New Page 1

:: September 2007

IN THIS ISSUE...

INFORMATION THEFT THREATS WILL RISE THROUGH 2007

75% of enterprise will be targeted by financially motivated, professional-grade malware by end of 2007 – Gartner.

The last half of the year is experiencing continued rise in information stealing malware (malicious software). Backdoor installers and information stealers drive the engines of the profiteers who push out these threats over the Internet. Reports show an ongoing trend from malware directly attached to emails, towards messages that link to web-hosted malware; reports also indicate:

· Information-stealing malware accounts for 10% of all the threats tracked

· Trojan dominates malware scene with 63% of all newly-discovered variants

· Downloader Trojans comprised over 41% of all malware types

· Windows Executable Files, most popular vector for distributing new attack

As threats multiply, more security professionals and newer technology will be needed to keep systems safe - one little crack could be the difference between a secured system, and a headline about being cracked by criminals…

Read more

INDUSTRY UPDATE

INTERNAL ABUSE OVERTAKES VIRUSES AS SECURITY THREAT

Company insiders have overtaken viruses as the most reported security incident - Computer Crime and Security Survey, 2007.

The survey which covered 494 security personnel from U.S. corporations and government bodies further indicates:

· Insider incidents cited by 59% respondents as a major security threat

· 52% encountered conventional virus threats

· Laptop and mobile device theft is mentioned by 50% of respondents as the 2^nd largest threat

Read more

INDUSTRY NEWS

CREATING A CULTURE OF SECURITY – “THE REAL CHALLENGE”

Businesses are still plagued by poor data security and continuous breaches. Organizations still face customer lawsuits stemming from confidential information leaks, this arises as many enterprise managers still view security as the method for protecting their information infrastructure, rather than focusing on the protection of the data itself. As per the article security involves:

o Focusing on protection of the information / data

o Behavioral change in enterprise working

o Being “proactive” rather that “reactive” to security

o Laying down best-practices for security procedures and policies

o Technological intervention to secure data

o Strict adherence to compliance by enterprise

o Assessment & Mitigation of real-world risks to data

But ultimately, the real challenge is in establishing a genuine “culture of security” where staff and management view their data resources as central to the health and success of their organisation.

MIEL TIPS

· Do not use vague and incorrect subject line, be clear in your communication

· Ensure that the subject line accurately reflects the content of the e-mail

· Do not cover multiple topics in a single e-mail, it may save time but does not guarantee that all topics are equally reviewed / received by the recipient

· Be precise in your communication, as interpretation is highly subjective to the reader’s mind-set

· Ensure that your email is accurately addressed to the concerned party and avoid using the ‘reply all’ option unless you have a specific intent to do so

· Include the text of the original message in your reply – this helps in understanding the context of your response

· While posting commentary from a 3^rd party, be explicit and make the proper distinction while quoting

· Always check the recipients e-mail address before sending any email to avoid mistakes caused due to the ‘predictive fill-in option’ of e-mail software

· Do not display e-mail addresses of recipients who are strangers to each other

· Avoid indiscrete use the Forward/Reply Options on e-mail

MIEL NEWSBYTES

New Business Alliance : ZICOM

To address the market need for providing integrated security solutions, MIEL and Zicom are now in partnership to provide end-to-end electronic surveillance systems and information security solutions for small, medium and large establishments.

The Security and Storage Product Division has received accolades through 2007. Some of these were:

· The Top Resellers Award (Pune) - by Tandberg Data Asia

· Best National Partner Award (Medallion Category) - by SonicWALL Inc

· Premium Partner Award (Western Region and Top Tier II (India)) – by Select Technologies

· Upgraded to Platinum Partner– by Symantec Corporation

The Process Consulting and Technical Consulting Divisions have been making significant in-roads into total security solutions servicing clients in India, Middle East and the United Kingdom.

Education Service Division (formerly Information Security Training Institute (ISTI^TM))

Apart from training on all aspects of information security, now includes the Programme in Information Security Management (PRISM), a 12 month post graduate course for graduates and working professionals seeking a switch in career.

In addition to its regular public training programmes, the following corporate training programmes were also conducted during the past month:

· CISSP CBK Seminar for a telecom major in Navi Mumbai

· Policy Compliance of CA (Computer Associates) conducted in Bangalore

UPCOMING TRAINING PROGRAMS

Location -> Course	Mumbai	Bangalore
CHFI (Computer Hacking Forensic Investigator)	22^nd– 26^th Oct ‘07	-
ITIL v3.0 Foundation Course & ITSMS Implementation Course	-	29^th – 31^st Oct ‘07
ISMS Implementation Course (based on ISO 27001 Standard)	29^th – 31^stOct ‘07

To register, contact us today at isti@mielesecurity.com

Know more about our other Training Programmes, visit our Training section at www.mielesecurity.com

Your ideas, suggestions, tips and recommendations are highly valued. Please send us your feedback about our newsletter at marketing@mielesecurity.com, and thank you once again for your continued support of MIEL.

MIEL e-Security Pvt. Ltd. is an ISO 27001:2005 certified company, headquartered in Mumbai, with offices across India and with a fully-owned European subsidiary in the UK. MIEL offers its clients in over 15 countries across 4 continents, the benefit of global reach with local presence and is among the largest pure-play Information Security Consulting Companies in India.

MIEL has an impressive track record of providing services and solutions to some of the leading names in Banking and Finance, Insurance, Manufacturing, IT and IT Enabled Services, Healthcare, Shipping, Logistics and Government.

MUMBAI · BANGALORE · CHENNAI · HYDERABAD · PUNE · AHMEDABAD · LONDON

C - 611 / 612, Floral Deck Plaza, MIDC, Central Road, Andheri (East), Mumbai 400 093.

Tel # : +91 (22) 28215050/ 5832 | FAX : +91 (22) 28215838 |

Email : Corporate at feelsecure@mielesecurity.com

Marketing at marketing@mielesecurity.com

www.mielesecurity.com

DISCLAIMER NOTICE:

The information contained in this electronic mail ("e-mail") transmission is intended by MIEL e-Security Private Limited for the use of the named individual or entity to which it is addressed and may contain information that is privileged or otherwise confidential. It is not intended for transmission to, or receipt by, any individual or entity other than the named addressee (or a person authorised to deliver it to the named addressee), except as otherwise expressly permitted in this e-mail transmission. If you are not the intended recipient and have received this e-mail transmission by error, please do not read, copy, use, disseminate or disclose this communication to others. Additionally, please notify the sender, by replying to this message or by using the contact details provided herein and then delete this e-mail from your system. To discontinue receiving any more e-mails, please notify the sender of this message by replying to this message by using the subject line as "unsubscribe". Thank you.