網絡防衞短篇:CIO 的噩夢

(文章亦同時被 Unwire Pro引用)

facepalm

許多機構都有為重要數據安排備份,但為甚麼遭到網絡攻擊時,仍有重要數據遭到清洗?以下是個虛構故事,描寫的卻是企業 IT 人在現代網絡環境中,可能面對的實際情況。

Martin 在一間大型航空公司任職 CIO,公司 IT 服務近年在機構乘客意見調查中取得優秀評價。星期五的工作接近尾聲,當 Martin 準備下班後度周末,他看到來自保安系統的電郵 ── 「高度注意:網絡安全事故」。

Continue reading

資訊保安事故 應變計劃四錦囊

(文章亦同時被 Unwire Pro引用)

if

假設你的機構,制訂了網絡保安事故的應變計劃。計劃是否有效,有沒有遺漏的地方?當機構發生數據外洩或保安事故,會發生甚麼事?很多機構雖然有制訂一些應變措施,但這些計劃甚少經過測試,到真正需要執行時,負責人往往沒有十足的信心和把握。

波耐蒙研究所 (Ponemon Institute) 今年較早時間發表一項有關網絡防衞能力的研究報告,在環球八個國家或地區,訪問二千八百多位從事IT及資訊保安的人士。77%受訪者表示他們的機構,沒有制訂正式的網絡保安事故應變計劃;接近一半受訪者的機構,只有非正式、臨時湊合的應變計劃,甚至沒有任何計劃。

波耐蒙報告又發現,亞太地區受訪者對所屬機構的網絡防衞能力,評分在八個地區排行最低,只有31%。44%亞太被訪者認為網絡保安事故對業務或IT服務,造成「非常頻繁」或「頻繁」的破壞。

Continue reading

Wizdraw and IBM Use Blockchain to Improve Financial Inclusivity

FINTECH technology with businessman holding the sysbol

Remittance among the unbanked and migrant workers is big business. The World Bank estimates that officially recorded remittances to low- and middle-income countries reached US$466 billion in 2017, an increase of 8.5 percent over US$429 billion in 2016.

Residents of low- and middle-income countries also endure high remittance charges—and it is only getting pricier every year. The same report showed that the global average price of sending US$200 was 7.1 percent in Q1 of 2018, more than twice as high as the Sustainable Development Goal target of 3 percent.

Continue reading

歐盟資料新例 5事項要注意

(文章於2018年5月24日在香港經濟日報刊登)

GDPR Screencap

本周五(5月25日)是歐盟《通用資料保護條例》(GDPR)生效限期。本港機構若有為歐盟提供商品服務、向歐盟人士收集數據,都受新例約束,違例可遭高昂罰款。

GDPR 規定個人資料無論儲存、處理、分發於世界何處,必須受到保護,機構要提供保護數據的證據。若干類別數據若外洩,新例規定機構須72小時內報告;歐盟28國的數據擁有人有權取得、更正或刪除個人資料,機構須迅速回應。

Continue reading

Secure Your AWS Workloads with IBM Managed Services

IBM Cyber Security X-Force Command Center

IBM supports Amazon GuardDuty with both managed security services and SIEM enablement for AWS environments. IBM delivers an integrated system of analytics, real-time defenses and proven experts to help you operate securely in the Cloud.

For customers who have enabled Amazon GuardDuty, IBM can help you integrate security findings and events from AWS into your existing QRadar SIEM and security operations. IBM threat insight combines Global Threat Insight and Augmented Intelligence (AI) via second stage analytics for advanced event classification. AWS customers can also engage X-Force Incident Response services for response planning, preparation, and remediation.

Continue reading

IBM Supports Amazon’s GuardDuty, a Threat Detection and Continuous Monitoring Service

amazon-guardduty-provides-intelligence-on-security-threats2-630x330

Amazon announced a new threat detection service at the recent AWS re:Invent event in Las Vegas that is designed to help protect users from security threats.

Launched by the Amazon Web Services (AWS) cloud computing division, Amazon GuardDuty uses machine learning to help identify potential anomalies and provide recommendations to reduce the risk. The intelligence-driven service aims to help IT decision-makers deal with the ever-growing range of attack vectors in the digital age.

Continue reading

Three Steps to Secure Your AWS Environment Using IBM QRadar

thinkstockphotos-466662831

Moving production assets and workloads to the cloud can be hard. In the absence of care and precision, it can also be risky. With the right tools and practices in place, you can mitigate many, if not all, of these risks. You may even be able to greatly ease your transition.

Continue reading