金融服務公司內部日漸發生的資安危機

金融服務公司內部日漸發生的資安危機

台灣英語網1.0 » 週五 8月 21, 2015 4:54 pm

Security breaches move inside at financial services companies
By Graham Titterington
Taken from Euroview Daily, 22 June
A survey of the top 100 global financial institutions, carried out by Deloitte, showed a substantial reduction in external IT security attacks, accompanied by a 150% increase in the number of institutions affected by insider breaches – from 14% to 35%.
Comment: We advise caution in interpreting these surveys. Although the size of this sample is respectable, it does not guarantee the quality of the information. Firstly, these surveys can only record breaches that are detected and reported up the corporate structure to the point where the survey was carried out. The competent hackers, the ones who get away with their crime, are not recorded. Secondly, localised attacks, such as a virus attack on a laptop, are likely to go unrecorded. Nevertheless, there is a worrying trend in this report. It indicates that people-centric security needs to be stepped up, with increased use of intelligence and surveillance, and a consequent reduction in privacy and civil rights. There is a need to codify how individual rights and corporate protection are to be balanced. Will individuals have a right to know what information is being collected about them and be able to correct errors? European data protection legislation works in this area, but it requires the individual to proactively seek out information holders and is not rigorously enforced. How much of this information will be exempt from its provisions on the grounds of it being held for crime prevention purposes?
Before going down the surveillance society road, institutions should strengthen their technological defences. IT security can and should be applied internally, through data encryption and more specific access controls to data, processes and systems. Access rights should be specific, not just 'yes' or 'no'. Audit logs should be maintained for all actions carried out, including all administrative actions with a security implication, as well as all business transactions. At least this survey indicates that security technology does work when applied by skilled professionals - shown in the reduction of external attacks, despite the continuing high level of Internet malpractice. Let’s now apply these approaches internally.
top

金融服務公司內部日漸發生的資安危機

Graham Titterington 編撰

1月22日歐洲觀點

由Deloitte(譯注:台灣的結盟機構稱為勤業眾信會計師事務所)舉辦的一項針對全球前一百大的財務機構所作的調查,顯示外來資訊系統對資安的攻擊次數大量減少,受內部人員影響所造成的破壞數量達到百分之一百五十的增加──從百分之十四到三十五。

評論:

本機構建議謹慎解釋此類調查。雖然這些調查的樣本數是可觀的,但不能保證調查結果的品質。首先,此類調查所實施的重點只記錄兩種破壞──偵測到的破壞與向公司呈報的破壞。未被察覺的駭客的行為不列入記錄。其次,局部性的攻擊,諸如病毒對膝上型電腦的攻擊,有可能不被列入記錄。此外,這份報告有一個令人擔心的趨勢,亦即此報告指出隨著情報與監控的增加,以人為中心的資訊安全措施應該更進一步控管,後果是對個人隱私與公民權利的減少。目前在維護個人權利與保護公司機密之間有編纂法規使雙方面達成平衡的需要。個人有權利知道他們自身的那些資料是否被收集與能否更正上述資料的錯務嗎?歐洲立法機構正為此立法,但這需要個人主動尋找資訊持有者而目前這些事尚未被嚴格要求執行之。這些資訊的多少部份是為了犯罪防範而可免於揭露?
在安全監控的執行路線尚為深入為之時,機構應該加強自身的科技犯罪防衛能力。
資訊安全能應能被永遠地運用,經由資料加密和更多特定對資料、處理和系統的接取控制。接取權利的限制應該是特定的而非「是」或「不」。
任何行動(這其中所有具安全涵意的管理動作以及商業交易)施行的憑證稽核紀錄(Audit log)都應被保存。至少此調查指出當有此方面技術的專業人員加以運用時,資安科技是有效果的,──成果顯示在它能減少外部攻擊,儘管網路上的不法行為持續高漲。讓我們永遠應用這些方法吧!














________________________________________
Coffee Telecom makes UK FMC play
By John Delaney
Taken from Euroview Daily, 22 June
Speaking at a conference, the CEO of Coffee Telecom described the company's forthcoming hotspot-telephony service as playing in the same fixed-mobile convergence (FMC) space as BT's recently launched Fusion service. Coffee plans to offer low-cost calls from existing GSM phones when a user is in range of one of its VoIP/pico-cell base stations.
Comment: BT Fusion is big news at the moment. It's clearly a good idea for Coffee Telecom to ride on the coat-tails of Fusion's publicity, to draw attention to its own service plans. Full marks to Coffee, from the PR strategy perspective.
But actually, Coffee doesn't have very much in common with Fusion. The cheaper call rates apply not in the home, where people spend a large percentage of their time, but in locations such as coffee shops and hotels, which they visit relatively seldom. Moreover, the transition between zones is far from seamless. Users have to select the new network manually when they enter a Coffee zone, and switch back to their regular network when they leave it. Calls in progress are not handed off between zones either.
We think a closer comparison for Coffee Telecom is provided by an older service: Rabbit, a hotspot-telephony service marketed by Hutchison Telecom in the mid-1990s. The parallel is not exact here either: Rabbit used a special phone that only worked within range of a hotspot; whereas Coffee users can switch back to the GSM network when they're not in range. But the process is manual and cumbersome. To succeed in the mass market, services need to be easy to use.
Coffee Telecom's service is based on an innovative idea, but as a service proposition it has a number of drawbacks that are likely to prove substantial obstacles to mass-market uptake. It's also worth noting that one show-stopping issue has yet to be resolved: the UK regulator Ofcom has not yet awarded Coffee any licensed spectrum, though the company says it is confident that Ofcom will do so sometime in 2005.


Coffee電信與英國FMC 計劃啟動

John Delaney編撰

歐洲觀點六月二十二日

Coffee的執行長在一項會議中發表演說,敘述因英國電信近來啟動匯流服務(Fusion service),所以再過不久,熱點電信服務將在固網匯流空間中實施。Coffee計劃是如果用戶是在網路電話/超微細(pico-cell)基地台通信範圍內,就可用現行的GSM電話中提供低成本的通訊方式。

評論:


英國電信匯流服務是引起大家注目的新聞。依靠公共網路的匯流對推動英國電信自身的服務計畫來說是一項助力。從公共關係策略觀點看,也是有效益。
但實際上,Coffee電信並未在很多方面和匯流有關係。較便宜的通話費率並不適用於佔通話時間比率高的家庭用戶,但適用於人們較少光臨的咖啡廳和旅館。此外,在地區間的語音信號交換並不是無縫的。當用戶進入咖啡廳時,必須以手動方式選擇新網路,而在離開時,再換回原有的網路。正在通話中的訊號在不同的網路也不能轉換。
我們認為以前就有的一項服務可以作類似的比較,也就是和記黃埔在一九九零年代的兔子熱點電信服務。兔子熱點電信服務的電波通訊系統的分離在此處也不精確,我們可以看到「兔子電信服務在熱點的範圍附近使用特殊電話,Coffee的用戶離開此熱點範圍後就轉回GSM系統。」但訊號轉換處理是手動的型式也有些笨手笨腳。要在大眾市場成功,服務

的型式要簡化。
Coffee電信的服務立基於創新,但在大眾市場實際運行的層面,它有許多施行的困難。值得注意的是一個未被解決的問題,英國電信監理機關「電信管理局」尚未頒與Coffee任何頻譜執照,即使Coffee電信表示英國電信管理局會在2005年中採取某些促成行動。
















________________________________________
EDS finds a buyer for AT Kearney
By Phil Codling
Taken from Euroview Daily, 21 June
The Financial Times and The Wall Street Journal are today reporting that EDS is in negotiations to sell its AT Kearney consulting business to US-based firm Monitor. EDS has confirmed that it is pursuing a sale to a third party, rather than the plan adopted earlier this year to sell AT Kearney to its own employees. However, EDS has not confirmed that Monitor is the current suitor.
Comment: The sooner we get a resolution to the AT Kearney saga, the better for EDS. The under-performing unit, which CEO Michael Jordan correctly identified as ripe for disposal when he took over in 2003, has failed to light a fire with potential buyers. That's hardly surprising when you consider it's still losing money, with a revenue fall of 12% in Q1 this year and operating margins of minus 5.4%. Moreover, buying a pure services player is an inherently tricky business. With AT Kearney and its ilk you're basically paying for brains and customer relationships. So if the people walk, you're left holding a deflated balloon.
As for the rumoured buyer, Monitor's Harvard-derived brand of global business consulting and investing make it a much more fitting home for AT Kearney than EDS. That's not to say EDS doesn't need consultants who can talk business. Indeed, it has many of its own already. But crucially, like other service providers, it also needs a consulting capability that connects deeply with its outsourcing and integration business, instead of the dysfunctional disconnect it got with AT Kearney.
EDS finds a buyer for AT Kearney

EDS 為AT Kearney尋找買主

財務時報與華爾街日報今日報導EDS為了出售旗下AT Kearney顧問公司與美國公司Monitor協商。EDS證實其正與第三者洽商而非照早先的計畫──出售給AT Kearney的雇用人員。然而EDS尚未證實Monitor是候選人。

評論:

我們越快知道AT Kearney傳言的結果,對EDS越好。當執行長Michael Jordan在2003年接任時,已正確體認處分的時機成熟,但未能吸引淺在買方注意。當一般人考慮這企業賠錢、2003年首季營收減少十二以及營業毛利減少百分之五點四。然而買一個純粹服務性公司本來就是很詭異的事。以購買AT Kearney與它的關係企業來說,購買者基本上是在買它的智慧財產與客戶關係。所以如果重要員工一走,公司就像一隻被洩了氣的氣球。
至於傳說中的買主,由 哈佛主導的全球商務諮詢與投資的Monitor這一品牌,要比EDS更適合於AT Kearney。並不是說EDS不適合擁有商務諮詢顧問公司。但更重要的是,像其它的服務提供者一般,它需要顧問資源來深入地聯結委外和整合業務,而不是用功能不良地切斷它和AT Kearney的過去合作模式。
Site Admin
 
文章: 31478
註冊時間: 週六 8月 15, 2015 3:05 am

誰在線上
正在瀏覽這個版面的使用者:沒有註冊會員 和 4 位訪客