The FORMAT command writes marks on the disk to indicate the beginning and end of tracks and sectors. There are two kinds of formatting: ‘low level’ and ‘conventional’. The former is done by the disk manufacturer and does wipe out any previous data on the disk. The latter (conventional formatting) does not wipe the disk clean; any data from before can still be recovered easily forensically. There is an exception in the case of a floppy disk, in which case the FORMAT command does both low-level formatting and conventional formatting. Even so, do not count on that to remove all forensic evidence from a disk; given that it costs only pennies, open it up, cut it up in as little pieces as possible, and burn it or flush it down the toilet.

The reason why the FORMAT command does not do the much desired (for security reasons) low-level formatting on hard disks, is that there are far too many different hard disks, and FORMAT does not know how to handle them all (or any); for example, the number of sectors per track varies on hard disks but not on floppies

This information should be of security interest because it can help render any previously stored information on a hard disk unreadable. There are different ‘flavors’ of FDISK and you should use the proper one for the operating system you have in your computer.

• DOS 6.22 FDISK cannot handle drives larger than 8.4 GB.

• Win95 FDISK supports drives larger than 8.4 GB if the BIOS can support INT14 Extensions; to use it correctly, boot to the ‘command prompt Only’ on Startup, or choose ‘Restart in MS-DOS Mode’ on shutdown or boot from a Win95 startup floppy disk.

• Win95 OSR2 also supports FAT32 (see Section 4.2.6) but you must answer ‘yes’ to the question ‘Do you want to enable large disk support?’ (Answering ‘no’ still enables access to large drives but not to FAT32). Do not use the /X option.

• Win98, WinNT, Win2000. Use the FDISK that comes with those systems.

Use the /MBR option if a virus has infected your mater boot record (MBR).

While Instant Messaging has substantial advantages, including ease of use and real-time communication, but also leaves a significant safety risk. Unfortunately, right security clearances are generally the last thing when it comes to the development and introduction of new technologies. This is the same issue to be incorporated in with Instant Messaging applications.

Providers of public Instant Messaging software was originally developed instant messaging to enlarge their services to consumers. Consumers liked the convenience it offers and the fact that the technology was free to be adopted quickly. Business people like to use the advantages of instant messaging, they have started to download and use the software (usually) without a consent from their IT or HR department. Instant Messaging is now posing a major threat to business users. The IT departments often do not control the desktop of every employee. In the most cases, the number of workers who have underestimated Instant Messaging and the ease with which they can develop their staff. Because the uncontrolled use of direct customers, consumers have increased the potential for adverse effects increases.

Instant Messaging can spread viruses; spam, lack of audit in corporate disclosure of necessary financial services, and the uncontrolled proliferation of proprietary information are just some of the risks associated with the uncontrolled use of Instant Messaging.

Content Concern over Instant Messaging

Public Instant Messaging products generally comprise no provisions for message logging, confidentiality and security. An instant messaging protocol is usually very difficult to control with available security products and software. This is because they are designed so that communication between users on the public Internet can run under any possible network configuration. Efforts by administrators or security personnel to stop Instant Messaging traffic by closing firewall ports will not work. This is because most of these Instant Messaging applications are using “agile port”, ports that are frequently changes to other ports that are remain freely accessible to users on the Internet access.

Regulatory Issues in Instant Messaging

Instant Messaging is also must follow government regulations and requirements of the content industry, privacy, and customer loyalty. Instant Messaging is scrutinized same like email. You must agree that the content of Instant Messaging can be logged to be a company or a regulatory requirement developed in several industries. For example, the Securities and Exchange Commission (SEC), NASD and NYSE broker in the United States and archiving of all digital communications with customers for up to six years. The SEC also requires that all communications with foreign customers are recorded in investment banking and analyzed for possible violations of any securities breaches. This is also to prevent the similar legal issues for the pharmaceutical and petrochemical industries. Logging is a basic necessity for the operation of call centres and operational need for the government and defence systems.

They had the ability to properly monitor and log IM sessions can satisfy even the financial institutions to comply with legal requirements. As a form of e-mail, IM creates a written undertaking that can be asked and used as evidence in any judicial or public office for criminal investigation.

Once a company can reasonably expect conflict or litigation, it is their duty to take the documents and, at this point, we must suspend regular operations, as well as the creation of the litigation hold security for the preservation relevant documents.

Where a company can identify where particular employee documents are stored on tapes based backup, then the Company will take films documenting the main players listed in the existing or future litigation, unless the information elsewhere.

Rolling out a large ISATP Program can be an incredibly daunting task. Especially, if you have to ensure that your efforts are measurable in order to meet industry standards or adhere to legislation.

Let’s face it, you can’t measure the number of times employees look at the security awareness posters you just put up in the coffee room or in the elevator and how the heck do you measure the impact of a banner on the company intranet? Did it really change the outcomes and behaviors of the employees?

And what about that 1.5 hour live training session? Did anyone actually listen and has implemented the recommendations?

If your budget has been cut and you can’t afford an online training component with a back-end LMS to track and provide reporting functions then start small and try the following techniques:

1. After your live training sessions, walk around and measure the impact by talking to employees and asking questions.
2. At lunch, do “walk-by’s”. Check to see if employees are leaving their desks without adhering to the “clean desk” policy and have left their laptops unlocked, etc. If so, create some friendly reminder cards to place on their desks as reinforcement.
3. Pick a month a year and do a “security awareness month” combine short videos with games and posters that supplements your regular yearly ongoing training programs.
4. Provide incentives (if possible – even an apple, chocolate bar, etc) for those you catch doing the “right” thing when it comes to being security aware.

The key is to track all of these items. Start a spreadsheet and track the number of employees talked to per month, the number of incidents discovered in the walk-by’s and the number of employees caught doing something correctly. Create some nice monthly graphs with the data and provide them to management so they know you are on top of the security awareness issue.

Have you ever felt that you have been a victim of scammers? If you haven`t, you must have been living on a island somewhere with no telephone, no computer, no mail or any contact with the world. So how can we keep from being a victim of Scamming?

Every day you hear of scams. Some big, some small. In a lot of cases people yell scam to cover up their own failures. For instance, a person sees the words easy money and they jump at the opportunity without reading the whole deal. They see what they want to see and not what is written. They are disapointed when the easy money does not start rolling in and they yell “I`ve Been Scammed”.

Remember, it takes two people to create a scam. You and the scammer! You have to be ready to jump at the chance of fast money without carefully checking everything out or the scammer doesn`t have a chance.

I hate to use an old tired Phrase, but it’s the best policy - ‘If it sounds too good to be true, it probably is.’ You run in to a lot hype and wild claims. miles of testimonials, screen shots of earnings and umpteen bonuses. My question is - If the product is so good, why all the bonuses? If the product is going to deliver the benefits and solve the problem then it should be enough for your buck.

The point is, you should look past the hype. Think, are they promising too much. If you are looking for information about a certain subject, thats what you need. You are looking for good useful information not a big package of books that you will never read.

But, you shouldn`t be discouraged or give up your dreams. Just be a little more careful. There are no free lunches. If you haven`t given up your dream of doing your own thing, you can find success online. You can make money from home.

There are so many ways to make money online. I know of people that are truly earning fortunes right now as I am writing this. And they are not any smarter or better educated than you are. But they have achieved great success online. You can do it too! All you need is more knowlege and experience.

You get the knowlege from reading and seeing what the successful ones are doing. You can get the experience by copying the tactics and procedures of these successful people. Remember trial and error are the best teachers. You can’t win if you don’t play. You will find the ways to make money and ejoy true success online!

When it comes to your children and Internet privacy, you must be very diligent. If your children are under 13 years old, it is recommended that you stay by their side or at least closely monitor them while they are on the computer.

Sadly, way too many children and teens have been abducted, harmed and even killed as a result of their Internet privacy being violated. Of course, many of these children and teens voluntarily gave out their personal information which leads to these horrific events. However, if a parent or older person is closely supervising their online activity, it could cut down on the number of Internet crimes and breaches of Internet privacy that affect children and teens.

PARENTAL CONTROLS

This feature is so easy to use and can be found in the control panel of your computer. It is the absolute best feature on any computer that a child or teen uses. You, as the parent or guardian, are in control of the child’s Internet surfing. You can block web pages that have certain words and phrases in them. You even can even choose the pages your child is allowed to visit and they will only have access to those pages. It also allows you to see where your child has been on the Internet and how long they were there.

CHAT ROOMS

Chat rooms could potentially be some of the worse places a child can go, even though many of them spend a good amount of their online time there. There are hundreds if not thousands of chat rooms that are “for children only”; all of which have a moderator in the room at all times. There is only one flaw in this plan, anyone can act and talk like a child so in all actuality, you really don’t know who’s in the chat room. Child predators have a way of getting information out of a child with them not even knowing it. For example, several years back a police officer posed as a child in a chat room and the officer managed to get the child’s school and a good description of the child. It was enough information for the officer to show up at the school and identify the child. That’s scary stuff.

The officer simply asked everyday questions such as “what’s your favorite sport?”, or “do you play sports at school?” Then, the child would reply with their answers and toss in their school mascot. Are you following the pattern here? The next set of questions may have been about hair color and the child would innocently give up that information. The conversation continued for a few weeks until the officer had enough information to find that child without them ever telling them their name or even where they lived.

There are a lot of sick people out there. The above experiment was done to show people how easy it is to get kids to talk without saying anything that they thought was wrong. That’s why it’s important for parents to be with their children while they’re on the Internet or to view all conversations and places they have visited. That is a great way to protect your child’s Internet privacy and ultimately your child!

Information is the most valued possession of a company these days. In fact, the changes in the modern concept have shifted the focus from the typical assets to the information. Now wonder therefore, that the companies, irrelevant of size, are giving a lot of importance to the information security.

The Facts

In general this security protects the corporate data that are considered to be the main lifeline of the modern companies. It is one of the most sensitive things that a company poses. Naturally, they care for it very much. This is the reason why the integrity in the information security has become such a crucial factor. In fact, the management give more stress on this aspect of security than the security of the rest of the corporate assets.

One can understand the need of it while considering the threats that exist on a company’s corporate information. Each and every day, the threats are increasing in number, nature, and complexity. Hackers are becoming more technologically advanced. This, in turn, is increasing the threat every single moment. Freeware and commercial tools like Metasploit Framework, Nmap, Security Forest, Ettercap, Yersinia, DSniff and Cain & Abel make the process of breaking into a network even more easier. Even script Kiddies, as they call them, without any strong hacking knowledge can use them. Today hackers are becoming more organized. They use web sites and IRC forums to exchange their ideas and exploit code. Searching on the Internet one can easily identify auction sites where hackers sell their exploit code and identified vulnerabilities. All these make the task of corporate governance even more difficult.

The organizers can hardly take any chance. If the hackers managed to crack through the security, they can create sever damage to the legal compliance as well as the management and reputation of the company. The impact of it will be felt both in the long and short run. So, each and every organization should take proper steps to secure their information.

However, a casual approach to it will not serve the purpose. It will be a mistake to identify the breaches in an ad-hoc basis. Rather, one needs a regular systematic approach to the risk identification and resolution. The legislations have made an effort to bring that through the protocols. This makes the firms liable criminally to implement and maintain the security measures regarding information. Sometimes, the regulations also make the directors liable for it.

All this has conferred some added responsibilities to the organizations. They have to document the security measures taken by them. This need to prove the proper functioning of their security system actually helps the companies to develop a better systematic outlook to the potential threats. It makes them more organized in terms of costs management, as well as the network security.

The Standards

The development of ISMS (Information Security Management System) is a necessity for modern enterprises. The ISMS ensures that the appropriate security controls will not only be implemented but will be also correctly managed as well. However, deploying such a mnagament infrastructure is not an easy task. The company has to identify the necessary employees that will participate in the ISMS, and then develop the appropriate Security Policies, Procedures and Corporate Guidelines. One of the best guides towards developing an ISMS system is the ISO27001:2005 standard. This ISO standard is widely accepted worldwide and describes the necessary security controls that must be in place to mitigate security risks. Please note that these standards will not propose specific technologies to be applied. They will just discuss the necessary mechanisms that need to exist. Examples of such mechanisms include:

• Allocation of Security Responsibilities

• Independent Review of Information Security

• Inventory of Assets

• Segregation of Duties

• Information Classification

• Physical Perimeter Security

• Cabling Security

• Controls against malicious code

• Network Connection Control

• Segregation in Networks

Gaining an ISO certification will not bring you out of the legal obligations, the ISO certification will help you get the legal defense after any breach in the security takes place.

Along with the ISO27001 a number of other International Accepted Security certifications exist examples of which are the SOX, the HIPAA,athe PCI DSS and the WLA. Each standard usually targets specific industries or type of business. Depending on the country and the local laws, some corporations are obliged to gain some of these certifications in order to be able and operate.

The standard assists organisations by providing a structured and a proactive approach to information security, by making sure the right people, processes, procedures and technology are in place to protect information assets and thus minimise possible harm to organisations that can be caused by deliberate or accidental acts.

Being compliant with a standard, means that a company has implemented the necessary security controls that the standards proposes. Corporations which have gained a security certification use it as a marketing tool, and have gained a competitive advantage over their competitors. Such certifications usually increase customer trust by reassuring them that the corporate management team is committed in protecting their confidential information.

To receive certificate third party auditors will need investigate the corporate environment and ensure that these controls have applied correctly.

The Risk Assessment Process

To ensure that corporate information remain secure, Security Officers, use Risk Assessment methodologies to estimate the actual risks that exists on the corporate systems and the corporate procedures. The Risk Assessment process enables corporate managers to identify the risks associated with running the day to day corporate processes and also identify the necessary controls to mitigate them. Today a number of widely accepted Risk Assessment Methodologies exists that can be used by corporations to develop an assessment process. Examples of such are the NIST Risk Assessment methodology (SP800-30), the ISACA Risk Assessment and the ISO13335.

Companies must ensure that such a Risk Assessment process is regularly executed within the corporation. Assessors will use special questionnaires to interview managers and administrators, and also special tools to scan the corporate systems, network equipment and databases for vulnerabilities. Assessors must also check on the network architecture and identify potential flaws which may allow adversaries to access confidential data.

To assist them in this task, many vendors have produced software applications that automate many of the Risk Assessment process tasks (i.e. developing questionnaires, statistical analysis of results, performing interviews). An example of such a tool is the vsRisk.

Virus is the great enemy for your computer and is the security breaker for your privacy of your stored data. Everything that you see on the display of your monitor is the output of program. This program is designed in such a way that your computer shows your required display or output on the monitor. Virus breaks up this systematic rule and makes the program or software abnormal. Then your computer shows the abnormality and acts as a mad man. Out of this some virus steal your valuable data.

Here is an interesting secret that the virus is also a fully correct computer programming language. Spy-ware is also an unexpected program for your computer that steel data of your computer. However as the enemy of you computer you should not welcome of a virus or a spy-ware and you should remove it from your computer using anti-virus program. To defect these enemies you have to use antivirus software or firewalls and update them regularly.

As the protector of your computer anti-virus or anti-spyware should be installed in your computer. The program of antivirus or the anti-spyware is not our main concern. It is syllabus of a virus or anti-virus programmer. This article is for the general user who may be affected or now affecting with this problem. The general procedure of installation of an anti-virus or anti-spyware is discussed here. The software that would be installed in your computer must have an exe file. So to install the anti-virus or anti-spyware, first double click or execute the exe file. Most often there are some terms and conditions from the authority of the antivirus those must be agreed by you to proceed. So precede the installation by accepting their terms and conditions and then go next. Thus go ahead reading and understanding the report and install the anti-virus or anti-spyware properly in your computer.

In the modern time period some spyware acts as a thief and it stills all the data from your computer. Firewall protects your computer or sometimes a specific network. Firewall is also usually software and sometimes may be hardware. Virus or spyware is upgrading day by day to harm your computer. So to protect them anti-virus is also upgrading. As a conscious operator of computer you should update your anti virus or anti-spyware on regular basis. Updating anti-virus is very easy. If you are connected with the internet then your antivirus software will want to be update automatically. It will show you a message that if you want to update the software automatically. You have to respond the message to give the permission to be updated. Then it will be updated automatically and when the process is completed it will inform you giving a message. To keep your computer virus free you have to update it with regular basis and scan your computer. Sometimes specific anti-virus software can not detect all kinds of virus or spyware. Different kinds of software have different capabilities with their different algorithms. At this stage you may use different software in different times. Better option is to install one software first then scan your computer. After that remove that software and install software and then scan your computer. But all time a software must be installed in your computer and update it regularly.

Computer security is the most frequent used word in the modern security challenging time. Security of computer is the part of technology which is used to secure computer, the information or the computer network. At the time period when a computer is connected with the other computer or with the other network, they remain at a common risk. The term computer network has come from the issue when the computer is connected with the internet. The reasons of this risk and the way of remedy should be known to you when you are probably in danger situation.

The solon field areas of computer security are commonly signified by initials CLA: confidentiality, wholeness, and authentication or availability. Securely represents that information cannot be access by unauthorized parties. Confidentiality is also celebrated as secrecy or secrecy; breaches of privacy array from the complex. The Integrity is that accumulation is covert against unlicensed changes that are not noticeable to licensed users. Availability way that resources are convenient by approved parties which are sometimes the subject of somebody word, are attacks against availability. Maintaining attain contain effectuation not only that users can hit only those resources and services to which they are allowed, but also that they are not denied resources that they lawfully can await to hit. No repudiation implies that a soul who sends a message cannot refuse that he sent it and, conversely, that someone who has received content cannot refuse that he received it. In addition to these discipline aspects, the conceptual contact of computer guard is unidiomatic and multifaceted. Computer section touches draws from disciplines as need and risk psychotherapy, and is preoccupied with topics such as machine transgression; the prevention, reception, and remediation of attacks; and operator and obscurity in cyberspace.

Patch confidentiality, state, and legitimacy are the archest concerns of a computer security administrator; isolation is perhaps the gravest vista of computer instrument for everyday Cyberspace users. Though’ users may sense that they feature zip to pelt when they are registering with an Cyberspace position or force, private ness on the Cyberspace is nigh protecting one’s personal accumulation, steady if the info does not seem irritable. Because of the assist with which message in electronic information can be mutual among companies, and because fine to cast a flower of, for lesson, a someone’s information hunt habits, it is now rattling fundamental that individuals are competent to record keep over what information is collected around them, how it is victimized, who may use it, and what end it is used for. So to keep secure your computer and the information of your computer, take necessary steps from now.

Treat your passwords and pass phrases with as much care as the information that they protect (bank or financial information should be more secure than signing up for a free PDF).

Don’t reveal your passwords to others. Try to keep your passwords hidden from family members (especially children) or friends who could easily pass them on to other individuals. In the real world, you still may need to share your password with others, such as your online banking account password that your spouse might need to access. Those are the exceptions and not the rule.

Protect recorded passwords. Be careful where you store the passwords that you write down or enter into the computer. Do not leave these records of your passwords anywhere that you would not leave the information that they protect. Offices are notorious for being very insecure because many corporate password policies require you to change your passwords every 30-60 days, so people write them down and place them where they can find them quickly. If you’re in a more secure office, this isn’t a problem.

Never e-mail your password to companies. This is what is commonly called “phishing.” If a company requests you to send your password or if it requests you to verify your password by accessing a Web site is almost certainly a fraud. This includes requests from a trusted company or individual. Often the requests come from an e-mail that looks like a trusted company. What may have happened, though, is that the bad guys have intercepted an actual e-mail and created their own e-mail that will gather information from the user in a fraudulent manner. No trusted company will ask you to resend your password. This once piece of information will save you an incredible amount of heartache.

Change your passwords often. Two or three times a year is good. More often is better. This can help keep the bad guys unaware. Depending on the strength of your password will determine the length of time it is good. If a password is smaller than 7-8 characters should be considered only good for a few weeks, while a password that is 13 characters or longer (and follows the other rules outlined above) can be solid and acceptable for years.

Don’t type passwords on computers that you do not have control over, such as those in computer labs, conferences, internet cafes, airport lounges, or other public facilities. They should not be considered safe for personal use other than for browsing the internet anonymously. Any account that requires a user name and password should be considered unsafe for sending and receiving personal information. Be very very careful when sending information across these computers.

Do not use these computers to check online e-mail, chat rooms, bank balances, business mail, or any other account that. Criminals can purchase keystroke logging devices for very little money and they take only a few moments to install. These devices let malicious users harvest all the information typed on a computer from across the Internet–your passwords and pass phrases are worth as much as the information that they protect.