Home > Information Security Magazine > Articles By Author Michael S. Mimoso
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  
Information Security Magazine
This Month
Sign up for Information Security RSS feeds
NOVEMBER 2009
FEATURES

Integrated change management reduces security risks

Metasploit Project acquisition ups ante for penetration testing market

Enterprises must treat Insider risk as they do external threats

VIEW FEATURES FOR ALL MONTHS
COLUMNS

Schneier-Ranum Face-Off: Is antivirus dead?

Standards compliance does not equal sound information security risk management

Time is now for pandemic flu planning

VIEW COLUMNS FOR ALL MONTHS

HOW WE GRADE PRODUCTS
Read more from Information Security magazine in our back issues.

October 2009

September 2009

July 2009

June 2009

May 2009

April 2009

March 2009

VIEW ALL BACK ISSUES

Articles by Author: Michael S. Mimoso

Features

Metasploit Project acquisition ups ante for penetration testing market  - Nov 2009
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from.

Enterprises must treat Insider risk as they do external threats  - Nov 2009
Enterprises can no longer differentiate between insiders and external threats. That's such a 2003 paradigm.

Security threats to virtual environments less theoretical, more practical  - Sep 2009
The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.

DNSSEC deployments gain momentum since Kaminsky DNS bug  - Jul 2009
DNSSEC brings PKI to the Domain Name System and prevents dangerous cache poisoning attacks. Implementation difficulties and political battles, however, keep it from going mainstream.

Risk management must include physical-logical security convergence  - Jun 2009
If your organization is serious about managing risk and total asset protection, then physical-logical convergence is a necessary step.

Cybersecurity Act of 2009: Power grab, or necessary step?  - May 2009
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.

Tabletop exercises sharpen security and business continuity  - Apr 2009
Delaware's Dept. of Technology and Information conducts annual incident response exercises that test the readiness of state agencies to respond to real attacks. Learn how simulated cyberattacks and incident response exercises help organizations prevent future attacks and maintain business continuity.

How to secure use of Web 2.0  - Mar 2009
How much information is too much information, and how will you monitor and manage the use of Web 2.0 inside your organization?

Recession forces security to measure and prioritize risks  - Feb 2009
Compliance demands, hacker threats, insider risks and integration concerns brought on by mergers and acquisitions make information security somewhat recession proof.

Information security steering committee best practices  - Jan 2009
Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business.

Internal auditors and CISOs mitigate similar risks  - Jan 2009
Internal audit and information security may often find themselves at odds, but in the end, their respective goals are the same.

Security researchers leading way in biometrics, insider threats, encryption and virtualization  - Nov 2008
Carnegie Mellon University's CyLab is blazing trails in biometrics, insider threats, key exchange, virtualization and more.

Mix of Frameworks and GRC Satisfy Compliance Overlaps  - Sep 2008
Three organizations reveal how they use a combination of frameworks such as COBIT or ISO 27001 along with GRC tools satisfy overlapping industry and federal regulatory demands.

Blow Out the Candles  - Jan 2008
Information Security magazine turns 10 years old, maturing right alongside the security industry.

Consolidation's impact on best-of-breed security  - Sep 2007
Standalone security vendors are attractive targets for large infrastructure players such as EMC. This feature looks at the consolidation in the security market and the potential for best-of-breed security to eventually disolve into a mashup of suites and services by big vendors like EMC, IBM, Microsoft, and HP.

Information security blueprint for architecture and systems  - Feb 2007
A formalized security architecture diagrams how you should handle the changing threat and regulatory environments.

Head of the Class  - Sep 2006
Got your MBA study guide yet? More information security pros are going back to school and chasing down a graduate business degree.

What Are You Worth?  - Jul 2006
SALARY Six-figure security jobs have become common. Maybe you should slip this article into your boss's mailbox.

Reborn Identity  - May 2006
IDENTITY MANAGEMENT GM's Jarrod Jasper drives a common user profile across all systems.

Security Survivor All-Stars  - Apr 2006
COVER STORY Five security survivors tell you how to outwit, outplay and outlast the bad guys.

Google Hacking: Why being a Google dork is hurting your company  - Mar 2006
Are you a Google dork? A simple Google search engine query can expose corporate security secrets and private information. Black hats are aware of it. Are you? Learn how to prevent and defend against Google hacking.

Help From Above  - Jan 2006
Security managers are looking to the keepers of the Internet cloud for relief.

Thinking Ahead  - Dec 2005
Information Security's 2006 Priorities Survey signals a transition for security managers from an operational to a more strategic stance.

Best Advice  - Sep 2005
In this must-read compilation, we asked security luminaries to share their anecdotes, professional wisdom and success stories.

Meet the New Champions  - Jul 2005
CIGNA makes business managers responsible for security.

Nothing But 'Net  - Jun 2005
SSL VPNs provide The Sports Authority, and a growing number of enterprises, with cheaper secure remote connectivity. Will they eventually slam dunk IPSec?

Keeping the Data & Oil Flowing  - May 2005
When ChevronTexaco puts a drill in the ground, it must live with that decision for decades. Risk management and data integrity are essential.

Damage Control  - Apr 2005
ChoicePoint's Rich Baich faced the perfect storm: a huge security breach, intense media attention and a shareholder revolt. What he needed was an incident response plan to get him out of the hot seat.
Columns

Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry  - Oct 2009
Looking back at five years of award winners provides a timeline of security trends that you need to absorb.

Editor's Desk: Google security needs HTTPS by default  - Jul 2009
Security's leading thinkers ask Google to turn on HTTPS by default for Gmail, Docs and Calendar.

The Pipe Dream of No More Free Bugs  - May 2009
Security researchers have declared they want vendors to compensate them for their independent search for vulnerabilities.

Cybersecurity's profile rising under Obama  - Mar 2009
The Obama Administration is conducting a review of the government's cybersecurity policies and process. We should be encouraged that security could move beyond the useless paper exercise it is today

Security steering committee force CISOs to connect with the business  - Jan 2009
Security steering committees provide a forum for security managers and business leaders to discuss security and privacy issues and explore compliance implications of new projects and technology purchases.

Information security professionals have their say  - Oct 2008
Information Security magazine's Security 7 Award winners write personal essays on topics ranging from perimeter security, information sharing, physical and logical security convergence and progress made in the industry.

Time to Implement DNSSEC  - Jul 2008
Editor's Desk: DNS turns 25 this year. It's high time DNSSEC is added to the protocol.

Reasearch on Coding Backdoors Presents Ugly Picture  - May 2008
Editor's Desk: Backdoor Bedlam

Companies Collecting Too Much Customer Data Increase Exposure  - Apr 2008
If the risk of losing customer or partner information outweighs its value, why collect it in the first place?

Interview: Arizona CISO David VanderNaalt  - Apr 2008
The CISO for the state of Arizona helps craft an executive order that prioritizes information security in every state agency.

Researcher Puts Quantitative Measurement on Information Security Threats  - Mar 2008
Editor's Desk: Score One for Threats

Editor's Desk: Risk is the new black  - Jan 2008
A New Direction for Risk?

Ping: Fyodor  - Jan 2008
Fyodor

Redefining free security software  - Oct 2007
Popular open source security products such as Nessus, Snort and Clam AV are being commercialized, redefining the notion of free software.

Editor's Desk: Freeing Julie Amero  - Jul 2007
Justice Served

Hacker demonstrates targeted attack  - May 2007
Hacker Robert Hansen, also known as RSnake, demonstrates the pains cybercriminals take to target specific organizations and individuals through an exercise posted on his blog, which targeted the head of Google's spam team. Hansen's exercise underscores the threat companies face from today's organized and patient cybercriminals.

Interview: PayPal CISO Michael Barrett  - May 2007
PayPal's 133 million online customers are the biggest ocean for phishers to plunder. CISO Michael Barrett wants to make it safe to be in the water, and he's not going at it alone. Backed by PayPal's sophisticated fraud models and help from ISPs, Barrett is succeeding in protecting the most-spoofed brand on the Internet.

Ping: Suzanne Hall  - Oct 2006
Suzanne Hall

Ping: Christopher Ray  - Sep 2006
Christopher Ray

Ping  - May 2006
Tony Spurlin

Ping: Jane Scott Norris  - Apr 2006
Jane Scott Norris

Ping: William Pelgrin  - Mar 2006
William Pelgrin

Ping: Yan Noblot  - Feb 2006
Yan Noblot

Ping: Desiree Beck  - Dec 2005
Desiree Beck

Ping: Katrina's Security Survivors  - Nov 2005
Katrina's Security Survivors

Ping: Jennifer Granick  - Oct 2005
Jennifer Granick

Ping: Bruce Bonsall  - May 2005
MassMutual's Bruce Bonsall

Ping: James Duffy  - Apr 2005
(ISC)2's James Duffy




TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts