Beginning March 2009, we will be hosting a monthly competition on maltainfosec.org to give you the chance to win a €20 voucher from Amazon courtesy of one of our sponsors, GFI.
[ What do you have to do to win? ]
There are few rules to the competition - all you have to do is find the euro coin image in one of our articles posted during the previous month, take a screen shot and send us an email of it with your name, surname and email address. Set the subject of the email to 'maltainfosec competition'.
Easy explanation: So if the current month is March, look for the euro coin image in one articles posted in February
The first entry sent to us (email address below) that correctly finds the article with the euro coin image, will have an email sent back to him with the gift voucher by the end of month.
[ What does this 'euro coin image' look like? ]
That's up to you to find out...
[ The Winners ]
The winners names will be posted on Twitter (join and follow us by clicking here)
[ Competition base-rules ]
1. The competition is open to anyone anywhere. Email to use is competition at maltainfosec.org.
2. You can only win once.
3. The competition is not open to contributors of http://maltainfosec.org
4. There is no set date when the random article containing the image is updated.
5. We reserve the right to change the competition rules from time to time, in which case, the changes will be reflected in this post.
Colleges and universities store employment data, financial records, transcripts, credit histories, medical histories, contact information, social security numbers and other types of personal information. Although higher-education institutions should be forums where information and knowledge are easily exchanged, “sometimes the free flow of information is unintentional.” Here are eight policies and behaviors that put personal information at risk:
1. Administrative Decentralization
2. Naive Office Culture
3. Unprotected “Old” Data
4. Shadow Systems
5. Unregulated Servers
6. Unsophisticated Privacy Policies
7. Improper Use of the SSN
8. Unsanitized Hard Drives
Solutions
College administrators should consider the following:
- Regularly scan institutional networks for sensitive information, such as social security numbers, grades, and financial information. Use a combination of public search engines, and internal text- and file-scanning software.
- Automatically retire “old” data on institutional servers but allow faculty members to un-retire old data they still use. Forgotten information is dangerous information. - Establish a “radioactive date,” which is when your institution last used social security numbers as an identifier. Files last modified before this date should be presumed dangerous.
- Create permissions-based access to core systems. Sensitive personal information should be available to faculty members and departments only on a need-to-know basis. - Establish a data-retention-and-access policy by balancing threat, benefits and risks of maintaining the data.
- Coordinate interdepartmental privacy and security practices with a special committee of information security professionals. - Update your privacy policy to reflect all privacy issues arising in a university setting. Explain privacy rights and practices that protect offline employment information and sensitive student records. Also explain work-flow protections (for example, “only director-level employees have access to social security numbers”) and technical practices (for example, “employee data is stored on encrypted hard drives”). Privacy policies should deal with more than just cookies and Web forms.
- Eliminate social security numbers from official records where possible, or establish a policy whereby students can opt to omit their numbers from transcripts or other records. - Physically destroy all old hard drives.
Institutions of higher education must promote the free exchange of ideas while protecting sensitive personal information. Although the academic environment can seem at odds with information security, appropriate practices and procedures can balance information freedom and personal privacy.
RS2 Software is holding a workshop on IT security at the Westin Dragonara, St Julian's, on Wednesday
Security standards, at a minimum, call for strict internal controls on access, disclosure or modification of sensitive information. Lack of security could have detrimental consequences, which could include fraud, identity theft, financial irregularities and financial penalties, just to mention a few.
For more information, or to register for the event, organised in collaboration with Oracle, call 2134 5857 or e-mail marketing at rs2.com.
Interesting eye-opener news I thought of sharing ... Global ATM Caper Nets Hackers $9 Million in One Day
A carefully coordinated global ATM heist last November resulted in a one-day haul of $9 million in cash, after a hacker penetrated a server at payment processor RBS WorldPay, New York's Fox 5 reports.
Despite much-ballyhooed payment card security standards, the industry responsible for protecting our money appears to be as leaky as a sieve. But, as always, consumers aren't responsible for fraudulent withdrawals that they find and promptly report to their card issuer.
Computer Domain Ltd are offering a Masters degree in Computer Science from the University of Hertfordshire and a number of other specialist courses. The degree is not Information Security centric however amongst the modules one will find Distributed Systems Security and Secure Systems Programming which are two modules that fall in the realm of Security. That said, the course last July was priced at GBP 6000 (EUR 6,678.64). Further details can be downloaded here.
Needless to say, the degree is fully recognized internationally and also by the Government of Malta and so it is eligible for STEPS sponsorship.
St Martin's Institute of IT will be organising a FREE lecture this Friday, February 6th, between 6pm and 7:30pm by Professor Keith Martin from the Information Security Group, Royal Holloway, University of London.
Only a few seats are still available. Please respond immediately via a return email to infodesk at stmartins.edu to reserve a seat.
A tour of Making cryptography work in the real world is primarily an exercise in managing cryptographic keys. We will provide an overview of some of the main issues behind cryptographic key management, discussing the various stages in the lifecycle of a key. We will discuss how key are managed today, as well as taking a look at some of the issues for the future, including the use of quantum technology.
You can download more details of this lecture here.
St Martin's Institute of IT are offering a MSc Information Security - Royal Holloway, University of London. Below are some recent incentives for prospective candidates to take up the course. From the information I have at hand, this course will total EUR 19,800 over 3 years.
The recently announced STEPS (Strategic Educational Pathways Scholarships) by Government may allocate each applicant up to €7000 in scholarship funds to read for the MSc Information Security as a part-time student, or €13000 as a full time student. ALSO and in addition, you may attain up to €14400 in tax rebates through the myPotential scheme. This will mean you will be recovering 100% of your expenses to read for the MSc Information Security. Bank of Valletta plc have also committed to lend a soft unsecured loan, at an interest rate of 4%, an amount of €16000.
If you are interested in knowing more regarding this opportunity, we are organizing an Information Meeting this Thursday, 5th February, 2009 with Professor Keith Martin, from the Information Security Group at the Royal Holloway, University of London.
For more information you can contact St. Martin on the following email infodesk at stmartins.edu
With an aim to consolidate Information Security activities, events and information happening on the island, I will be posting various events taking place in Malta starting this February and March. If you'd like me to post any events, please feel free to send me details via email.
ISACA MALTA CHAPTER will be organising two events one at the end of February and one at the end of March. The topics to be discussed are:
- Managing IT Services (26th February 2009)
- The Realm of Digital Forensics (26th March 2009)
The location for these two events will be the Malta Federation of Professional Associations in Gzira. Attendees will earn 2 hours of CISA/CISM CPE. Bookings are to be made online on the chapter's website.
Further details are included in the attached flyers or go to the events calender on www.isaca-malta.org which includes a map explaining the location of MFPA.
Flyers and more information can be downloaded from the Malta ISACA website - under Forthcoming events
Twitter
