CSI

About CSI:

Computer Security Institute (CSI) is the leading membership organization and provider of education for the information security community. CSI serves the needs of security professionals worldwide through conferences, educational events, research and publications, blogs, podcasts and awareness tools.

CSI 2010: Security. Strategy. Success.
CSI 2010 is the leading IT security management conference and the largest security event on the East Coast. The comprehensive program focuses on both technological as well as management solutions. The CSI Annual is designed for information security and IT professionals of all levels: executives, directors, managers and staff, and anyone needing to gain an understanding of both the technical aspects of security, and how security fits into the overall business plan.

CSI 2009 was held October 24-30 ,2009 in Washington,D.C .

CSI 2010 will be held October 25-29,2010 in Washington,D.C.

CSI Computer Crime and Security Survey 2009

This survey marks the 14th annual edition of the CSI Computer Crime and Security Survey, making it the longest-running project of its kind in the security industry.

Several new questions were added to the CSI survey this year, but the survey continues to describe what kinds of attacks respondents' organizations experienced and how much security incidents cost those organizations. The survey includes information about targeted attacks, incident response and the impacts of both malicious and non-malicious insiders. It contains details about respondents' security programs, including budgeting, policies implemented, tools used, satisfaction with security tools and budgets, degree of outsourcing, use of metrics and effects of compliance requirements.

Also new this year, the comprehensive edition of the survey compares CSI's findings to those of the Verizon Business RISK Team Data Breach Investigations Report, the Ponemon Institute's Cost of a Data Breach report and the Symantec Global Internet Threat Report.

Respondents reported big jumps in incidence of password sniffing, financial fraud, and malware infection.

One-third of respondents' organizations were fraudulently represented as the sender of a phishing message.

Average losses due to security incidents are down again this year (from $289,000 per respondent to $234,244 per respondent), though they are still above 2006 figures.

Twenty-five percent of respondents felt that over 60 percent of their financial losses were due to non-malicious actions by insiders.

Respondents were satisfied, though not overjoyed, with all security technologies.
Most respondents felt their investment in end-user security awareness training was inadequate, but most felt their investments in other components of their security program were adequate.

When asked what actions were taken following a security incident, 22 percent of respondents stated that they notified individuals whose personal information was breached and 17 percent stated that theyprovided new security services to users or customers.

When asked what security solutions ranked highest on their wishlists, many respondents named tools that would improve their visibility—better log management, security information and event management, security data visualization, security dashboards and the like.

Respondents generally said that regulatory compliance efforts have had a positive effect on their organization's security programs.

This year's survey results are based on the responses of 443 information security and information technology professionals in United States corporations, government agencies, financial institutions, educational institutions, medical institutions and other organizations. Their responses cover the security incidents they experienced and security measures they practiced from the period of July 2008 to June 2009.

Fighting cyber terrorism

Malaysia’s Prime Minister Abdullah Badawi has approved a US$13 million grant to lay the foundation of IMPACT, a not-for-profit global organisation, to rally efforts from governments, the private sector, and academia worldwide, against the growing threat of cyber terrorism. IMPACT, or International Multilateral Partnership Against Cyber Terrorism, is the first global public-private initiative against cyber terrorism. It drives collaboration among governments, industry leaders and cyber security experts to enhance the global community’s capacity to prevent and respond to cyber threats.

The start-up grant will be used to construct the IMPACT building in Cyberjaya, Malaysia, and operations are expected to start in December.

The fund will also finance the infrastructure for the four centres of IMPACT: the Centre for Training & Skills Development; the Centre for Security Certification, Research & Development; the Centre for Global Response; and, the Centre for Policy, Regulatory Framework & International Co-operation.

Currently chaired by the Malaysian PM, the leadership of the International Advisory Board of IMPACT will be handed over to other member countries after the initial three-year term. “From the standpoint of the Malaysian government, their contribution is a gift to the global community. Someone has to start. They feel they’re just giving the seed,” said Mohd Noor Amin, Chairman, Management Board, IMPACT.

Warning System

IMPACT is currently building two systems for its member countries. One is an early warning system. which will aggregate ‘feeds’ from IMPACT’s security partners and member countries, which will be redistributed across the world to member countries.

Another is a collaboration system that, according to Amin, is a secure electronic platform enabling experts from member countries to collaborate with one another based on their specialty and niche areas.

Al-Ihsal Ishak, Acting COO and Head of the IMPACT Centre for Training and Skills Development, shared his expectations of IMPACT’s new systems and its network of partnerships across the globe.. “We actually are looking at first-hand interaction with the Cyber Crime Convention where we believe 14 countries have signed, or will sign,” said Ishak, adding that INTERPOL was represented at the first IMPACT World Cyber Security Summit, held in Malaysia, May 20-22. At press time, 30 countries had confirmed participation and representation at ministry-level of the summit, including the secretary-general of the International Telecommunication Union, a member of IMPACT’s International Advisory Board.

Worldwide Attention

Amin said that IMPACT is more concerned more about the consequences of cyber terrorism than whether the threats are initiated by individuals or organised groups. “We are talking about threats that are far more serious, for instance, the ability to bring down the airport traffic control systems, the stock market systems, or to tamper with medical records,” he said.

hello every body!

I'm gonna to speak about cyber terrorism. Let's take a look to wikipedia. Wikipedia defines cyber terrorism as follow:

Cyberterrorism is a controversial term. Some authors choose a very narrow definition, relating to deployments, by known terrorist organizations, of disruption attacks against information systems for the primary purpose of creating alarm and panic. By this narrow definition, it is difficult to identify any instances of cyberterrorism. Cyberterrorism can also be defined much more generally, for example, as “The premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.” This broad definition was created by Kevin G. Coleman of the Technolytics Institute. The term was coined by Jared Westrup.

But what's really cyber terrorism is exactly what I'll try to explain in this web page.