Security awareness

Nowadays, in the information’s and the digitalization’s age indispensable the having security awareness. Everybody has very big responsibility of information security.

The security awareness themselves is the knowledge and attitude of the members of a company regarding secrets and data of the organization. Making this awareness more effectual the companies training their employees about this topic.

If you are a security aware person you can understand that there is the potential for some people to deliberately or accidentally steal, damage, or misuse the data that is stored within our computer systems and through out our organization.

You can read more: www.infosecuritylab.com

Principle of information security

For over twenty years information security has held that three key concepts form the core principles of information security: confidentiality, integrity and availability. These are known as the CIA Triad. These are the part of the principles of information security.

The other part of the principle is the risk management. Here is a definition about it by the CISA Review Manual 2006: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization.”The risk management themselves is an ongoing recurring process. Risk means that something bad will happen which can cause harm.During the risk management the first step is the estimating their value. Conduct a threat assessment, then conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. The next step is the calculating the impact with using qualitative and quantitative analysis. Identify, select and implement appropriate controls. Finally, evaluate the effectiveness of the control measures.

The control is one of the principles and it has three types The first is the administrative controls which consist of approved written policies, procedures, standards and guidelines.The second control is the logical control. They use software and data to monitor and control access to information and computing systems. The third one is the physical which monitor and control the environment of the work place and computing facilities.

Security classification of information. Not all information is equal and so not all information requires the same degree of protection. We have to assess the importance of information. Common information security classification labels used by the business sector are: public, sensitive, private, confidential, and labels used by government are: unclassified, sensitive but unclassified, confidential, secret, top secret.

Access control : access to protected information must be restricted to people who are authorized to access the information.

The cryptography is used by the information security’s technology which transforms the usable information into a form that renders it unusable by anyone other than an authorized user. Cryptography provides information security with other useful applications as well including improved authentication methods, message digests, digital signatures, non-repudiation, and encrypted network communications.

On of the most important principles is the defense in depth. The information must be protected during the motion and during the rest too. Using a defense in depth strategy, should one defensive measure fail there are other defensive measures in place that continue to provide protection. The three types of controls can be used to form the bases upon which to build a defence-in depth-strategy.

You can read more: www. infosecuritylab.com

Information security

The information security is one of the most important and indispensable factors. Today almost every data is on computer CD etc…We have to be very careful with the using of these equipments for reason maybe we do not have idea how people can steal information from us.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Governments, military, financial institutions, hospitals, and private businesses amass much confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers.
That is why it is dangerous. We must have responsibility and be aware!

You can read more: www.infosecuritylab.com

New type of spam: loud spam

One of the most annoying factors in our digital mailbox is the spam. Nowadays there is a new form of spam namely the loud spam. This is a new security awareness threatment

Almost every mailing program contains spam-filter. Although much of them is quite week and we get almost every spam mail, although the others are too safety therefore we can not get those e-mails which would be important.

Now, there is a new spam type which contains mp3 file and when you play it, a robot’s speaker encourages buying shares on the stock exchange. First the sound tells you the advantages of this share then it spells you the code of the stock. The better spam-filters can sift out these mails.

You can read more: www.infosecuritylab.com

The other threat is: the stroke of lightning

The summer time is one of the most dangerous terms when we can meet stroke of lightning. Summers there are storms with stroke of lightning after every 4-5 days. The sensitive electronically tools (PC, television, etc…) brakes down because of the lightning’s overcharge.

There are 2 main reasons -when it is overcharging in the power supply-:
The too high voltage is because of the lightning and the electronically network’s fault is the much higher voltage level. The lightning caused overcharge is able to go not just to the tramway and telephone systems but to informatics and telecommunication systems, too.
Lightning causes damage not just in that exact place to where it strikes but the magnetic field with the induction also occasions damage in 1 km area.

When we want to defend against the strike of lightning we have to know that the lightning-conductor is protects us from the direct destroying effect of the high current.

One of the bad effects of stroke of lightning is the blackout and the data losing because of the blackout. The security awareness of our information is not concern only hackers and viruses but the natural disaster, too.

One way of the protection is if we buy an uninterruptible power supply, which can protect our data if there is blackout. It consists an accumulator which can register if the voltage level is changing and it turns on the accumulator by the time is necessary. There is another type of this equipment when it uses the accumulator all the time and supposing blackout the conversion is not causing problem.

http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200710221256125

You can read more: http://www.infosecuritylab.com/ !

Is the mobile-internet safe?

The mobile internet through SIM card is as safe as the normal internet connection through cable.
We can hear many stories about the danger of the internet mainly if we use Wi-Fi. Others can brake into our PC and can steal our data. Professionals think that using the mobile internet is much safer when we use normal internet. At the same time any kind of internet we use, we have to be careful because of the information security, and have to follow the next rules:
5 rules for the safety using internet:
Never send your bank and credit card number in e-mail or in other forms (MSN, Skype, etc..) These chatting programs are the most dangerous because the information is going without any encryption and anybody can get them easily.
Never sign in to your personal platforms (e-mail, bank account, etc…) from other’s PC. Maybe the computer will remember your password and others will be able to sign in with your user name. You can never be sure that your password is not stolen.
Always refresh your firewall on your PC and on your mobile phone, too. You can encumber that other programs would come to your appliances. Namely these programs can cause data losing. Do not open unknown program whoever the sender is.
Turn off the Wi-Fi and the Bluetooth (http://buy.infosecuritylab.com/product_info.php?cPath=25&products_id=26&osCsid=6ed3261760c4ef6f720893f55bba6929) on your laptop or mobile phone if you do not use it.
If we do not use mobile internet but we use wireless –and the connection is not branded- make sure whose it is. If you do not know, jump to the point number 2.

You can read more: http://www.infosecuritylab.com/

Social networks and the information security

Nowadays we live in the social networking time. There are so many internet site, where if we register, we can find our friends and that people who we know. The main point of these pages: we can make contact with those people who we already knew. We can get some information about them, what they are working, where they are living, what they like doing in their free times, etc… In case of inform in these sites we just give our data (name, job, schools, telephone number, address, etc) and those people who we know can see it.

But many times you do not need to be registered for seeing other’s data, and you just give these information to other’s hand. But you never know who will misuse with these information. So many people on these sites trust in the data security. There are many people who publicize their personal data and their very near photos.

Some adepts are concerned about the data trail that people are routinely leaving behind them on social networking and other sites. Others believe that personal content will become accessible for marketing and other purposes. For instance the police use these programs for finding criminals. If you want to be safe do not give your address, phone number and those things with that others can misuse.

When we talk about information security awareness, these things are very important, too. It is not just about the computer viruses and hackers, or “look after your credit card” things. Having our personal data in safe is one of the most important security awareness.

You can read more: www.infosecuritylab.com

What bacn is?

Bacn is not a spam but isn’t exactly a personal message either. It is only a mail that we plan to read, because we are interested in it but not right now. Your electronic phone bill is bacn. Your Google alerts are bacn. When you just get a message: “George has admitted you!” These messages about another message are important for us but usually we do not read them.

The “bacn” name was born at a Podcamp2 conference in Pittsburgh. The bacon and the uninvited mails came up in the same conversation. This name was sticked on these mails when somebody mentioned the Canadian bacon’s other name is “peameal bacon”. It sounds similar to “e-mail bacon”.

The most important question is: how can we live with it? We are able to prohibit getting such mails, but otherwise we are just late for so many information. Professional users program scripts which can select the mails. Maybe this is the best way. Specialists say: the e-mail programs will be able to select the messages.

By the time it is not realized we have to switch the messages to other map.

More info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171437163

If you are interested in this theme, just visit:

www.infosecuritylab.com

The virus hoax

The hoax is a false email message which warns the recipient of a virus. The message usually serves as a chain e-mail that tells the recipient to send it to everyone you know.
Most hoaxes are easily identified by the fact that they say the virus will make damage in your PC.
Virus hoaxes are usually harmless and just than annoy people. They just know it's a hoax or waste the time of people who forward the message. However there are so many hoaxes which just call people’s attention to if they delete the program, the computer will have damaged.
Hoaxes are not the same as computer pranks. Computer prank is a program that performs unwanted and annoying actions on a computer, like randomly move the mouse.
The anti-virus specialists advice: we should delete virus hoaxes instead of forwarding them. For example, McAfee says: "We are advising users who receive the email to delete it and DO NOT pass it on as this is how an email HOAX propagates.”

More info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171434260

If you want to get more information about this topic,just visit:

www.infosecuritylab.com

Computer attackers

Computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. The original may modify the copies or the copies may modify themselves, as occurs in a metamorphic virus. It can spread from one computer to another by help of network connection or carrying it on a removable medium such as floppy disk, CD, DVD, USB drive or by the Internet. But viruses are not equal to computer worms and Trojan horses. A worm can spread itself to other computers without being transferred as a part of a host, and a Trojan horse is a file that appears harmless until executed.
Many PCs are now connected to the Internet and/or to local area networks. Today's viruses may also take advantage of network services (World Wide Web, e-mail, file sharing systems). Some viruses are programmed to damage the computer by damaging programs, deleting files, or reformatting the hard disk. Others are harmless, but simply replicate themselves and make their presence known by presenting text, video, or audio messages. Although these viruses are not dangerous, they can create problems for the computer user. As a result they often cause erratic behavior and can result in system crashes. In addition, many viruses are bug-ridden, and these bugs may lead to system crashes and data loss.

more info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171433445

What Malware is?

Malware is one of the most annoying factors which can bother computers. These insecure programs doesn’t let us feeling safe. It is designed to damage computer’s system, software. Thus malware contains computer viruses, worms, Trojan horses and also spywares, and other malicious and unwanted software. Frequently, malware is also designed to send itself from your e-mail account to all of your friends and colleagues in your address book.
Commonly the addressee doesn’t know about the problem. Malware is able to be in action unawares. The first sign is when the PC is getting slow. The other sign is when just recognize pop-ups, while we are not on the net. Software is considered malware based on the perceived intent of the creator rather than any particular features. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of California, West Virginia, and several other U.S. states.
Typically, malware is distributed in three ways: by e-mail; in an infected application; or through infected code on a Web site.
Although the most frequently distributed malware of recent years has arrived via e-mail attachment, infected Web sites and program downloads. Matt Fisher, a security engineer with SPI Dynamics, spoke recently about the nessesity of greater Web site security like an anti-hacking workshop in Toronto. Fisher said that almost every Web site has serious vulnerabilities that allow a hacker an easy access. This way the problem is that security isn't built into Web applications. As a result, an attacker can easily hack into a site simply by viewing a Web page's source.

More info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171433021

Internet privacy

Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. Many people use the term to mean universal internet privacy: every user of the internet possessing internet privacy.
Internet privacy is the part of computer privacy. So many experts of internet privacy have the same opinion that internet privacy does not really exist. Privacy advocates believe: it should exist.
Those people who use internet casually don’t need achieve total anonymity. Regular internet users have to take care of privacy. You never know who can misuse your personal information. So many people desire much stronger privacy. In that case, they may use Internet anonymity to ensure privacy.

More info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171432243

When they keep an eye on you

Hidden video cameras and other sensors watch us every day, mainly in the big cities.
The police, shopping centers and individuals watch us (public squares, public roads, highways, schools, universities, business quarters, office buildings, government quarters, hotels, museums, hospitals, post offices, shopping centers, banks, ATMs, airports, restaurants, buses, etc…). The cameras are on the pillars or on the top of a building. Some of them are zoom compatible or able to turn around 360°. And much of them can see in the darkness. The films are stored in databases. There are computer programs which can recognize the wanted person.

In Monaco people are 24h watched. In 1996, during the Atlanta Olympia, there were thousands hidden cameras with professional lenses. In so many American work places employees are supervised. And now this is the new practice in American elementary and high schools as well.
There are more and more people, who have complete safety system in the house. They have smoke and movement sensor, cameras etc…Company advertise that as: You can go anywhere peacefully because there is “somebody” who always take care! But there exist face detectors too.

The Electrolux developed a new fridge, called Screenfridge. By help of it you can control the other tools.
Do we want to provide our household appliances with intelligent? Will not it be dangerous?

more info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171431464

Save your data!

Nowadays we keep almost every data on our PC. Our e-mails, wedding photos, family videos or the photos of your baby’s first birthday, etc… You never know who will break into your home, steal the computer and in this way you lose your memories.

For this reason, it’s very important to save your data on another media source. But not just private data, business data, too. In big companies it is done automatically but in little ones it is not such general practice. Therefore, you have to keep in mind data saving. Maybe you say: “I have a very serious alarm system. Nobody can break into it!” But you are not only threatened by criminals. Anything can happen such as a blackout or a virus or something which can destroy your database. Ahead of damage you have to save everything on a CD/DVD or some other form such as an external harddrive.

more info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171431067

Satellite scrutinizing- eyes in the sky

These days, there are many movies in Hollywood where people experience films where the central figure is observed by the FBI via satellites. We can say that: “Oh, it is only a film! It is no more than fantasy!” But it is apparent that this is not so unjustified. Just take one of the satellite navigation equipments which are used by us everyday in our car. We just write down where we want to reach and this little tool navigates us to our destination. It knows exactly where you are. This is the reason why it can say to you: “Turn left after 10 meters!”
In addition, there is the Google Earth application. We are able to look for our house or our favorite restaurant. When you use such applications you are limited. You are not able to zoom so much, but there are establishments who can look what is the number-plate of your car or what color underwear you wear.


After the cold war, the American military scout satellites were not shutdown. Perhaps they are in use to monitor everything. Those people, animals or subjects, who carry such a suitable appliance, are observed by GPS everywhere in the world.

How can you make sure when you are walking on the street, you are not watched?

more info: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709171430242

Mobil phones: curse or blessing?

As everything, mobile phones are also used for good and bad activities too.

Nowadays, when almost everyone has a mobile phone, people are starting to realize how to use it for damaging purpose as well.

The government of Csattiszgarh federal state (India) prohibited the usage of mobile phones in the higher education institutions. The reason is: a student girl had undergone atrocity because of that nude photo which was made in secret.
On the other hand in Malakka (Malaysia) the police operate an informatics center, where everybody can send photos of crime.
At the same time police use overhearing telephone talking in case of catching criminals is a useful and positive procedure. In 2005 the authorities used this method in about 35.000 cases.
Nevertheless, where is the border of usage between positive and negative:

You can read it here too: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709141037166

more info: http://www.infosecuritylab.com/

Mobile phones as a spy

Not so long ago we could hear news about mobile overhearing. If your mobile is turned off or is broken it can be overheard. Now we know that this was a false statement. However, the telecommunication companies can obtain information about us by means of the cell information. For instance: where we are and when. The telecommunication companies keep and log the phone calling and SMS data.

The time of the conversation and the conversation itself is stored. However, the content of SMS is not. Where the data is stored is seriously guarded and not everyone can enter. During the SIM’s data they know when and where we were exactly. The telecommunication company has thousands of transmission towers. By means of triangulation towers, the determined place is capable of finding the position of the mobile phone. For this concept, there is a new business product. Companies can now pay for the information where are when their employees have been. Nowadays, telecommunication companies have to ensure they are reaching consumers data as the Government requires this for national security.

In the USA and England there is an automatic system with which they can listen to every conversation. If they hear such words as: bomb, terrorist attack. They will keep that persons conversations under observation for a month.

These days the Brado presented a new accessory which helps us in overhearing anyone. The only thing you need is a SIM card. This is the Spy Ear. We just have to charge it, then put the SIM card into it and hide it in the room. After that we just call the number of the SIM card, and we can hear talking by means of three microphones.

You can read it here too: http://www.infosecuritylab.com/news.php?n_cat=2&n_id=200709141036190

more info: http://www.infosecuritylab.com/

Welcome to my blog!

Dear Guests!

Welcome you to my blogger page. I will write some interesting articles and texts about information security awareness, as you can see it from the blog's adress. This is a very important thing today. We have to be carefull with our information. Anybody can steal them, and can misuse those information. On my page you can get a little bit more info about this topic.

Enjoy! And be carefull with your data!

If you want to read more in this topic just visit: www.infosecuritylab.com