Bright Stove

Reflecting information risk journey

Archive for February 2008

ISO/IEC 24762 published

leave a comment »

Finally, after more than two years of development, the ISO/IEC 24762 on "Guidelines for ICT Disaster Recovery Services" is now completed and published. It is now available for purchase at ISO web site at: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=41532.

This standard was developed based on the Singapore Standard, SS 507, which was published in 2005 and revised in 2007 to align with the development completed in 24762. SS 507 however is a certifiable standard, and a number of organizations in Singapore has since been certified. ISO/IEC 24762 is currently a set of guidelines, and there may be plan to have a specification developed in the coming months (or years).

The SS 507 (and 24762) standard was motivated by practical needs experienced in Singapore during the SARS incident, and the economic downturn thereafter in 2003/2004 period, in which it was difficult for organizations using DR Services (i.e., consumers) to determine the reliability (which includes quality, integrity, and availability in this case) of the service providers. In addition, there were service providers that were set up during good times and simply packed-up and left during the downturn, which left the consumers at risk. The SS 507 standard provides a means for consumers to determine the reliability and viability of the service providers, when they undergo and achieve the certification to provide the assurances needed.

ISO/IEC 24762 forms part of the WG4 Roadmap in addressing ICT Readiness requirements, and at the same time, providing the services to support the ICT disaster recovery needs of organizations in the aftermath of an incident.

 

Advertisements

Written by mengchow

February 15, 2008 at 11:46 pm

Posted in Security Standards

Big Italian bank says “Google your password to see if it’s good”

leave a comment »

Don’t ever try this! It is always dangerous when people get addicted to something (in this case, search engine).

Sunbelt Blog: Big Italian bank says "Google your password to see if it’s good"

While Internet search engines such as Live Search (www.live.com) or Google (www.google.com) can be a quick fix to finding information on the Internet, we need to be wary of the risks involved at the same time. There are always risks associated with good things in life. Every time you enter a keyword or phrase to the search engine, besides looking up URLs to web sites that might be relevant, the search engine also capture and starts indexing the keyword or phrase involved. This, from a technical perspective, is a necessary step so that the next time someone else entered the same thing, or something near to it, it can respond much faster. On top of this, the search engine providers will also try to find out whether the keyword or phrase that you have entered relates to any of the online advertisements that they are providing (which is how they get paid.) Over time, they build up a huge database, with all sorts of personal profiles approximated in it as well, whether you like it or not, in accordance with their privacy policy. If you use the search engine to look up the password that you are thinking of using, you will end up having the password captured and indexed somewhere in the search site. This means that your password is now stored in somewhere where you have no direct access to, and you have no control over. All it takes is for someone who happen to have that access (legally or illegally) to link up your user ID, and bingo, your account will be compromised, and you will only scratch your head and ask why it happens. As far as security is concerned, be extra cautious.

Written by mengchow

February 13, 2008 at 4:05 pm

Posted in Risk Management

Internet Safety for Everyone who uses the Internet

leave a comment »

I was in Hongkong before the Lunar New Year and read from the press about a 14 years old teenager who was arrested for hacking into a school network. As a result, several other media picked up the story and shortly after, my colleague and I were interviewed to comment about the security issues on the Internet, in particular, relating to the community networks, chats, etc, that Web 2.0 has offered today. 
 
In fact, over the years, many organizations and people have realized the importance of Internet safety, and how to educate our childrens and gear up the parents and teachers so that everyone can drive safely on the Information Superhighway. Many have devoted tremendous amount of resources to create useful materials, including guidance and interactive media to help people everywhere to acquire the necessary Internet safety driving skills. Recently, my colleagues just sent through some updated URLs, which I think are useful links that worth sharing further. Here they are: 
 

 Have a safe ride! 新春快乐!

Written by mengchow

February 13, 2008 at 4:06 am

Posted in Awareness

%d bloggers like this: