White papers
All of the white papers listed below have been written by Insight consultants and include advice on current market trends and issues. You are free to distribute our white papers but please observe our copyright notice. Click on a
icon to download a white paper.
Virtual Directories
Virtual directory is the re-emergence of an old concept, but architected to meet new architectures and solve a real business issue. It does not replace the enterprise directory, or identity management system, it sits alongside providing optimised access for dynamic data access to application than need fine grained access control capabilities.
Avoiding the dangers of accumulated access rights
Employees having excessive access rights can pose a risk for any organisation. Often such excessive rights can be associated with people who have undergone a number of job changes. The use of role-based access control is one method that can greatly reduce this exposure to risk.
Databases - the easy way to harvest sensitive business data
Organisations must evolve how they address the security problem associated with managing unauthorised access to data. The focus must not be solely on the network with its firewalls and routers but also include the data itself – both in storage and transit.
Network Admission Control and Identity Management
InNAC technology provides an effective means of providing granular control over access to network-based resources. It protects the network infrastructure and connected systems not only from unauthorised access but also from malicious code and user error by validating connecting systems and users before they have their full level of access.
Two-factor authentication
In order to provide trustworthy remote access to business services, secure authentication systems need to be used. Basic username and password authentication is no longer considered secure enough to protect a companies computer based assets. Any organisation looking into the introduction of a secure authentication system will be faced with a variety of complex choices.
Mobile security
As the Internet has given every organisation with a website a global audience, the need for a mobile and flexible workforce has also increased to meet the demands of business. This has raised a number of security issues that need consideration over and above the usual problems that might affect the office-based user.
Mobility – The Security Concerns
Clearly, the realisation of true mobility is going to involve new connections between traditional and new permanently installed equipment, and the ever growing and developing array of portable computing devices. True and full mobility would be the ability to access all the same electronic data resources one has access to in any particular place, but to be able to do it from anyplace, and at any time.
Using ISO 27001 for PCI DSS Compliance
The Payment Card Industry Data Security Standard (PCI DSS) isn’t dramatically different to the requirements of the best practice security standard - ISO 27001, except that PCI doesn’t mention any of the prerequisites required for a management framework, whereas ISO 27001 omits a lot of the detail around how controls are actually implemented.
Measuring the effectiveness of Security using ISO 27001
Whilst the intentions and objectives behind ISO/IEC 27001:2005 (ISO 27001) aren’t dramatically different to those in BS 7799- 2:2002, one of the changes with the biggest potential impact to organisations is the requirement to measure the effectiveness of selected controls – or groups of controls - within the new standard.
Policy Monitor and its relationship with ISO 27001:2005
This white paper discusses how Siemens Insight Consulting's Policy Monitor product can help an organisation demonstrate best practice and compliance with the ISO 27001:2005 standard.
ISO 27001 and its role in Corporate Governance
This white paper looks at the critical role of how standards - such as ISO 27001 - can help form part of an organisation’s risk and compliance framework, to help towards providing and managing the operational risk profile of the organisation and therefore contributing to a overall structure of corporate governance.
The Rising Tide of Business Continuity for the 21st Century
There is a growing consensus, based on mounting evidence, that human activities are accelerating climate change. Understanding what this might mean and how we should be preparing for it should be a key concern for organisations in the 21st Century. From a continuity perspective, what might this mean for our existing planning framework and how should we be preparing for it?
Shooting the Messenger Doesn’t Resolve Security Issues
If the culture of an organisation is right then implementing effective and appropriate security will follow, and the level of security incidents and costs of maintaining a good level of security will be dramatically reduced.
How Does Your Organisation Manage Fraud?
Many organisations, both large and small, don’t consider themselves to be affected by fraud, or, if they think they are, believe it’s nothing to really worry about.
Payment Card Industry Data Security Standard
The PCI Standard was developed to provide a ‘minimum security standard’ with regards to cardholders’ account and transaction information.
Security Issues Around the Deployment of VoIP and Multimedia protocols in Wireless and Firewalled Environments
Implementing applications such as video-conferencing, web-casting or instant messaging in firewalled environments and over wireless networks poses a number of security issues which need to be addressed as part of any such deployment.
Importance of Incorporating Security Requirements within System Architecture Rather Than Retro-Fitting Controls to an Insecure Design
Security is one of a number of 'non-functional' requirements any system and solution needs to cater for. Others include performance and usability. Ignoring any of them during the design phases of a project is likely to cause problems later on in the project or after the system has gone live.
Business Process and IT Outsourcing
Very few aspects of the modern corporate world are considered more critical than their IT systems. When it comes to the prospect of outsourcing this key resource, whilst the commercial and operational advantages are significant, the potential risks must not be underestimated.
Sarbanes-Oxley Compliance
In 2002/3 the apparently stable and successful US corporate world was rocked to its foundations by the news of the collapse of not one, but two, of its largest corporations. The shock waves from these two events had a profound effect.
Security Professional Services
Having a skilled and knowledgeable information security team is a key resource in any organisation, particularly those involved in fast moving and highly dynamic business environments with ever changing legal, regulatory and technology challenges.
The Open Source Revolution
For the corporate world, open source can bring the potential of having access to high quality, functional software, but with vastly reduced costs, even if these products are procured with formal support agreements.
Outsourcing Abroad - What’s the Impact on Personal Data?
Outsourcing operations abroad can result in cost savings of up to 30% but what are the risks associated with this strategy?
Security Leadership not Security Management
Numerous organisations have all the building blocks of effective security but still their employees are not engaged and do not understand what the security department does and why it is needed. Isn’t it just a cost overhead?
Successfully deploying Single Sign-on (SSO) within an outsourced environment
An explanation of the main techniques used to achieve SSO and the merits of different implementation approaches.
Moving to a Paperless Office - Is it Just About the Cost of the Technical Solution?
There is growing evidence that organisations are increasingly moving from paper audit trails to paperless office environments. Sounds simple and a convincing business case...
Communicating in a crisis - What really works
An explanation of what commercially available communication systems really work in a crisis, drawing on real world examples of communication in both large and small scale incidents.
Risk Associated With USB Memory Sticks and High Capacity Storage Devices
Some of the ways that the growing risk to companies through the use and misuse of USB storage devices can be mitigated.
Telecom fraud: The cost of doing nothing just went up
In today's business environment, security is of vital importance. This importance extends to voice networks where the risk of a security breach is growing daily.
Shooting phish in a barrel
One of the latest family of attacks mounted against web-based applications, often those belonging to financial sector organisations, is that of phishing.
Identity Theft: Managing the risk
Why identity theft has become the UK’s fastest growing type of fraud and the controls that can be used to reduce its impact.
Web Services and XML security
How different mitigation techniques can be used to successfully overcome the security concerns of using XML and Web Services.
Identity and Access Management: Employee lifecycles and roles
HR departments can play a vital role in maximising the effectiveness and value of employee Identity and Access Management systems.
New working practices and the security-aware network
How the security-aware network can help IT departments manage the security challenges introduced by new working practices.
Penetration testing
Why a methodical and proven approach to penetration testing is essential in formulating an effective security testing strategy.
Effective intrusion detection
With careful configuration and management, intrusion detection systems can make a valuable contribution to IT infrastructure security.
Adobe Acrobat Reader
All of our case studies are in PDF format and need the Adobe Acrobat Reader to be viewed or printed.
If you don't have a copy installed, click the Get Adobe Reader icon to download a version.