Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Improvements required in incident reporting mechanisms

Information Security Awareness Forum : 02 June, 2009  (Company News)
The ISAF has called for improved methods for reporting IT security incidents with many users unaware of the most effective way of reporting security problems to Webmasters, helpdesks and other support operators
According to the Information Security Awareness Forum (ISAF) Security incidents affect most of us from time to time, but how easy is it for us to report them? Some websites have a 'Report Abuse' mechanism, but many don't. With some simple changes, many websites could help users to be more secure online. The ISAF supports the principle that every website that users interact with should have a clear routine for providing feedback, which includes instructions on how to report problems such as abuse, impersonation, fraud etc. This should be provided for all sites that are visited by an ordinary consumer, including social networks, gaming and e-commerce.

According to Dr David King, ISAF's chairman, "The simplest routine might be to use a button or click entry which leads to a semi-standard 'Security Advice' page with instructions on how to report to the organisation's own incident response team (if applicable) as well as generic advice and contacts. This would enable a consumer / user to inform the intended website of issues, and for the website to manage an appropriate response - which may include liaison with police and anti-fraud authorities."

A member representative in ISAF experienced an incident recently: 'I went onto my ebanking provider and 'felt' that the website wasn't normal - it didn't have the usual colours, graphics, placement of icons etc....and yet I was able to log into my own bank account and all seemed in order (and thankfully this continues to be the case). If there had been an obvious 'report abuse' button on the homepage, I would have logged out and used it, if only to receive a reassuring email confirming that perhaps they were doing a website upgrade and not to be worried....'

The page for contact/feedback should also provide links to sites that provide targeted security advice. A list of sites suitable sites are published in the ISAF guide and are available at the home page of the ISAF. Sites that are likely to be of particular relevance to most audiences include Get Safe Online.

Dr. David King continued, "To avoid the risk that a hacked website might lead the user to a source of false advice, websites should encourage users to cut and paste links to these reference site into a browser as a matter of practice."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo