Information Security Philippines

Where does sensitive data exist in your organization? Where is it hiding, how does it flow through your systems, and who really has access? If you think you know the answers, think again.

In most companies, recognized data represents just the tip of the iceberg, while undiscovered sensitive data lurks below—posing a serious but preventable compliance risk.

Join this one-hour Webinar to explore what you can do to prevent costly and embarrassing data breaches.

Topics that will be covered:

• How unintended data exposure happens, including case examples
• Risk concepts every technie should be able to discuss with business users
• Specific compliance requirements including PCI, Gramm-Leach-Bliley, and HIPAA
• Checks and balances even small organizations must have in place to protect sensitive data
• Capital costs and risks stemming from sensitive data exposure
• Best practices for data relationship discovery and de-identification

(more…)

An alert from Cisco Systems Inc. describes an unintentional password modification vulnerability in multiple firewall products that could be exploited to change passwords without user interaction and allow “unauthorized users to gain access to a device that has been reloaded after passwords in its startup configuration have been changed. Authorized users can be locked out and lose the ability to manage the affected device.”  

The flaw affects Cisco PIX 500 Series Security Appliances, Cisco ASA 5500 Series Adaptive Security Appliances and Firewall Service Module (FWSM) for Cisco Catalyst 6500 switches and Cisco 7600 Series Routers running affected versions of the software.

Cisco has issued software to address this vulnerability.  A second alert from Cisco describes a pair of flaws in Cisco VPN 3000 series concentrators with FTP file management enabled that could be exploited to execute some FTP commands and delete files.  Cisco has issued free software to address these two flaws and also made workarounds available.
http://www.cisco.com/en/US/products/products_security_advisory09186a00807183b0.shtml
http://www.cisco.com/en/US/products/products_security_advisory09186a0080718330.shtml

5th Annual Philippine IT Security Conference
September 11- 12, 2006
Hotel Intercontinental
Makati City, Philippines 

This year’s 5th Information Systems Security conference and exhibit is dubbed: “ManilaCon 2k6:progress@risk” and is organized by the Information Systems Security Society of the Philippines (ISSSP), in cooperation with the Commission on Information and Communications Technology (CICT) and the National Security Council (NSC) towards the development and implementation of a National Cyber Security Strategy.

We need one to ensure the integration of public and private efforts to counter threats and institutionalize the protection of national and local cyber infrastructures and businesses.

We expect all security concerned CEOs, CIOs, Security Officers and Systems Administrators/Programmers to be more vigilant in securing cyberspace, not just for the protection of their respective enterprises but for the protection and security of all those existing and doing business in cyberspace.

This conference and exhibit is designed to kick-start this national effort and concern.

To join, please see below, details of the program schedule and delegate fees.

For registration or more information, please call Ellen at the ISSSP Secretariat telefax no. 750-3742 or mobile 0920-2413954. Or send email to isssphil[at]yahoo.com. You may also visit http://www.isssp.org.ph/ for other details of this conference and exhibit and/or to register online.

Signed: 

AMADO A. MALACAMAN, JR., President – ISSSP             

Angelo Timoteo M. Diaz De Rivera,  Commissioner – CICT

(more…)

The National Statistics Office and National Economic Development Authority are pilot agencies in the implementation of Executive Order No. 420 otherwise known as the Unified Multi-purpose Identification (UMID) system issued by President Gloria Macapagal Arroyo, directing government agencies under the executive branch to harmonize identification systems and adopt a uniform ID data collection and format.

According to Catalino G. de Gracia, Statistician II, of the local NSO UMID will give people easy access to government transactions. “It will start with the NSO and NEDA this year, then to all government agencies by January 2007 and eventually to the local government units”, he said. “It will not violate the individual’s right to privacy since it only ask the basic information about the person, similar to our Office or Government Security Insurance System(GSIS) ID cards”, he stressed.

(more…)

Global Security Week 2006, the week leading up to September 11th each year, is an opportunity to join forces with other security professionals worldwide and promote security to the masses. The theme for Global Security Week 2006 is identity theft. Find out about the truth behind the headlines. Is “phishing” a genuine threat? What are the banks doing about it? What can ordinary members of the public do about it? Participate in Global Security Week to help spread the word about identity theft and encourage ordinary law-abiding citizens to be on their guard.

http://www.globalsecurityweek.com/index.html

Security Solutions Virtual Tradeshow
Balancing the Need for Heightened Security and Increased Access

Wednesday, September 13 & Thursday September 14, 2006 Today’s CIOs and IT managers face a daunting task: protect their network from viruses, spyware and the latest threat du jour—phishing and keyloggers to ransomware and cyberextortion. They must also ensure that their IT spending helps their company comply with legislation, maintain internal and perimeter security, and protect information assets and personal data. But, it doesn’t end there–IT executives must contend with an increased reliance on wireless networks, smart phones, instant messenger, P2P and VoIP.  That is the mandate and there is no way getting around it.

New tools and technologies provide widespread access to enterprise users, but they also demand improved security strategies and policies. As IT managers develop more sophisticated security strategies, more complex and damaging threats will be unleashed that drain time and resources. It’s an uphill battle and it’s all in a day’s work for an already overtaxed IT department.

(more…)