June 2007

  • sheepdip (sheep dipping or a footbath)

    In computers, a sheepdip (or, variously, sheep dipping or a footbath) is the checking of media, usually diskettes or CD-ROMs, for viruses before they are used in a computer or network.

  • Should ISO 17799 play a role in risk assessment?

    In this SearchSecurity.com Q&A, security pro Mike Rothman offers advice on the best risk assessment procedures, and discusses whether or not ISO 17799 should be involved in the process.

  • JavaScript hijacking

    JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued)

  • Vendors admit more cooperation needed on security

    Security leaders from large software vendors pledged to cooperate on embedding more security into their products.

  • Are PCI auditors pitching products?

    Auditors shouldn't be pitching remediation services or products to bring a company into compliance with PCI DSS rules, but some merchants are reporting the practice.

  • The next security acquisition? Here's a wish list

    Instead of guessing which companies will cash out next, Dennis Fisher makes a list of security mergers he'd like to see either for sheer entertainment value or actual customer value ...

  • Screencast: How to configure a UTM device

    Unified threat management technologies provide protection against various network attacks, but properly configuring UTM boxes can be a whole other battle. In this exclusive screencast, expert David...

  • M&A: Merging network security policies

    Company mergers often call for the consolidation of two different network policies. But before making any final decisions on technology, the staff members of both organizations need to be on the sa...

  • defense in depth

    Defense in depth is the coordinated use of multiple security countermeasures to protect the integrity of the information assets in an enterprise... (Continued)

  • Cisco vows to maintain IronPort tech, talent

    As it completes the purchase of IronPort Systems, Cisco vows to maintain IronPort's talent base and make investments to keep its newly-acquired technology fresh.

  • SSNs at risk in government records, lawmakers say

    Americans concerned about ID theft also have to worry about their Social Security numbers' use by the federal government, which leaves them exposed in a variety of records.

  • PCI Council hears complaints, suggestions for changes

    Companies with the most stringent security technologies endure hurdles to comply with PCI DSS. Some firms are turning to the upcoming Burton Group Catalyst Conference for answers.

  • DHS suffered more than 800 cyber attacks in two years

    Senior officials at the Department of Homeland Security acknowledged hundreds of security lapses Wednesday, but said improvements had been made.

  • Corporate Mergers and Acquisitions Security Learning Guide

    Mergers and acquisitions are common occurrences in today's information security market. In this SearchSecurity.com Learning Guide, a panel of experts breaks down M&A security priorities and explain...

  • Mergers and acquisitions: Building up security after an M&A

    Mergers and acquisitions are common headlines in today's information security world, and that's great news for malicious hackers and data thieves. When companies join forces, they often leave thems...

  • Quiz: Ensuring compliance across the extended enterprise

    A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School.

  • Log management push has its roots in compliance

    Log management is expected to be a hot topic at the upcoming Burton Group Catalyst Conference. Experts say log data can help organizations comply with numerous guidelines.

  • Understanding PCI DSS compensating controls

    By-the-book PCI DSS compliance scores big points with auditors, but abiding by all the regulations and requirements is a tall order in many organizations. Security management expert Mike Rothman di...

  • ISO 17799: A methodical approach to partner and service provider security management

    Outsourcing may relieve some of a company's burdens, but handing off business functions doesn't necessarily mean less work for security teams when sensitive information or critical infrastructure h...

  • How to get the most out of a SIM

    A security information management product is perhaps one of the least exciting types of information security products available today, but it can be one of the most beneficial. According to expert ...