The top 30 concerns facing financial institutions have been published by CSFI/New York CSFI in February 2005. Among the key concerns were Corporate Governance, Fraud, High Dependence on Technology, Risk Management Techniques, Legal Risk and Business Continuation; all of which are addressed by the services offered by Information Standards.

In the tenth report on global financial services (a joint project with the European Intelligence Unit, published 2004), PricewaterhouseCoopers address the key issues financial institutions are facing with regard to improving performance. Ten pillars of wisdom are recommended:

1. Don't think in silos, remember that processes and functions overlap and affect each other 2. Management must make decisions and provide an effective governance structure 3. Reward and recognise performance improvement 4. Gauge success by non-financial performance gains as well as financial ones 5. Aim for a continuous culture of performance improvement among staff 6. Plan holistically 7. Prioritise rationally 8. Use specialist resources 9. Think through the mind of the customer 10. Clarify roles, responsibilities and benefits

(Source: PricewaterhouseCoopers/Economic Intelligence Unit Survey, December 2004):

The South West of England has a rich and diverse ICT base which ranges from digital arts and media, through hardware and software design, to infrastructure servicing and provision. As well as commercial organisations in the ICT sector the South West hosts class leading academic and research organisations.

Wired West's aim is to give voice and visibility to these organisations in order to allow them to thrive.

Following the successful development of the Taunton, Exeter, Swindon and Plymouth hubs, Information Standards have joined forces with Clarke Willmott (Roger Tunstall), Business West (Gael Finnegan and Peter Weeks) and SETsquared (Peter Maxwell) to develop the Bristol hub.

The first meeting of the steering group for the formation of Wired West Bristol took place on 25 February 2005 at the Clarke Willmott offices in central Bristol. A provisional launch date for Wired West Bristol has been scheduled for July 2005 so watch this space!

Information Standards are now actively looking for new consultants to join our growing team. Growth in all areas of our business has created an on-going requirement for high quality professional consultants.

If you are ambitious and enthusiastic with a proven track record in the BS7799 Information Security sector then we would like to hear from you. Further information can be found in the 'Careers' section.

In today's business environment, information is a key asset - one that we must proactively safeguard and manage. As businesses develop and implement new technology, their dependence on Information Systems & Technology increases. As a consequence, the degree of exposure, should things go wrong, also grows. Internal or external causes, whether accidental or malicious, can have serious consequences on business. The 2004 DTI security breaches survey showed that the number of serious security incidents last year continued to grow, with over 60% of all surveyed experiencing one or more security breaches. It is fast becoming both a commercial and legal necessity for organisations to demonstrate they have effective security controls on information as part of their corporate governance.

Understanding the risks associated with your business information is now more essential than ever. Identifying where, how and why your business is exposed is critical to effective information management. The industry standard for information security management is the British Standard BS7799. Adopting this standard within your business allows you to prioritise actions to minimise exposure and help minimise disruption, revenue loss and legal action. This process itself demonstrates best practice, increases risk awareness throughout your organisation and reassures customers, suppliers and stakeholders.

BSI discuss the pivotal role that BS7799 will play in delivering the Governments strategy for joined up government, enabling people to communicate and make transactions with government from a single point of entry.

http://emea.bsi-global.com/InformationSecurity/GovernmentGateway/index.xalter

After a busy and at times frenetic year, Information Standards were pleased to host a Christmas celebration for the whole ISL team including business partners and resellers.

Following the successful completion of the BS7799 Lead Auditor course in the summer, our new consultants undertook the British Standards Institute BS7799 Implementation Course. This was held in Bristol and involved taking part in a week long structured training program. All ISL consultants successfully passed the course and are now ready to apply their skills and support on-going BS7799 projects currently being undertaken in the South West.

A days training course was held in Bristol covering all aspects of the HealthCheck and the ISMS Service, provided by Information Standards. Jim Farnworth, ISL’s ICT Director led the training course ably assisted by Jim Shine and Dr. Paul Wilkinson. For more information on our Information Security Management training courses please contact Dick Morgan.

Senior Consultants from ISL took part in a week long training course with the British Standards Institute. The Lead Auditor course (IT04) covered key aspects of risk management and the BSI approach to BS7799 certification. All consultants passed the course with flying colours!

Barry Nicolaou and Martyn Rolling join the ISL team as business partners and senior consultants.

Versent, an ICT/IS firm based in Bristol, have joined the ISL reseller network and are now promoting the HealthCheck and BS7799 Compliance Services to firms around the South West region.

The two variants of the e-mail worm, W32/Bagle-Q and W32/Bagle-R, do not carry e-mail attachments. This makes them more difficult to recognize as potentially malicious messages.

Infected messages have a random subject line, most often but not always beginning with "Re:".

If a user with an unpatched version of Microsoft Outlook opens the message malicious code is automatically downloaded.

Once installed, the worms halt a wide range of security applications, potentially opening up your computer to further virus or hacker attack. The worm will also attempt to spread via file-sharing networks and infect other executable files.

"Bagle is a wake up call about the need for holistic security. By keeping on top of security patches, anti-virus software updates and ensuring firewalls are properly installed, users can lessen their chances of getting hit," said Graham Cluley, senior technology consultant at Sophos. "If you don't patch yourself against these kinds of threats, you shouldn't be surprised if a worm bites you on the backside".

British National High Tech Crime Unit (NHTCU) warns businesses of an increase in threats faced by IT departments. The threats are also more sophisticated according to Detective Chief Superintendent Len Hinds, head of NHTCU, as reported by The Register.

The warning was issued as the NHTCU presented its Hi-Tech Crime survey for 2003, in which 83 per cent of respondents admitted to being victims of some form of hi-tech crime during the year. The survey is based on the replies from 201 enterprises, of which more than half had over 1,000 employees.

Information Standards consultants Jim Shine and Jim Farnworth recently escaped cold, wet England and jetted off to the Bahamas to undertake the Information Standards HealthCheck for a Bahamian Fund Management company, Cardinal International. The HealthCheck positioned Cardinal against best practice, providing an objective assessment of risk associated with their business information. An assessment of this nature ensures that Information Technology operates effectively and compliments Cardinal’s organizational needs, and helps direct proactive planning of future growth and development. The HealthCheck formed the foundations upon which Cardinal can move towards certification to BS7799, the British Standard for Information Security and Management.

In today’s business environment information is a key asset, requiring proactive management. Indeed, as businesses grow and develop, so does their dependence on Information Systems & Technology and accompanying this is an associated increase in risk. To address this Cardinal have taken the first essential step to identify such risks, thus enabling their treatment, and where appropriate, effective monitoring and reduction. As an offshore fund management company, Cardinal had identified the commercial and legal necessity for organisations to demonstrate effective security controls on information as part of their corporate governance.

This was Information Standards Ltd first overseas job and represents a milestone for the Bristol based company, which was incorporated in 2002.

The eighth annual survey from the Computer Security Institute and FBI is now available at the CSI site, www.gocsi.com.

The most cited forms of attack were virus incidents and insider abuse of network access.

In the 2003 survey, 62 percent stated that they have been the victims of unauthorized use of computer systems. But only 17 percent could claim with some certainty that their systems hadn´t been used without authorization.

One conclusion in the survey is that regardless of tools and techniques used, "it is still the case that many respondents simply do not know what´s going on in their networks". For instance, 22 percent do not know if their web site has suffered misuse during the year.

The greatest financial losses were as in prior years caused by theft of proprietary information. The average reported loss was approximately $2.7 million.