Part 2 in a 6-part series
by Mark
Robertson, Social Engineering Consultant and CTO
Security
professionals are well-known for their paranoia, however, believing it doesn’t
mean that no one is out to get you. No one really knows how many billions of
dollars are accounted for by security breaches motivated by criminal activities.
Few companies are willing to admit they are victims.
Those camera phones are everywhere. But has anyone considered the consequences of having such gadgets in a company environment? This month's feature story describes every possible scenario of how camera phones can invade a company's privacy.
Mobile devices present a challenge to our network security. Again, social engineering plays a large role. User education is beneficial and also tying security to employee performance can be another way to motivate employees to care about security.
Take a quick snapshot of your thoughts about this newsletter by taking the short reader survey and as a bonus, your name is entered in a drawing where you could win a PAIR of Garmin Rino 110 GPS.
Best, Meryl K. Evans Editor
To unsubscribe instantly or change your preferences, see links at the bottom …
Reader
Survey
Complete our 1-minute reader survey and you could win a PAIR of Garmin Rino 110 GPS.
Mobile devices are becoming necessary tools, especially for mobile workers. Companies connect these devices to their network, syncing them with employees’ computers and company systems. We have to worry about two things: theft of the devices and securing the contents, so those who steal devices don’t access company information from them.
How do we go about addressing these two challenging areas of security?
I've enacted a two factor authentication scheme for a knowledge management system that provides clients with access to many systems within our network. The application owner claims forcing our clients to use tokens is keeping them from using the application and I've made some concessions by using SSL Client Side Certificates. Now they say that these are even a hassle and argue that their online banking services doesn’t require two factor authentication, so why do it for document exchange?
What other techniques are used to authenticate with something that they have and something that they know that simplifies access to Web sites?
