IT IT
IT Audit - The Institute Of Internal Auditors  

IN THIS ISSUE

PUBLISHED BY THE INSTITUE OF INTERNAL AUDITORS
Vol. 10, December 10, 2007
printPrint Article
printPrint Entire Issue

IT and Audit News

Secret backdoor could be present in new encryption standard; new update enhances security features on Apple operating systems; tips for managing GRC software; internal auditor discusses use of rules vs. internal policies.

______________________________________

GOVERNMENT GRAPEVINE

Secret Backdoor Could Be Present in New Encryption Standard
A new random-number encryption standard, called Dual_EC_DRBG, might contain a backdoor for the U.S. National Security Agency.
http://www.wired.com/politics/security/commentary/
securitymatters/2007/11/securitymatters_1115

Security Breach Exposes Data on 25 Million Individuals
British Chancellor of the Exchequer Alistair Darling recently stated that the UK's Revenue and Customs office lost two discs containing the personal information of everybody in the country who claims and receives child benefits.
http://www.news.com/U.K.-government-reveals-its-
biggest-privacy-disaster/2100-1029_3-6219772.
html?tag=cd.lede

World Could Face Online War Threat
According to an annual report by security vendor McAfee, approximately 120 countries are developing ways to use the Internet as a weapon to target financial markets. This "cyber cold war" threatens to become one of the biggest threats to security in the next decade.
http://www.news.com/World-faces-cyber-cold-war-threat%
2C-report-says/2100-7349_3-6220619.html?tag=cd.lede

______________________________________

SECURITY UPDATES

New Update Enhances Security Features on Apple Operating Systems
Apple released a security update to current and previous versions of its OS X operating system that improves reliability when using VMware's Fusion and synchronization between iPhone and Yahoo address books.
http://www.informationweek.com/security/
showArticle.jhtml?articleID=203101113

Fixing 10 Security Threats on Virtual Servers
Controlling virtual machines and applying existing processes to virtual machines are two of the 10 ways to address security threats on virtual servers. 
http://www.cio.com/article/154950/

Hackers Use Banner Ads to Hijack PCs
New breed of online ads from reputable Web sites are hijacking personal computers and harassing users until they agree to buy antivirus software.
http://www.wired.com/techbiz/media/
news/2007/11/doubleclick

Antivirus Software Could Enhance Network Vulnerabilities
German security experts discussed how vulnerabilities in antivirus software make these programs a threat to corporate network security.
http://www.securityfocus.com/brief/632

Social Networking Sites Raise Security Threats
Research from a British online organization found that social networking Web sites could increase people's chances of getting their personal information stolen.
http://www.informationweek.com/security/
showArticle.jhtml?articleID=202806063

Microsoft Issues Important Security Updates
The software company issued two security updates. The first update repairs a critical flaw that opened Windows systems to Web-based attacks, while the second update fixes a vulnerability in Windows Domain Name System servers.
http://www.cio.com/article/154450/Microsoft_Issues
_Two_Vital_Windows_Security_Updates

Flaw Affects QuickTime Media Player
A Polish researcher published exploit code for an unknown vulnerability in Apple's QuickTime media player that can be triggered by a call to a real-time streaming server.
http://www.securityfocus.com/brief/633

Google Removes Web Sites Targeting Searchers
The search engine has purged tens of thousands of malicious Web sites after a software company stated that many search results on Google lead to malicious Web pages that can compromise computer systems.
http://informationweek.com/news/showArticle.
jhtml;jsessionid=PUYP5YSKWALGMQSND
LRCKHSCJUNN2JVN?articleID=204300556

______________________________________

SOFTWARE UPDATES

Tips for Managing GRC Software
Experts offer insight to help organizations make the most of their governance, risk, and compliance tools.
http://www.itcinstitute.com/display.aspx?id=4494

Microsoft Expert Unveils Open Source Strategy
The company's open source expert, Bill Hilf, revealed its open source business model.
http://www.informationweek.com/windows/show
Article.jhtml;jsessionid=MTFUDOSQV3UHSQS
NDLRCKHSCJUNN2JVN?articleID=203100965

Windows XP Outperforms Vista
New tests have revealed that Windows XP has twice the performance of Vista.
http://www.news.com/Windows-XP-outshines-
Vista-in-benchmarking-test/2100-1016_3-
6220201.html?tag=nefd.pop

Mac Hacking Attempt Is Public Relations Stunt
Alleged AppleMatters.com and iPhoneMatters.com hacks were nothing but hoaxes, while Apple-specific hacking attempts are on the rise.
http://www.informationweek.com/software/
showArticle.jhtml?articleID=204300601

______________________________________

OTHER IT AND AUDIT NEWS

Internal Auditor Discusses Use of Rules vs. Internal Policies
Auditor discusses the use of internal policies, standards, frameworks, and controls for compliance with the U.S. Sarbanes-Oxley Act of 2002.
http://www.itcinstitute.com/display.aspx
?id=4444

Tips to Spot Pirated Software
Because the number of people who innocently purchase or receive pirated software increases during the end of the year, the Software and Information Industry Association is providing tips on how to spot illegal software.
http://www.informationweek.com/security/show
Article.jhtml?articleID=203101025

Copyright Enforcement Organization Battles Piracy Front
The Business Software Alliance is targeting small organizations to detect unlicensed software use and piracy by business users.
http://www.ecommercetimes.com/story/BSA-Battles
-Piracy-One-SMB-at-a-Time-60457.html

Foreseeing IT Security Expenses
Coming up with a reasonable estimate of future IT security activities that is based on historical trends can help organizations better estimate how much money they will need in the upcoming year. 
http://www.ecommercetimes.com/story/Thinking
-Through-Your-2008-Security-Budget-60445.html

News Web Sites to Enhance Search Results
Google, Yahoo!, and other search engines are working to revise a 13-year-old technology to achieve greater control over how search engines index and display Web sites.
http://www.businessweek.com/ap/financialnews
/D8T7E6RO1.htm

Group Releases Ranking of Technology Impact in the Environment
Greenpeace's latest quarterly ranking of electronic vendors, Guide to Greener Electronics, spotlights the difficulty in measuring the environmental impact of technology products.
http://www.businessweek.com/technology/content/
nov2007/tc20071127_012063.htm?chan=technolog
y_technology+index+page_computers

10 Practices for Better Role-based Access Management
Fostering role-creation collaboration is one of the ways to enhance an organization's identity and access management strategy.
http://www.itcinstitute.com/display.aspx?id=4533

Poor Performance Is Prevalent on Mobile Web Sites
New report discusses how companies such as Google, Facebook, and MapQuest are struggling to perfect their mobile Web sites.  
http://www.informationweek.com/news/showArticle
.jhtml;jsessionid=PUYP5YSKWALGMQSNDLRC
KHSCJUNN2JVN?articleID=204301181

Rate this article!
Extremely relevant    6    5    4    3    2    1    Not relevant
Extremely useful    6    5    4    3    2    1    Not useful