February 2008 Newsletter

Welcome

Here is your very first ACSN quarterly newsletter, best enjoyed with a cup of tea. Just a few words on what’s new and newsworthy in the tricky world of digital security. And it's our way to say hello more often - not just when fixing problems.

About security

A high price to pay

Société Générale has just paid nearly £4 billion for the most expensive lesson in information security the world has ever known.

And what can we learn? Two general points straight away: that human motive, not technology, is the basic cause of any breach; and that the worst damage tends to be inflicted not from outside an organisation, but from within.

There are more detailed lessons. We don't know exactly what happened. Was hacking involved? Was information accessed from one point or many? We can't be sure. But as facts emerge, we've started to think about these areas of security discipline:

  • Appropriate authentication
  • Compartmentalisation of networks by risk and department
  • Well developed account management policies for staff when they change roles and move departments.

It may be too early for conclusions, but there's little doubt that money spent on the right security controls may have been a few billion pounds more cost-effective.

How safe are your web applications?

It may be the programme everyone uses. It may be a household name. But that doesn't make a web application secure. The Gartner Group estimates 75% of all security breaches are due to vulnerabilities in web applications.

If you want any guarantee of security then your web applications need to be thoroughly tested. And it's much cheaper to do it pre-emptively than try and clear up the mess after a breach.

We offer a full testing service. The job is different every time - tailored exactly to your organisation.

But the principle stays the same: we prove your web applications are secure by reviewing your application from the session management employed to cross site scripting (XSS) susceptibility; when issues are found we always suggest solutions.

About us

Nokia accreditation

Ours is one of those jobs with exams for life. We've just passed the latest test to become Nokia Certified Security Associates. That means we're fully qualified to support and advise you on the latest Nokia security products and solutions.

It's one more on our list of accreditations. We're a little obsessed with them, because recognised standards matter in businesses, and peace of mind starts with absolute proof of competence.

New faces

ACSN has been a little more cosmopolitan since Nathalie Hayoz became our sales and marketing executive in July . She's Swiss-French and has worked alongside top European CIOs as a Marketing Manager for Microsoft. She says “I really enjoy working for ACSN. There is a real team spirit. Everyone is supportive, very professional and committed to excellence.”

Zarina Ahmed joined us as a consultant in October. Her love of computers began with an IBM notepad & dial-up modem. She has a master's degree in IT and she's Microsoft and Cisco certified among others. Having done time reading manuals she's thrilled to be getting involved, handling hardware and facing firewalls. She says “I'm delighted to be here working with such experienced consultants in such a wide range of projects.”

About life

Mothballed

Computers have always needed a helping hand to debug them. The less-than-portable Harvard Mark 1 was 51 feet long and needed 500 miles of wire plus a five horsepower clutch-controlled motor to do the job of a pocket calculator. In 1947 a moth was found fluttering around HM1's Panel F. Engineers caught and mounted it in the computer logbook with the words: "first actual case of a bug being found."

In this issue

A £4 billion lesson

Are your web applications safe?

Nokia accreditation

New faces at ACSN

The first ever
computer bug

Company No. 04924133 | Registered Address: 55 Station Road, Beaconsfield HP9 1QL