Security Management Strategies for the CIO-
SQL injection attack infects hundreds of thousands of websites
Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.30 Apr 2008
-
CSO (Chief Security Officer)
Assuming a consistent pattern of titles in companies that have a Chief Executive Officer (CEO) and Chief Information Officer (CIO), the Chief Security Officer (CSO) is the person responsible for th...29 Apr 2008
-
Screencast: Penetration testing with Metasploit
Peter Giannoulis of Bones Consulting demonstrates how the tool can be used to test commercial and custom-made applications, servers and operating systems.29 Apr 2008
-
My computer's serial number was reported stolen. Will I face legal repercussions?
Finding out that a laptop purchased from a computer retailer has a stolen serial number is not an every day occurence, but what is the likelihood of facing criminal charges in such a case?29 Apr 2008
-
Credit card thieves target small merchants, flawed POS systems, study finds
PCI assessment firm, Trustwave says the report debunks some popular perceptions but others cite flaws in the study.29 Apr 2008
-
HP customers vulnerable to software update tool flaw
Several flaws in HP Software Update could allow an attacker to read system information or gain access to a machine.29 Apr 2008
-
Botnet disruption raises ethical concerns among researchers
Researchers studying the Kraken and Storm botnets have the ability to issue commands to zombie PCs shutting down the armies, but they may not be justified to issue those commands.29 Apr 2008
-
IBM makes push into virtualization security with Phantom
Big Blue said its research teams would contribute to development of technologies and best practices to secure virtual environments.28 Apr 2008
-
Hannaford to add encryption, bolster systems in wake of breach
Ron Hodge, the grocer's president and CEO, said the company would spend millions to align the company's security processes with the ISO 27001 security standard.24 Apr 2008
-
PCI forces companies to seek log management help
Hard-pressed corporations are turning to service providers as well as product vendors to bring log data together and make management easier.24 Apr 2008
-
New SQL injection technique threatens Oracle databases
A technique called lateral SQL injection exploits PL/SQL procedures to compromise Oracle databases remotely.24 Apr 2008
-
Trojan downloaders, droppers skyrocket, Microsoft says
The spread of Trojan horses via downloaders and droppers is multiplying rapidly, infecting nearly 19 million computer users in the second half of 2007.23 Apr 2008
-
Should organizations implement an incident severity ratings system?
Having an incident severity ratings system can help sort the critical incidents from those that only pose small threats. In this security expert response, learn the importance of an incident severi...23 Apr 2008
-
New phishing, Zeus Trojan technique spreads crimeware
Researchers are tracking new phishing methods that steal a victim's information and spread a Trojan designed to pilfer even more data.22 Apr 2008
-
Microsoft PatchGuard: Locking down the kernel, or locking out security?
With Microsoft's release of Windows Vista, the software giant locked down the kernel and forced independent security vendors to change the way that they provide antivirus services. So is the OS saf...22 Apr 2008
-
PCI Council issues clarification on Web application security
The PCI Security Standards Council released documentation hoping to reduce a tide of confusion over enforcement of application firewalls and code reviews.22 Apr 2008
-
What criteria should I look for in a service provider to help my government agency comply with FISMA
In order to fully protect the agency's information, there must first be a security officer. Security managment expert Mike Rothman gives his advice on the FISMA compliance process.21 Apr 2008
-
Will VoIP attacks result in more than just spam?
Today's enterprises are seeing VoIP installations of every scale. Mike Chapple explains why that means attacks with results far more serious than unwanted messages.21 Apr 2008
-
Will Cisco's plan to open access to the IOS improve network security?
If Cisco's initiative pans out, we're likely to see a number of new network management tools that integrate with IOS. Mike Chapple explains why that centralization will be a security improvement.21 Apr 2008
-
New hacking technique exploits common NULL programming error
A researcher has discovered a new hacking technique that exploits a programming vulnerability common in many applications.21 Apr 2008
-
News
-
Latest Headlines
-
Featured
-
Information Security Magazine
The information security pro’s resource for keeping corporate data, applications and devices secure
Download Now!
-
-
-
Premium
Editorial-
E-Books
-
E-Zines
-
E-Handbooks
-
- Multimedia
-
Security
Topics-
Topics
- Enterprise Data Protection
- Application and Platform Security
- Enterprise Identity and Access Management
- Government IT Security Management
- Information Security Threats
- Information Security Careers, Training and Certifications
- Security Audit, Compliance and Standards
- Security for the Channel
- Enterprise Network Security
- Information Security Management
-
Hot Topics
-
-
Tutorials
-
Advice & Tutorials
-
Technology Dictionary
-
-
Expert
Advice-
Tips
-
Answers
-
Ask a Question
-
-
White
Papers-
Research Library
-
Product Demos
-
Resource Centers
-
- Blogs
-
Certification
Central