June 2007

  • sheepdip (sheep dipping or a footbath)

    In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.29 Jun 2007

  • Should ISO 17799 play a role in risk assessment?

    In this SearchSecurity.com Q&A, security pro Mike Rothman offers advice on the best risk assessment procedures, and discusses whether or not ISO 17799 should be involved in the process.29 Jun 2007

  • JavaScript hijacking

    JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued)28 Jun 2007

  • Vendors admit more cooperation needed on security

    Security leaders from large software vendors pledged to cooperate on embedding more security into their products.28 Jun 2007

  • Are PCI auditors pitching products?

    SAN FRANCISCO -- Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice, according to D...27 Jun 2007

  • The next security acquisition? Here's a wish list

    Instead of guessing which companies will cash out next, Dennis Fisher makes a list of security mergers he'd like to see either for sheer entertainment value or actual customer value ...27 Jun 2007

  • Screencast: How to configure a UTM device

    Unified threat management technologies provide protection against various network attacks, but properly configuring UTM boxes can be a whole other battle. In this exclusive screencast, expert David...26 Jun 2007

  • M&A: Merging network security policies

    Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the sa...26 Jun 2007

  • defense in depth

    Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise... (Continued)25 Jun 2007

  • Cisco vows to maintain IronPort tech, talent

    As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh.25 Jun 2007

  • SSNs at risk in government records, lawmakers say

    Americans concerned about ID theft also have to worry about their Social Security numbers' use by the federal government, which leaves them exposed in a variety of records.22 Jun 2007

  • Mergers and acquisitions: Building up security after an M&A

    Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave thems...21 Jun 2007

  • Corporate Mergers and Acquisitions Security Learning Guide

    Mergers and acquisitions are common occurrences in today's information security market. In this SearchSecurity.com Learning Guide, a panel of experts breaks down M&A security priorities and explain...21 Jun 2007

  • PCI Council hears complaints, suggestions for changes

    Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers.21 Jun 2007

  • Quiz: Ensuring compliance across the extended enterprise

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School.21 Jun 2007

  • DHS suffered more than 800 cyber attacks in two years

    Senior officials at the Department of Homeland Security acknowledged hundreds of security lapses Wednesday, but said improvements had been made.21 Jun 2007

  • Log management push has its roots in compliance

    Log management is expected to be a hot topic at the upcoming Burton Group Catalyst Conference. Experts say log data can help organizations comply with numerous guidelines.20 Jun 2007

  • Understanding PCI DSS compensating controls

    By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations. Security management expert Mike Rothman di...20 Jun 2007

  • ISO 17799: A methodical approach to partner and service provider security management

    Outsourcing may relieve some of a company's burdens, but handing off business functions doesn't necessarily mean less work for security teams when sensitive information or critical infrastructure h...20 Jun 2007

  • Eliminating the threat of spam email attacks

    Spam emails cluttering your inbox aren't just a minor inconvenience; these annoying messages can infect your systems with harmful code, viruses and Trojans. Contributor Scott Sidel examines SpamAss...19 Jun 2007