| Gov INFOSEC 2012 |  | Jan 10, 2012
Cyber Security Division (Q-CERT) is organizing an Information Security Conference (gov.INFOSEC 2012) targeted at the government and the semi government sector.
Gov.INFOSEC 2012 will be held on 12th January 2012 at the Diplomatic Club.
The conference will discuss the latest trends in Information Security and the changing information security threat landscape.
It will also be an excellent opportunity to network with your peers in the sector and share the experiences and challenges faced by the government sector in handling information security.
Please register at the following website if you wish to attend this conference.
English: http://www.govinfosec2012.org/en/
Arabic: http://www.govinfosec2012.org/ar/ | | e-transaction law comes to Qatar | | Aug 24, 2010
On the 19th of August, 2010 HH the Deputy Emir and Heir Apparent Sheikh Tamim bin Hamad al-Thani issued a decree to enact Qatar’s e-transaction law. The law comes in 70 articles under 10 chapters. While chapter 1 goes through the definition of terms, chapter 2 addresses the domain to which the law applies and chapter 3 details the components of e-transactions. In chapter 4, the law addresses the legal effects and the authoritative nature of e-transactions mainly denoting integrity concerns. Chapter 5 states on the means of identifying integrity and non-repudiation, namely digital signature and its related aspects. In the 6th chapter, the law specifies the regulations of digital certification authorities. Chapter 7 identifies issues of data storage and transmission and chapter 8 is concerned with consumer protection regulations. In chapter 9, the law stipulates ictQATAR’s authorities and chapter 10 lists the offences and penalties. The new law puts e-transactions locally in its legal context, and opens new horizons for business and services in Qatar. As the law assigns ictQATAR a group of responsibilities, CS/Q-CERT is gearing up to take its share in the coming few weeks. | | Keeping Data Secure While Traveling | | Aug 24, 2010
[Archived news dated April 30, 2008] Summer is approaching, and many people will be setting off on travel adventures. These days, using the internet has become ubiquitous, and going without it while traveling has become inconceivable. Unfortunately, sometimes the only option for getting online is to use an internet cafe, despite the well-known risks.
How can you use an internet cafe safely? A recent thread on Slashdot discussed this question. The range of suggestions in the thread is impressive. Many people suggested improved authentication methods, while others said that cybercafes should never be used for confidential data.
A few interesting themes emerged from the discussion:
- Avoid cybercafes whenever possible. Many machines in cafes are infested with keyloggers—software that records every keystroke typed on the machine and then sends it off to the attacker's site, giving the attacker the ability to see your passwords. However, keylogging is only one of the attacks you need to worry about. It's better just to avoid the problem, especially if the information you're processing is critical. Using your own machine on a wireless network is a much better option.
- Don't rely on mouse-based keyboards. To protect against keyloggers, many financial institutions have begun using software keyboards where users must select letters on a graphic picture of a keyboard. Some of us may be tempted to use cybercafes for banking, thinking that their data is protected by these "soft" keyboards. However, smart keyloggers these days capture mouse clicks as well as keyboard clicks, meaning that attackers can piece together your password by knowing the size and position of the virtual keyboard and the sequence of clicks you made.
- Use one-time passwords. The best defense against keyloggers is to use one-time passwords. These are just what the name implies: passwords that you only use once. One common technique is to print out a hundred or so passwords before setting off on your trip to Salalah and cross off each password as you use it. Because you use each password only once, it doesn't matter if an attacker learns what each password is—it will never be used again. If you control your infrastructure, using a one-time password system like S/Key or SecurID may be the best option. If you don't control your infrastructure, though, using these systems may be impossible because they are not widely deployed at this time.
| | Golden Rules of Safe Internet Shopping | | Aug 19, 2010 [Archived news dated March 3, 2009] On The British Computer Society's website, Andy Dalrymple, managing consultant information risk management at Global Secure Systems (GSS), has provided some excellent advice on how to stay safe while you shop online. How many of his twelve "Golden Rules" are you following? | | Medical Records More at Risk from Accidental Leakage than from Th... | | Aug 19, 2010
[Archived news dated March 3, 2009] A recent report says that patient information is at greater risk from accidental disclosure through peer-to-peer networks than through the theft or loss of laptops and removable storage devices. The study, "Data Hemorrhages in the Health Care Sector," describes how Professor Eric Johnson and his colleagues were able to find thousands of records, including medical diagnoses, identification numbers, insurance information, and other data from medical institutions with relative ease.
An article in Computerworld states that Johnson said, "The range of health care information floating on P2P networks and the variety of sources from which it is being leaked highlight the disorganized and decentralized manner in which health care data is being collected, stored, used and shared."
This report confirms earlier studies, such as one on Kazaa, that show it is difficult to configure file sharing software to avoid inadvertent data leakage. |
|
1
- 5  |
|
|