Access "On the Mend"
This article is part of the December 2005 issue of Top forensics tools for tracking down cybercriminals
Auditors are armed with a menacing regulatory stick. When they shake it and demand that a security manager demonstrate a comprehensive risk and vulnerability management program, there's little tolerance for excuses. This was the nagging concern of Andreas Wuchner, Novartis AG's head of global IT security. "You have to prove that you have done risk management on an ongoing basis--to show that you do your patch management, that you actively manage the security situation," Wuchner says. "[Two years ago,] we could not necessarily show that." Uncertainty over Novartis' security posture was a function of isolation; security had limited visibility into remote locations operating in more than 140 countries. Some were keen on security, while others with fewer resources focused their priorities elsewhere. Baseline security policies were nearly impossible to enforce. Meanwhile, mandates outlined in Basel II, HIPAA and SOX were clearly not going away. If they were going to survive an audit, the fiefdoms in the giant pharmaceutical's kingdom had to be dissolved. That was... Access >>>
Premium Content for Free.
Building A Perimeter Defense With Application-Level Firewalls
Learn how application level firewalls, when carefully deployed, can build perimeter defenses and prevent hackers from exploiting vulnerabilities, such as application code, to achieve attacks.
To Catch a Thief
Forensics tools aren't only used in high-profile cases.
On the Mend
Health care giant Novartis AG got a much-needed shot in the arm with a comprehensive risk assessment and revamped security management system.
Recent Releases: Security product briefs, December 2005
Learn about the security products released in December 2005.
Controlling the Uncontrollable
Organizations must leverage policy, and harness new protocols and technology to tame wild WLANs.
Information Security's 2006 Priorities Survey signals a transition for security managers from an operational to a more strategic stance.
- Building A Perimeter Defense With Application-Level Firewalls
Hot Pick: Citrix Systems' Citrix Access Essentials
Citrix Systems' Citrix Access Essentials
SSL VPN: Array Networks' Array SPX5000
A review of Array Networks' Array SPX5000
Configuration Management: Configuresoft's Enterprise Configuration Manager v4.7
Configuresoft's ECM v4.7
Application Security: Cenzic's Hailstorm v2.6
Cenzic's Hailstorm v2.6
Secure Reads: Mergers and Acquisitions Security
Read a review of the security book Mergers and Acquisitions Security.
- Hot Pick: Citrix Systems' Citrix Access Essentials
On The Radar: Security technology can't solve process problems
Perspectives: History teaches security lessons well
Expert Richard Bejtlich looks at the lessons learned in engineering disasters and applies them to information security.
Editor's Desk: Security for the corporate brand
Know Thy Business
Ping: Desiree Beck
- On The Radar: Security technology can't solve process problems
More Premium Content Accessible For Free
Despite the enormous concerns around cloud security, many information security professionals remain on the sidelines when it comes to their ...
Not only is modern malware getting more prevalent and sophisticated, it's also now focusing on a broader array of targets. Attackers would still love...
IT Decision Center
Learn how to evaluate your potential vendor's UTM product and its ability to meet your specific business requirements.