The 'Security Summit Europe 2006’ seminars, based on enterprise security strategies from the cyber crime fighter specialists SSR-I, in association with the New York-based International Council of Electronic Commerce Consultant (EC-Council) – the international organisation driving standards and skills for e-Commerce Consultants – cover:
• Ethical hacking myths
• Intellectual property theft
• Corporate espionage
• Common blunders in a high-tech world
• Habits of highly malicious hackers
• Security solutions to avoid the breaches
• The implication of hacking
• Legal considerations
• Risk to web enabled application and web services
• Risk mitigation strategies
• Live hacking demo including applications hacking
The Summit aims to highlight the risks and exposures that all organisations face with regard to unauthorised intrusions and theft on their business systems.
“Whether an organisation’s IT systems’ security is in-sourced or outsourced, that data, ‘up-time’ and corporate credibility is at risk,” said SSRI’s Rajive Kapoor.
“The SSR-I seminar offers remedies that can be deployed, including education on ‘ethical hacking’, ‘computer forensics’ which can lead Licensed Penetration Testing.
“This makes organisations aware of the potential dangers. It provides the knowledge and skills that help to prevent security breaches or, if they occur, trace and then secure them.”
The seminar explores the risks to which organisations’ data, business critical applications and networks are exposed and shows how, by further enhancing the specialist skills of a few staff, organisations can protect themselves against these risks. Not only offering an insight into the tools and methods used by unethical hackers (‘crackers’), the seminar outlines when and why an organisation can become a victim - and explains the counter-measures available.
“How do you know that competitors are not using unethical means to gather information about your company and product?” Kapoor added. “Or could disgruntled employees be divulging privileged information?
“Preventing unlawful penetration means ensuring that competitors and criminals can’t hack your systems and take information for their personal gain.
“Most organisations don’t know that they are the victims of information theft but, if does happen to your organisation, you need to find out how it happened, who did it and stop it happening again,” Kapoor added.
“Moreover, you need to be able to produce incontrovertible evidence of the theft or malicious act so that, if the worst comes to the worst, your HR department can take the relevant steps. This is particularly important in countries such as Germany and France, which have stricter laws about dismissing employees than we have in the UK.
“And, in the last resort, you can then provide the police with what they need to take the appropriate action,” he added.
According to Sanjay Bavisi, vice president of the New York-based International Council of Electronic Commerce Consultants (EC-Council), losses from cyber crime are increasing because of improvements in automation, increasing the speed of attacks; increasingly sophisticated attack tools, and the increasing permeability of firewalls, among other things.
He stated: “Organisations’ greatest losses because of cyber crime are now greater than those posed by systems being attacked by viruses or worms. Among these are identity theft and computer-generated fraud.”
In an attempt to counter cyber crime, the EC-Council has teamed up with the UK-based SSRI to secure IT professionals to ‘ethically hack’ their organisations’ systems so that they are aware of the potential dangers – and can help to trace any security breaches if they occur.
“To protect your company from being spied upon, you need to first understand how it’s done,” explained Joern Oelze, managing director of New Horizons in Germany, one of the companies hosting a Security Summit and a provider of SSR-I/EC-Council Certified Ethical Hacker (CEH) courses. “If your system still gets compromised, then computer forensics come to the rescue – and this is why proper employee training and security policies are vital.”
Computer forensics are involved in any case which involves a computer as a:
• Source of crime (email fraud)
• Tool of crime (child pornography)
• Targeted by the crime (virus attack)
• Evidence repository of crime (emails in adultery cases)
• Transitory path of crime / evidence (copyright violation)
“Network forensics can identify a path that the intruder took over the network; reveal intermediate intrusions, and provide leads and corroborating evidence,” said Kapoor, whose company is organising a series of 16 training courses and seminars, through authorised partners across Europe, that highlight the risks and exposures that all organisations face with regard to unauthorised intrusions on their networks.
SSRI’s Licensed Penetration Tester program, which incorporates Ethical Hacking, Forensics Skills and Security Analyst skills, improves the skills of an organisation’s key staff who have responsibility for the integrity of the networking infrastructure and business critical applications. By conducting controlled penetration tests on your infrastructure throughout the year, they can to identify potential points of intrusion and secure them - before the hacker finds them!
SSR-I have signed up authorised centres for their seminar-based training programmes in Germany, France, the Netherlands and Denmark. These include New Horizons, Train & Consult, and Training Camp in Germany; Upgrade and GED Systemes in France, New Horizons and GKN in the Netherlands and Denmark.
SSR-I has been formed as the master distributor in the UK and Europe for the products developed by the EC-Council – the international organisation driving standards and skills for e-Commerce Consultants.
The launch platform in the UK is the Licensed Penetration Tester programme that allows organisations to test their networks using the approaches and techniques that hackers would use. This program develops skills for Ethical Hacking, Forensics and Penetration Testing that will identify weaknesses and plug them – before malicious hackers get to them.
SSR-I programmes are delivered via 38 delivery locations throughout Europe in association with its group of European partners including Training Camp, IT Security Training, Net security, BT Britannia and ASG training in the UK; New Horizons, Train & Consult, and Training Camp in Germany; Upgrade and GED Systemes in France; New Horizons and GKN in the Netherlands and Denmark.
The International Council of Electronic Commerce Consultant (EC-Council) has developed a certification program that combines relevant education with an examination assuring professional competency. The Internet's rapid evolution into electronic commerce and full-featured information delivery system has meant that IT professionals need a new range of skills.
The EC-Council has defined those skills in terms of internet security and this, in turn, means that organisations can use their firewalls, encryption and other security technologies to the maximum effect. These programs extend to website marketing, and other electronic commerce issues such as internet law, intellectual property rights, domain names, and copyright law.
EC-Council conferences allow professionals to work together to learn the latest news and counter-measures on security and network with other members from around the world.