This newsletter is intended for people and companies interested in disaster recovery and is only sent to people who subscribe. Back issues are archived on our Web site (http://www.binomial.com). Sometimes, the emailed newsletter is truncated by your server because of its length. This current issue is now available at http://www.binomial.com.
Each month, we search through over thousands of articles to find information on disaster recovery planning, business continuity planning, and more.
ANYONE CAN CONTRIBUTE, JUST SEND SNIPPETS TO: letter@binomial.com
In this Issue:
We have a couple of stories in this issue on inside threats. With large numbers of layoffs that began in the telcos, then to IT companies and are now rippling througout the entire economy, you must be much more vigilant than ever before. Even the hotels and other suppliers in the travel business are being affected by the cutbacks. Beef up your recovery and continuity plans and your security plans to counteract these threats.
With so many horror stories being told about hackers and password-cracking programs it is easy to forget that the highest incidence of data theft is still found within an office environment. Many businesses, though, only have themselves to blame, as they have become so lax with their company passwords and the like. It would be an easy enough task to become a commercial spy in many an office around the globe.
If it takes three minutes, though, to access your work each morning then you may not be too inclined to log out when you’re just nipping out for a coffee. In the time that you are away from your desk your files could be copied, changed or deleted and how do you prove that you didn’t do it? If the breach is major, could you lose your job? Providing opportunities for even closest colleagues is foolhardy and the responsibility for protecting work and network privileges should be instilled in all users. Implementing the corporate security policy, even when simply going out to the washroom, should, by now, be second nature.
Read the rest of this article at http://www.scmagazine.com/index2.html and follow the links to March 2001.
Ref: SC InfoSecurity Magazine, March 2001
Laptop security can be broken down into three phases: physical security, access control/authentication and tracking/recovery. But the biggest challenge may be changing users' attitudes and habits.
It's been more than a year since an unattended laptop disappeared from the U.S. Department of State's Washington, D.C., headquarters. Two top-level administrators were fired and four others received career-ending reprimands for losing a notebook computer that contained sensitive nuclear weapons proliferation data. Despite an intensive investigation and a $25,000 reward, the FBI has been unable to recover the missing laptop.
The State Department administrator who had his laptop stolen in a crowded conference room was doing nothing different than what thousands of executives do every day-hauling a notebook computer from appointment to appointment. But these portable devices-rich in computing power and communications capabilities, and often loaded with sensitive data-are big targets to opportunistic thieves and industrial spies.
Laptop theft is a huge problem, according to security industry and insurance company statistics. Safeware (www.safeware.com), an Ohio-based insurance firm specializing in PC policies, reports that nearly 320,000 laptops valued at $800 million were stolen in 1999, a 5 percent increase over the previous year. The trend is mirrored by the expansion of the laptop security market, with some manufacturers reporting 40 to 50 percent annual growth rates.
Read the full article at http://www.infosecuritymag.com/articles/february01/features_laptop_security.shtml
Ref: Information Security Magazine - February 2001
On our website at www.binomial.com we now have a bookstore that carries all the materials that you need in business and disaster recovery planning. There are as many as 900 books and software items at this site which will aid you in all aspects of developing your BIAs, TRAs, and Continuity and Recovery Plans. There is also help on maintaining your plans, training and testing. We even have a complete collection of videos available for you.
In a recent survey by Computerworld in their Windows 2000 Advantage Newsletter ( www.windows2000advantage.com/ ), the question was asked: "What level of uptime is your company's rock-bottom requirement ?".
The answers were:
A sysadmin at a hospital heard a rumor that she was going to be fired. She quickly moved to arrange a comfortable "severance package" for herself by encrypting a critical patient database. Her supervisor naturally feared the worst: that the admin would disappear off the face of the earth without decrypting the data, resulting in a significant service disruption and probably the loss of the supervisor's job. So, in exchange for the decryption key, the manager hastily agreed to a significant termination "bonus" and an agreement that the hospital wouldn't press charges.
Though it sounds like something out of a Hollywood movie script, this type of incident happens all the time in the corporate world, in every industry and at every type and size of organization. Despite the media's focus on high-profile outsider cyberattacks, the sad but true fact of corporate security today is that insiders constitute the greatest threat to corporate information systems. This is not a colorful overstatement: Since your IT employees have intimate knowledge of your company's vulnerabilities and safeguards, it stands to reason that attacks from within can be far more devastating than those from outside. Recent surveys from Computer Security Institute (CSI) and Information Security confirm this unhappy truth. According to CSI, for example, the average insider attack cost the target enterprise some $2.7 million, compared with $57,000 for the average outside attack. Worse, most security professionals have learned the hard way that technical solutions alone cannot prevent, deter or even detect insider risk, let alone manage it.
Read the rest of the article at http://www.infosecuritymag.com/articles/july00/features2.shtml
Ref Information Security Magazine - July 2000
We have scheduled several new seminars:
Business & Disaster Continuity Planning will be in
Come and learn how to be ready for all disasters.
Attendees at all of our seminars learn all about dr, receive a full, registered version of our world-renown software system, Phoenix 2000b and each develop a disaster recovery plan for their own company. All attendees can also attend any future seminar for a small fee. The schedule and seminar content can be seen at www.binomial.com. Still a few seats left.
Vigilinx Warns of May Day Hacking Threat
Vigilinx, the risk assessment services company, has warned US IT managers to be on high alert over the next week against Chinese hacker threats.
Hackers in China are thought to preparing a major assault on US web site over the May 1 to 7 period, following the downing of the EP-3P spy plane in China in early April. During that incident, a Chinese pilot lost his life, causing a wave of anti-US sentiment and a major political incident to result. Although the crew of the spy plane have been returned to the US, American and Chinese hackers have turned the EP-3P situation into a personal hacking war.
Vigilinx claims that pro-American hackers have hacked over 100 Chinese web sites since early April, and a concerted Chinese hack is planned for the week of May 1 to 7 in retaliation. The Chinese attack has been named ‘Laodong Jie Wuy Strike' (Labor Day Strike), in honor of International Workers Day. May 7, meanwhile, is the second anniversary of the accidental bombing of the Chinese embassy in Belgrade by the Allied Forces.
Vigilinx says that the hacker group PoizonBOx has defaced over one hundred Chinese web sites since April 4. The defacements are a simple message proclaiming ‘This Site Was Owned by PoizonBOx’. Although the group has dubbed its campaign ‘ChinaKiller' they are not making any political or hate messages with their defacements. They are, however, urging other pro-American groups to participate in this campaign.
Pr0phet, another pro-American defacer, has also urged all pro-American hackers to "focus on China and wreak hell on their servers."
www.vigilinx.com
See http://www.infosecnews.com/
See also CNN's story at http://www.cnn.com/2001/TECH/internet/04/26/hacker.warning/index.html
You will find links to DRP sites of interest at: Links
Over 800 links are now listed here.
Interesting links may be found at: www.fema.gov/fema/whatsnew.html
Also check www.colorado.edu/hazards/sites/sites.html
Also check www.colorado.edu/hazards/dr/currentdr.html
BINOMIAL Business/Disaster Recovery Planning Seminars: www.binomial.com
| WASHINGTON | May | 14-16 | 2001 |
| DALLAS, TEXAS | June | 4-6 | 2001 |
| ORLANDO | September | 16 | 2001 |
| LAS VEGAS | October | 22-24 | 2001 |
| LOS ANGELES | November | 5-7 | 2001 |
| WASHINGTON | November | 26-28 | 2001 |
We have moved all of the events information to Events to save space in your email.
letter@binomial.com
www.binomial.com
BINOMIAL (800) 361-8398(V) (520) 441-4170(F)