Access "Critical infrastructure protection hindered by difficulties, experts say"
This article is part of the Dec. 2012/Volume 14 / No. 10 issue of Market for vulnerability information grows
In 2010 security researchers uncovered a complex piece of malware that infiltrated the systems of an Iranian uranium enrichment facility. Once it penetrated the outer wall of the facility—presumably by simply being plugged into a Windows system via a thumb drive—Stuxnet was designed to cause serious damage, targeting the Natanz-based facility's industrial control system. It was programmed with one goal: Disrupt the nuclear enrichment processes by slightly altering conditions at the facility. The malware, which targeted four Windows zero-day vulnerabilities, was later tied to the United States and Israel. While both countries have neither confirmed nor denied a role in the attack, most experts agree that it represented the first time nation-states are believed to have unleashed a cyberweapon with destructive capabilities. The attack brought the issue of critical infrastructure protection to a fevered pitch with cyberwarfare and cyberespionage activities frequently making front page headlines. The owners of power generation, water utilities, oil and chemical ... Access >>>
Premium Content for Free.
Firm pushes software security testing with fugitive tracking system
by Robert Westervelt
System that helps law enforcement track down fugitives was tested thoroughly to prove to CTOs and IT teams that the company is serious about security.
Critical infrastructure protection hindered by difficulties, experts say
by Robert Westervelt
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses.
- Firm pushes software security testing with fugitive tracking system by Robert Westervelt
Private market growing for zero-day exploits and vulnerabilities
by Robert Lemos, Contributor
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.
Biometric authentication methods: Comparing smartphone biometrics
by David Jacobs, Contributor
Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
- Private market growing for zero-day exploits and vulnerabilities by Robert Lemos, Contributor
Emerging vulnerability markets, mobile biometrics prompt security concerns
by Robert Richardson
Information Security Magazine examines key security concerns in the field of critical infrastructure protection and explores options for mobile biometric authentication because you’ll need to think about a new security strategy as mobile devices outnumber desktops in the enterprise.
Chief information security officer skills go beyond customary technical roles
by Matthew Todd
A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.
Marcus Ranum chat: Network threat detection and wireless attacks
by Marcus Ranum
Security expert and Information Security magazine columnist goes one-on-one with Aaron Turner, co-founder of security consulting firm N4Struct.
- Emerging vulnerability markets, mobile biometrics prompt security concerns by Robert Richardson
More Premium Content Accessible For Free
Devising a security strategy for the modern network
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...
The big data challenge: What's in store for NoSQL security
In the rush to capitalize on big data, many companies forget that developing an ecosystem of structured and unstructured data means higher risk of ...
A comprehensive guide to securing the Internet of Things
As the number of Internet-connected devices grows, the potential security challenges of the so-called "Internet of Things," or IoT, can no longer be ...