NEWS

...continued from page 1

Editorial office: Elsevier Advanced Technology PO Box 150 Kidlington, Oxford OX5 1AS, United Kingdom Tel:+31 20 485 2145 Fax: +44 (0)1865 853971 E-mail: n.dudley@elsevier.com Website: www.compseconline.com Editor: Terry Ernest-Jones Senior Editor: Sarah Gordon International Editoral Advisory Board: Dario Forte, Edward Amoroso, AT&T Bell Laboratories; Fred Cohen, Fred Cohen & Associates; Jon David, The Fortress; Bill Hancock, Exodus Communications; Ken Lindup, Consultant at Cylink; Dennis Longley, Queensland University of Technology; Tim Myers, Novell; Tom Mulhall; Padget Petterson, Martin Marietta; Eugene Schultz, Hightower; Eugene Spafford, Purdue University; Winn Schwartau, Inter.Pact Production/Design Controller: Colin Williams
Permissions may be sought directly from Elsevier Global Rights Department, PO Box 800, Oxford OX5 1DX, UK; phone: (+44) 1865 843830, fax: (+44) 1865 853333, email: permissions@elsevier. com. You may also contact Global Rights directly through Elseviers home page (http:// www.elsevier.com), selecting first Support & contact, then Copyright & permission. In the USA, users may clear permissions and make payments through the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, USA; phone: (+1) (978) 7508400, fax: (+1) (978) 7504744, and in the UK through the Copyright Licensing Agency Rapid Clearance Service (CLARCS), 90 Tottenham Court Road, London W1P 0LP, UK; phone: (+44) (0) 20 7631 5555; fax: (+44) (0) 20 7631 5500. Other countries may have a local reprographic rights agency for payments. Derivative Works Subscribers may reproduce tables of contents or prepare lists of articles including abstracts for internal circulation within their institutions. Permission of the Publisher is required for resale or distribution outside the institution. Permission of the Publisher is required for all other derivative works, including compilations and translations. Electronic Storage or Usage Permission of the Publisher is required to store or use electronically any material contained in this journal, including any article or part of an article. Except as outlined above, no part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without prior written permission of the Publisher. Address permissions requests to: Elsevier Science Global Rights Department, at the mail, fax and e-mail addresses noted above. Notice No responsibility is assumed by the Publisher for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein. Because of rapid advances in the medical sciences, in particular, independent verification of diagnoses and drug dosages should be made. Although all advertising material is expected to conform to ethical (medical) standards, inclusion in this publication does not constitute a guarantee or endorsement of the quality or value of such product or of the claims made of it by its manufacturer.
02158 Printed by Mayfield Press (Oxford) LImited

BT buys Counterpane to boost IT security services

The acquisition of Counterpane strengthens BT Global Services capabilities in the important Internet security space and also its U.S. capabilities, NCB said in a research note. Bruce Schneier will continue in his role, as will Chief Executive Paul Stich. BT plans to keep the company as a separate entity for the foreseeable future.

Senior infosec pros shift gears from technology to management

Brian McKenna ardware and software have been definitively ousted by management, awareness and HR issues in the minds of infosec professionals worldwide. Such is the top-line finding of the third annual Global Information Security Workforce Study, conducted by IDC on behalf of security education and certification body (ISC)2.

survey respondents earn less than 39,000 euros, compared with 6% earning less than $39,000 in 2005. It looks like companies are employing junior people and then training them up, said Zeitler. He also confirmed that the consensus picture emerging from the IDC study, a joint (ISC)2/Information Security Forum study, and a recent SANS survey is that senior information security professionals are moving up into the business, while middle-level IT security pros are moving back into IT. In a related development, the IDC survey found that organizations are engaging third party firms who have been able to attract qualified information security professionals. Some highlights: c.4,000 infosec professionals from c.100 countries surveyed; Average salaries: US $81k; UK 77k; Germany 49; France 42k; Biometrics ranked either no. 1 or 2 as coming security technology.

Ed Zeitler, executive director of (ISC)2, said that this was the first time that [the shift from technology to people and process] has been reflected in the survey. There has also been a big shift from the CIO to the CEO in terms of ultimate responsibility for information security. CISOs are now dealing less with the CIOs problems and more with the businesss problems. Accordingly, information security risk management has risen to the top, according to the survey, as a training priority. Zeitler said that the CISSP qualification is a first step to meeting this requirement, but underscored his organizations ISSMP (Information Systems Security Management Professional) concentration beyond a base level. Business continuity and forensics were the other two top three areas for training demand. Training budgets are buoyant. Fortyfive per cent of European respondents (just over 1,000) say training budgets will increase by 21%; globally the increase figure is higher, at 30%. However, salaries are not stratospheric. In EMEA, 31% of

Social networking study shows cybercrime risk

esults have been published of the first social networking study, examining the link between specific online behaviour and the potential for becoming a victim of cyber-crime.

CA and the National Cyber Security Alliance (NCSA) carried out the survey, which found that, though 57% of people who use social networking sites (such as MySpace and FaceBook) admit to worrying about becoming a victim of cybercrime, they are still divulging information that may put them at risk. 74% have given out some sort of personal information, such as their e-mail address, name and birthday. Furthermore, 83% of adults using social networking are downloading unknown files from other peoples profiles potentially opening up their PCs to attacks. Half of adults who use social networking sites are over the age of 35. The growing number of adults using the sites is an indicator of their increasing popularity and potential security risks, CA and NCSA conclude.
November 2006

Network Security