DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
August 26th, 2008
Business alignment, security define apps
Tech departments need to focus on both data protection and delivering business value, not simply put in place applications to please business users, according to a consultant.
Steve Lam, manager for technology and security risk services at Ernst & Young, said Tuesday that too often, IT departments have the mentality of creating the applications demanded by users to strike them off their to-do list, without really considering how they might impact business and security. He was speaking at a seminar in the island-state to discuss trends in security, networks and convergence.
According to Lam, "a lot of clients fail their first" attempt at putting in place a risk management framework. It becomes a "compliance for show" exercise as the framework implemented was not being practised or internalized by the organizations, he explained.
Singapore-based Lam also pointed to the failure to learn from previous mistakes, as a stumbling block in risk management. Additionally, the first buffer overflow struck in 1972, but over the years businesses and individuals have continued to fall prey to similar malicious attacks--the most recent being the unleashing of the Storm worm. People simply don't learn, Lam pointed out.
Enterprises, despite having their application developers work on debugging and refining of previous iterations of code, still find vulnerabilities--such as cross-site scripting and SQL injection--in their software. The concept of Web application security existed several years back but is still talked about today, he noted.
It is necessary to tweak traditional "risk and reward" models of spending as much on network defense as data is estimated to be worth, or making it as resource-draining as possible for hackers to steal information, said Lam. New parameters, he added, need to be introduced.
"Businesses need to look at risk and performance as an [integrated] investment portfolio," he pointed out, adding that there should be "centralized" and coordinated control over all related risk initiatives and programs.
Risk management also needs to be initiated from the top echelons of leadership, and be continuously monitored and evaluated, added Lam.
Source: ZDNet Asia
All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
