Home > Information Security Magazine
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  
Information Security Magazine
This Month
Sign up for Information Security RSS feeds
NOVEMBER 2009
FEATURES

Integrated change management reduces security risks

Metasploit Project acquisition ups ante for penetration testing market

Enterprises must treat Insider risk as they do external threats

VIEW FEATURES FOR ALL MONTHS
COLUMNS

Schneier-Ranum Face-Off: Is antivirus dead?

Standards compliance does not equal sound information security risk management

Time is now for pandemic flu planning

VIEW COLUMNS FOR ALL MONTHS

HOW WE GRADE PRODUCTS
Read more from Information Security magazine in our back issues.

October 2009

September 2009

July 2009

June 2009

May 2009

April 2009

March 2009

VIEW ALL BACK ISSUES

2009 Features

VIEW FEATURES FROM PREVIOUS YEARS::  

 2009   |   2008   |   2007   |   2006   |   2005
November 2009

Integrated change management reduces security risks
by Diana Kelley & Ed Moyle
Unmanaged changes to IT systems and networks can recklessly increase risk to enterprises. The key is rolling out an accepted change management process, and sticking to it.

Metasploit Project acquisition ups ante for penetration testing market
by Michael S. Mimoso
Rapid7's acquisition of the Metasploit Project takes down one of the few remaining open source security projects. But expect a smooth transition; there have been many success stories and mistakes made to learn from.

Enterprises must treat Insider risk as they do external threats
by Michael S. Mimoso
Enterprises can no longer differentiate between insiders and external threats. That's such a 2003 paradigm.

Messaging security risks have upper hand on solutions
by Neil Roiter
Spam, phishing and infected attachments continue to plague messaging platforms, despite sophisticated protection. What's the answer?

Information Security magazine November issue PDF
Download the entire November issue of Information Security magazine here in PDF format.
October 2009

Information Security magazine Security 7 Award winners
Information Security magazine annouces the winners of its fifth annual Security 7 Awards.

Jerry Freese: Make Critical Infrastructure Protection a Priority
by Jerry Freese
Critical infrastructure protection must be addressed today to protect our country tomorrow.

Melissa Hathaway: Government Must Keep Pace with Cybersecurity Threats
by Melissa Hathaway
Securing the Internet means to much to the future of the U.S. economy and national security.

Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way
by Bruce Jones
Security metrics must, not only provide a view of security posture, but must support security budgeting and investment processes.

Jon Moore: Build a Security Control Framework for Predictable Compliance
by Jon Moore
Health care provider Humana Inc., has developed a security controls framework that addresses all of the industry and federal regulations it must comply with.

Adrian Perrig: Improve SSL/TLS Security Through Education and Technology
by Adrian Perrig
Carnegie Mellon University's CyLab designs security to improve all aspects of society.

Bernie Rominski: Communicate Effectively with Management about Risk
by Bernie Rominski
Learn how to communicate with senior management about risk; it's your job.

Tony Spinelli: Prioritize Information Security over Compliance
by Tony Spinelli
Organizations need to prioritize security over compliance to ensure comprehensive risk mitigation.

9 Ways to Improve Application Security After an Incident
by Cory Scott
Application and information security teams work in silos and often meet only after an attack on a critical app. Here are nine tips you can use to prevent future costly incidents and improve application security after an attack

SOX compliance burdens midmarket security teams
by Neil Roiter
Smaller public companies bear significantly higher pain in terms of revenue and costs per employee complying with Sarbanes-Oxley.

Developers Need Help with Security Errors
by Robert Westervelt
SQL injection attacks continue to plague Web applications. Companies need to invest in technology and education to hold off hackers.

Information Security magazine October issue PDF
Download the October issue of Information Security magazine in PDF format.
September 2009

2009 Information Security magazine Readers' Choice Awards
For the fourth consecutive year, Information Security readers voted to determine the best security products. A record 1721 voters participated this year, rating products in 17 different categories.

Truth, lies and fiction about encryption
by Adrian Lane and Rich Mogull
Encryption solves some very straight-forward problems but implementation isn't always easy. We'll explain some of the common misperceptions so you'll understand your options.

Security threats to virtual environments less theoretical, more practical
by Michael S. Mimoso
The demonstration of a hacking tool at Black Hat that allows attackers to escape from virtual machines to attack their guest OS elevates the seriousness of security threats to virtualization.

Information Security magazine September issue PDF
Download the September issue of Information Security magazine in PDF format.
July 2009

Privileged account management critical to data security
by Mark Diodati
Regulatory requirements and economic realities are pressuring enterprises to secure their privileged accounts.

DNSSEC deployments gain momentum since Kaminsky DNS bug
by Michael S. Mimoso
DNSSEC brings PKI to the Domain Name System and prevents dangerous cache poisoning attacks. Implementation difficulties and political battles, however, keep it from going mainstream.

Unified threat management products gaining midmarket, enterprise foothold
by Neil Roiter
Unified threat management (UTM) appliances offer consolidated security services in a single, manageable firewall/VPN appliance. But purchase and use only the security options you need. Otherwise you will pay too much for the appliance and for tools that won't make your business more secure

ISP shutdown latest cat-and-mouse game with hackers
by Robert Westervelt
While the 3FN.Net shutdown had limited impact on cybercriminals, it signaled that the private sector and the government are serious about illegal activity.

Information Security magazine July issue PDF
Download the July issue of Information Security magazine in PDF format.
June 2009

Mature SIMs do more than log aggregation and correlation
by Diana Kelley
They've come a long way from the early days of log aggregation and correlation; enterprises now glean value from SIMs for compliance, visualization, and even overall business intelligence.

How to write a risk methodology that blends business, security needs
by Cris Ewell
One security professional describes a homegrown risk methodology currently being used by a large university and a private corporation.

Risk management must include physical-logical security convergence
by Michael S. Mimoso
If your organization is serious about managing risk and total asset protection, then physical-logical convergence is a necessary step.

Lack of cloud computing definition adds confusion, risk
by Robert Westervelt
Vendors loosely using the term cloud computing are causing confusion for users in the market for buying and securing these services.

Information Security magazine June issue PDF
Download the June issue of Information Security magazine in PDF format.
May 2009

Ease the compliance burden with automation
by Richard Mackey Jr.
Manual compliance processes are error-prone and drain corporate IT resources. Automated tools make a difference if you apply them to a well-organized compliance program.

Know when you need IDS, IPS or both
by Joel Snyder
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems.

Changing times for identity management
by Mark Diodati
Identity management technology is adapting to meet enterprise needs. Learn what products can improve security and ease compliance.

Cybersecurity Act of 2009: Power grab, or necessary step?
by Michael S. Mimoso
The Cybersecurity Act of 2009, also known as S.773, would give the president unprecedented authority over federal and private networks. Experts debate whether it's a power grab, or a signal of the seriousness of threats to critical infrastructure.

Information Security magazine May issue PDF
Download the May 2009 issue of Information Security magazine in PDF format.
April 2009

Data loss prevention benefits in the real world
by Rich Mogull
DLP promises strong data protection via content inspection and security monitoring, but real-world implementations can be complex and expensive; these eight real-world lessons help you use DLP to its fullest.

Tying log management and identity management shortens incident response
by Stephen Northcutt
Tying log management to user identity shortens incident response and forensics investigation cycles. Learn how compliance has mandated that organizations determine not only when incidents occurred, but who is responsible for unauthorized access.

Tabletop exercises sharpen security and business continuity
by Michael S. Mimoso
Delaware's Dept. of Technology and Information conducts annual incident response exercises that test the readiness of state agencies to respond to real attacks. Learn how simulated cyberattacks and incident response exercises help organizations prevent future attacks and maintain business continuity.

Information Security magazine April 2009 issue PDF
Download the April 2009 issue of Information Security in PDF format.
March 2009

How to Secure Cloud Computing
by Neil Roiter
On-demand computing services can save large enterprises and small businesses a lot of money, but security and regulatory compliance become difficult.

Cloud computing security framework may ease security concerns
The Jericho Forum is expected to release a framework of security considerations for organizations moving business to the cloud.

Choosing the right Web application firewall
by Mike Cobb
PCI DSS is requiring companies to buy Web application firewalls. We'll show how you how to pick the WAF that's right for you, and how to use it so your company is compliant -- and more secure.

Five considerations for securing a midmarket company
by Marcia Savage
Smaller organizations need to be more resourceful, and we'll explain how risk management, automation and managed security services, among others, can help.

How to secure use of Web 2.0
by Michael S. Mimoso
How much information is too much information, and how will you monitor and manage the use of Web 2.0 inside your organization?

Information Security magazine March 2009 issue PDF
Download the March 2009 issue of Information Security in PDF format.
February 2009

Encryption, DLP, disaster recovery top 2009 priorities
by Marcia Savage
Information Security magazine's annual Priorities 2009 survey identifies data protection and disaster recovery among the top priorities for security managers.

Recession forces security to measure and prioritize risks
by Michael S. Mimoso
Compliance demands, hacker threats, insider risks and integration concerns brought on by mergers and acquisitions make information security somewhat recession proof.

10 tips to improve your network security strategy in a recession
by David Strom
Here are 10 steps you can take to improve your threat management posture that require minimum investment, manpower and give you a fast return on your investment.

Information Security magazine February 2009 issue PDF
Download the entire February issue of Information Security magazine.
January 2009

Information security steering committee best practices
by Michael S. Mimoso
Security steering committees bring HR, finance, legal, IT and audit to the same table, helping facilitate the integration of information security into lines of business.

Internal auditors and CISOs mitigate similar risks
by Michael S. Mimoso
Internal audit and information security may often find themselves at odds, but in the end, their respective goals are the same.

CISOs, human resources cooperation vital to security
by Marcia Savage
CISOs work closely with human resources to investigate potential Web or email policy violations by employees, develop security policies and procedures, and plan for disaster recovery.

Implement security and compliance in a risk management context
by Neil Roiter
CFOs live in a world where risk management is the lingua franca. CISOs have to join the conversation.

The evolving role of the CIO involves IT and security responsibilities
by Amy Rogers Nazarov
Technology executives focus on elevating information security in the enterprise.

Rising Profile
by George V. Hulme
Security had the attention of SMB execs; the time for facilitating integration is at hand.




TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts