bc blog
bc blog
Introducing the new FCCS website...
Written by Anthony Voigt Thursday, 18 June 2009 12:06
One of our most recent projects has been the launch of the new FCCS website www.fccs.com.au.
Our aim was to create a simple, easy to navigate and eye-catching site. As we also develop FCCS’ marketing campaigns, we were able to design a website that really made the most of their vibrant campaign imagery.
To best present these bright campaigns we created a new rotating campaign tool that looks great and is easy to update as new campaigns come along.
We created content for the site that is informative but not too wordy, so users can easily browse through the site and find all the relevant details they need without having to wade through unnecessary information.
We have had an overwhelmingly positive response to the new site and look forward to our next projects with FCCS.
Read/Post Comments (0)
APRA PPG 234 - Management of IT Security Risk
Written by Anthony Voigt Monday, 01 June 2009 20:30
On 8 May APRA released a discussion paper and draft Prudential Practice Guide (PPG) on the management of IT security risk. For those who aren't familiar with it, this is a brief overview.
PPG 234 sets out APRA's expectations for how regulated institutions (and service providers captured by the PPG) should manage IT security risks. These organisations will need to have:
- an overarching IT security risk management framework, addressing matters including an IT security strategy and a hierarchy of policies, standards, guidelines & procedures; and
- clearly-defined security principles for this strategy, addressing issues such as defence-in-depth, control diversity, breach detection and denial of unnecessary permissions/protocols.
The draft PPG also sets out APRA's detailed expectations in relation to security practices.
- Usage and user awareness. The PPG outlines preferred practice in relation to staff training, awareness programs/education and compliance.
- Identification, access and authorisation. This addresses issues like authorising access based on business need, risk-based user authentication and authorisation controls/monitoring systems.
- Life-cycle management controls. The draft PPG requires that security be integrated into all stages of the hardware/software lifecycles.
- Monitoring and incident management. APRA expects the adoption of monitoring processes to identify events and unusual patterns, clearly-defined monitoring responsibilities and robust incident management.
- Accountability and audit trails. The PPG outlines APRA's expectations with regards to security reporting and security assurance through a formal audit program.
- Resilience and recovery. This addresses formal recovery plans, documented arrangements for managing disruptions and regular testing of business continuity arrangements at least annually.
- Service provider reporting. This outlines expectations with regard to service level reporting, business continuity recovery testing, and audit reports.
The PPG will not be formally adopted until later this year and may well be modified before being finalised. However, it is consistent with APRA's overarching approach to risk management and a logical extension of previously-released standards and guidance notes in relation to risk management.
Read/Post Comments (0)
How secure is your website?
Written by Anthony Voigt Monday, 01 June 2009 11:39
According to the Australian High Tech Crime Centre (AFP), Internet Banking fraud (external transfers, money mules and subsequent transfers) is costing the Australian finance industry millions each year. Credit Unions and Building Societies are not immune to this trend.
Website security: an emerging area of risk?
Typically when we consider online crime we think of attacks on individual users: phishing scams, website ghosting, trojans, malware, etc. All these target vulnerabilities in users’ individual online security to harvest their banking and identity credentials.
But online security risks are not confined to attacks on individuals. Consider the public website of any retail banking organisation that contains a link to Internet Banking. If the security around this link were ever breached, conceivably the banking and identity credentials for many individuals could be compromised.
Data breach attempts are increasing and are more organised than ever. Previously, public website security may have been considered to be less important than that of Internet Banking, but these days this is not the case.
Financial institutions are meeting this emerging challenge
Public website security is not merely a question of hosting - that’s just the edge of the wedge. The real online security challenges exist within the systems and applications that drive and support websites. How these applications are structured and coded and how adequately they are monitored can make all the difference to a website's risk profile.
Certainly one thing is clear: for financial institutions, the management of online security risk will continue to increase in complexity.
Read/Post Comments (0)
BRW Corporate Triathlon
Written by Anthony Voigt Friday, 08 May 2009 10:50
On Sunday 5 April 2009, six intrepid members of the Brighton Consulting team braved the pre-dawn chill to gather at Lady Macquarie's Chair at 6.00 am for the BRW Corporate Triathlon.
Two teams of three confronted their fear of sharks, running and appearing in tight lycra...
- The Brightonites (a team of experienced triathletes): Anthony Voigt, John Kean and Lorraine Marsh
- Norfolk n' Chance (a team of complete novices): Michael Baxter, Dan Whitmarsh and Ricardo Goncalves
Each triathlete had to swim 400 metres in Sydney's shark-infested harbour; cycle 8 km along the domain's bike-infested roads (there were 5,500 competitors!) and run 4km.
It was allegedly a daunting task for the members of Norfolk n' Chance who variously complained that they couldn't swim, couldn't run or weren't fit. As it turned out, we all survived and Norfolk n' Chance can claim to have the fastest triathlete on the day (Dan)!
Supported by a marvellous gang of supporters (friends and family who came along, no doubt because they couldn't believe we'd be doing this) we all got through.
This is our story...
Read/Post Comments (0)
Choosing a good password
Written by Anthony Voigt Thursday, 19 February 2009 12:34
I've just come across the best article on passwords I've ever read (and, perhaps sadly, I've read quite a few).
Good password choice involves a question of balance: on the one hand the password should be memorable; on the other it should be hard to crack. Combining these two features can be hard. But a recent article by AUSCert provides some great insight into not just what not to do but also why. It also explains what the bad guys typically do to crack passwords.
To start with AUSCert outlines some simple rules of thumb:
- A password should be a minimum of eight characters long.
- Try to include some form of punctuation or digit.
- Use mixed case passwords if possible.
- Choose a phrase or a combination of words, that make the password easier to remember.
- Do not use a word that can be found in any dictionary (including foreign language dictionaries).
- Do not use a keyboard pattern such as qwertyui or oeuidhtn (look at a Dvorak keyboard).
- Do not repeat any character more than once in a row like zzzzzzzz.
- Do not use all punctuation, all digit or all alphabetic.
-
Do not use things that can be easily determined such as:
- Phone numbers.
- Car registration.
- Friends' or relatives' names.
- Your name or employment details.
- Any Date.
- Never use your account name as its password.
- Use different passwords for each machine.
- Change the password regularly and do not reuse passwords.
- Do not append or prepend a digit or punctuation mark to a word.
- Do not reverse words.
- Do not replace letters with similar looking numbers. For instance, all of the letters i should not be blindly replaced replaced by the digit 1.
And to explain the importance of why a good password is a long passwood, the article provides a couple of tables showing the indicative 'Cracking Time' for passwords of varying length and complexity. It's amazing how much more secure your passwords will be if you just add a few characters to them (8 or more) or throw in some unusual ones. It can mean the difference between your password being cracked in less than a second or it taking four centuries...
Password management is a growing issue both for businesses and individuals - the AUSCert article provides a great overview and is very easy to read.
The AUSCert article can be found here: http://www.auscert.org.au/render.html?it=2260
Read/Post Comments (0)
Movember strikes again
Written by Anthony Voigt Monday, 17 November 2008 15:26
It's that time of year again and more of our clients than ever before are getting hirsute.
Two clients in particular have asked us to sponsor them: Richard Henderson at Wagga Mutual and John Lettfalla at Macquarie. We're absolutely delighted to support them.
The Movember website is here: http://au.movember.com/
Read/Post Comments (0)
Page 19 of 21
- About
- About Brighton ConsultingLearn more about how we operate at Brighton Consulting.
-
Corporate OverviewOur history, where we've been and what we do.
-
Our TeamAn introduction to the people who make up the Brighton team.
-
Project PortfolioView our extensive print and digital design portfolio.
-
AffiliatesWe pride ourselves on developing strong relationships with others.
-
ContactDo you have any questions? View our contact details here.
-
CareersWant to join our team? Learn more about opportunities at Brighton.
- Products
- Our Range of ProductsA range of products that streamline business functions and online capability.
-
Byond Online PublisherRead about our enterprise level Content Management System.
-
FormMasterA program to create, edit and manage online forms.
-
Byond IntranetA feature-rich, powerful, fully-supported intranet solution.
-
InfoCastEnsure CCKFS compliance and generate leads
-
Mobile WebsitesAllow customers to interact with you via mobile devices.
-
EIVSOnline acquisition with Electronic Identity Verification System.
-
FactCastAn automated tool for document downloading and lead management.
-
PHISHQUIZTest your knowledge of fraud with our online quiz.
-
CUtipsEngage consumers with our online football competition.
-
CalculatorsA suite of highly-functional, cost-effective online calculators.
-
OtherFind out about other products offered by Brighton Consulting.
- eBusiness Service
- Brighton Consulting's eBusiness ServiceAn integrated eBusiness Service for websites, intranets and online marketing.
-
OverviewWhat you can expect from our eBusiness Service.
-
BenefitsThe benefits you gain from our eBusiness Service.
-
Website DevelopmentAt Brighton we have a specific approach to website development.
-
eMarketingeMarketing is elemental to our eBusiness Service.
-
Tools and FunctionalityInnovative tools to increase online sales, and improve service.
-
Website SupportOur ongoing support services for eBusiness clients.
-
SystemsThe key systems behind our eBusiness Service.
-
SecurityOur extensive information management security practices.
-
StrategyHow we work together to achieve your goals and objectives.
- Security
- Marketing
- Brighton's Marketing ServicesUtilise our marketing resources and expertise to achieve your business goals.
-
Planning and ConsultingTailored planning and consulting services to match your needs.
-
BrandingWe're a one-stop-shop for all your branding requirements.
-
Marketing SupportComprehensive day in, day out marketing support.
-
Aggregated CampaignsHigh-quality, yet cost effective marketing campaigns.
-
Campaign ServiceCustomised campaign services to meet your communication needs.
-
Member Contact ProgramImprove your member service effectiveness and efficiency.
-
CommunicationsEffective solutions to your communication needs.
-
Newsletter ServiceCommunicate key information with our Newsletter service.
-
BenchmarkingAn annual aggregated benchmarking service.
- Design
- Brighton's Design ServiceA comprehensive design service which can cater for branding, web, print and much more.
-
BrandingA one-stop shop for all your branding requirements.
-
WebAn exhaustive digital design service.
-
PrintProfessionally-designed print designs to meet your needs.
-
Internet Banking RedesignWe can redesign the look and feel of Internet Banking systems
- Websites
- Website RedevelopmentAt Brighton we have a specific approach to website development.
-
Sales Driven ChannelGenerate online sales leads through your website.
-
Design and UsabilityWebsite design founded on extensive industry experience.
-
Browser CompatibilityEnsuring functionality on various web browsers.
-
SEOOur comprehensive approach to Search Engine Optimisation.
-
Internet Banking RedesignWe can redesign the look and feel of Internet Banking systems
