IT Security Policy: The First Line of Defense
As a security professional, I am amaze when I find that an organization does not have an IT security policy in place.
An IT security policy is a statement by management to how the organization will protect their resources from unauthorized access, alteration, or destruction. The IT security policy also provides a blueprint of management’s strategy as regards information security.
An IT Security policy usually consist of the following categorizes:
1. Corporate Policy
2. Information Security Policy
3. Personnel Security Policy
4. Physical and environmental security policy
5. Computer & Networks Security Policy
* System Administration
* Network Policy
* Application Development Policy
6. Business Continuity Planning
The Purpose of an IT Security Policy
The purpose of the information security policy is to establish a corporate-wide approach to information security. To also prescribe mechanisms that help identify and prevent the compromise of information security and the misuse of corporate data, applications, networks and computer systems. Lastly, to implement effective controls for responding to incidents and external complaints.
For more information on IT Security Policies and other documents please visit www.securityorb.com
Adobe Zero-Day Attack on DC-Based Organizations
On June 4, 2010, Adobe announced a critical vulnerability with Adobe Flash Player, Adobe Reader and Acrobat that could allow attackers to take control of the affected system. While Adobe is working to release a fix, the vulnerability is being actively exploited in what are known as Zero-Day attacks. 
Since then, a series of Advanced Persistent Threat (APT) attacks have been launched against corporate employees in the form of emails that contain malicious links to sites that use this vulnerability. As of last night, SecurityOrb.com a Washington DC Based Information Security media company has obtained information that a number of corporate employees had received such emails and many of them had clicked on the links causing their machines to be compromised.
SecurityOrb, LLC is asking everyone to take extra caution and validate the sender on all emails before opening them. All externals emails should be scrutinized closely before opening any attachment or clicking any links.
SecurityOrb.com has also obtain information many of these organizations are blocking all Flash downloads from the Internet. This means that users will not be able to view Flash videos/animation in certain web sites they visit. Adrian Williams of SecurityOrb.com stated, “We do not know how long it will take Adobe to come up with a fix, but it is very important for organizations to implement the proper security controls until the matter has been resolved.”
If you have a business critical need to access Flash video in a specific business-related web site, please contact our Service Desk or Internet Service Provider with the site information and business justification and they may be willing to have it white-listed (allowed) for you to access it.
Please continue to be vigilant and never assume you are protected. Visit SecurityOrb.com for additional tips on how you can be secure.
Sources:
http://threatpost.com/en_us/blogs/adobe-warns-flash-pdf-zero-day-attack-060410
http://maximumitblips.dailyradar.com/story/zero-day-attack-targets-adobe-1/
http://community.norton.com/t5/Tech-Outpost/Security-Alert-0-Day-Attack-In-The-Wild-for-Adobe-Flash-Reader/m-p/238417
http://www.pcworld.com/article/159915/adobe_reader_suffers_targeted_zeroday_attacks.html
A Post without Image
Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
HTML Styles
Image aligned left & right
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.rum.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
