Home 
IS Audit & Security Published Article
IS Audit & Security Published Article
 |
By Alison Cheang,IS Security consultant
現時有很多Web應用框架(Web application framework)提供給網頁開發員使用,最常見的有ASP.NET、Symfony、Django等等;網頁開發員只需要在framework內編寫系統主要的程式碼或修改小部分的程式碼,便能很簡單就完成編寫一個網頁,而大部分的MVC模式以及安全的配置已在framework中預先設定,所以對開發者來說是十分方便。因此,開發者完全依賴在framework中內...
Wednesday, 01 July 2015 |
 |
By Geoffroy Thonon, Principal Consultant of Manetic
Imaging being on a quest. Climbing mountains and crossing seas, the path and journey of the quest is arduous. After all the adversity, there are some triumphs along the way. After completing th...
Wednesday, 01 July 2015 |
|
|
By Geoffroy Thonon, Principal Consultant of Manetic
The acronym has to be expanded. IoT does mean the Internet of Things but sure enough it does not convey the whole picture in the view of security. So in the same light that BYOD Bring Your Own D... Tuesday, 24 March 2015 |
|
|
By Alison Cheang,IS Security consultant
人們在電腦上除了查詢資料、做一些文書工作之外,還會在電腦上收發e-mail、 在網路購物、存放照片、或備份自己電話的資料等等… 這時候電腦系統已經記錄了很多自己的私密資料。想一想,若果自己的電腦操作系統有漏洞的話,那麼記錄在系統內的私密資料便很容易被駭客盜竊。現今所有的操作系統都不是百份之一百安全,並且要依靠更新系統以及防毒軟件來維持和確保安全。現時常用的操作系統大多數是 Windows , Mac OS以及 L...
Sunday, 15 March 2015 |
 |
IT 對商業世界已是業務核心關鍵,不僅是開拓業務發展的利器,從另一角度而言更是不容有失的致命關鍵。面對愈來愈多的黑客攻擊,企業自保也愈益困難,要防範癱瘓公司網路的DDoS 攻擊,更要防止以偷竊甚至破壞為前提的系統入侵,傳統模式的資訊安全系統也必須持續進化,才能應對日新月異的黑客攻擊方式。 主動式雲端防護系統 APT 攻擊是近年常見的黑客攻擊方式,攻擊往往是針對性的,透過社交工程和長期潛伏令傳統保安工具都失去效力,也成為現在企業最大的保安挑戰。Trend Micro Deep Discove...
Sunday, 15 March 2015 |
 |
By Darren Anstee, Solutions Architect Team Manager at Arbor Networks
DDoS attacks are continuing to evolve and the last 12 months has seen huge growth in the number and size of the attacks going on out there. When we couple this with businesses inc... Friday, 14 November 2014 |
|
|
By Alison Cheang,IS Security consultant
當今高速網際網路存取、智慧型行動裝置與可攜式儲存設置的普及,也代表著員工愈來愈行動化,「辨公室」亦無處不在。因此與過去相較,企業防止機密資料外洩的工作就變得更加困難。此外,雲端技術愈來愈流行,很多時候我們都會將公司的文件檔案存放到雲端上,方便日後存取。不過儲存在雲端上的文件檔案會否有機會被第三者看到呢?又會否被對方的資訊系統技術人員偷看呢? 近年來亦有多篇報導有關資料外洩的新聞。如美國紐約地區法院法官駁回微軟... Friday, 14 November 2014 |
 |
In the past twelve (12) months from November 2013 till October 2014 inclusive, there has been an “average” activity of just below thirteen (13) advisories and just below three (3) issues per week, as collected by the Early Warning System function of ...
Friday, 14 November 2014 |
|
|
By Geoffroy Thonon, Principal Consultant of Manetic
You can’t hear it but it is there. It’s persistent and getting louder. The most amazing thing about this noise is that most people only know it is there is when the noise is so loud it makes their... Friday, 14 November 2014 |
 |
By Mandy Loi,IS Security Consultant
為甚麼我們要做資訊安全稽核,目的何在?隨著網絡威脅增加及攻擊方式日漸複雜,衍生出許多企業資訊安全問題,政府及主管機關對強化企業的資訊安全風險管理亦越來越注重。企業管理者面對外在的壓力以及內在的需要,也開始正視其企業在資訊安全上應盡的責任,其中的具體且積極行動便是藉由資訊安全稽核的過程瞭解企業風險所在並採取必要的防範措施。 稽核是甚麼? 是一個在資訊安全中不可或缺的重要元件。就字面上看,稽核可說是「稽」查和「核」對... Tuesday, 01 July 2014 |
Page 1 of 5