines.

Some questions...

Should we begin to take more notice of who we trust with personal details? What guarantee are consumers we as clients given when confiding? I certainly think so! So far its a matter of trust...

Should there be a regulatory body setup in Malta that enforces Insurance companies, lawyer firms, doctors, financial institutions and even the government sector to comply to some regulation similar to the Health Insurance Portability and Accountability Act (HIPAA) or the Sarbanes-Oxley Act (SOX)? I would certainly tend to agree!

Does adherence to these regulations make us more safe? Not necessarily, but it enforces due diligence and makes people responsible.

What do you think?

Following reports of a breach in one of the Governments agencies (MITTS), Dr Gatt (Communications Minister) has announced that a National Information Security Agency will be setup in Malta in the coming days.

Quoting the Times of Malta, Dr. Gatt said it would be separate but complimentary to the Malta IT Agency and the Malta Communications Authority in the sector of information security.

Will we follow an EU General Information Security Strategy framework such as the EU's European Union's Network and Information Security Agency (ENISA)? We find some info here in a PDF found on the ENISA website.

Information security management identifies the adequate level of protection for all information assets with regard to a number of information security principles, such as confidentiality, availability, and transparency, and ensures that all assets are protected accordingly. To reach this goal, it has to provide efficient technical and organisational security measures such as Risk Assessment and Risk Management, which are recurring Information Security Processes for ENISA.

No further details are available at this moment, however we will be posting more info as it becomes available - nevertheless we are glad that this initiative has been taken - albeit following a major mishap.

Following this political turmoil, we sincerely hope that people become more aware of the importance of Information Security in this day and age. You can follow recent events from the links below:

Source
More info @ ISACA - Malta Chapter
ENISA info here