April 2006 | Archive by Month | SearchSecurity.com | Page 4

April 2006

  • Google Desktop gets scarier

    As if the threats posed by Google Desktop weren't enough, Google's latest release is chock-full of new dangers -- especially to enterprises. In this tip, security guru Mike Chapple reviews Google D...

  • How to define an acceptable level of risk

    Even though management is responsible for defining an organization's acceptable level of risk, the security practitioner should understand the process and be able to illustrate to management how un...

  • Biometrics: Best practices, future trends

    Biometrics products are improving, but they still require careful consideration and planning before implementation. In this tip, ID and access management expert Joel Dubin reviews some best practic...

  • Opinion: Military security legacy is one of innovation, integrity

    In response to a recent column criticizing corporate use of military security guidelines, infosec pro Norman Beznoska Jr. says corporate America has borrowed much of its technology from the armed f...

  • Opinion: The importance of a military mindset

    The military security mindset shouldn't be so quickly dismissed, says Michael Tanji, because military science has spawned many commercially successful technologies and trained many of the professio...

  • Five Microsoft patches coming, but why wait?

    The createTextRange flaw in IE will be among those fixed, but with exploits in the wild, some debate whether once-a-month patching is right for the times.

  • Security Bytes: New IE flaw could enable phishing attacks

    In other news, Cisco patches a variety of flaws and attackers could access Windows file through a security hole in HP's printer software.

  • How to conduct a risk analysis

    In this installment of the Risk Management Guide, Shon Harris provides step-by-step instructions on conducting a risk analysis.

  • Understanding risk

    In this installment of the Risk Management Guide, contributor Shon Harris explains what risk is and clarifies the differences between risk and vulnerability management.

  • Information risk management: Defining the scope, methodology and tools

    In this installment of the Risk Management Guide, Shon Harris explains the importance of defining the scope of the IRM team's responsibilities, the difference between qualitative and quantitative r...

  • How to implement an effective risk management team

    In this installment of the Risk Management Guide, Shon Harris describes the roles and responsibilities of an information risk management team.

  • How to deal with risk

    In this installment of the Risk Management Guide, Shon Harris explains the four ways to deal with identified risk: transfer it, avoid it, reduce it or accept it.

  • How to write an information risk management policy

    In this installment of the Risk Management Guide, Shon Harris describes the contents of a risk management policy and provides a sample policy template.

  • Product Review: SecurEdge is versatile, innovative

    The reviewer says this is one product that can relieve the need to purchase and manage disparate point products.

  • Product Review: FirePass 4100 Controller a perfect fit

    HOT PICK: Our reviewer explains why the FirePass 4100 is one of the most flexible, capable and secure devices available.

  • PING with Jane Scott Norris

    In an interview with Information Security magazine, Jane Scott Norris, Department of State's first CISO, offers some insight on what it takes to become a CISO.

  • Scam artists flocking to MySpace

    The Internet's most popular social networking site is all the rage in phishing circles, as crooks are using MySpace profiles to figure out users' enterprise passwords.

  • Product Review: MailGate 5500 solid, not perfect

    Tumbleweed offers a solid e-mail security solution. But there are some unresolved issues and trade-offs in control that enterprises will have to accept.

  • Security Bytes: Massive fraud via Web payment site

    McAfee fixes Webshield flaw, Trend Micro data is compromised; and Apple fixes its Mac OS X firmware.

  • Defining adequate security controls

    Because of the changing nature of technology, the language in the Sarbanes-Oxley Act is purposefully vague. This article explores the meaning of adequate security controls and what is required for ...