Access your Pro+ Content below.
Security transitions: Changes that make a difference
This article is part of the April 2013 / Volume 15 / No. 3 issue of Information Security magazine
As Gary McGraw mentions in his [In]Security column this month, the continuing flow of news about sophisticated, international cybercrime—so prominent in the media recently—might finally have gotten to us. In a good way. A lot of words have been squandered in proclaiming the death of antivirus scanning, the collapse of the endpoint, and the inability of traditional intrusion detection systems to serve any good purpose against advanced threats; and yet, we have seen no paradigm shift in the trenches where it counts. McGraw’s primary solution, one that I’ve always been inclined to favor, lies in developing more security capable software. I don’t know that game changing shifts in the resilience of software should be expected anytime in the near future though. Our education columnists Doug Jacobson and Julie Rursch note that college classes in software development generally give security issues a cold shoulder, saying that “…In our software classes, we focus on getting students to program and to learn the aspects of the language. ...
Features in this issue
Are you losing control of access management as SaaS and mobile devices take hold? To achieve better operational consistency and scale, consider a centralized IAM system.
The infections and cyberattacks that botnets are used to launch remain hard-to-detect malware threats that have moved beyond PCs to mobile devices.
Most networks have partial deployment of IPv6 often without IT realizing it. It’s time to take stock of the security implications before attackers do.
Columns in this issue
This month, Information Security Magazine examines security industry changes that can really make a difference: improving identity management and building security into software from the get go.
The CISO role in many enterprises is expanding beyond security risk mitigation to risk management, privacy and regulations, and compliance.
Security experts explain why a holistic approach to security is critical to training computer engineers and computer scientists for a career in information security.
Hacking back isn't the way to win the cyberwar. Gary McGraw says building software and systems with fewer vulnerabilities is stronger protection.