Information Risk Management

Displaying 1-10 of 10 results

  • White Papers // May 2011

    Bootstrapping Mobile PINs Using Passwords

    The authors describe a method of deriving PINs from passwords. The method is useful to obtain friction-free user on-boarding to mobile platforms. It has significant business benefits to organizations that wish to introduce mobile apps to existing users - but which are reluctant to make the users authenticate with passwords....

    Provided By Information Risk Management

  • White Papers // Oct 2008

    Targeting VOIP

    As more and more companies move towards a full scale replacement of conventional PSTN phones with a VOIP infrastructure, there is an increased incentive for malicious individuals to break into the phone architecture. The main benefit of implementing VOIP over conventional phone systems is cost saving and efficiency. With the...

    Provided By Information Risk Management

  • White Papers // Sep 2008

    Risky Business - Hacking the Trading Floor

    Drawing on the author's experience of working on large Forex, over-the-counter and proprietary trading systems for Fortune 500 banks, this paper aims to highlight the current application security trends and issues within financial trading applications and the common business risks associated with these issues. This paper is aimed at security...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Application Security Test

    The UK gaming market alone is expected to continue to grow in excess of ?10bn in 2009, with total turnovers reaching ?100bn. Vast sums of money exchange hands daily via electronic means, exposing the gaming industry to risks such as money laundering, fraudulent transactions, denial-of-service attacks, collusion amongst players in...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Configuration Review - Firewalls & Routers Industry Sector: Media and Telecommunications

    Firewalls aim to provide organisations with reliable security at the network perimeter; however each firewall must be properly configured in order to allow and disallow network traffic accordingly, in a manner sensitive to business needs. Poorly configured firewalls can be overwhelmingly damaging to the security of an organisation - lax...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Configuration Review - IDS/IPS

    Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are crucial components of an organisation's security infrastructure. However to maximise the effectiveness of an IDS or IPS, a finely-tuned configuration is required. The oversensitive IDS threatens its effectiveness by flooding even the most sophisticated log correlation engines, resulting in actual...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Penetration Test

    The finance sector has largely championed the increasingly interconnected business world. The need for the facilitation of Business-To-Business (B2B) and Business-To-Customer (B2C) commerce, rapid transfers of business intelligence and remote access working has resulted in an ever increasing number of systems, portals and services situated on the publicly-accessible Internet. Regular...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Penetration Test - Citrix

    Citrix deployments are often utilised to provide restricted-functionality environments to internal staff and third-party organisations, including contractors and external consultants. If not adequately secured these environments provide a wealth of opportunity for the 'Interested' or malicious user to gain elevated levels of access to networked systems. IRM identifies the security...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Secure Application Development Training

    Application layer vulnerabilities manifest themselves as a result of a lack of a Security Aware Software Development Lifecycle (SDLC), or simply poorly-written code. Since attackers have shifted focus from network based attacks to exploiting vulnerable applications, it is imperative that organisations introduce processes and controls to minimise the occurrence of...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: User Access Review

    In large multi-user environments it is often difficult to establish exactly who has access to data, systems or applications. Historical user accounts and group memberships along with various generations of internal architectures further complicate matters. Through a User Access Review engagement IRM identifies user access models throughout the corporate environment....

    Provided By Information Risk Management

  • White Papers // Oct 2008

    Targeting VOIP

    As more and more companies move towards a full scale replacement of conventional PSTN phones with a VOIP infrastructure, there is an increased incentive for malicious individuals to break into the phone architecture. The main benefit of implementing VOIP over conventional phone systems is cost saving and efficiency. With the...

    Provided By Information Risk Management

  • White Papers // Sep 2008

    Risky Business - Hacking the Trading Floor

    Drawing on the author's experience of working on large Forex, over-the-counter and proprietary trading systems for Fortune 500 banks, this paper aims to highlight the current application security trends and issues within financial trading applications and the common business risks associated with these issues. This paper is aimed at security...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Application Security Test

    The UK gaming market alone is expected to continue to grow in excess of ?10bn in 2009, with total turnovers reaching ?100bn. Vast sums of money exchange hands daily via electronic means, exposing the gaming industry to risks such as money laundering, fraudulent transactions, denial-of-service attacks, collusion amongst players in...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Configuration Review - Firewalls & Routers Industry Sector: Media and Telecommunications

    Firewalls aim to provide organisations with reliable security at the network perimeter; however each firewall must be properly configured in order to allow and disallow network traffic accordingly, in a manner sensitive to business needs. Poorly configured firewalls can be overwhelmingly damaging to the security of an organisation - lax...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Configuration Review - IDS/IPS

    Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are crucial components of an organisation's security infrastructure. However to maximise the effectiveness of an IDS or IPS, a finely-tuned configuration is required. The oversensitive IDS threatens its effectiveness by flooding even the most sophisticated log correlation engines, resulting in actual...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Penetration Test

    The finance sector has largely championed the increasingly interconnected business world. The need for the facilitation of Business-To-Business (B2B) and Business-To-Customer (B2C) commerce, rapid transfers of business intelligence and remote access working has resulted in an ever increasing number of systems, portals and services situated on the publicly-accessible Internet. Regular...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Penetration Test - Citrix

    Citrix deployments are often utilised to provide restricted-functionality environments to internal staff and third-party organisations, including contractors and external consultants. If not adequately secured these environments provide a wealth of opportunity for the 'Interested' or malicious user to gain elevated levels of access to networked systems. IRM identifies the security...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: Secure Application Development Training

    Application layer vulnerabilities manifest themselves as a result of a lack of a Security Aware Software Development Lifecycle (SDLC), or simply poorly-written code. Since attackers have shifted focus from network based attacks to exploiting vulnerable applications, it is imperative that organisations introduce processes and controls to minimise the occurrence of...

    Provided By Information Risk Management

  • Case Studies // Aug 2008

    Information Risk Management Case Study: User Access Review

    In large multi-user environments it is often difficult to establish exactly who has access to data, systems or applications. Historical user accounts and group memberships along with various generations of internal architectures further complicate matters. Through a User Access Review engagement IRM identifies user access models throughout the corporate environment....

    Provided By Information Risk Management

  • White Papers // May 2011

    Bootstrapping Mobile PINs Using Passwords

    The authors describe a method of deriving PINs from passwords. The method is useful to obtain friction-free user on-boarding to mobile platforms. It has significant business benefits to organizations that wish to introduce mobile apps to existing users - but which are reluctant to make the users authenticate with passwords....

    Provided By Information Risk Management