Compliance and Privacy News
Compliance and Privacy News )
Essential Reading for Today's Business 1st February 2006

in this issue
  • Double lasts longer
  • 2005 in Review, 2006 Indicators and Warnings
  • The Rise of Online Islamic Propaganda
  • VeriSign in 'Leaders Quadrant' in 'Gartner MSS Magic Quadrant'

    Dear Visitor,


    We need your help
    As you know, Compliance and Privacy is going from strength to strength. Every month we get over 25,000 unique visitors. But, in order to ensure we have the right content we need more people to register. So, please forward this to your colleagues and contacts. Registration is free and they get unlimited access to our growing content. Please click here to email this page to your colleagues.

    So, what do we have on offer this week? Firstly we look at the increasing need for "strong" or two-factor authentication as "phishing and pharming" enter the corporate network risk arena. Then there's an opportunity to review a webcast reviewing 2005 and looking at the new risks in 2006 and you can register for an intriguing webcast on the rise of online Islamic extremist propaganda. Finally, our sponsor, VeriSign has been recognised by Gartner no less as a leader in the Managed Security Service Providers market. The article below includes a link that lets you download the full Gartner report.

    Enjoy and have a secure start to February!

    Peter Andrews

    Double lasts longer

    More and more companies are taking advantage of the possibilities offered by connecting external employees, customers and business partners to their corporate networks via the internet, making important information available to them. Users generally log on to corporate networks or applications with a username and a static password. But in the aftermath of the most recent phishing attacks, many companies no longer consider this type of authentication sufficient for their needs. The point is that if a third party gets hold of this access data, there is almost no way of checking who is actually logging on accessing corporate data.

    Since the dramatic increase in fraudulent online activities, static passwords and usernames often offer inadequate security for access to corporate networks. The most recent phishing attacks have shown how professional internet fraudsters steal passwords and identities. To exclude the growing security risk, experts recommend dual-factor authentication - also known as "strong" authentication. The use of security systems for strong authentication practically excludes the risk of passwords being deliberately stolen or cracked. This is by virtue of the fact that strong authentication extends the "knowledge" factor - in other words the password - by the "ownership" principle - mostly in the form of a security token or a smart card. In principle therefore, strong authentication is based on a principle familiar from EC cards as used in ATMs: card plus PIN code - ownership plus knowledge.

    "Strong authentication should always be used when critical corporate and customer data needs protection against unauthorised access," explained Marcus Ross, general manager in Germany of security specialists VeriSign. Ross counts among the typical areas of use as mobile access to corporate data via a VPN (Virtual Private Network) or hotspots and the network/Windows logon and protection for web applications.

    2005 in Review, 2006 Indicators and Warnings

    As 2005 comes to a close, iDefense presents a review of the top threats and trends of the year helps to establish a forward looking view for 2006. This iDefense webcast, originally given on January 18, 2006, focuses on exploitation, specifically malicious code incidents, for 2005 and the implications as we look forth into 2006.

    This is a replay, so no interaction is possible. It requires speakers or headphones and runs for 42 minutes

    The Rise of Online Islamic Propaganda

    Numerous recent media articles have noted that al Qaeda is improving its information operations tactics through the use of the Internet, providing a means of anonymous communication and the dissemination of news on the group's military successes. This report will reveal the frequent presence of Islamic Extremist Propaganda online and provide a clearer understanding of the different forms of IEP, based on the specific objective and approach of each type.

    This webcast is on 2nd February at 2pm EST, 7pm GMT. As usual we will place the replay here a few days after the webcast, but no interaction is possible with a replay.

    VeriSign in 'Leaders Quadrant' in 'Gartner MSS Magic Quadrant'

    VeriSign has been positioned by Gartner, Inc. in the leaders quadrant in the 2H05 North America Managed Security Services Providers (MSSP) Magic Quadrant. A full copy of the report has been made available for download alongside the full article by VeriSign, the sponsors of

    "We are pleased that Gartner has positioned us in the 'Leader' quadrant. We feel this report confirms what our customers, partners and prospects are telling us - that VeriSign has the people, processes, technology and intelligence to help enterprises better respond to information security threats and manage their risk," said Chris Babel, vice president, Managed Security Services, VeriSign. "Our vendor-neutral services approach, technology and intelligence make VeriSign extremely well positioned to help enterprises of all sizes. Furthermore, the addition of the VeriSign iDefense Security Intelligence team expands on our ability to provide customers with proactive security intelligence that helps protect them from malicious activities."

    Issued on December 30, 2005, the 'Magic Quadrant for Managed Security Services Providers, North America, 2H05' evaluated MSSPs on their completeness of vision and ability to execute. According to Gartner, magic quadrant 'leaders' are vendors who are performing well today, have a clear vision of market direction and are actively building competencies to sustain their leadership position in the market.

    Quick Links...


    Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.