April 2006

  • How to define an acceptable level of risk

    Even though management is responsible for defining an organization's acceptable level of risk, the security practitioner should understand the process and be able to illustrate to management how un...

  • How to conduct a risk analysis

    In this installment of the Risk Management Guide, Shon Harris provides step-by-step instructions on conducting a risk analysis.

  • Understanding risk

    In this installment of the Risk Management Guide, contributor Shon Harris explains what risk is and clarifies the differences between risk and vulnerability management.

  • Product Review: SecurEdge is versatile, innovative

    The reviewer says this is one product that can relieve the need to purchase and manage disparate point products.

  • Product Review: FirePass 4100 Controller a perfect fit

    HOT PICK: Our reviewer explains why the FirePass 4100 is one of the most flexible, capable and secure devices available.

  • PING with Jane Scott Norris

    In an interview with Information Security magazine, Jane Scott Norris, Department of State's first CISO, offers some insight on what it takes to become a CISO.

  • Product Review: MailGate 5500 solid, not perfect

    Tumbleweed offers a solid e-mail security solution. But there are some unresolved issues and trade-offs in control that enterprises will have to accept.

  • Scam artists flocking to MySpace

    The Internet's most popular social networking site is all the rage in phishing circles, as crooks are using MySpace profiles to figure out users' enterprise passwords.

  • How to write an information risk management policy

    In this installment of the Risk Management Guide, Shon Harris describes the contents of a risk management policy and provides a sample policy template.

  • Survey exposes lax mobile security

    Executives say they worry about smartphone security, but according to a survey from The Economist and Symantec, their approach to the problem is often inadequate.

  • Security Bytes: Massive fraud via Web payment site

    McAfee fixes Webshield flaw, Trend Micro data is compromised; and Apple fixes its Mac OS X firmware.

  • Adding 'fudge' to your passwords

    Many end users easily have half a dozen passwords to access the various Web apps they need to do their jobs. With this tip, you can enforce strong password policies -- and allow your users to writ...

  • Defining adequate security controls

    Because of the changing nature of technology, the language in the Sarbanes-Oxley Act is purposefully vague. This article explores the meaning of adequate security controls and what is required for ...

  • How to manage a private e-mail address in Exchange 2003

    Security practitioners share tools and tactics to help create and manage a private e-mail address in Exchange 2003.

  • When 17 days of security is an 'Olympian' task

    There's no bigger target for attackers than the Olympic Games, but security managers thwarted attacks in Turin by having no patience for abnormal users or devices.

  • Wireless Security Lunchtime Learning

    Wireless Security Lunchtime Learning

  • Advice from the pros: What infosec newbies need to know

    Security practitioners discuss what you should know about the security industry before embarking on an information security career.

  • Survey: Enterprises quicken patch processes

    A new patch management survey shows more security administrators are avoiding exploits by patching vulnerabilities quickly. In some cases, maybe too quickly.

  • RFID virus

    An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.

  • Transit Safety

    BITS & BOLTS SSL-encrypted tunnels protect sensitive data traveling the Information Superhighway.