The Spy Next Door, Stealing Your Life For £44

How easy can it be to steal your life? For less than 44 quid is it possible to steal your bank account username, password and bank account security questions? For less than 44 quid is it possible to harvest your credit card details, including your credit card security code and Verified by Visa or MasterCard SecureCode password? Is it possible to read your private Emails and access your Email account? Is it possible to monitor all your private web surfing habits and instant messenger conversations, and obtain your username and passwords for all your websites?

Click here to read the full article via the IT Security Expert's blog by Dave Whitelegg.

Pass The Password

33% of computer users actually use the same password for every single website they use. Just one in five users say they use a different password for every site (imagine how many passwords you would need)!!

Millions of web users are being asked to reset their passwords as concerns spread over a major hacking attack on the Gawker site.

The attack on Gawker, which runs one of the world's most popular blog networks, was carried out over the weekend by an organisation calling itself Gnosis.

• Tips for keeping your password safe
• Never use the same password across lots of different websites.
• Do not use a word that you - or a hacker - could find in the dictionary: these are susceptible to so-called 'brute force' attacks.
• Try to include some digits and special characters to add a layer of complexity that will make life difficult for a criminal.
• Pick a phrase or mnemonic that helps you remember your password.
• You can avoid having to remember passwords altogether by using a password manager program. There are many available to download online.

 personnel security, personnel security, personnel security, personnel security, personnel security, personnel security

Get Safe Online - If you do nothing else, read this!

Beginner's guide

The internet is great. People like to email, chat and have fun online. We also use it to buy and sell things, do our taxes or bank online. The problem is online criminals. To make money, they want to hijack your PC, rip you off and steal your identity.

Prevention is better than cure and GetSafeOnline.org can help. This is just a high-level overview, but the site has detailed advice that will explain it all.

Protect your PC

•  Get anti-virus software, anti-spyware software and a firewall
• Keep your computer up to date
• Block spam emails
• Use an up to date web browser
• Make regular backups
• Encrypt your wireless network

Avoid online rip-offs

• When you’re shopping online, look for clear signs that you’re buying from a reputable company
• On an online auction site, learn how it works and learn to pick good sellers
• Use safe ways to pay, such as PayPal or credit and debit cards
• Use your common sense to avoid scams – if it sounds too good to be true, it probably is

Take care of your identity and privacy

• Avoid identity theft by using an up to date web browser and blocking bogus emails with a spam filter
• Always use strong passwords
• Don’t give away too much personal information on blogs and social networking sites

Get Safe Online Week 15th to 19th November

A joint initiative between the Government, law enforcement, leading businesses and the public sector. Thier aim is to provide computer users and small businesses with free, independent, user-friendly advice that will allow them to use the internet confidently, safely and securely.

Don't Put Your Life Online!

I have this available in PDF format. If required send me an email.

How to Provide Security Assurance in 9 Easy Steps!

The following is proven to work across all security disciplines including Physical Security, Personnel Security and Electronic Security. I know the thought of inviting Auditors into your areas of responsibility is a little daunting but if used correctly this can really be a very effective tool and can also be utilised to provide some free consultancy advice.

In conjunction with management you should produce and deliver an Annual Programme (1) of risk based audits aimed at ensuring security risks are identified and effectively managed. It is more than useful to obtain senior executive level approval that is communicated throughout your organisation and that clearly sets out the objectives, authority and responsibilities of the Department conducting these security audits.

Once high level approval is obtained you need to develop a structure as to how these security audits should be done and who needs to be involved. Below is an idea for a structure that could be adopted once the business area or security risk owner (also known as an auditee) has been identified.

A Planning or Opening Meeting (2) should be arranged with you and the auditee to agree areas of scope and to gain a better understanding of their business area. This meeting will include discussion of: appropriate questions to enable the level of risk maturity to be determined, confirmation of your understanding of the purpose of the area under review, the objective and scope of the audit, agreement of the key risks, any concerns risk owner may have which need to be addressed and agreement of key contacts and dates. This information then sets out the detail that is captured in an Engagement Letter (3) and once complete this letter is issued to the principal auditee(s) before fieldwork starts. I see the engagement letter as an essential document because it enables and drives the auditee and other key staff to have an input into the audit, clarifies the work that will be done, confirms the timing of the audit, ensures that the appropriate resource has been assigned to the audit, and establishes responsibilities of all parties.

Once you have identified your resource, the security auditor/advisor/manager should create a security audit programme. The purpose of the Security Audit Programme (4) is to set out in more detail the actual testing and work that will be carried out to address each of the areas in the scope. The programme is used as a basis to effectively align the Fieldwork (5) with the risks to be reviewed. The audit programme is the document that will focus on testing the effectiveness of the security controls and other risk mitigations in place to manage the most significant risks.

Fieldwork consists of a range of activities undertaken by the auditor/advisor and may include the following: Interviews with key staff involved in business processes, observation of key processes, carrying out tests of key controls, reviewing relevant documentation The purpose of fieldwork is to gather sufficient information to document the processes involved in the system under review and form an opinion on how well the key security risks or areas for review are being managed. The outcome of fieldwork will then form the content of the report with a management action plan to address any findings highlighted.

On completion of audit fieldwork and armed with a copy of the Draft Report (6) you should then meet up again with the management and auditee and hold a Closing Meeting (7) where the draft report, the findings and any suggested actions to rectify be discussed and pending this outcome it is then you notify management of the next stages in the audit process.

Most audit functions apply 4-5 Conclusion (8) titles ranging from very good, very poor to must try harder (a traffic light system is also sometimes used). It doesn’t matter what the conclusions are called just as long as it means something to the business. Based on the assessment of the fieldwork and the content of the identified issues a conclusion should be assigned to it, time scales with a defined date of when the identified issues will be addressed and owners named as this audit will have a Follow Up (9) and further tested at the agreed date. The report should then get an appropriate level of circulation to enable the business area, its managers and those that want and need assurance to understand its risk better. Dependant upon the audit conclusion the report circulation might include COE’s and other senior board members.