April 2006

  • Understanding risk

    In this installment of the Risk Management Guide, contributor Shon Harris explains what risk is and clarifies the differences between risk and vulnerability management.

  • How to deal with risk

    In this installment of the Risk Management Guide, Shon Harris explains the four ways to deal with identified risk: transfer it, avoid it, reduce it or accept it.

  • Google Desktop gets scarier

    As if the threats posed by Google Desktop weren't enough, Google's latest release is chock-full of new dangers -- especially to enterprises. In this tip, security guru Mike Chapple reviews Google D...

  • Product Review: SecurEdge is versatile, innovative

    The reviewer says this is one product that can relieve the need to purchase and manage disparate point products.

  • Product Review: MailGate 5500 solid, not perfect

    Tumbleweed offers a solid e-mail security solution. But there are some unresolved issues and trade-offs in control that enterprises will have to accept.

  • Scam artists flocking to MySpace

    The Internet's most popular social networking site is all the rage in phishing circles, as crooks are using MySpace profiles to figure out users' enterprise passwords.

  • How to write an information risk management policy

    In this installment of the Risk Management Guide, Shon Harris describes the contents of a risk management policy and provides a sample policy template.

  • Product Review: FirePass 4100 Controller a perfect fit

    HOT PICK: Our reviewer explains why the FirePass 4100 is one of the most flexible, capable and secure devices available.

  • PING with Jane Scott Norris

    In an interview with Information Security magazine, Jane Scott Norris, Department of State's first CISO, offers some insight on what it takes to become a CISO.

  • Survey exposes lax mobile security

    Executives say they worry about smartphone security, but according to a survey from The Economist and Symantec, their approach to the problem is often inadequate.

  • Adding 'fudge' to your passwords

    Many end users easily have half a dozen passwords to access the various Web apps they need to do their jobs. With this tip, you can enforce strong password policies -- and allow your users to writ...

  • Defining adequate security controls

    Because of the changing nature of technology, the language in the Sarbanes-Oxley Act is purposefully vague. This article explores the meaning of adequate security controls and what is required for ...

  • Security Bytes: Massive fraud via Web payment site

    McAfee fixes Webshield flaw, Trend Micro data is compromised; and Apple fixes its Mac OS X firmware.

  • Survey: Enterprises quicken patch processes

    A new patch management survey shows more security administrators are avoiding exploits by patching vulnerabilities quickly. In some cases, maybe too quickly.

  • Wireless Security Lunchtime Learning

    Wireless Security Lunchtime Learning

  • When 17 days of security is an 'Olympian' task

    There's no bigger target for attackers than the Olympic Games, but security managers thwarted attacks in Turin by having no patience for abnormal users or devices.

  • Advice from the pros: What infosec newbies need to know

    Security practitioners discuss what you should know about the security industry before embarking on an information security career.

  • How to manage a private e-mail address in Exchange 2003

    Security practitioners share tools and tactics to help create and manage a private e-mail address in Exchange 2003.

  • RFID virus

    An RFID (radio-frequency identification) virus is malicious code inserted into an RFID tag to alter or corrupt data in an RFID system.

  • E-mail Security

    Tumbleweed's MailGate 5500