Security Management Strategies for the CIO-
Pwn2Own
Pwn2Own is an annual hacking competition sponsored by security vendor TippingPoint and held at the CanSecWest security conference.30 Sep 2010
-
Study finds overconfidence in disaster recovery, continuity plans
Businesses that experienced a network outage suffered more than $1.7 billiion in profit loss, despite having business continuity and disaster recovery plans in place.30 Sep 2010
-
Stuxnet Trojan attacks could serve as blueprint for malware writers
The Stuxnet Trojan remains a threat to a small group of critical infrastructure facilities, but experts say future malware writers may attempt to copy its processes.30 Sep 2010
-
Is a full vulnerability disclosure strategy a responsible approach?
When it comes to vulnerability disclosure, is it responsible for an infosec research firm to release all the details of a flaw before patching measures are in place? Expert Nick Lewis examines the ...29 Sep 2010
-
Validating ERP system security and ERP best practices
Is your ERP system security effective? How can you be sure? Expert Mike Cobb offers up some ERP security best practices.29 Sep 2010
-
Microsoft plans emergency update for ASP.NET encryption flaw
Attackers are targeting a weakness in the ASP.NET Web application framework. A fix is expected today at 1 p.m. ET.28 Sep 2010
-
Microsoft issues rushed patch for ASP.NET encryption flaw
Emergency patch repairs a vulnerability in the ASP.NET framework that causes faulty AES encryption implementations.28 Sep 2010
-
XSSer demo: How to use open source penetration testing tools
In this video demo, learn how to use XSSer, open source penetration testing tools for detecting various Web application flaws and exploiting cross-site scripting (XSS) vulnerabilities against appli...27 Sep 2010
-
State CISOs lack authority to manage risks across agencies
Study finds the need for more oversight of state agencies and recommends new laws that hold agencies and third-party service providers accountable for their security programs.27 Sep 2010
-
alternate data stream (ADS)
An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.24 Sep 2010
-
Cluley on Operation Aurora, information security attacks
In this video, Graham Cluley, a Security Consultant with Sophos Plc., discusses Operation Aurora and whether information security attacks are becoming more sopisticated.23 Sep 2010
-
Sick of news about the monthly patch process? You need it; here's why
Senior site editor Eric B. Parizo chides the grizzled security vets who are tired of news coverage about monthly and quarterly patches. Instead, he says, they should realize how critical it is.23 Sep 2010
-
Researchers develop malware detection for hypervisor security
New software called HyperSentry stealthily detects malware in the hypervisor running virtual environments and alerts administrators to respond to a compromise.23 Sep 2010
-
Invincea virtual browser hopes to eliminate browser malware infections
Attacks against the browser and its components would be isolated from the desktop and the network in a virtual environment.22 Sep 2010
-
endpoint fingerprinting
Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional networ...21 Sep 2010
-
Attackers target flawed ASP.NET encryption implementations
Microsoft issued an update to its security advisory after discovering limited, active attacks against .NET Web applications with flawed encryption implementations.21 Sep 2010
-
Computer hijacking: Protecting against the Microsoft DLL download flaw
If exploited, the Microsoft DLL load-hijacking flaw could allow attackers to execute arbitrary code on machines. In this expert response, Nick Lewis explains how to protect against this vulnerability.21 Sep 2010
-
Handling mergers and acquisitions: Career success tips for infosec pros
A company merger or acquisition is always a tumultuous time, and can be even more nerve wracking if you're concerned that your position might be eliminated. In this tip, career experts Lee Kushner ...21 Sep 2010
-
How to refine an enterprise database security policy
Noel Yuhanna of Forrester Research outlines what should be covered in a successful enterprise database security policy, including foundational security, preventative measures and intrusion detection.21 Sep 2010
-
Cross-site scripting Twitter attack causes chaos
A cross-site scripting Twitter attack could have been exploited to spread dangerous malware and steal user data, experts said.21 Sep 2010
-
News
-
Latest Headlines
-
Featured
-
Information Security Magazine
The information security pro’s resource for keeping corporate data, applications and devices secure
Download Now!
-
-
-
Premium
Editorial-
E-Books
-
E-Zines
-
E-Handbooks
-
- Multimedia
-
Security
Topics-
Topics
- Enterprise Data Protection
- Application and Platform Security
- Enterprise Identity and Access Management
- Government IT Security Management
- Information Security Threats
- Information Security Careers, Training and Certifications
- Security Audit, Compliance and Standards
- Security for the Channel
- Enterprise Network Security
- Information Security Management
-
Hot Topics
-
-
Tutorials
-
Advice & Tutorials
-
Technology Dictionary
-
-
Expert
Advice-
Tips
-
Answers
-
Ask a Question
-
-
White
Papers-
Research Library
-
Product Demos
-
Resource Centers
-
- Blogs
-
Certification
Central