Access "Audit failure: How one lab raised IT security awareness and its audit grade"
This article is part of the April 2004 issue of Depth charge: Survey shows big spending on defense in depth
Year after year, security audits of Argonne National Laboratory were, in a word, abysmal. On a network that lacked even basic firewall protection, every desktop and server was essentially open to the outside world. Breaking in was a cinch. The appalling reviews -- regardless of who conducted them -- were hardly surprising at the Department of Energy's oldest lab, located in suburban Chicago and devoted to everything from nanotechnology to supercomputing. When it came to investing in science or security, security always got the short end. Argonne's scientific community had little interest in protecting assets under a decentralized system that did little to foster cooperation. Finally, in early 2001, management that had for so long paid lip service to security decided it was time to stop taking so much lip. The lab was determined to overhaul its Cyber Security Program Plan -- a flawed, largely ignored document that was at the heart of its audit failures. Too often, Argonne's security policy mimicked the loose language of DOE mandates, failing to clearly ... Access >>>
Premium Content for Free.
IT security spending 2004: Firms diversify as security budgets tighten
by Andrew Briney
Fearing the worst on IT security spending, companies are diversifying their security spending.
Audit failure: How one lab raised IT security awareness and its audit grade
by Anne Saita
Learn how Argonne National Lab raised IT security awareness and its audit grade from 'F' to 'A'.
- IT security spending 2004: Firms diversify as security budgets tighten by Andrew Briney
The future of software security vulnerabilities
by Gary McGraw & Greg Hoglund
The evolution of software security vulnerabilities opens new vistas for business... and the bad guys.
Ensure audit success with sound security audit procedures
by George Wrenn
A security review doesn't have to be a sink-or-swim proposition.
- The future of software security vulnerabilities by Gary McGraw & Greg Hoglund
Using tax depreciation to increase security budgets
by Lawrence Walsh
The depreciation of capital assets, such as security hardware and software, is a tax benefit that every infosec manager should take into consideration.
Cyberwar myths: Are cyberwarfare and cyberterrorism overblown?
by Marcus J. Ranum, Contributor
Marcus Ranum explains why the whole notion of cyberwarfare is a scam.
A little betrayal: Windows purists using Linux security features
by Jay Beale
Jay Beale explains how Windows purists can leverage Linux security features without compromising their allegiance to Redmond.
Database security tools for preventing SQL injection attacks
by Pete Lindstrom, Contributor
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.
In enterprises, proactive information security finally taking hold
by Andrew Briney
Editorial director Andrew Briney says frustration with failure is driving proactive information security spending on new technologies.
- Using tax depreciation to increase security budgets by Lawrence Walsh
More Premium Content Accessible For Free
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...