Access "How to build an effective information security awareness program"
This article is part of the October 2010 issue of Security 7 Award winners and the latest on effective security awareness
At the beginning of the 21st century, information security was in a deplorable state. Research published in 2001 by the Honeynet Project demonstrated that the life expectancy of default computer builds was measured in hours, if not minutes. Computers had little if any security. By default, most had multiple services turned on, no firewall installed, and patching was haphazard at best. All of these forces combined to create a golden age of hacking. This was a time when you could remotely scan and hack into literally millions of computers without the need for interaction by the end user. Since then, vendors (led by Microsoft) have worked to build security into computers by deploying firewalls enabled by default, minimizing services, using advanced memory protection, standardized patching processes and other features. As a result, computers are far more secure. The question is, if we have made such dramatic improvements with security technology, why do we still have a security problem? The answer is simple, the human. Consider a default installation of the ... Access >>>
Premium Content for Free.
Nick Mankovich: Maintaining health care privacy and security
by Nick Mankovich
In the world of health care, the more we value privacy, the harder we work to protect it.
Information Security magazine 2009 Security 7 Award winners
Information Security magazine annouces the winners of its fifth annual Security 7 Awards.
Learn about database security auditing tools
by Adrian Lane, Contributor
Database administrators are overcoming their distaste for database auditing tools; compliance and security are turning the tide.
Brian Engle: An effective information security program requires ongoing monitoring
by Brian Engle
A successful information security program uses ongoing oversight and monitoring to manage risks.
Christopher Ipsen: Government transformation through technological innovation
by Christopher Ipsen
The economic crisis gives government entities the opportunity to change for the better.
- Nick Mankovich: Maintaining health care privacy and security by Nick Mankovich
How to build an effective information security awareness program
by Lance Spitzner
The "people problem" continues to hamper information security efforts; what can be done about it?
Ezzie Schaff: Fighting online fraud requires delicate balance
by Ezzie Schaff
Countermeasures for thwarting Internet fraudsters must be balanced with customer service.
Blanca Guerrero: Online banking security is a balancing act
by Blanca Guerrero
Online banking security requires providing users with choices in order to minimize risk without becoming intrusive.
Julie Myers: Implementing an information security strategy in a decentralized environment
by Julie Myers
Implementing data security in a decentralized organization requires a collaborative approach.
Information security market consolidation
Flurry of acquisitions in information security industry expected to continue through 2011.
- How to build an effective information security awareness program by Lance Spitzner
Information security risk tolerance
by Susan L.T. Neubauer
Has regulatory and other guidance missed the most important aspect of information security?
A career in information security is often best served by staying put
by Lee Kushner and Mike Murray
Sometimes the best job is the one you have; it's the best place to build skills and develop new ones.
Information security professionals offer insight
This year's Security 7 winners offer advice for tackling enterprise security challenges.
- Information security risk tolerance by Susan L.T. Neubauer
More Premium Content Accessible For Free
Next-generation authentication technologies emerge to restore balance
Cloud and mobility in the enterprise has caused a heightened need for organizations to take a closer look at next generation authentication ...
Virtualization security dynamics get old, changes ahead
Virtualization and cloud computing are part and parcel of enterprise networks today. Virtualization security, however, is still a bolt-on affair ...
Insider edition: Layering mobile security for greater control
Mobile device security is one of the biggest nightmares InfoSec pros face in the era of bring your own everything (BYOE). Simply banning employees ...