[IS&T Security-FYI] SFYI Newsletter, November 8, 2010
Monique Yeaton
myeaton at MIT.EDU
Mon Nov 8 13:08:19 EST 2010
In this issue:
1. November 2010 Microsoft Security Updates
2. Event: Strengthening the Audit-IT Security Partnership
3. Lesson Learned by a Security Professional
----------------------------------------------------------
1. November 2010 Microsoft Security Updates
----------------------------------------------------------
Microsoft will issue three security bulletins on Tuesday, November 9.
One of the bulletins is rated critical; the other two are rated
important. The bulletins will address a total of 11 vulnerabilities.
Systems affected:
Microsoft Office for Windows XP SP3 through Office 2010
Microsoft Office for Mac 2011
Microsoft Forefront Unified Access Gateway
Read the full bulletin:
<http://www.microsoft.com/technet/security/Bulletin/MS10-nov.mspx>
No word has been released on patching the zero-day hole in Internet
Explorer 6, 7 and 8 that has been used in targeted attacks, and was
announced last week. Those who have not done so are urged to upgrade
to IE 8, which includes Data Execution prevention technology that
makes the flaw harder to exploit.
Read the story in the news:
<http://news.cnet.com/8301-27080_3-20021665-245.html>
------------------------------------------------------------------------
2. Event: Strengthening the Audit-IT Security Partnership
------------------------------------------------------------------------
Date & Time: November 10, 2010, 1:00 - 2:30 p.m.
Location: N42-Demo Center
Open to the MIT community; seating limited
The IT Security Systems & Services team is offering a free webcast to
the MIT community this week in the N42 Demo Center.
Internal auditors and IT security officers have common interests in
securing confidential and sensitive data, complying with regulations,
and educating users about good practice. However, at most
institutions, these two roles don't coordinate their efforts and thus
are less effective than they could be if they coordinated their
respective resources, procedures, and policies.
Join us at this webcast to learn how two Boston College officials
created a partnership that has both achieved security goals and raised
campus-wide awareness about information policies and data management
controls.
This webcast covers how to:
Implement tactics to strengthen data and computing environment security
Develop shared, comprehensive standards for data protection
Create a partnership that can help educate all stakeholders about
campus-wide IT security
Assemble and lead effective campus-wide security groups/advisory boards
Learn more: <http://www.academicimpressions.com/events/event_listing.php?i=1007
>
----------------------------------------------------------
3. Lesson Learned by a Security Professional
----------------------------------------------------------
Last week I had a first-hand hard lesson on why IT security habits and
due diligence by users is so important. After arriving at the office
last Monday, it appeared some fast-fingered thieves had relieved us of
computer equipment that were not locked up, locked down, or out of
sight. Including my desktop computer.
Although for me this was a substantial loss and inconvenience, I was
reassured by the knowledge that the hard drive was encrypted using PGP
Desktop and weekly backups had run using TSM. At least my work was
saved and I could sleep well knowing that no MIT or personal
information could be leaked to the outside world.
But things were not to be as rosy as I thought. After attempting to
restore the files from the backup server, I discovered that the
scheduled backups had not run as I thought. I hadn't checked the logs
on a regular basis to make sure they were occurring. So, in the end, I
had taken the right precautions but had failed to follow through. As a
security awareness consultant, this is advice I've shared with others:
backup your data and ensure you can restore the data from backup.
Needless to say, I will now follow my own advice.
It's a wake up call for anyone. If your computer were stolen today,
could you get all your work back? Would you be sure that information
it contains can not be accessed?
Some resources for protecting data from theft:
Backing Up Your System <http://ist.mit.edu/security/backup>
Using PGP Desktop <https://kb.mit.edu/confluence/display/category/PGP%20Desktop
>
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
========================================================================
To read all current and archived articles online, visit the Security-
FYI Blog at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20101108/c0bc5a22/attachment.htm
More information about the ist-security-fyi
mailing list