The Government is seeking to hear from businesses that would be interested in submitting evidence to help form a new "organisational standard" for cyber security. The Cyber Security and Resilience Team within the Department for Business, Innovation, and Skills (BIS) has asked businesses to detail initial interest in submitting views on such a standard by 8 April with a view to providing guidance to those companies about their submissions before the beginning of May. Respondents will then have until Monday 14 October 2013 to make those submissions. As part of its Cyber Security Strategy published in November 2011, the Government promised to develop industry-led cyber security standardsfor private sector companies. The Government said it was now acting on that pledge. "The government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management," BIS said in a statement. "There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote. We will shortly publish guidance to help organisations and groups prepare their evidence for submission," it added.
http://current.com/community/94071607_government-seeks-views-on-new-organisational-standard-for-private-sector-cyber-security.htm The Government is seeking to hear from businesses that would be interested in submitting evidence to help form a new "organisational standard" for cyber security. The Cyber Security and Resilience Team within the Department for Business, Innovation, and Skills (BIS) has asked businesses to detail initial interest in submitting views on such a standard by 8 April with a view to providing guidance to those companies about their submissions before the beginning of May. Respondents will then have until Monday 14 October 2013 to make those submissions. As part of its Cyber Security Strategy published in November 2011, the Government promised to develop industry-led cyber security standardsfor private sector companies. The Government said it was now acting on that pledge. "The government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management," BIS said in a statement. "There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote. We will shortly publish guidance to help organisations and groups prepare their evidence for submission," it added. The Government said that an organisational standard for cyber security should protect firms (8-page / 122KB PDF) both large and small against "low-end methods of compromise, such as phishing and social engineering, malware and viruses". The standard should incorporate "an independent audit and assurance framework" and be aligned with international standards, it said. The standard, "when correctly implemented", should be "designed to deliver" certain "outcomes", the Government said. Those outcomes include that senior managers within companies can be held to account for failing to meet their cyber security responsibilities and that there can be "confidence that the controls in place mitigate the risks posed from low-end methods of compromise". The Government said that the outcomes the new cyber security organisational standard should be able to facilitate could only be achieved if the standard sets a number of "auditable requirements" over controls that companies should have to have in place. Those controls should include that there is "governance of cyber security" across a business and that the measures firms put in place for mitigating cyber security risks contain "using an appropriate mix of awareness, preventative, detective and recovery controls across the physical, personnel and technical security functions", it said. In addition, the controls set out in the standard should specify how businesses should monitor for cyber security threats and check how effective their controls are at repelling such threats, the Government said. They should also include reporting requirements so that firms' owners, customers and regulators are informed of "cyber security performance and incidents ... in a structured manner that enables monitoring of cyber security trends across industry and identification of root causes of incidents". "Cyberspace is vital for the UK's economic prosperity, national security and for our way of life," the Government said. "It brings many opportunities for businesses and consumers, but also threats from cyber crime, espionage, and terrorism, which must be addressed. The loss of - or damage to - information, can have a significant impact on an organisation and on the broader UK economy. Whether that loss is by accident or through malicious attack, the outcome is the same; risk to brand and reputation, financial risk, risk to growth potential."
http://www.newsday.co.zw/2013/02/21/steam-boilers-can-explode-like-bombs/ Steam boilers are potential bombs, as was seen at the beginning of this month when an improvised boiler exploded with devastating force at a farm in Mount Hampden, killing three farm workers instantly. Boilers are packed with energy. They can explode with devastating force if not manufactured, installed and used with care and if not well maintained and periodically inspected by professional inspectors It is for this reason that there is legislation, the Factories and Works (Boiler) Regulations, RGN 279 of 1976, covering the manufacture, installation, use, maintenance and inspection of boilers. Steam boilers play an important role in many industrial sectors including the textile, sugar, tea and paper manufacturing sectors, hospitals, prisons, hotels, power generation, agriculture and forestry. The steam energy produced is used for energising materials and machinery and for process needs. In the case of the farm in Mount Hampden, the improvised boiler was intended for tobacco curing. The minimum compliance required by the legislation is that the equipment be manufactured to a standard approved by the Chief Inspector of Factories and Works under the supervision of an approved Independent Inspection Authority and that it should not be used without a valid certificate issued by NSSA upon satisfactory commissioning under the supervision of a NSSA Inspector of Factories and Works. Many users, especially in the farming areas, are not complying with this requirement. Apart from compliance being a legal requirement, it is better to comply than to risk losing members of the family, employees and property through accidents caused by using dangerous boilers. Even where rigorous safety requirements have been observed in their manufacture and operation, boiler parts do wear out, creating some undesirable structural weaknesses. Boilers are subjected to harsh operational conditions, such as corrosion, vibration, stress, pressure, fatigue, temperature differences, pulsation and erosion. These can with time lead to dangerous conditions which require a trained inspector to detect them. There is a statutory obligation to have boilers inspected regularly to maintain a safe work environment, control unsafe acts and conditions and ensure operational efficiencies. Inspections should be carried out by operators and at appointed times by the qualified NSSA Factory and Works inspectors appointed according to the law. The inspection activities performed by operators include routine heat surveillance, draft or excess oxygen adjustment and assessing heat balance in the boiler. The required tasks are normally itemised in unit operation manuals, on itemised checklists, or are programmed into portable “intelligent” devices. The significant results of these monitoring activities should be recorded in a unit log book. It is dangerous to ignore the value and advice of a NSSA Factory and Works Inspector. A hazard that goes unnoticed can make itself known violently. Some boilers do not comply with any standard. A good example of this is the makeshift boilers being used on some farms. Thinning of the boiler shell may be caused by corrosion or erosion due to poor quality fuel, weather and feed water. Ultimately, if this goes unnoticed, severe thinning may occur and lead to an explosion. Excessive pressure, caused either by the absence or failure of safety measures or insufficient release of contents through safety valves, can cause such a high build-up of pressure that an explosion may occur. A low water level, caused through incorrect operation, faulty feed pumps or leakage may result in the burning of boiler tubes, bursting of the boiler shell in fire tube boilers or permanent deformation of the steel drum in water tube boilers. The metal from which the boiler is made may deteriorate as a result of scaling or overheating due to a poor quality of feed water. There are three main causes of boiler loss or damage. These are human failure, product faults and operational errors. Human failure includes faulty handling, negligence or wilful acts, which may include the operation of boilers without certificates. To reduce the likelihood of loss due to human failure, it is necessary to select suitably trained people for the operation, maintenance and servicing of boilers. It is also necessary to install on the boiler easily noticeable fittings and control elements, warning devices and recovery mechanisms. Manning levels should be adequate. Only government-approved persons should be allowed to service boilers. That is a legal requirement. Operational faults include inadequate maintenance, overheating due to scaling and failure to measure and regulate the pressure. To guard against loss due to operational faults, regular servicing, maintenance and overhauling is important. There is need for constant control and inspection of measuring devices. Product faults include faulty material, faulty design or construction and faults in workmanship or installation. To prevent loss due to product faults, there is need for purposeful inspections by NSSA Factory and Works Inspectors at appropriate times. Components that have led to damage to boilers as a result of deficiencies should be replaced when it is noticed that they are deteriorating. To prevent catastrophes due to boilers exploding, it is important that all boilers are registered with and inspected by the Factories Inspectorate to ensure compliance with the safety regulations governing them and their use. Failure of legally registered and professionally operated boilers is rare in Zimbabwe. Talking Social Security is published weekly by the National Social Security Authority as a public service. There is also a weekly radio programme, PaMhepo neNssa/Emoyeni le NSSA, discussing social security issues at 6.50 pm every Thursday on Radio Zimbabwe. Readers can e-mail issues they would like dealt with in this column to firstname.lastname@example.org or text them to 0772 307 913. Those with individual queries should contact their local NSSA office or telephone NSSA on (04) 706517-8 or 706523 5.
Microsoft og Alipay lanserer offisielt deres Internett sikkerhetssamarbeid i Kina, som sier de har sett lovende brukeradopsjon fra deployeringen pilot forrige måned.
Alliansen ble etablert for å ta opp mangelen på brukeren oppmerksomhet og spredning av e-handel trusler i landet, og er en forlengelse av Microsofts "helse enhetsmodellen", Jing De Jong-Chen, regjeringen security direktør i Microsoft, sa i en telefon intervju tirsdag. De siste åtte måneder, hadde begge selskapene jobbet på den tekniske gjennomføringen av denne modellen, Jing sa.
Microsoft og Alipay, Kinas største online betaling network, signert en intensjonsavtale i juni i fjor for å samarbeide om å forbedre Internett-sikkerhet i Kina og utvikle en Internett sikkerhetsverktøy for personlige datamaskiner, mobiltelefoner og andre enheter for sluttbrukeren. Programvaren vil distribueres på Windows-PC først før ble utvidet til å kjøre på mobile enheten systemer som Windows-telefoner.
Offisielt lansert i Kina på tirsdag, sikkerhetsproduktet begynte sin pilot distribusjon på 23 januar og har siden blitt adoptert av 23 millioner brukere.
Programvaren, avduket under RSA-konferansen i februar i fjor, ble bygget basert på Kinas folkehelsen modell av informasjonsdeling og rettet å hindre forbrukernes enheter fra infeksjon, forklarte Jing. For eksempel, sa brukernes ville få advarsler under Internett-transaksjoner hvis deres enheter manglet effektiv beskyttelse, hun.
Partnerskapet er nøkkelen til Microsofts pålitelig databehandling (TWC) visjon om sikkerhet la hun til. På RSA-konferansen-2013 holdt denne uken i San Francisco, USA, sa Scott Charney, viseadministrerende direktør for Microsofts TWC gruppe, samarbeid mellom alle spillere var avgjørende for å beskytte brukere mot cybercrime og cybersecurity.
"Arbeidsfellesskapet med Alipay gjenspeiler den samme tankegangen," sa Jing. "Vi vil arbeid med sikkerhet grunnleggende, samarbeide på tvers av bransjen å kjøre større sikkerhet." Hun addert det, går fremover, Microsoft og Alipay håper å få 100 millioner kinesiske brukere om bord på deres sikkerhetssamarbeid.
Foruten sikkerhetspartnerskap Internett inked Microsoft også en annen avtale med Alipay i januar 2013 å aktivere sine kunder å kjøpe programmer fra Windows Phone appstore gjennom lokale kredittkort, debetkort eller Alipay.
Lav forbrukeren viten, høy e-handel trusler i Kina Ifølge Jing, ble Microsoft-Alipay partnerskap etablert på grunn av mangel på forbrukernes bevissthet i Kina om Internett og mobile transaksjoner. Mange kinesiske forbrukere ikke har sterk teknisk bakgrunn og forståelse av cyberattacks målretting denne plassen og, derfor, mangler bevissthet om sikkerhetstrusler, forklarte hun.
På samme tid, har det vært en drastisk økning i phishing og andre trusselen aktiviteter som malware, Trojan og data lekkasje gjennom tredjepartstjenester som har mindre garanti bygget inn i dem, la hun til.
Xu Wei, senior director of Alipay, avtalt. Han observert at, på forbrukeren siden, mange tredjepartsleverandører be om for brukerdata som er risikabelt fordi dataene kan være kompromittert og uten eierens viten. Fra kjøpmann til slutt er det også risiko fra uautoriserte transaksjoner, og falske identiteter og kontoer, Wei lagt.
Deres synspunkter ekko de fra John Ellis, direktør for Foretakssikkerhet på Akamai Technologies, som tidligere fortalt ZDNet Asia kinesisk e-handel selskapene var de største ofrene for landets Cyberkriminelle, som var på utkikk til å stjele identiteter for inntektsmuligheter og svindel aktiviteter. Landets real-name regelen også forsterket garanti risk.