Yellow font on Black background Black font on White background Black font on Cream background
Call us today 01621 857841 or Email us
Quality Matters Logo

"Quality Matters in your Business"

Monday, 28 February 2011

Anti Virus Systems and ISO 27001

It is quite noticeable that the number of detected viruses and malware has gone through the roof recently.  It is a sad fact that as times get harder the number and ferocity of attacks on our computer systems increases.

Most people, fortunately have anti-virus and ant malware on their systems, however not all these are kept up-to-date; if they are not updated with the latest signature data they could be worse than useless.

One startling bit of information came my way this week, ‘a computer system connected to the internet will become infected with viruses and malware in as little as twenty minutes’; some put it at less than that.

We tend to concentrate on PC’s rather than Macs and it was thought that the MAC was better protected than the PC, but we are lead to believe that modern virus and Malware attacks MAC's as well.

One clever virus found and blocked on one of our systems had the ability to turn off the anti virus system; fortunately it was detected and quarantined before it could infect our systems.  This is in part due to our antivirus software which alerts as soon as a hint of infection is sensed and our two level stage firewalls.

Here at Quality Matters we are always on guard against these threats and our antivirus updates automatically each day. 

We help organisations put in ISO27001 systems (Information Security Management) which protect their data from unauthorised access and corruption.

The three letters (CIA) mentioned  in 27001 put it well:

C Confidential – keep data safe from others
I Integrity – ensure that data remains uncorrupted
A Availability – ensure that data is available when needed

Monday, 14 February 2011

Valentine's Day and Data Security

Social Engineering is the method by which information about an organisation or its operation is obtained by devious methods.  This method is used to great effect to defeat the security systems set up by many companies certificated to ISO27001, The information security management standard.

This time of year we often act on behalf our Clients to see if their systems are as secure as they believe they are;  we use computer penetration testing and social engineering to defeat our Client's systems and then help them to plug the holes.

One method used is very simple but effective.  We arrange for a young, pretty girl, clutching a bunch of flowers, a bottle of Champagne or a teddy bear to arrive at reception of any large company on 14 February;  she explains to reception/security that she wants to surprise Mr (pick a common name)  on this auspicious day, as it is the only day in the year when a girl can propose to a man.  She thinks he works on the 4th floor.  The helpful receptionist/security guard corrects her and tells her that he works on the 2nd floor;  "once you leave the lift turn right and his office is 4th on the right".

She is in, and has the freedom of the building; if challenged she can explain that she is lost and is looking for Mr …. on the 2nd floor.  Eager to help she is taken through secure access points and given information about the company. 

This information adds to that already gathered from other sources and can lead to a significant security breach.
The motto here is to trust no one and insist the even pretty young girls bearing gifts must follow secure access procedures.

Quality Matters

P.O.Box 5479

T: 01621 857841
F: 01621 856016
M: 07702 193788

© 2015 Quality Matters Ltd. All rights reserved. Responsive Design