Feeds

MoD 'How to stop leaks' guide leaks

Secret security manual no longer secret

Internet Security Threat Report 2014

A Ministry of Defence guide to preventing information leaking into the public domain has leaked into the public domain.

The three volume, 2,300 page book includes information on dealing with investigative journalists, foreign agents and computer hackers as well as how to deal with typical approaches from Chinese and Russian secret services.

The Defence Manual of Security was issued in October 2001 and is marked "Restricted". The three volumes, which appear in their entirety on Wikileaks, cover: protective security, personnel security and IT security.

The section on IT security warns: "The main threat to the compromise of protectively marked information on IT systems comes from authorized users who may, for whatever motive, disrupt the system or gain access to protectively marked information which they have no 'need to know'.

"There is also a threat from FIS [foreign intelligence services], which are likely to try to exploit any security weakness of which they become aware."

The manual also refers to Tempest certified equipment - hardware which is cleared for dealing with the most sensitive information.

The guide also explains the difference between threats from Chinese and Russian intelligence services: "Chinese intelligence activity is very different to the portrayal of `Moscow Rules' in the novels of John Le Carre."

The Chinese have "a voracious appetite for all kinds of information: political, military, commercial, scientific and technical".

Companies which employ local staff are warned that Chinese security services are likely to have briefed them and told them to copy all documents they have access to.

Wikileaks was last in the headlines for posting a copy of the UK's postcode directory.

There's more on the manual here. ®

Beginner's guide to SSL certificates

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.