InfoSec Philippines

Information Security, Technology News and Opinions

Posts Tagged ‘Manila’

Seminars and Conventions

Posted by Jaime Raphael Licauco, CISSP, GSEC on March 16, 2009

The Center for Global Best Practices will be giving a one day seminar on “Best Practices in IT Audit” on Apr 24, 2009 at the Edsa-Shangrila Hotel, Mandaluyong City. It will be conducted by Patrick Dailey, CFE, GCFA, CISSP, EnCE, who is the founder and managing director of DigiThreat Solutions. Early bird offer is until Mar 24, 2009. Seminar cost is P7,800.00. For more info call (+63-2) 842-7148 or 59, email:jessica@cgbp.org, or check out their website.

Microsoft Philippines will be giving a two hour seminar on the “Advantages of Microsoft Certification”. The next dates are on Mar 20 and 26 to be held at the dB Wizards Office, 28/F 88 Corporate center Sedeno cor Valero Streets, Salcedo Village, Makati City. Check out the Microsoft Events Philippines site for more details.

ECCI will be giving a staggered three day seminar on “Accelerated Six Sigma Greenbelt – Striving for Quality Excellence and Transformation” on Apr 16-17 & 20, 2009. ECCI will also be giving a one day seminar on “Enterprise Risk Management (ISO 31000)” on Mar 26, 2009. For more info call (63-2) 750-5671 to 73 or email:faith@eccinternational.com.

There are a lot of presentations that are available from the APRICOT Manila Convention late last month. Most focus on IPv6, while there are others on malware, rogue dns’ and general security. Check out the presentations here.

Site News
The site may not get updated much this week since I will be conducting an Introduction to ISMS Seminar (ISO 27001:2005) and will be focusing on that.

Posted in News, Philippines, seminars | Tagged: , , , , , , , , , , | 1 Comment »

Info Sec News, Feb 4, 2009

Posted by Jaime Raphael Licauco, CISSP, GSEC on February 4, 2009

There seems to be confusion on a new draft bill by the NTC which is aimed at online content providers and VAS providers for mobile phones. Some have argued that the seemingly catch all bill may include people who blog and upload pics on Social Networking sites, although the spirit of the bill seems to be more for online applications.

(Business Mirror.com) NTC issues draft circular on content development…
(Blog) MikeAbundo.com
(Blog) Pinoy Pro Blogger

Don’t we all just wish that what happened in the US National Science Foundation can actually be audited and checked in the Philippines? The questions would be, are logs even activated? And secondly, does someone with the skill and competence actually take the time to consistently check those logs?

Speaking of Log Management, Prism Microsystems has a video series on 100 uses of Log Management which so far, is on #9 Email Trends.

#8 Windows disk space monitoring
#7 Windows lockout
#6 Password reset
#5 Outbound Firewall traffic
#4 Solaris BSM SU access failure
#3 Antivirus update
#2 Active Directory login failures
#1 Firewall blocks

9th e-Services Global Sourcing Exhibition will be held at the SMX Convention Center from from Feb 9-10, 2009
APNIC 27 will be held in Manila from Feb 23-27, 2009

Other News:
(CNN.com) Teens Face Porn Charges for “Sexting”

Posted in Philippines, Privacy, Social Networking, conferences | Tagged: , , , , , , , , , , | Leave a Comment »

Getting funding for Security Initiatives by ENISA

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 8, 2008

In my last seminar for ISACA Manila on Introduction to ISMS, I was asked a question on how to get approval for funding for security projects. I answered that Awareness was key. Upper level management have to have an idea what the risks are to their organization, and the possible consequences. Because coming up with the solution would not matter if there doesn’t seem to be a problem. I then said that a report by ENISA (European Network and Information Security Agency) might help. The report I was talking about was, “Obtaining support and funding from senior management.”

The report talks about five areas identified as being crucial in obtaining corporate security investments:

  1. Define the investment rationale and the stakeholders.
  2. Build a persuasive business case to make senior management better understand the value of the investment.
  3. Estimation of costs: allows organisations to identify the most common expenses which they may incur and make rough estimates.
  4. Linking business benefits to information security initiative, define and calculate performance metrics.
  5. Detail a typical path to face a corporate executive in a senior management briefing. Effective communication is critical: the right information should be delivered at the right time, in the right manner, preferably 6-12 months ahead the project.

For more information and where you can download the report, click here. And since we’re talking about awareness and awareness is the best control for social engineering, ENISA also has a whitepaper on “How to avoid on-line manipulation.”

Another good article that talks about different approaches that can help influence management for their approval is, ISMS Implementation – The bottom-Up approach.

Updated Links

I updated the Security Awareness and Training Links to include Microsoft’s Technet on Security Awareness. The free 120 MB zip file includes, Security Awareness Program Development Guidance, Sample Awareness Materials, Sample Training Materials, and the following sample templates:
* Brochure Templates
* E-Mail Invite Template
* Fact Sheet Templates
* FAQs
* Newsletter Template
* Poster Templates
* PowerPoint Templates
* Quick Reference Card

I also added a Philippine Tech Blogs links page.

Posted in Awareness, ISMS, Whitepapers | Tagged: , , , , , , , | Leave a Comment »