Risk assessments metrics and frameworks

  • May 10, 2007 10 May'07

    Blogging on corporate laptops is risky business

    Employees may think it's no big deal to do some blogging on a company laptop from home or the airport. But one security expert says the practice poses some serious risks.

  • May 04, 2007 04 May'07

    Are hacking contests good or evil?

    This week in Security Blog Log: Gartner says hacking contests have nothing but negative results, but some security bloggers disagree.

  • April 25, 2007 25 Apr'07

    Compliance drives security configuration management

    IT operations is turning to software that monitors security configurations across the enterprise to meet a number of regulations.

  • March 27, 2007 27 Mar'07

    Metasploit Framework 3.0 released

    Brief: Metasploit Framework 3.0 contains 177 exploits, 104 payloads, 17 encoders and 30 auxiliary modules that perform such tasks as host discovery and protocol fuzzing.

  • March 21, 2007 21 Mar'07

    IBM uses model to understand data governance

    Steven Adler, program director of Data Governance Solutions for IBM and chairman of the Data Governance Council, has been working to understand the growing need for data security, the issues surrounding data compliance and data protection problems. ...

  • March 18, 2007 18 Mar'07

    Hacker techniques use Google to unearth sensitive data

    Those who know where to look could use Google to dig up all sorts of sensitive company information, including intellectual property and passwords, one security expert warns.

  • March 08, 2007 08 Mar'07

    Symantec acquires automated risk assessment firm

    Symantec has acquired Reston, Va.-based 4FrontSecurity, a maker of automated risk analysis and security management tools. An expert says it's the latest sign that the security risk assessment market is heating up.

  • February 26, 2007 26 Feb'07

    PatchLink acquires STAT Guardian tool

    PatchLink Corp. says it will add more muscle to its vulnerability management portfolio by acquiring the STAT Guardian tool from IT vendor Harris Corp.

  • February 06, 2007 06 Feb'07

    The Daily Dose: Chris Wysopal blogs from RSA Conference 2007

    In his exclusive daily column from RSA Conference 2007, security pro Chris Wysopal comments on vulnerability disclosure, and says emerging Web application technologies present many new attack vectors that have yet to be discovered.

  • February 06, 2007 06 Feb'07

    RSA Conference 2007: Product announcements

    RSA Conference 2007: Product announcements

  • January 24, 2007 24 Jan'07

    Veracode launches on-demand code analysis service

    New startup Veracode gives customers the ability to analyze the application binary, and not simply the source code.

  • December 14, 2006 14 Dec'06

    Review: Sky's the limit with Skybox View 3.0

    Hot Pick: Skybox View 3.0 offers a unique and flexible approach for assessing and managing specific threats and overall risk to your digital assets.

  • December 05, 2006 05 Dec'06

    IBM to acquire compliance software firm

    IBM plans to acquire Consul Risk Management Inc., a Delft, Netherlands-based firm whose software tracks non-compliant behavior of employees.

  • November 21, 2006 21 Nov'06

    Insider security threats come in many forms

    Insiders could be the greatest threat to a company's security. The best defense is to let them know Big Brother is watching and a plan to deal with troublemakers.

  • November 03, 2006 03 Nov'06

    Review: SPI Dynamics' WebInspect 6.1

    SPI Dynamics has created a powerful tool for novices as well as advanced users who will appreciate the time and effort it saves.